cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Machine agent appdynamics-machine-agent-22.4.0.3344 release deploys a vulnerable openjdk 11.0.14

Brian.Gupta
Creator

The OpenJDK 11.0.14 distributed in the latest AppD machine agent release is vulnerable, see this release note:

https://mail.openjdk.java.net/pipermail/vuln-announce/2022-April/000015.html

When will a new machine-agent be released that includes openjdk 11.0.15 or newer?

 

 

2 REPLIES 2

Ryan.Paredez
Community Manager

Hi @Brian.Gupta,

 

Thanks for sharing this on the Community. While we appreciate you sharing it here, it's best for vulnerability issues and concerns are shared with AppDynamics Support first. 

 

Support can be reached here: www.appdynamics.com/support

 

 


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.

Ryan.Paredez
Community Manager

Hi everyone, 

Just to follow up here.

It is confirmed that both of these CVEs have no impact on the Machine agent.

However, the next Machine agent release will be upgraded to have the latest version of the Azul JRE libraries. As a best practice, please upgrade to Machine Agent 22.5 when it releases.


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.