We just had a PCI scan and the version of Resin that OpenEMM uses is officially out of date and (apparently) susceptible to a lot of exploits. Since OpenEMM runs as a singular package, is there a way that I can update just Resin?
Thanks!
Resin is out of date
Moderator: moderator
We have started to experience an obscure resin bug that was apparently fixed in version 3.0.14 http://bugs.caucho.com/view.php?id=419
So we would like to update the resin bundled with our OpenEMM 5.5.1 installation to the latest 3.0.27, and I just want to be sure of the process. If I delete all the jars in openemm/lib other than the mysql connector, and then copy in all the jars from resin-3.0.27/lib, is there anything else I need to do? Are there any jars I *shouldn't* copy from the resin libs, like javamail? There is not a one-to-one and onto mapping of files in the two directories.
So we would like to update the resin bundled with our OpenEMM 5.5.1 installation to the latest 3.0.27, and I just want to be sure of the process. If I delete all the jars in openemm/lib other than the mysql connector, and then copy in all the jars from resin-3.0.27/lib, is there anything else I need to do? Are there any jars I *shouldn't* copy from the resin libs, like javamail? There is not a one-to-one and onto mapping of files in the two directories.
Maybe I'm missing something here. I do have the source tar from: http://sourceforge.net/projects/openemm ... z/download
This does include a build.xml, but not an openemm_build.xml. And that file only references a subset of the libraries that I see in my actual OpenEMM 5.5.1 installation that clearly came from Resin. Nor do I see any targets in this build.xml that would actually allow me to build a deployment that matches the contents of OpenEMM-5.5.1-bin.tar.gz. This was never a problem for me, since the build.xml does allow me to compile all the code and then copy individual files to our installation as needed for patches. But it does seem to prevent me from using this build.xml to determine which set of libraries should be updated here.
It looks to me like I should delete everything but the mysql connector and copy over everything except javamail and activation.
This does include a build.xml, but not an openemm_build.xml. And that file only references a subset of the libraries that I see in my actual OpenEMM 5.5.1 installation that clearly came from Resin. Nor do I see any targets in this build.xml that would actually allow me to build a deployment that matches the contents of OpenEMM-5.5.1-bin.tar.gz. This was never a problem for me, since the build.xml does allow me to compile all the code and then copy individual files to our installation as needed for patches. But it does seem to prevent me from using this build.xml to determine which set of libraries should be updated here.
It looks to me like I should delete everything but the mysql connector and copy over everything except javamail and activation.