Hello,

I’m in the unfortunate position of trying to keep a very old CE edition of Kaltura running. I think it is version 5 (Falcon)… well before the rpm days and something that is apparently un-upgradeable and very difficult if not impossible to migrate into a current release. For now, I have to try and keep it running. Mostly it’s fine. Recently though, a scan by a vulnerability scanner we started to use is reporting issues with the Java version. The scanner reports

Path : /usr/java/jre1.7.0_25/
Installed version : 1.7.0_25
Fixed version : 1.5.0_65 / 1.6.0_75 / 1.7.0_55 / 1.8.0_5

The server itself says

java -version

java version “1.6.0_41”
OpenJDK Runtime Environment (IcedTea6 1.13.13) (rhel-1.13.13.1.el6_8-x86_64)
OpenJDK 64-Bit Server VM (build 23.41-b41, mixed mode)

which java

/usr/bin/java

…and tracing past the symbolic links reveals this actual path
/usr/bin/java -> /etc/alternatives/java
/etc/alternatives/java -> /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java

According to what I am reading, OpenJava 1.6 may in fact be the same as OracleJava 1.7. I’m also reading that upgrades for Java <= 1.8 can only be had from Oracle via an extended service contract.

So, any suggestion for how I might update Java on this CentOS 6.x server? Would it actually stop Kaltura from working if I just removed Java altogether? Is it actually used by Kaltura, or is it just there as a means to possible API’s for custom work?

I appreciate any wisdom!

v