Installing Java 11 on TC Agent

Hi

I have Jre8.0.341 on 3 TC agents.

I want to upgrade it to version 11. I am new in this area so I really appreciate if you you help me to  correct direction.

I need to know what is the version 11. Is there any Jre11? Where can I download it? Any URL? My server is 64bit.

I upgraded teamcity to 2023.05.4 yesterday. So is there anything, I should be aware before installing version 11 of JRe?

Thank you very much

Kati

 

0
11 comments

Hi Kati,

TeamCity Agent is a standalone Java application. It requires a Java SE JRE installation to run. Currently, supported Java versions: OpenJDK and Oracle Java 8-17. We recommend using the latest available version of JDK. For more information, plesae refer to Supported Platforms and Environments.
Please find the download links:
Java SE 11
Java 17 Downloads

You can follow this article on Java Installation, where you find information on how to install and configure Java properly.

Best Regards,
Tom

0

Thank you very much

1

Hi Tom

On most of our TC agents the java was unbundled.

However, on Teamcity app serve , there is bundled JRE.

If I install Java on server and just copy the files to jre folder under teamcity

does it make any problem?

For agents , when I installed the Java11, the main folder was under c:\program files and in Teamcity, I could see the JAVA_HOME and JAVA_JRE is pointed to c:/\program files.

On agents, there was no JRE folder at all.

Thank you

Kati

0
Hi Kati,

If the directory \jre is not present, TeamCity searches for the JRE_HOME or JAVA_HOME environment variable, indicating the installation directory of JRE or JVM (Java SDK). In case both variables are declared, JRE will be utilized. Therefore, simply adding the JAVA_HOME environment variable, pointing to the Java SDK installation directory, should resolve the issue.
0

Thank you very much

0

Hi Tom

Yesterday, I received an email from our infrastructure team as 

"A new critical security vulnerability, identified in January 2024, has been discovered in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass the authentication checks and gain administrative control of the TeamCity server.

This critical security vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2024-23917."

 

I can't find such a plugin in your website and I can't see any new security vulnerability news from Jan for version 2023.05.4 .

Am I missing something? Does this plugin exists for Teamcity on-premises?

By the way, our license for upgrade expired. If the plugin exists, can I just add the plugin or we have to renew our licesence first?

Thank you very much

Kati

0

Hi Kati,

A fix for this vulnerability has been introduced in version 2023.11.3. We have also released a security patch plugin so that customers who are unable to upgrade to this version can still patch their environment.
To mitigate this new critical vulnerability, we strongly recommend performing one of the following actions as soon as possible:

• Update your TeamCity server to 2023.11.3.
This version includes a patch for the vulnerability described above. To update, go to https://www.jetbrains.com/teamcity/download/other.html and download version 2023.11.3.
Alternatively, you can perform an automatic update in TeamCity.
• Install the security patch plugin.
The security patch plugin can be downloaded using one of the links below and installed on TeamCity 2017.1+. It will patch the specific RCE vulnerability described above. Starting from TeamCity 2018.2, the plugin can be enabled without restarting the TeamCity server. For versions older than 2018.2, a server restart is required after the installation of the plugin.

Security patch plugin: TeamCity 2018.2+  | TeamCity 2017.1, 2017.2, and 2018.1

Important: The security patch plugin will only patch the vulnerability described above. We always recommend upgrading your server to the latest version to benefit from many other security updates.

If your server is publicly accessible over the internet, and you are unable to perform one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed.
If you have any questions, please contact us.

0

Hi Tom

 

Thank you for the link for Plugin.

I have another question.

Our license for maintenance has already expired. I received a txt file as new license.

Last year, I had a license detail per agent but this time, it is a txt file with a long alphabetic code. If I just copy that line to  the box for license, will be ok? we have over 20 agents. I expected to receive 20 separate licenses.

Sorry to ask these silly questions but I am very new to these area and I have nobody else to ask.

Thank you very much for your help

Kati

0

Hi Kait,

Thank you for reaching out. Feel free to ask any questions; we're here to help.
For detailed information on our license policy, please consult our official document: License Policy.
If you require professional assistance regarding license-related issues, please get in touch with our Sales team through the following link: Contact Sales or send an email to sales@jetbrains.com.

0

Hi Tom

I updated the SSL certificate for Teamcity on Teamcity server and followed this instruction

Adding trusted certificates to TeamCity server

The trusted certificate storage is global for the whole server and affects all server projects.

To add a trusted certificate:

Go to Administration | Projects and click <Root project> in the project tree.

In the Root project's settings, open the SSL/HTTPS Certificates tab.

Click Upload certificate, specify the certificate name and choose a certificate file of one of the supported formats: PEM, DER or PKCS#7.

Save your changes.

But the browser still shows the old certificate.

Would you please tell me if I am missing something? Is there any config file to be updated?

Thank you

Kati

0

Hi,
The certificates that are added to Administration | Projects | SSL/HTTPS Certificates are for connections that the TeamCity server itself will use for outgoing connections. They are also shared with the TeamCity agents, so it is a good idea to place your new certificate here so that your agents will automatically receive and trust it.

In order to update the SSL certificate for your TeamCity server, you will need to determine where the HTTPS termination is taking place. If you have a reverse-proxy in front of your TeamCity server, you most likely need to update the certificate there. If there is no reverse-proxy in front of your TeamCity server, the HTTPS termination may be handled by the bundled Tomcat.

In the case of Tomcat handling the HTTPS termination, it can be configured in two different ways. Beginning with TeamCity 2022.10, it is possible to set up the HTTPS certificate through the TeamCity Web UI (Easy HTTPS Access Setup in TeamCity). However, on older releases and newer releases, it is possible to configure HTTPS within the Tomcat server.xml located at: <teamcity home directory>/conf/server.xml.

A connector node for HTTPS in the server.xml file would define the certificate location and should look something like:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/keystore.jks"
                     type="RSA" />
    </SSLHostConfig>
</Connector>
0

Please sign in to leave a comment.