Security Issues with Java version in Amazon Corretto
Hi,
We currently have the latest version of TeamCity (2023.11.4) and our company security software has picked up that Amazon Corretto in TeamCity is using Java version 11.0.7.10.1 which apparently has vulnerabilities and is recommending version 11.0.22.7.1 or higher.
It looks like this is part of TeamCity and we can't independently upgrade it, does anyone know how we can fix this or if it will be addressed in a later version?
Thanks
Please sign in to leave a comment.
Hi,
It appears you are seeking guidance on installing a non-bundled version of Java. If this is the case, please refer to our official document for more detailed information
TeamCity selects the Java version to run the server process as follows:
• By default, if your TeamCity installation has a bundled JRE (the `\jre` directory exists), it will be used to run the TeamCity server process. To use a different JRE, specify its path via the `TEAMCITY_JRE` environment variable.
• If there is no `\jre` directory present, TeamCity looks for the `JRE_HOME` or `JAVA_HOME` environment variable pointing to the installation directory of JRE or JVM (Java SDK) respectively. If both variables are declared, JRE will be used.