KSE - OpenJDK - vunerability - upgrade

Hi,
Our security team is reporting a vulnerability pointing to KSE’s Azul OpenJDK:
Azul Zulu Java Multiple Vulnerabilities (2022-10-18)
All I would like to do is upgrade OpenJDK in the Katalon_Studio_Engine_Windows_64-8.2.1 directory.
Has anyone tried updating the JRE in KSE? Successful?

Many thanks,
John

Hi @john.vonplutzner ,

Can you share which version of KSE you are using? As well, which OS you are using? As mentioned here, if you are using Linux, KSE just supported OpenJDK 8 so upgrade is not possible.

@Elly_Tran If I read this sentence correctly:

upgrade OpenJDK in the Katalon_Studio_Engine_Windows_64-8.2.1 directory

The OP is asking to upgrade the embedded JRE shipped with KSE build for windows.

@john.vonplutzner I am afraid this is not possible, since you don’t have access to all source code to rebuild KSE/KRE … but let’s wait for some more thoughts from Katalon staff.

Anyway, if you run your tests on a Linux executor with KRE, then you are in control of the OS installed Java, since this flavor don’t came with an embedded runtime. As long as is a certain OpenJDK8 build, you should be fine.
If you want to control the java runtime used by KSE, you will have to do the development on a Linux machine also.

On the other side, you can change the Java version used to compile and run the tests and this can be >= 8.
KSE himself will still run on the embedded java but the tests will be executed using your desired one, see the guidance here:

1 Like