topic Re: SAS Platform GMS v8.01 - Java Vulnerability v1.6.0_11 in Administration and Deployment

SAS Platform GMS v8.01 - Java Vulnerability v1.6.0_11

sswander — Mon, 29 Jul 2019 16:24:36 GMT

We have recently deployed SAS Grid including LSF and Grid Management Services. We have found that Platform Grid Management Service v8.01 uses Java 1.6.0.11. There are several vulnerabilities in this version, and we need to update to 1.6.0.30.

I cannot seem to find any hot-fixes and last weekend we deployed SAS hotfixes vi SASHFADD 2.2.1, however this did not include a patch for this java version.

Any help would be appreciated!

Re: SAS Platform GMS v8.01 - Java Vulnerability v1.6.0_11

Mark_sas — Mon, 29 Jul 2019 17:42:36 GMT

With the latest release of SAS Grid Manager which accompanies the 9.4M6 Platform maintenance release, Grid Management Services (GMS) was not updated to support the latest version of the Load Sharing Facility (LSF - the workload management component of Platform Suite for SAS). As a result, 9.4M6 users are directed to the redesigned SAS Grid Manager for Platform module in SAS Environment Manager, rather than the old SAS Management Console plug-in which relied on GMS.

An older version of GMS still ships with 9.4M6, but it is only intended to provide compatibility with users who remain at older versions of LSF.

Re: SAS Platform GMS v8.01 - Java Vulnerability v1.6.0_11

sswander — Tue, 30 Jul 2019 13:58:51 GMT

Due to the inability to support Multi-cast, we were forced into RTM instead of SAS EM.

In our case we require SAS MC and GMS. I would presume that security vulnerabilities would still be re-mediated, no?