• About Java Patches
• Java patches within Ivanti Patch and Compliance Manager content
• Download, rename and place patch in the patch location
• Custom Variables Tab within the Java definitions
  • Force Mode
  • Disable Java Update
  • JRE Installation
  • Remove Old Version
  • Expiry Date of JRE

About Java Patches

Java patches are available for the Java Runtime Environment (JRE) or Java Software Development Kit (JDK).

JDK is a super-set of JRE, and contains everything that is in JRE, plus tools such as the compilers and debuggers necessary for developing applets and applications. JRE provides the libraries, the Java Virtual Machine (JVM), and other components to run applets and applications written in the Java programming language.

Java patches within Ivanti Patch and Compliance Manager content

• JREJDKv#U###_Manual   (JRE and JDK installation that requires a manual download)
• JREv#U###_Upgrade   (JRE upgrade that can be downloaded automatically)
• JREv#U###   (JRE installation that can be downloaded automatically)
• JDKvU###_Manual   (JDK installation that requires a manual download)
• JDKv#U###_Manual_Upgrade   (JDK Upgrade that requires a manual download)

Some examples:

JREJDKv7U111_Manual - Manual update for updating both JRE AND JDK Version 7 to the 111 update.

As you can see the name specifies if it is a JRE or JDK update or both.   It then says what version the patch is for, and then the patch number.

Some simply upgrade the existing installation to the newer version.  These are denoted by the word "Upgrade" in the title.

Others perform an upgrade by uninstalling the old version and installing the new version.

                                                               Example List

Download, rename and place patch in the patch location

The following website typically is the location to download Java SE JDK and JRE patches:

Java SE - Downloads | Oracle Technology Network | Oracle

The patches that end in _Manual require the following

1. The user to accept a license agreement and/or require a user to log in.
2. Download the patch.
3. Rename it as required (this is listed in the description of the patch, which you can get to by right-clicking the vulnerability, selecting properties, and going to the second tab).
   
   Example Description
   

   Java™ SE Runtime Environment 8 Update 102 (JRE 8u102)
   Java SE 8u102 includes important security fixes. Oracle strongly recommends that all Java SE 8 users upgrade to this release.
   Please download the install packages manually from http://www.oracle.com/technetwork/java/javase/downloads/index.html
   Oracle re-releases Java SE 8u102, so please rename patch file as below list, then put them in the "patch" folder.
   jre-8u102-windows-i586.exe
   jre-8u102-windows-x64.exe

4. Place it into the patch directory that will be used to deploy the patch.
5. Run "Download Updates" again to update the Downloaded status of the patch within Patch Manager.

Custom Variables Tab within the Java definitions

Within the Java definitions there is a Custom Variables tab.  A custom variable is a configurable setting used to extend the usability of the definition.

There are typically up to 5 options that can be adjusted

Force Mode

The "No" option is the default value. If the Java application or browsers are running the repair task will fail and an error will be reported and you will be prompted to close the Java application and/or browsers.

If you chose "Yes", you will proceed to install the Java update with following actions, the installation process will terminate your Java application and/or close any open browsers.

Disable Java Update

The "Yes" option is the default value. When the default value of "Yes" is selected, the Java auto-update feature is disabled. If "No" is selected, the Java auto-update feature will be enabled.

If you intend to manage Java Updates solely through Patch Manager this option should be set to "No".  The Java auto-update feature is Java periodically checking to see if there are new updates and auto-applying them itself.

JRE Installation

The patch-in-place mode implies that when a version of the JRE exists on a machine, any updates belonging to the same JRE family will be done in place, meaning, the existing JRE will be patched with changes. A JRE is installed in patch-in-place mode by default. When a JRE is installed in static mode, it will not be updated in place by later versions. A later version from the same JRE family will be installed in a separate directory. This mode ensures that vendors, who require a specific version of the JRE for their product, can be certain that the JRE will not be overwritten by a later version.

For more information: Patch-in-Place and Static JRE Installation

Remove Old Version

The "No" option is the default value. When the default value of "No" is selected, Old version Java will be skipped. If "Yes" is selected, the old version Java will be removed.  This is in case you need to have multiple versions of Java installed to maintain backward compatibility.

Expiry Date of JRE

The expiration date is calculated to end after the scheduled release of the next Critical Patch Update. After this date, Java will provide additional warnings and reminders to update to the newer version.

The "No" option is the default value. When the default value of "No" is selected, the Expiry Date for JRE feature is disabled. If "Yes" is selected, the Expiry Date for JRE feature will be enabled.