JRE upgrade in Chef Server

Hi Team,

Currently we are running on Chef Server 12.11.1 hosted in our environment. Our security team raised a flag on JRE version 1.8.0_91 which is very old and they are recommending to upgrade to 1.8.0_191 or higher. Do we require this jre folder inside /opt/opscode/embedded ? Because if another chef server where we don't have that jre folder but the chef server version is same. If yes, how can i upgrade to new version without breaking the chef server configuration.

Unfortunately we do bundle the jre runtime that is verified to work with chef-server with the product. The best way to upgrade it is to upgrade the chef-server itself. It's not recommended or supported to upgrade the java runtime by itself as we can't guarantee there aren't breaking changes between jvm versions and the current chef-server version. The bundled version has been tested and chef-server has been updated appropriately to ensure functionality of the 2 at the time of a specific version release.

Thanks for the confirmation. Just from the point of JRE upgrade to 1.8.0_191, which chef server version i have to use ? I have some old cookbooks written long back, i don't want them to complain about version unsupported after upgrading to chef.

chef server doesn't matter just the version of chef-client that is running on your servers will matter. Newer versions of chef-client would potentially require upgrades to the cookbooks they are running. Here is a link to the release notes docs between versions Chef Infra Server Release Notes

Hi,
Can we still not do jre upgrade without chef upgrade? We are using chef version 12.17.33 and java 1.8.0_162. We have discovered few vulnerabilities in our environment but we cant upgrade chef as this is the last chef version which is compatible with our vRA 8 environment. Please advise and if there is any chef document for this please share the link.
Thanks in advance!

| Kritika0210
May 13 |

  • | - |

Hi,
Can we still not do jre upgrade without chef upgrade? We are using chef version 12.17.33 and java 1.8.0_162. We have discovered few vulnerabilities in our environment but we cant upgrade chef as this is the last chef version which is compatible with our vRA 8 environment. Please advise and if there is any chef document for this please share the link.
Thanks in advance!

Why would you want to? Even if your base OS is so old as to only be compatible with JDK 8, Chef is modular enough to migrate to a new OS and newer, more supportable and secure JDK easily.

We cant upgrade the chef as this is the last compatible version of chef for our VMware vRA environment. So I am looking for a solution if we can upgrade JRE only.