π Azure App Service does not run the latest Java version π’
- Contextual name: π App Service does not run the latest Java version π’
- ID:
/ce/ca/azure/app-service/latest-java-version
- Located in: π Azure App Service
Flagsβ
- π’ Impossible policy
- π’ Policy with categories
- π’ Policy with type
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY
- Policy Category:
SECURITY
RELIABILITY
PERFORMANCE
Similar Policiesβ
- Cloud Conformity
- Internal
dec-x-879aa996
Similar Internal Rulesβ
Rule | Policies | Flags |
---|---|---|
βοΈ dec-x-879aa996 | 1 |
Descriptionβ
Descriptionβ
Periodically, older versions of Java may be deprecated and no longer supported. Using a supported version of Java for app services is recommended to avoid potential unpatched vulnerabilities.
Rationaleβ
Deprecated and unsupported versions of programming and scripting languages can present vulnerabilities which may not be addressed or may not be addressable.
Impactβ
If your app is written using version-dependent features or libraries, they may not be available on more recent versions. If you wish to update, research the impact thoroughly.
Auditβ
Take note of currently supported version of Java here: https://www.oracle.com/java/technologies/java-se-support-roadmap.html
From Azure Portalβ
- Login to Azure Portal using https://portal.azure.com.
- Go to
App Services
.- Click on each App.
- Under
Settings
section, click onConfiguration
.- Click on the
General settings
pane and ensure that for aStack
ofJava
theMajor Version
andMinor Version
reflect a currently supported release, and that theJava web server version
is set to theauto-update
option.... see more
Remediationβ
Remediationβ
From Azure Portalβ
- Login to Azure Portal using https://portal.azure.com.
- Go to
App Services
.- Click on each App.
- Under
Settings
section, click onConfiguration
.- Click on the
General settings
pane and ensure that for aStack
ofJava
theMajor Version
andMinor Version
reflect a currently supported release, and that theJava web server version
is set to theauto-update
option.NOTE: No action is required if
Java version
is set toOff
, as Java is not used by your web app.From Azure CLIβ
To see the list of supported runtimes:
az webapp list-runtimes
To set a currently supported Java version for an existing app, run the following command:
az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --java-version <JAVA_VERSION> --java-container <JAVA_CONTAINER> --java-container-version <JAVA_CONTAINER_VERSION> --windows-fx-version <JAVA_RUNTIME_VERSION> --linux-fx-version <JAVA_RUNTIME_VERSION>
If creating a new application to use a currently supported version of Java, run the following commands. To create an app service plan:
... see more