Is there a newer version of Replicate that addresses these? If not, what is the recommended path to fix these vulnerabilities?
Resolution
To resolve the Issue, upgrade OpenJDK to version 17.0.13 or later or upgrade Replicate to version 2025.5.
Upgrade only Java while keeping your current Replicate version 24.11
Upgrade to a minor version (e.g., 17.0.X), not a major version, to maintain compatibility.
Important Instructions: Test the Java upgrade in a Replicate test environment first.
Create a backup before proceeding with the Java upgrade.
You should upgrade to a Java version that addresses the CVE (JAVA version 17.0.14+7), but not a major version. Alternatively, download any other relevant JRE binaries.
Backup <product dir>\jvm directory. For instance: C:\Program Files\Attunity\Replicate\jvm
Remove <product dir>\jvm directory.
Extract the JRE binaries you have downloaded to <product dir>\jvm directory and make sure <product dir>\jvm\bin\java.exe exist (usually there is a parent directory with a naming convention 'jdk-<jre version>-jre' when extracting the JRE binaries, make sure to copy all it's subdirectories and files to <product dir>\jvm) For instance, if you download the directory OpenJDK 17U-jre_x64_windows_hotspot_17.0.13_11, it has a sub-directory jdk-17.0.13+11-jre.
Copy from the backed up jvm directory the following files: <jvm backup>\conf\security\java.security <jvm backup>\conf\security\java.security.default <jvm backup>\conf\security\java.security.FIPS To Replicate's jvm directory: <product dir>\jvm\conf\security\java.security <product dir>\jvm\conf\security\java.security.default <product dir>\jvm\conf\security\java.security.FIPS
Start Replicate services.
The steps are similar for Replicate on Windows or Unix.
