OpenEMM Technical Support Forum

The purpose of these forums is to get and give free technical support for OpenEMM. Spammers and their posts will be removed without prior warning.
https://iframe.agnitas.de/

Resin is out of date

https://iframe.agnitas.de/viewtopic.php?t=1251

Page 1 of 1

Resin is out of date

Posted: Tue Sep 15, 2009 5:37 pm
by calicojack
We just had a PCI scan and the version of Resin that OpenEMM uses is officially out of date and (apparently) susceptible to a lot of exploits. Since OpenEMM runs as a singular package, is there a way that I can update just Resin?

Thanks!

Posted: Tue Oct 06, 2009 9:53 am
by maschoff
OpenEMM does not run with Resin 3.1, however, you can replace the Resin files in the OpenEMM package by the latest 3.0 version.

Posted: Wed May 26, 2010 8:21 pm
by emmulator
We have started to experience an obscure resin bug that was apparently fixed in version 3.0.14 http://bugs.caucho.com/view.php?id=419

So we would like to update the resin bundled with our OpenEMM 5.5.1 installation to the latest 3.0.27, and I just want to be sure of the process. If I delete all the jars in openemm/lib other than the mysql connector, and then copy in all the jars from resin-3.0.27/lib, is there anything else I need to do? Are there any jars I *shouldn't* copy from the resin libs, like javamail? There is not a one-to-one and onto mapping of files in the two directories.

Posted: Wed May 26, 2010 9:01 pm
by maschoff
Best would be to have a look at the Ant build script openemm_build.xml in the source code tarball of OpenEMM to see which files should be copied in which directories.

Posted: Wed May 26, 2010 10:00 pm
by emmulator
Maybe I'm missing something here. I do have the source tar from: http://sourceforge.net/projects/openemm ... z/download

This does include a build.xml, but not an openemm_build.xml. And that file only references a subset of the libraries that I see in my actual OpenEMM 5.5.1 installation that clearly came from Resin. Nor do I see any targets in this build.xml that would actually allow me to build a deployment that matches the contents of OpenEMM-5.5.1-bin.tar.gz. This was never a problem for me, since the build.xml does allow me to compile all the code and then copy individual files to our installation as needed for patches. But it does seem to prevent me from using this build.xml to determine which set of libraries should be updated here.

It looks to me like I should delete everything but the mysql connector and copy over everything except javamail and activation.

Posted: Thu May 27, 2010 6:48 am
by maschoff
You need to look at the 6.0 or 6.0.1 source tarball. The older versions of OpenEMM do not include the build script.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited