The latest Java package contains a critical memory leak that can cause the DCO server to run out of memory and shut down, typically within a few days.   https://bugs.openjdk.java.net/browse/JDK-8164293  

DCO 8.x installations or upgrades performed after June 26, 2017 (Java 1.8.0_144 release date) may be affected.   

A DCO server can shut down within a few days as it runs out of memory if the Java package Java 1.8.0_144 is installed. If the server is running fine, it is unlikely to have this Java package. Only the Java 1.8.0_144 version is affected.  

This issue will be fixed when Java 1.8.0_152 is released as a CentOS package, expected in Oct 2017. For more information, see   http://openjdk.java.net/projects/jdk8u/releases/8u152.html

Workarounds

There are some workarounds for this issue:

For clean installs

Put the server in offline mode by turning interfaces off in Network & Host Name settings.


        

For upgrades

Select offline mode before upgrading.

For DCO servers already in this situation

If the DCO server is already in this situation, perform the following steps.

If the server is offline

Run this command to check the Java version:

java -version

If the server is online

  1. SSH login to the server.
    Verify that it has the issue.
    Run the command: 
    yum list installed java-1.8.0-openjdk* 
    Check that the versions start with: ‘1:1.8.0.144’, ex: ‘1:1.8.0.144-0.b01.el7_4’

    If the server is offline, run this command to check the Java version:
    java -version
  2. Run the following single command:    
    yum downgrade java-1.8.0-openjdk java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el7_4.x86_64 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el7_4.x86_64
     Verify that the package has successfully been downgraded.

  3. Run the command:
    yum list installed java-1.8.0-openjdk* 
     Check that the versions start with: ‘1:1.8.0.141’, ex: ‘1:1.8.0.141-2.b16.el7_4’

  4. Reboot the server.
     
Skip to end of metadata
Go to start of metadata
  • No labels

8 Comments

  1. The command to check java version does not seem to work, at least without internet connection to DCO.

    Perhaps use java -version instead, or other command?

    It will show the OpenJDK runtime version.

    yum list installed java-1.8.0-openjdk* 

     

     
    1. Hi Christopherus Laurentius,

      You have a non-affected version of the Java package on the DCO-server, so you do not need to do anything (smile).

      Concerning the use of the yum console command: you have configured online repositories for CentOS-7 on your DCO-server, so you need an Internet connection for the above actions.

      Therefore, if your DCO-server is isolated from the Internet, you can use the standard rpm console command for the above actions. For example, to find out which openjdk-packages are installed on your DCO-server, do the following:

      rpm -qa java-*

      If an affected version 1.8.0.144 of the Java package is installed on your DCO-server, first you need to download three rpm-files from any official CentOS Mirror site (for example, from http://mirror.besthosting.ua/7.4.1708/updates/x86_64/Packages/):

      java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.x86_64.rpm
      java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el7_4.x86_64.rpm
      java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el7_4.x86_64.rpm

      Then you need a convenient way for you to copy these three rpm-files to your DCO-server, for example, to the home directory of the user apc and run the following command (from where you copied the three above mentioned rpm-files):

      rpm -Uvh --oldpackage java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el7_4.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el7_4.x86_64.rpm

      If everything is OK (no errors), run the check command again:

      rpm -qa java-*

      Make sure that the unaffected version 1.8.0.141 of the Java package is installed and restart your DCO-server to apply the changes.

      With respect.

      1. Thanks, which is why I am commenting to get the guide to be updated to avoid any confusion.(smile)

        The screenshot was only to proof the point, that the command in the article is only working for DCO with  internet connectivity,  not to specifically check if it is affected.

         

        Regards,

        Chris

    2. Hi Chris,

      The page has been updated to include the offline command.

      Thanks!

      Jackie

  2. Are versions lower than 1.8.0_144 affected? 

    1. Hi John Benedict Tayao,

      No, they are not affected, so DCO developers recommend to downgrade to version 1.8.0.141.

      With respect.

    2. Hi John,

      The page has been updated to reiterate that only the Java 1.8.0_144 version is affected.

      Best,

      Jackie


  3. Hi team,

    Today it is already available to use Java 1.8.0_151 (not Java 1.8.0_152).

    How about compatibility with DCO-8.1? Are there any problems?

    Very thanks for the support.

RELATED COMMUNITY QUESTIONS
WAS THIS ARTICLE HELPFUL?