Collector JRE 1.7 support End-of-Life announcement
As of March 16, 2020, Rapid7 has started the End-of-Life (EOL) process for collectors running on JRE 1.7. This process will conclude on June 16, 2020, after which Rapid7 will no longer officially support collectors running on JRE 1.7.
In October 2019, we began the process of upgrading all collectors in our customer environments to JRE 1.8. JRE 1.7 is no longer supported and has known vulnerabilities. In order to address this issue, we automatically upgraded all collectors in our customer’s environments to JRE 1.8, which required no action from you.
For collectors that were unable to be upgraded and still running JRE version 1.7, you will need to download and install a new collector to replace them. New collectors downloaded from InsightIDR have already have JRE 1.8 installed. Learn how to install a collector.
After you successfully install and activate a new collector, you can copy all the event sources configured from the old collector to the new collector. You will need to re-enter the credentials for any event sources that need them.
Frequently Asked Questions
What permissions do I need to ensure successful automatic upgrades in the future?
The account that the collector service runs on needs to have permissions necessary to create a file, execute the Collector Component Upgrader, and stop and start the Collector service. Without the ability to take these actions, the upgrade attempts will always fail.
In some cases, you may have configured the permissions for the account that the collector service runs as in a way that prevents:
- The creation of new files and folders within the Collector parent folder - The Collector Component Upgrader plug-in needs to download a ZIP file, which contains the upgrader executable, from S3, and unzip it to a subfolder called
collector_component_upgrader, in the following locations:
C:/Program Files/Rapid7/on Windows systems and
/opt/rapid7/on Linux systems.
- The execution of the Collector Component Upgrader executable - The owner of the parent folder, and the files within it, determines the user that the collector runs as. The executable performs the upgrade operations, and if it cannot be executed by the user the collector runs as, it will not be possible to upgrade it.
- The stopping and starting of the Collector service - During the upgrade process, the executable must stop the Collector service. After the collector has been successfully upgraded, the executable must be able to start the service.
Without the ability to successfully create a file, execute the Collector Component Upgrader, and stop and start the Collector service, the upgrade attempts will always fail.
What firewall rules do I need to ensure successful automatic upgrades in the future?
In order to download the Collector Component Upgrader plug-in ZIP, the collector host must able to reach the Rapid7 platform for your region.
Your region-host may be one of the following:
- Japan region customers (AP) – https://ap.storage.endpoint.ingress.rapid7.com
- Australia region customers (AU) – https://au.storage.endpoint.ingress.rapid7.com
- Canada region customers (CA) – https://ca.storage.endpoint.ingress.rapid7.com
- Europe region customers (EU) – https://eu.storage.endpoint.ingress.rapid7.com
- US region customers (US) – https://us.storage.endpoint.ingress.rapid7.com
If your collector fails to connect to the designated region host, make sure that your firewall rules are configured to allow connectivity to the host.