Support Advisory: Spring Boot JDK Versions >= 9 Affect Cisco Secure Application Start-Up
This document describes the support advisory for an AppDynamics product.
Summary
Spring Boot with Java Development Kit (JDK) versions >= 9 has issues loading Java Archive (JAR) files when the Security Manager is enabled. Because Cisco Secure Application uses the Java Security Manager, the Spring Boot software issue may prevent class loading, causing application and container start-up failures. See Spring Boot Issue 17796.
Affected Software
All versions with Cisco Secure Application (Java).
Workaround
The workarounds below troubleshoot the issue and allows Cisco Secure Application to start-up and run.
- Apply the system property:
-Dsun.misc.URLClassPath.disableJarChecking=trueto the Java process. - Apply the system property:
-Dargento.no.security.manager=trueto disable the Java Security Manager.
Resolution
For versions >= 22.12, Cisco Secure Application auto-detects the scenario for the following Spring Boot versions and keeps Java Security Manager disabled:
- 2.5.0
- 2.4.0 to 2.4.6
- <= 2.3.11
Cisco AppDynamics is investigating if other versions are affected. We recommended enabling Application Performance Monitoring and Cisco Secure Application monitoring in a staging environment before setting up in a mission-critical environment.
Revision History
| Version | Date | Summary |
|---|---|---|
| Version 1 | August 15, 2024 | Initial publication of the support advisory. |