Java Runtime Environment (JRE) removal enhances security

April 1, 2021

ITS took another critical step to actively reduce vulnerable software that puts the University at increased risk for potential cyber-attacks.

We recently completed a project to remove Java Runtime Environment (JRE) software from Windows devices that do not require it. As of March 2021, over 8,200 devices had JRE successfully removed, and the process continues.

This coordinated effort involved working with application owners to identify JRE-dependent applications, tools, and individuals who required any of these to perform their job. For the latter, we created exceptions to retain JRE. The team has already sunset or replaced several applications during the process. We have plans to do the same for other applications, where these efforts are not already in progress.

Additionally, we contacted distributed technology leaders in key partner areas, recommending that they also take immediate action to remove JRE from devices not centrally-managed by ITS.

ITS will continue to identify and reduce vulnerable software and work with distributed partners to reduce the risk across the University.

For more information, review JRE Requirements & Best Practices.


One IT at YaleService Quality