Java 7 update security changes
Laurent Bourgès
bourges.laurent at gmail.com
Wed Jan 15 02:01:12 PST 2014
Hi all,
FYI java 1.7.0_51 release is available since last night (GMT) so
please check your applications (applets / JNLP) using this JDK 7
update.
By default, the security level is now set to HIGH => self-signed
applications are blocked.
As a workaround (no trusted certificate available), you can tell your
users to set the security level to MEDIUM which let your applications
run once the user accepts the security warning dialogue !
> As far as I can tell this means that WebStart/JNLP applications,
> as well as applets, will stop working for users who have the latest
> java installations, until/unless the relevant jar files:
>
> a) have an appropriate "Permissions" attribute in the Manifest
> b) are signed by a trusted Certificate Authority
>
> This appears to be true even if the applications in question don't
> need to do any of the things that normally require security permissions.
>
> For JNLP deployers, (a) is easy enough to fix. (b) however may not be,
> since in general it requires that the jar file is signed with a
> certificate you have to pay for. The documentation seems to indicate
> that self-signed certificates no longer just give you a scarier
> confirmation dialogue, they stop the thing running at all.
> So if you can (i.e. if you have access to a trusted certificate),
> you should make sure that steps (a) and (b) are satisfied in your
> deployed WebStart applications. I fixed the topcat webstart links
> this morning, and JMMC have done theirs.
Cheers,
Laurent
--
Laurent Bourgès
Software engineer
(Fixed-term Contract)
+33 4 76 63 55 19
JMMC, IPAG - CNRS
France
More information about the apps
mailing list