New Java Security Baseline and what it means to Sametime

On April 15, 2014 Oracle has released Java 7 Update 55, with this update the security baseline was moved to Java 7 Update 55.  For Sametime users this means when they download a Java applet they will be prompted with a security dialog.  To resolve this issue Sametime users will need to upgrade to Java 7 Update 55, and Sametime Admins will need to verify that the following technote has been followed: http://www-01.ibm.com/support/docview.wss?uid=swg21654503

Since Java 7 Update 10, there have been hardcoded expiration dates set in the JRE.  These force the system to display the security dialogs when a JRE expires.  Unfortunately each new release means having to deal with this issue all over again.  Currently no known methods exist to bypass this issue with new releases of Java.  Admins can plan for this issue to reoccur on July 15, 2014 when the next expiration date is set.

With Java 7 update 45, the addition of the "Caller-Allowable-Codebase" attribute was added to the manifest.  

 

Additional Information on this issue:

Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings

Understanding the new security in Java 7 Update 11

Java 7 Update 45 Release Notes

JAR File Manifest Attributes for Security

  • Ghostprogrammer
  • I am known for being able to quickly decipher difficult problems to assist development teams in producing a solution. I have been called upon to be the Team Lead for multiple large-scale projects. I have a keen interest in learning new technologies, always ready for a new challenge.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: