March 3, 2014TC-14003


  * * *
View our videos on YouTube
Find us on Google+ View our profile on LinkedIn Follow us on Twitter Like us on Facebook 

Join Our Mailing List




BASIS International Ltd. announces an urgent situation with Oracle's Java 1.7 time-critical Web Start security changes. Most organizations that deploy applications via the BBj® Jetty Application Server using Oracle's Java 1.7 Web Start must take action by March 25, 2014 to prevent Oracle's security refinements from blocking their applications on the client.


Oracle released Java 1.7 in July 2011. BASIS' subsequent versions between BBj 12.00 and BBj 13.02, that support Java 1.7, included self-signed jars. Oracle no longer supports this Web Start security model after Java 1.7u21 and customers who upgrade beyond Java 1.7u21 cannot run Web Start applications without relaxing the clients' Java security settings. This is not the optimal solution.


BASIS began including an example security certificate in BBj 13.03 in response to Oracle's security changes in Java 1.7u40. Oracle again changed the security model in Java 1.7u51 and Web Start will block applications using this security certificate after it expires March 25, 2014. In response to Oracle's changing security model, BASIS plans to release BBj 13.13 on March 17, 2014 to allow customers enough time to test and upgrade their site to keep Web Start from blocking applications.
Read on for
recommendedRecommended Action by March 25, 2014

Following this decision path, BASIS suggests upgrading to BBj 13.13 on March 17, 2014.

    Click here to view a larger version of this decision path 


Full Solution

Upgrade to version 13.13  of BBj scheduled for release on March 17, 2014, which provides the optimal solution for this issue.


specificsWeb Start Security Specifics in JVM 1.7

Refer to the following table to help manage your deployments of Web Start clients as Oracle increases the security restrictions on such deployments. Web Start blocking occurs as follows:


     Blocks After  Version(s) Blocked 
     December 10, 2013 BBj 12.00 through 13.02 with JVM > 1.7u21 
     March 25, 2014 BBj 13.03 through 13.11  
     June 30, 2015    BBj 13.12  
     Non-blocking BBj 13.13 


alternativesAlternative Solutions

BASIS provides the following alternative solutions if upgrading to 13.13 is not feasible:  


Interim Solution*

If you are unable to upgrade, installing a newer example certificate will allow you to run your applications through June 30, 2015.


Emergency Solution*

If you are unable to upgrade and choose not to install a newer example certificate, you can run your applications by choosing to adjust your Java security settings to be less secure.


* Before deciding not to upgrade and choosing one of these alternate solutions, read more about these options in the Knowledge Base article Web Start "Application Blocked" - Solutions.
More Information
Subscribe to the bbj-developer or barista-list forums for the latest news.

BBj® is a registered trademark.