- This is a bulletin to advise customers who are using client JRE 7.x versions 7u25 and older. Due to recent changes in the Java Security Model, certain features in applets that make use of the LiveConnect feature will now cease to function.
- Please note that customers running JRE 6 version are not affected.
- Oracle has introduced a Security Baseline concept by which the JRE would automatically check for latest versions to make sure it is running the most recent secure JRE version.
- Specifically, our applets will now silently fail for users running a JRE 7 version that is not on the latest JRE 7 update: 7u45. It is required that the JRE 7 version is updated to 7u45 in order for communication between the LMS application and SCORM content to take place. Customers running JRE 7 versions older than 7u45 would see issues while running our applets – for example, a user may be able to take a course, but the completion may not be recorded.
- For systems that are not connected to the Internet, the JRE includes a hardcoded expiry date for the Security Baseline. So now that 7u45 has been released, and since it contains critical security fixes, the JRE Security Baseline has been increased to 7u45. Therefore, for customers on older versions of the JRE 7 (like 7u25, which was released in July), this expiry date has now hit and will now begin failing.
Customers using JRE 7.x should upgrade to the latest version of the JRE: 7u45. Please note that when upgrading the JRE to 7u45, for existing LMS customers on LMS 1308p11 or prior versions, this will result in a popup message prior to loading the applet (shown below) – the system will function correctly once the popup is accepted and dismissed. As of 1308p12, metadata changes will be applied to our applet and users will not see the pop ups.
When clicking to launch the content object, click “Allow”:
A second Pop-Up will appear; click “Continue”
- On the LMS admin screen, navigate to System Admin >Configuration> System Configuration> LMS_ADMIN (click edit icon).
How can I check what version of JRE I am running?
- Please visit http://www.java.com and click on “Do I have Java”?
How do I update to the latest JRE version?
You can upgrade to the latest JRE version by visiting: http://www.java.com and clicking on “Download”
(Please note that any issues upgrading the JRE should be directed to your internal IT department.)
Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings
- By costlow on Oct 16, 2013
- This issue only affects Applets and Web Start applications. It does not affect other types of Java applications.
7u45 Caller-Allowable-Codebase and Trusted-Library
By costlow on Oct 18, 2013
KBA , LOD-SF-LMS , SuccessFactors Learning , Problem