Skip to end of metadata
Go to start of metadata

Java 6 update 19

Sun/Oracle has recently released update 19 for Java 6. Stricter security permissions for Java Webstart in this update have an effect on Servoy Smart Client deployments.

The changes made to Java 6 update 19 dictate that:

  1. If all libraries included in Java WebStart deployments (read Servoy Smart Client) are signed (and all permissions indicated in the jnlp) using a certificate issues by a trusted 3rd party, the WebStart application will launch normally
  2. If the Webstart deployment contains libraries that are signed with a self signed certificate, the user will be prompted when the WebStart application starts to trust the application. This dialog has an "Always trust" checkbox, which in theory means that this is a one-time warning
  3. If the WebStart deployment contains unsigned libraries, the user will be prompted on each consecutive start of the application wether or not to trust the application

Unfortunately though, Java 6 update 19 contains a few bugs:

  • Depending on the Java settings on the client machine, the warning dialog in scenario 2 might reappear on each consecutive start, regardless if the "Always trust" checkbox gets checked or not
  • The dialog in scenario 3 cannot be dismissed, thus stopping the user from continuing

Issues addressed to Sun/Oracle

Icon

We are working with Sun/Oracle to get the issues in Java 6 update 19 fixed for the next update

New Servoy versions available

Servoy has released new minor releases of all supported versions (3.5.x, 4.1.x and 5.1.x) to work around the shortcomings of Java 6 update 19. It is advised to upgrade to the newest release.

See the following Servoy Forum posts for more information on the new releases:

Using UNSIGNED 3rd party plugins and/or beans with the new Servoy versions, regardless the Java version used

Icon

In most deployment scenario's just upgrading to the latest version of Servoy will not be sufficient. If the Servoy Application Server contains unsigned 3rd party plugins and/or beans, additional steps are required, see JAR signing for more information. With the new versions of Servoy, these steps are required regardless the Java version used.

Servoy 3.5.12

Icon

The initial 3.5.x release with workarounds for the issues in Java 6 update 19 was 3.5.11. Unfortunately, upon release a few additional issues surfaced (see Release notes), for which 3.5.12 was released

Automatic self signing in future Servoy versions

Icon

Future versions of Servoy will most likely support the automatic signing of unsigned libraries, eliminating the manual JAR signing. (No ETA currently available).

Java 6 update 19 in combination with Servoy versions before 5.1.2, 4.1.6 and 3.5.11

If an upgrade to the latest version of Servoy is not possible, manual adjustments need to be made to the Servoy installation. See Operating Servoy versions BEFORE 5.1.2, 4.1.6 and 3.5.11 on Java 6 update 19 for more information.

Using UNSIGNED 3rd party plugins and/or beans with older Servoy versions and Java 6 update 19 (or higher)

Icon

Most deployment scenario's following the steps to correct the Servoy installation will not be sufficient. If the Servoy Application Server contains unsigned 3rd party plugins and/or beans, additional steps are required, see JAR signing for more information. When running older versions of Servoy these steps are only required when a Java 6 update 19 or higher is used by any of the Clients.

  • No labels

2 Comments

  1. Anonymous

    When you make use of the IT2BE Plug-ins and Beans for Servoy you do not have to sign the jars yourself.

    Our Components have a signature with a certificate.

    This means that your end-users will only see a dialog on first use and when they accept the certificate the dialog does not show up anymore. This is the same as with the Servoy Certificate.

  2. Anonymous

    Plugins of Servoy-Plugins.de are also signed since April 14th. Please download the latest installer from our website at http://www.servoy-plugins.de.

Write a comment…