New Java update and Niagara

[dapper]

Anyone else having trouble with the new Java update and accessing Jaces via a web browser?.
I've tried both Firefox and Chrome with no luck

[Igotworms]

What is the version of the update? I hada java issue yesterday. All I did was clear the cache it worked after that. I think the version on the computer on site was java 6 update 27 or something around that.

[klrogers]

Using Java 7 update 11, works ok but security is set to high, so I have to confirm allow java to run on every page change.

Kevin

[hvac69]

Using Java 7 update 11, works ok but security is set to high, so I have to confirm allow java to run on every page change.

Kevin

The same. Changed setting to allow the specific app to run without need to notify.

[dapper]

I have Java 7 update 11. When I login to a site I get a popup that says I need a Java. plug-in etc. I click on 'install' Java plug-in and it just sends me to Oracle Java 7 update 11 page.
Firefox and Chrome are the same.

[klrogers]

I have Java 7 update 11. When I login to a site I get a popup that says I need a Java. plug-in etc. I click on 'install' Java plug-in and it just sends me to Oracle Java 7 update 11 page.
Firefox and Chrome are the same.

I have that with one computer using Chrome only, I believe that you have to totally uninstall both Java and Chrome, then re-install.

[klrogers]

Just tried updating firefox plugin and started having the same problem, ended up doing a system restore.

Kevin

[ControlY0urMind]

Wasn't sure if you guys have seen this or not.......

Per Tridium,

Java 7 Security Tech Tip Available

Download and Install Java 7 Update 11 recommended

Problem:
On Monday, January 14, Oracle issued a Security Alert for CE-2013-0422. This is a response to a US-CERT Alert reporting a vulnerability that affects Java running in web browsers. Details about the Security Alert can be found at this link: http://www.oracle.com/technetwork/to...2-1896849.html

Oracle has issued Java 7 Update 11 to address this vulnerability. VYKON strongly recommends customers using Java 7 Update 10 or earlier download and install the patch immediately. The patch can be downloaded from Oracle at this link: http://www.oracle.com/technetwork/ja...ads/index.html
This security alert only affects customers who are using Java 7, including Java Platform Standard Edition 7 (Java SE 7), Java SE Development Kit (JDK 7), and Java SE Runtime Environment (JRE 7), in all versions through Java 7 Update 10. The affected Java VM is not included in any products currently offered by Tridium.

Tridium has issued a Tech Tip on Niagara Central that includes this information: http://www.niagara-central.com/ord?p...528Java_7%2529.

Solution:

Do I need to disable Java?
While using Java to access Niagara systems is safe, accessing unknown, untrusted web sites may create risk. If Java is disabled, Niagara’s hx profiles provide a non-Java, but less featured alternative to the Java-based browser interface. VYKON recommends that customers evaluate the risk of enabling Java based on how the affected PC is used. In any case, VYKON recommends that customers download and install Java 7 Update 11. The patch can be found at this link: http://www.oracle.com/technetwork/ja...ads/index.html

Does this affect Niagara?
No, Niagara is not directly affected by this vulnerability. Niagara is indirectly affected when customers use Java in a web browser.

But I thought Niagara used Java?
There are no Niagara products which use the affected Java VM. However, connecting to Niagara in a browser does use the browser Java VM that is already installed on a client PC. That Java VM is typically installed on a PC in the factory by the manufacturer or installed and managed by the IT department responsible for the PC.

What does the update do?
Java 7 Update 11 repairs the vulnerability but also increases Java's security setting to "High" by default. With a High security setting, users will be warned prior to any unsigned applications running in order to prevent silent exploitation.

Additional Resources:

Initial Alert from US-CERT - http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Vulnerability Note - http://www.kb.cert.org/vuls/id/625617

Oracle Security Alert -http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

Java SE Downloads -http://www.oracle.com/technetwork/java/javase/downloads/index.html

[digo]

Anyone else having trouble with the new Java update and accessing Jaces via a web browser?.
I've tried both Firefox and Chrome with no luck

If you were using Java 7 update 10, and you also had a version of JavaFX installed, a new bug was introduced which causes the browser to not recognize the existence of the plugin after the update to Java 7 update 11.
http://bugs.sun.com/bugdatabase/view...bug_id=8005410

Removing JavaFX from add/remove programs fixes the problem. If you require JavaFX for something else, you can add the missing registry fix as per this KB article:
http://kb.mozillazine.org/Java#Add_b...g_registry_key

[dapper]

Thanks digo. I just discovered that myself and it solved most of the problem. Firefox still blocks the plugin but gives me an option to allow it.

[digo]

Thanks digo. I just discovered that myself and it solved most of the problem. Firefox still blocks the plugin but gives me an option to allow it.

https://blog.mozilla.org/security/

"Mozilla is extending Click to Play for Java 7u11 due to reports of exploit code available for 7u11 and information that all elements of the original Java bug have not been fully addressed by Oracle in the 7u11 patch."

[rmorningstar]

If you encounter the Plugin poping up, look at the top address bar and see if a red "block" icon has appeared...if so, click on it and then click on "Activate all Plugins" then select "Always Activate Plugins for this Site".

[CountryBumpkin]

Using Java 7 update 11, works ok but security is set to high, so I have to confirm allow java to run on every page change.

Kevin

This can be fixed if you are using Firefox. Type about:config in your address bar scroll down to exceptions.blocklist.enabled and double click it to disable it.