Java security problems and their impact on our products

Folks,

In the last few month it became apparent that Oracle’s Java has become a prime target for hackers. Real operational exploits now exist in the wild and even the US goverment took notice of this problem. Our impression is that Oracle is quickly patching these exploits, however, users running older versions of Java or un-patched Java 6 and 7 releases are exposed to serious threats.
See for example: http://thenextweb.com/insider/2013/03/04/oracle-ships-emergency-java-7-update-17-to-patch-two-vulnerabilities-after-one-is-exploited-in-the-wild/

Having said that, these problems mainly affect users of Java Applet and Java WebStart technologies and for the most part should not affect users of the standalone Java runtime.

As you are well aware our products are utilizing Java extensively. Therefore I’d like to explain which components of our products are affected by these security problems.

JIS:
Java client is affected when running as a Java Applet but when running as a Java application
Xhtml client, Server and ACE (designer) are not affected

JI:
MapMaker (designer), Server components, Http and Soap gateways are not affected. The only possible risk is for customers deploying the jclient3 component packaged as a Java Applet.

So what should you do ?

If you are using the JIS Java client and running it as an Applet inside the browser, make sure your users patch the Java version on the client workstation to the latest release. See my previous post, its quite possible that this will require you to upgrade to the latest version of the JIS product as well.

Best regards,
Lior