I've updeted Java to the newest Version 7u51.
I would attach a Screenshot (JIRA 5.1.8) but get a SecutrityException: Missing rewuired Permissions manifest attribute in main jar: ... screenshot.jar.
Has anybody the same problem? Or a solution?
From the New security requirements for RIAs in 7u51 (January 2014), you may notice that:
So basically this is what you need to do on your side in order to increase the security level required by the new version of Java. It's not a bug within JIRA, no matter which versions. This issue has only come out of Java 7u51, as stated in the software's release notes:
Usually, in order to reduce the complexity of the issue, we advise the customers to use Java 7u45. There's a workaround, though, if you would still like to use Java 7u51: by opening Java Control Panel -> Security tab and then applying either of the followings:
Other than that, you may consider applying the security requirements, and this is a good point to start with: JAR File Manifest Attributes for Security. Kindly contact Oracle for more details then.
Same here, right after updating to Java 1.7.0_51. Apparently security has been improved: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/no_redeploy.html
Is something being done about this?
Java 7u51 does not fully support Java Applet that JIRA uses for attaching screenshots. My suggestion is to uninstall it and use Java 7u45 instead, which is a stable version that fully supports Applet. You may download the installation file here. Remember not to update Java if prompted to do so by your browser or even JIRA.
Remember not to update Java if prompted to do so by your browser or even JIRA.
This advice is absolutely terrible, bordering on negligent.
I understand that Atlassian has customers who need a quick fix, but the fact is that Java is so riddled with security holes that users are best advised to upgrade to new versions immediately when they are released. This Java release fixes 36 vulnerabilities, of which 34 are remotely exploitable.
The security problems with Java Applets are so bad that it no longer matters if updates break user applications. It is now incumbent on the organizations writing Java applets to: keep them up to date; expect their apps to break with every Java update; or abandon using Java applets entirely as soon as possible.
To sum up: If users downgrade to 7u45 while they are in the process of rolling out GPOs to add sites to the exception list, that is a bad option but possibly the only one. But telling people never to upgrade is breathtakingly irresponsible, given the current state of Java security.
P.S. I'm talking about Java Applets, not the Java language
I realise that going back a version is an option but this isn't a permanent solution. On the java release notes page it states that we will be forced to upgrade on the 14th Feb. http://java.com/en/download/faq/release_changes.xmlWhen will atlassian release a fix for this?
This blog post back in September details the changes: https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias
Oracle explains how to add sites to an exception list here:
If you can push that file out via GPO, you should be set.
This issue is being tracked as JRA-35476. The fix will be released in Jira 6.1.7 and we have made the updated applet avaliable for customers who need a solution in the interum. Instrunctions on how to download and install this updated applet can be found in the description of JRA-35476.
For OnDemand customers the fix will be released in the next OnDemand update.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot