[NEURE-276] Security Warning running Express on java 7 update 21 Created: 17/Apr/2013  Updated: 02/Jan/2014  Resolved: 04/Sep/2013

Status: Closed
Project: NEURE
Component/s: Express
Affects Version/s: None
Fix Version/s: 1.6.7

Type: Improvement Priority: Blocker
Reporter: Oleksandr Maslov Assignee: Oleksandr Maslov
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

java 7 update 21

Attachments: PNG File secwarn_mixed_code.png    

 Description   

Because of the some changes made in Java 7 Critical Security Update 21, java-plugin shows warning window (see attachment) when there is JavaScript-to-Java communication on the page.

see http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#secdialogs

Changes to Security Dialogs

As of JDK 7u21, JavaScript code that calls code within a privileged applet is treated as mixed code and warning dialogs are raised if the signed JAR files are not tagged with the Trusted-Library attribute.

For more information, see Mixing Privileged Code and Sandbox Code documentation.

The JDK 7u21 release enables users to make more informed decisions before running Rich Internet Applications (RIAs) by prompting users for permissions before an RIA is run. These permission dialogs include information on the certificate used to sign the application, the location of the application, and the level of access that the application requests. For more information, see User Acceptance of RIAs.

 Comments   
Comment by Oleksandr Maslov [ 17/Apr/2013 ]

As you would expect. Pressing "Block" button prevents running any task during current session.

Generated at Mon Dec 15 09:03:40 EET 2025 using Jira 9.12.12#9120012-sha1:9afad32836b39ea19f5a357a6aae8106be665a8f.