Critical Java Security Update and Oracle Forms On February 19th Oracle released another Critical Patch Update for Java SE and strongly recommends to apply these patches as soon as possible. An exploit in the Java Runtime has been identified which allows attackers to remotely take control of a computer and run malicious code and software via the Java Runtime and Java Plugin for Internet browsers. There are 58 known vulnerabilities which attackers can use if customers are not running Java 7u15 (This later version addresses 47 of these vulnerabilities) or higher. The key vulnerabilities attackers have exploited have been rated the maximum score of 10 using the Common Vulnerability Scoring System and put Forms customers at risk. The Department of Homeland Security has recommended that organizations who must use Java to run its applications to update to Java 7u11 or higher with the recommended release being 7u15+. In light of this significant security concern, here are answers to the four most frequently asked questions: 1.) How does this affect my Forms environment? Most Forms customers are at risk because the end-users run the Forms application in their Internet browser via a Java Plug-in. This is an issue because the only platforms that are supported and certified by Oracle to run Forms applications on JRE 7 are the Forms 11.1.2.1 and Forms 11.1.1.6 Releases. Running JRE 7 with un-certified Oracle Forms server versions has been known to cause issues. Thus, it is recommended to upgrade the server architecture before updating their client desktops to use JRE 7. 2.) What are the supported Oracle Forms Releases for Java 7? When choosing to upgrade to Java 7, it is important to verify the WebLogic and Oracle Forms versions, as not all forms versions are supported to use Java 7. The Oracle WebLogic Server MUST be 10.3.6 (the latest version as of February 20, 2013), and the ONLY Oracle Forms versions supported to use Java 7 are: – 11gR1 (Oracle Forms and Reports 11.1.1.6) 3.) How to Upgrade the Oracle Forms version to meet the Java 7 requirements? This depends on the specific environment installed (e.g. if Oracle Forms is integrated with Oracle Portal or Discoverer). An overview of the upgrade paths can be found here. PITSS Consultants are prepared to support and accompany your upgrade project – please contact PITSS to analyze your situation and schedule the upgrade. 4.) What changes in the Forms Environment are required after the Upgrade to Java 7? If Java 7 is installed after the upgrade to 11gR1 or 11gR2 some changes in formsweb.cfg are required – please find the details here. Further Information Please do not hesitate to contact us if you have any further questions on this topic. Email at us.info@pitss.com or call Kelly Genovich at +1 248 740 0935 Ext 15 |
| Customers Running Unsupported Oracle Forms (10g,9i,6i,…) For any customers currently running Oracle 10g and below it is highly encouraged to upgrade the Forms source code and architecture to run on Forms 11gR2 (11.1.2.2) with Java 7u15. If you are using PITSS.CON and have questions on the upgrade process, please contact us.support@pitss.com. In addition, PITSS Consultants are prepared to support and accompany your upgrade project – please contact PITSS |
