In Websphere Meetings
Java 7u45 – Changes were made to client applets to address the recent security changes/additions made by Oracle in Java 7 Update 45. Specifically the addition of the “Caller-Allowable-Codebase” manifest attribute and the increase of the “Java Security Baseline” to Java 7 Update 45.
More details can be found here:
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html https://blogs.oracle.com/java-platform-group/entry/updated_security_baseline_7u45_impacts
FireFox 26 – Changes were made to the Java detection code in the Sametime web app to address new security changes being introduced in FireFox 26.
Java Detection – Changes were made to increase the “timeout” value of the Java detection code in the Sametime web app to address slow Java VM load times introduced as a result of recent security additions by Oracle. Specifically the enabling by default of online Certificate Revocation List checking in Java 7 Update 25. More details can be found here:
Resolving the problem
Note that earlier versions of Java are not aware of the new Caller-Allowable-Codebase attribute. Therefore when those versions are set to High security (the default) they will block these applets from running. Users must upgrade to Java 7 update 45 or lower their security if they run into this issue.
Sametime 8.5.2 IFR1 server fix
Sametime 8.5.1 / 22.214.171.124 server fix
Sametime 8.0.2 server fix
Sametime 8.0.1 server fix
This fix should be installed by following the same documented instructions that apply to installing the 8.5.2 IFR1 hotfix:
Frequently asked questions:
Q: What is the STComm.jar file? Why don’t I see it on my server?
A: This JAR file is only included in the Sametime SDK. It is not deployed to a Sametime server by default. The toolkit, and this file, are typically used only by customers running Lotus Quickr or those application developers that have built their own Sametime components by using the SDK. This file is only used in Sametime 8.0.x.
Q: I see two stlinks.jar files on my server? Why is that, and which do I replace?
A: Sametime provides two stlinks.jar files, one unsigned (in \stlinks), and one signed (in stlinks\signed). Only the signed stlinks.jar file is included in the fixes. It is recommended to use the signed applet. Therefore you will need to copy the stlinks.jar file from the stlinks\signed directory to the stlinks directory.
If you use stlinks with iNotes then you will also need to replace the existing stlinks.jar file on all iNotes servers with this new one.
Q: Will my users see a prompt stating “The application will run with unrestricted access which may put your computer and personal information at risk. Run this application only if you trust the publisher.”
A: This prompt is a one-time confirmation, which is not an indication of any problem. Users must accept this prompt to trust the applet signer (International Business Machines Corporation). This is a property common of any signed applet and not something that IBM can prevent. The prompt is as shown in the following screen capture: