Where does the community stand on the latest Java 7 Vuln? I’m still trying to get my arms around it, but it appears to have serious consequences for systems running Ignition, both from the server and desktop interfaces. Is IA preparing a statement or some guidance regarding these issues?
I hate replying to my own post, but I wanted to add that I noticed the Firefox browser this morning is disabling the Java 7 plug-in by default right now. This sort of behavior will certainly elicit some phone calls from clients wanting us to explain if it’s safe to re-enable.
Wanting to be prepared with a statement on how it impacts them…
We sent out a mass notice about this to all customers on Friday, and we’re sending out another today. Upgrading to Java 7u11 is highly recommended (vulnerability has been fixed).
Short version: Upgrade to 7u11 and set the Java security settings to high, like so:
(Or “Very High” if you want: doesn’t make a difference as far as Ignition’s compatibility is concerned)
Carl,
Thanks. I’ll look for the notice to come through my inbox.
Articles like this one… https://www.networkworld.com/community/blog/oracle-releases-emergency-java-patch-experts-warn-flaws-may-take-2-years-fix certainly don’t help things either!
No, the certainly don’t. We’re monitoring this issue. Of course, our stuff is signed, so the high or very high security setting should nicely protect you while allowing our programs to run.