JAVA Update 19 :-(

Classic Servoy
1

Hi,

After installing JAVA update 19 on the client (server still works on update 17), during smart client startup, the following screen occurs and it hangs:

[attachment=0]java update 19.JPG[/attachment]

Yes/No buttons do not work.

I cleaned both JAVA cache and .servoy directory.

Anyone knows how to solve this?

Martin

java update 19.JPG
java update 19.JPG515×258 25.2 KB

2

Hi Martin,

we have problems with v19 as well.
Have to find out what the problem is, seems to be 1 or more plugins.

Meanwhile I’ve sent a warning out to all our clients NOT to update… :-(

3

Hi Marc,

I’m glad that you confirmed that you have problems as well.
I also send a message to all my customers not to update.

Now we can only wait until there is a solution (from JAVA or from Servoy)

Martin

4

This is what I noticed:

It looks like this is a security (possibly signing) issue when loading components.

  1. At first I saw an error reported on one of our Beans.
  2. When I removed all our beans the error was reported on the ‘swingbeans.jar’.
  3. After removing ‘swingbeans.jar’ (not a Servoy library as far as I know) the security warning popped up as reported by Martin and I could also not remove the dialog anymore.
  4. After removing all our plugins from the plugins folder the error dialog popped up again.

It looks like Java is going to be very strict (and beyond) about signing beans if I am correct.
Strange event though is that when loading a non-secure Bean (in Java eyes) is loaded JWS reports nicely.
When a plugin is loaded JWS freezes.

The above makes it hard to analyze what really goes on.
Is it the absence of a signature (could be the case for some beans/plugins) or the fact that the signature differs from that of Servoy (some of the plugins are signed with our own signature) or is this something else.

Edit: ook de demo site van Servoy geeft een foutmelding (zie punt 2) als een smart client opgestart wordt…

5

Found the below here: http://java.sun.com/javase/6/webnotes/6u19.html

Ensuring Application and Applet Security when Mixing Signed and Unsigned Code
Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of this release, when mixed code is detected in a program, a warning dialog is raised. Mixing Signed and Unsigned Code explains this warning dialog and options that the user, system administrator, developer, and deployer have to manage it.

So, basically this is ok but…

  • for beans there is no dialog!
  • for plugins the dialog freezes!

Nice stuff…

6

We have the same issues!!
All customers that have updated there java to this version, could not log in anymore into our Servoy solution.
First we thought it had something todo with the calendarbean of IT2BE, but even the standard demo solution of Servoy itself at: demo.servoy.com does not work!! :-(

I hope Servoy could take a look at this. (also for Servoy 3.5?)

7

This is being looked into as I write. will post updates here when more information is available.

Paul

8

The problem seems 2 fold:
-First a problem downloading the swingbeans.jar from the server (some get a download error now even before the security dialog)
Workarround: Removed swingbeans.jar from the server.

-Second the dialog that SUN that shows to enduser has a problem in with modality
Workarround: Go to the enduser JavaControl panel and in the advanced tab under security > mixed code > disable the verification.
See also: http://java.sun.com/javase/6/docs/techn … usted_only

9

JOhan,

we have it also, on the beans of IT2BE (calendar in this case)
we can’t remove those, because than our solution is not working anymore…

10

Remove of swingbeans.jar is possible on the server since this is just a list of available java swing beans, only used by servoy developer.

11

In addition to what Johan already said in the previous post:

Sun/Oracle has pushed a change into update 19 of Java 6 that, in our opinion should have been reserved for a major update (Java 7).

The change in update 19 doesn’t take into account scenario’s Java WebStart scenario’s like Servoy’s (and many, many other software vendors that use Java WebStart) that use libraries, both signed and unsigned and that can be extended with additional libraries of 3rd parties (beans, plugins etc).

This change has broken many Java WebStart implementations, including ours.

The workarounds for now are:

  • Removal of the /application_server/beans/swingbeans.jar
  • Make sure your customers do not upgrade to Java 6 update 19
  • If your customer(s) have already upgraded to Java 6 update 19, the best option would be to downgrade or activate a previous version on Java on their client machines.
  • If they have upgraded and cannot downgrade, they can disable “verification” under Advanced tab > security > “mixed mode” in the Java Control Panel on the client machine(s) , see:
    Mixing Signed and Unsigned Code.

Our effort will continue to provide you with a structural solution asap.

Paul

12

pbakker:

This might work for ‘beanless’ solutions. (‘beanless’ in terms of no 3rd party beans)
But after removing the ‘swingbeans.jar’ it’s still impossible to startup as we use the ‘calendar bean’ + more.

pbakker:
Our effort will continue to provide you with a structural solution asap.

I trust Servoy in finding a great solution!(as always) :)

For ‘new-to-java’ customers: they can not downgrade, but the can download a previous stable version (17) from: https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u17-oth-JPR@CDS-CDS_Developer

13

We only have IT2be’s Outlook plugin running… is that a problem?

THX
Stef

14

Stef:
We only have IT2be’s Outlook plugin running… is that a problem?

Hold it here…
Before we get the blame for this, it is this version of Java that does not work as advertised!

As far as I have seen there are more libraries that can cause issues since they are either unsigned or signed with a different signature.

15

Marcel, I don’t blame you at all!

Just tested, Outlook plugin is still working!

THX!

16

Affected by the same or similar issue on two XP PCs running update 19, but shown in the Java control panel as 17. I realise this may be another problem, but it seems linked to the Java update issue.

These two PCs have been running Servoy successfully since first installation around autumn 2008. Their Java was updated yesterday to 19. This morning, neither PC would start the Servoy application, yet five other PCs which had not updated Java are OK.

I have removed swingbeans.jar and have followed instructions re mixed code (not mode).

I have followed the advice in this thread to remove swingbeans.jar and have restarted the application server.

However, attempting to download a fresh client application from the server to the affected PCs, we see 'Unable to load resource: (http://server:8080/beans/swingbeans.jar?version-id=….).

What else do I need to do to change the client so that the swingbeans.jar is no longer referenced by the application server code?

17

Stef:
Just tested, Outlook plugin is still working!

Nice!

18

What else do I need to do to change the client so that the swingbeans.jar is no longer referenced by the application server code?

Did you restart the server and clear client cache before testing?

19

Yes Marcel: both server restarted and client cache cleared.

20

Some times a real clean of the webstart cache is needed, if you do it through the java control panel then you must make sure that you also throw away the “Resources” not only the “Application” section.

What error does the calendar bean of marcel generate now? Is there a server where i can connect to?

Marcel: do you sign your beans/plugins with your own certificate?

At the moment it really seems that all jars from core and all the plugins and beans need to be signed and it could be that the have to have the manifest entry: Trusted-Library: true