 |
 |
SqlDeveloper 3.2 (released November 2012), which is the recommended way to connect to the EBS Data Warehouse, runs on Java 1.6.x. It sort of runs on 1.7, but it's officiallly Not Supported (TM) and produces a Big Nasty Warning and has some odd quirks. The consensus is that depending on what features of it you're using, you may or may not be able to live with 1.7. AFAIK, no official plans have been announced for Oracle to update this software to run with Java 1.7. That said, it's perfectly happy using Java 1.6 while Java 1.7 is installed and is the default, so I'm not sure what that does for your security vulnerability. Carl Bussema III Information Technologist Michigan State University Outreach & Engagement Phone: (517) 353-8977 • Fax: (517) 432-9541 [log in to unmask] On Tue, Feb 5, 2013 at 1:41 PM, STeve Andre' <[log in to unmask]> wrote: > On 02/05/13 13:36, David Graff wrote: > >> On Tue, 5 Feb 2013 13:28:47 -0500, STeve Andre' <[log in to unmask]> wrote: >> >> On 02/05/13 13:24, David Graff wrote: >>> >>>> Is anyone else in a situation where they need extended support on a >>>> now-defunct version of the Java Runtime? We run an application that will >>>> only work with JRE 6, which is hitting support EOL at the end of the >>>> month. >>>> The application launches through the browser plugin, and at the rate >>>> that >>>> Java vulnerabilities are coming out that could prove to be a huge >>>> liability. >>>> >>>> Given the wonderful track record of Java as of late, I would spend >>> money to fix this if at all possible. NO ONE I know who uses Java >>> is resisting the move to 1.7 -- staying current with Java has proved >>> as important as keeping Flash current. >>> >>> If this is some proprietary thing, I'd lean heavily on the place that >>> makes it to allow for an upgrade. >>> >>> --STeve Andre' >>> >> Unfortunately, 1.7 isn't an option. It's a canned product that is then >> customized in-house, and we are a couple releases behind. The latest >> version >> dumps the JRE for a standard Oracle Forms interface, but all the existing >> content has to be re-written before that upgrade can occur and I'm >> expecting >> that to take a few years. >> >> Believe me, I would love to rip out every single JRE install and never >> touch >> that terrible software again but it just isn't an option. >> >> >> I understand. That being the case I would isolate the machine > as much as possible. I'd keep it off the net entirely and bring > in data only when reconnected, or by USB device. > > The latest 1.7 update contains a horrifying number of fixes, > and most of those problems are in 1.6. That box is going to > be a real horror if some nasty Java exploit is in the wild and > hits it. > > --STeve Andre' >