Guidance to Customers Experiencing Issues With CM System Editor Due to Java Updates

Guidance to Customers Experiencing Issues with the CM System Editor Due to Java Updates

The latest Java update (Java 7 update 21) is causing new security warnings to appear when loading the Content Explorer applet and Content Editors with all browsers on all operating systems.

If you are a customer running CM System version 6.7 and are using a Mac to access the Content Explorer in your CMS
You may have noticed specific issues with browsers. Immediate workaround to resolve:
[ul]
[li]Update CM System to the latest patch level[/li][li]Use the latest version of Safari (version 6.0.4)[/li][li]If possible, prevent automatic upgrading of Java Runtime[/li][li]Users may still experience security warnings. Percussion is currently testing a patch, to be released shortly, which will minimize (not eliminate) the majority of the warnings.[/li][/ul]

If you are a customer running CM System version 6.7 and are using a PC to access the Content Explorer in your CMS

[ul]
[li]Update CM System to the latest patch level[/li][li]Prevent automatic upgrading of the Java Runtime. If already JRE (Java 7 update 21), rollback to Java 7 update 20[/li][li]Users may still experience security warnings. Percussion is currently testing a patch, to be released shortly, which will minimize (not eliminate) the majority of the warnings.[/li][/ul]

If you are a customer running CM System version 7.x and are using a Mac to access the Content Explorer in your CMS
[ul]
[li]Update CM System to the latest patch level[/li][li]Use the latest version of Safari (version 6.0.4)[/li][li]If possible, prevent automatic upgrading of Java Runtime[/li][li]Users may still experience security warnings. Percussion is working on a patch that will have improvements to third party plug-ins, designed to minimize pop-up warnings for customers running the latest version of Safari. Currently we are investigating the resolution and will provide an update shortly on timing of this patch.[/li][li]Percussion recommends planning to upgrade to v7.2 as soon as possible, as the patch to resolve these issues will be targeted for v7.2.[/li][/ul]

If you are a customer running CM System version 7.x and are using a PC to access the Content Explorer in your CMS
[ul]
[li]Update CM System to the latest patch level[/li][li]Prevent automatic upgrading of the Java Runtime. If already JRE (Java 7 update 21), rollback to Java 7 update 20[/li][li]Users may still experience security warnings. Percussion is working on a patch that will have improvements to third party plug-ins, designed to minimize crashing and pop-up warnings. Currently we are investigating the resolution and will provide an update shortly on timing of this patch.[/li][li]Percussion recommends planning to upgrade to v7.2 as soon as possible, as the patch to resolve these issues will be targeted for v7.2.[/li][/ul]

Thank you for the write up. Unfortunately, we cannot recommend downgrading the java version (and also preventing automatic updates) as a solution to our end users. Our IT security office would have a field day with that statement.

We have had reasonable success with lowering the mixed code warning on both a Mac and PC to minimize the popup warnings (Control Panel > Java > Advanced > “Mixed code (sandboxed vs trusted security verification” > Select “Enable - hide warning and run with protections”).

Could we have an update on the further, and more serious, issue with JRE 1.7.45? My understanding is that we’re still waiting for Ephox to produce a patch for their version 8.1 (used in Percussion 7.2), or we can update to Percussion 7.3 (uses Ephox 9, which has no issue with JRE 1.7.45+).

However, it is not possible to use the current Ephox 8.1, and therefore Percussion 7.2, with JRE 1.7.45+.

Has there been any news from Ephox? This is causing quite a lot of pressure here from management.

(Also, it might help to take the stickies off some old threads in this category. It’s getting hard to find the right threads when scanning quickly for news.)

Thanks

Please be informed that Ephox provided fix for Java7u45 related issues and we are currently working to integrate the fix in our product. The patches for 7.3,7.2 and 7.0.3 are scheduled to release by end of this week.