Warning: E-Business Suite Issues with Sun JRE 1.6.0_20

jceecolorlogo2.gif
My colleagues in the Java division have just released Java Runtime Engine (JRE) 1.6.0_20 today.  See the 1.6.0_20 Update Release Notes for details about what has been changed in this release.

The issues reported in the following articles still also apply to JRE 1.6.0_20:
Depending upon your security and Java deployment policies for your end-user desktops, you may need to update your users to this JRE release.  Unfortunately, you will have to balance your need for the fixes in JRE 1.6.0_20 against the impact of the open EBS compatibility issues reported with 6u18, 6u19, 6u20.

We're working closely with the Sun JRE team to get the open EBS compatibility issues resolved as quickly as possible.  This is being worked at the top priority.  Please monitor this blog for updates.


Comments:

An official statement regarding use of the new garbage collector would also be nice since Oracle now owns Sun.

Anything to keep lawyers at bay :)

Thanks as always.

Posted by Jay Weinshenker on April 15, 2010 at 01:58 AM PDT #

Hi Steven:
Greatly appreciate keeping us updated on the Sun JRE compatibility issue. I referenced your blog when I sent an advisory to our team regarding this issue and instructed them to avoid automatic updates for now.
We are upgrading our PC clients to Windows 7 and IE8. Appreciate if you can please publish a certification matrix for Oracle products related to Windows 7 and IE8. I could not find the certification using these two combination on MOS.
Thanks,
Mohan

Posted by Mohan Dutt on April 15, 2010 at 03:49 AM PDT #

Hi, Mohan,

Thanks for the feedback on our blog. Glad to hear that you've found it useful.

I'm afraid that I am largely focussed on the E-Business Suite. If you're interested in information about Windows 7 + IE 8 certifications for other Oracle products and are having difficulty with the My Oracle Support certification application, your best bet would be to contact the MOS team directly. As much as I'd like to help with this, I don't have much insight into My Oracle Support's inner workings and can't really advise you on using that certification tool to get the information that you're looking for.

Regards,
Steven

Posted by Steven Chan on April 15, 2010 at 04:18 AM PDT #

Hi, Jay,

Yup, this would be nice. :) We're still looking into this. Stay tuned; I'll post an update here when I have something substantive to share.

Regards,
Steven

Posted by Steven Chan on April 15, 2010 at 04:21 AM PDT #

Have you heard any more news about when JRE 21 might be released?

I did some digging and found out that the first Early Access for Java SE 6 Update 21 (Milestone b02) was actually released on 4/1 as Update 20. On 4/16, it was RENAMED to Update 21 following the release of the security bugfix Update 20 on 4/15. (https://jdk6.dev.java.net/6uNea.html)

There is also a snapshot release for JRE 21 called milestone b03 that was released on 4/22, but that isn't listed on the Early Access page yet:

http://download.java.net/jdk6/

So it's looking like JRE 21 won't be released until June following their new Oracle imposed quarterly update schedule. Is this the likely scenario?

Posted by Joe Imbimbo on May 04, 2010 at 03:19 AM PDT #

Joe,

I can confirm that we've got a candidate fix for the session management and z-ordering issues that exist in JRE 1.6.0_18, _19, and _20. This fix is being targetted for the next JRE release, if everything goes well. However, Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates. You're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.

Regards,
Steven

Posted by Steven Chan on May 04, 2010 at 05:27 AM PDT #

Does anyone know if the compatibility issues relating to 1.6.0_20 can be resolved with a patch (applied to EBS)

Posted by Grant Wittstock on May 06, 2010 at 02:07 AM PDT #

Hello, Grant,

No, these issues can only be resolved by applying a desktop client-level JRE update (likely the next one to follow JRE 1.6.0_20).

Regards,
Steven

Posted by Steven Chan on May 06, 2010 at 05:35 AM PDT #

Steve,

On your last comment you say the following:

'these issues can only be resolved by applying a desktop client-level JRE update (likely the next one to follow JRE 1.6.0_20).'

Just for clarity, are you saying stick with JRE 1.6.0_17 until the next release of which is JRE 1.6.0_21?

If you could just clarify the point many thanks.

Posted by Nasser Ali on May 13, 2010 at 05:39 PM PDT #

Nasser,

If you need the security fixes delivered in JRE 1.6.0_20, then you should apply that version. If avoiding the session management and z-ordering issues is a greater concern, then you should stick with JRE 1.6.0_17 until the next JRE release containing both the security fixes and fixes for the session management / z-ordering issues is released.

Hope that clarifies things (and the uncomfortable tradeoffs associated with each option).

Regards,
Steven

Posted by Steven Chan on May 14, 2010 at 07:14 AM PDT #

Hi Steven,

JRE 1.6.0_20 was pushed out to our client desktops although we forwarded your articles warning about EBS issues with JRE 1.6.0_18, 19, 20 and your confirmation that the fix is to be included in JRE 1.6.0_21. The decision placed greater weight on the security over having to use the workaround.

Our users were well prepared and all turned off the Next-Generation Java. Our helpdesk didn’t get many calls. In that sense, your blog and your team’s extraordinary efforts made the difference.

Is there something can be done, for example a certification or the java division and EBS coordination, so that in the future we won't encounter a situation - have to make a decision between security or not to use forms (we have to have both).

Best Regards,
Jennifer.

Posted by Jennifer Chen on May 28, 2010 at 12:40 AM PDT #

Hi, Jennifer,

I'm glad to hear that we were able to help smooth your way a bit. Once again, my apologies for the inconvenience that these issues have caused; we know that handling these types of JRE deployments requires major effort for most of our customers, and we don't take this situation lightly.

Our current development model is that we test early (pre-release) builds of candidate JRE releases with the E-Business Suite for compatibility. This process has worked reasonably well for the JRE 1.5 and 1.6 release codelines for the last several years. We haven't had to present customers with the difficult choice of security vs. Forms for dozens of JRE releases over the years... until today.

But I guess that's a little like an oil company saying that they've never had a deepsea underwater well blow out until today. I can appreciate your frustration with being presented with this dilemma.

The two issues (session management and z-ordering) starting with JRE 1.6.0_18 were not discovered during our QA process. We've changed our QA process accordingly. The other challenge has been that the root causes of these issues are extremely deep, and fixing them has required careful work to ensure that the cure isn't worse than the disease itself.

This escalation has engaged the most-senior members of our Sun JRE and EBS techstack teams. We'll do everything possible to make sure that this doesn't recur.

Regards,
Steven

Posted by Steven Chan on May 28, 2010 at 01:52 AM PDT #

Following document Deploying Sun JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite 11i [ID 290807.1] Patch 9553040 was applied. This has raised some issues which needs attention over go live time. The ebiz instance is accessed by over 3000 usesrs around the world. Hence the magnitude of work post deployment is vary high for these issues.

1. SUN JRE 6 update 20 built 5(patch 9553040) to be installed on client desktops require uninstall and then fresh install of SUN JRE. This is a huge task. Are there workarounds for the same.

2. An alternative to 1 is SUN JRE 6 UPdate 21 becoming available on Sun JAVA Server. Would UPdate 21 be released soon , so that by automatic updates this becomes available on all client machines.

2. Sec 5 KNOWN issues Documents "Security Warning Running JRE 6u19 and Later". This issue is still present after deploying SUN JRE 6 update 20 built 5(patch 9553040). Is there another workaround for this.

Posted by jemar_98 on June 16, 2010 at 04:35 AM PDT #

We really need to patch JRE for security reasons but Update 20 breaks Oracle Apps for us. When is Update 21 coming out? Anyone?

Posted by dav5201 on June 17, 2010 at 03:11 AM PDT #

Hi, Dave,

We can't discuss release dates, I'm afraid.

You might have missed this article:

JRE 1.6.0_20 Build 5 Fixes E-Business Suite Compatibility Issues
http://blogs.oracle.com/stevenChan/2010/05/jre_16020b5_fixes_ebs_issues.html

Regards,
Steven

Posted by Steven Chan on June 17, 2010 at 03:50 AM PDT #

Hi, Jemar,

1. I think someone in the Sun JRE Support team might be better-able to comment on enterprise deployment strategies than the members of this blog.

2. We can't comment on release dates here, I'm afraid. JRE 1.6.0_21 is coming, but nobody's permitted to speculate about specific release dates at all.

3. Your best bet would be to log a formal Service Request via My Oracle Support (formerly Metalink) to get one of our security specialists engaged. We're not permitted to discuss security issues here.

Please feel free to forward your Service Request number to me if it gets stuck in the support process for some reason.

Regards,
Steven

Posted by Steven Chan on June 17, 2010 at 04:18 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2015
SunMonTueWedThuFriSat
   
1
3
4
5
7
9
10
11
12
13
17
18
19
20
23
25
26
27
28
29
30
  
       
Today