Does this affect EBS environments?
Yes. This applies to Java 6, 7, and 8 used in EBS 12.1 and 12.2. Oracle E-Business Suite uses Java, notably for running Forms-based content via the Java Runtime Environment (JRE) browser plug-in. Java-based content is delivered in JAR files. Customers must sign E-Business Suite JAR files with a code signing certificate from a trusted Certificate Authority (CA).
A code signing certificate from a Trusted CA is required to sign your Java content securely. It allows you to deliver signed code from your server (e.g. JAR files) to users desktops and verifying you as the publisher and trusted provider of that code and also verifies that the code has not been altered. A single code signing certificate allows you to verify any amount of code across multiple EBS environments. This is a different type of certificate to the commonly used SSL certificate which is used to authorize a server on a per environment basis. You cannot use an SSL certificate for the purpose of signing jar files.
Instructions on how to sign EBS JARs are published here:
Where can I get more information?
Oracle's plans for changes to the security algorithms and associated policies/settings in the Oracle Java Runtime Environment (JRE) and Java SE Development Kit (JDK) are published here:
More information about Java security is available here:
If you have questions about Java Security, please log a Service Request with Java Support.
If you need assistance with the steps for signing EBS JAR files, please log a Service Request against the "Oracle Applications Technology Stack (TXK)" > "Java."