Oracle is planning to release a Critical Patch Update for Java on April 18, 2017. Users should be aware that this update will render Demantra versions 12.2.3 and earlier inaccessible unless the actions provided here are followed.
Note that if the Java settings on the client are configured for automatic updates, then the Java April Critical Patch Update will be applied automatically. If this occurs without taking the actions listed here, then users will not be able to access Demantra versions 12.2.3 and earlier.
Customers running Oracle Demantra versions 12.2.3 or earlier will need to take these actions regarding the Java April Critical Patch. (Customers running Demantra 12.2.4 or later will not be affected.)
Implications
Customers running Demantra versions 12.2.3 or earlier that apply the Java April Critical Patch Update without replacing the existing JAR files in their Demantra instance with new JAR files that have been signed using the SHA-256 algorithm will likely get a Security Warning after applying the Java April Critical Patch Update. The Security Warning will state that an unsigned application is requesting permission to run. Although the Security Warning gives the impression that if you choose “Run” the application will run, this is not the case. If you choose “Run” you will still encounter errors with the Java applet.
Temporary Workarounds
Note we have provided temporary workarounds.
Summary
Customers running Demantra versions 12.2.3 and earlier must take action to obtain new JAR files in order to prevent users from not being able to access the Demantra application after the April Critical Patch Update for Java is applied. This patch can be applied at any point in time. However, in order to avoid users not being able to access the Demantra application, it should be applied before applying the Java April Critical Patch.