CA Technologies has identified a potential issue with the CA APM/Introscope Workstation Web Start client with Java 7 Update 45 (Java 1.7.0_45), Java 6 Update 65 (Java 1.6.0_65) and Java 5 Update 55 (Java 1.5.0_55). This technical advisory describes the affected versions and platforms in more detail, and explains the workarounds or remediation actions that are recommended to prevent this issue from impacting your usage of CA APM.
On October 15, 2013, Oracle released the following Java quarterly patch releases:
- Java 7 Update 45 (Java 1.7.0_45)
- Java 6 Update 65 (Java 1.6.0_65)
- Java 5 Update 55 (Java 1.5.0_55)
These updates contain a number of security patches, many of which directly affect applications using Java Web Start. Customers who have updated to this version of Java have reported issues with launching the APM Workstation Web Start client. This is due to the introduction of new manifest file attributes in the new updates to Java. Upon launching the Workstation client via Java Web Start, users will receive the following security warning:
- Java has discovered application components that could indicate a security concern. Contact the application vendor to ensure that it has not been tampered with. Block potentially unsafe components from being run? Yes/No/Help
Neither selecting Yes or No will start the Workstation.
Who is impacted?
Below is a list of versions that are affected:
- APM/Introscope Workstation version 8.x and above, using the following versions of Java to launch via Java Web Start
- Java 7 - Java 1.7.0_45+
- Java 6 - Java 1.6.0_65+
- Java 5 - Java 1.5.0_55+
You are not affected by this issue if:
- You have not installed the Java versions listed above to launch the APM Workstation via Java Web Start
- You are using the APM WebView Console or the standalone APM Workstation instead of launching it via Java Web Start
We recommend that customers do not upgrade to the Java versions listed above until CA has completed investigating possible solutions for this issue. We are currently working with Oracle in resolving this issue.
Below are options to work around this issue:
Option 1. Update the file <EM_HOME>/product/enterprisemanager/plugins/com.wily.introscope.workstation.webstart_X.X.X/WebContent/jnlp/workstation.jsp with the following items. This workaround requires that the Security Level setting for Java in the Java Control Panel is set to a maximum of "High".
- Remove the following JNLP properties in the <resources> section
<property name="osgi.instance.area" value="@user.home/Application Data/Wily/Introscope/product/workstation"/> <property name="osgi.configuration.area" value="@user.home/Application Data/Wily/Introscope/product/workstation"/> <property name="eclipse.product" value="com.wily.introscope.workstation.productWebstart"/>
- Add the following arguments to the <application-desc main-class="org.eclipse.equinox.launcher.WebStartMain"> section
<argument>-product</argument> <argument>com.wily.introscope.workstation.productWebstart</argument> <argument>-data</argument> <argument>@user.home/Application Data/Wily/Introscope/product/workstation</argument> <argument>-dev</argument> <argument>@user.home/Application Data/Wily/Introscope/product/workstation</argument>
- When starting the Workstation via Java Web Start, users will still encounter the following security warning, but can select the check box marked "I accept the risk and want to run this application"
Option 2. Uninstall Java 1.7.0_45 and downgrade your client machine's version of Java to Java 1.6 or Java 1.7.0_40 or below
Option 3. Use the standalone APM Workstation instead of launching it via Java Web Start
Option 4. Use the APM WebView Console instead of the APM Workstation launched via Java Web Start
Option 5. If you are unable to uninstall Java 1.7.0_45, you can install Java version 1.7.0_40 or below and launch Java Web Start via javaws.exe from the command line by following the instructions below. This option does not work on Java 1.6.
- Download the workstation.jnlp file and save it locally to the file system
- Connect to the webserver port: http://<em_hostname>:<webserver_port_default_8081>
- Right click the "Start Introscope Workstation" link, select "Save Target As.."
- Open up a command prompt and launch the APM Workstation as follows. For example, if you installed Java 1.7.0_25:
- If you installed the full JDK,
- C:\Program Files (x86)\Java\jdk1.7u25\bin>javaws.exe C:\<location Of downloaded workstation.jnlp>\workstation.jnlp
- If you installed the JRE,
- C:\Program Files (x86)\Java\jre1.7u25\bin>javaws.exe C:\<location Of downloaded workstation.jnlp>\workstation.jnlp
This technical advisory is posted on support.ca.com. To access the archive of technical advisories for CA APM, please visit: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=5da8b282-d794-49bd-9e16-c8d95f4abdba