Sun Java Plug-in support - Security Vulnerabilities
There are numerous security issues with the Sun Java plug-in for the current supported versions of Portal/J. Ventyx has indicated that they do not have plans to recertify the software.
This is an excerpt from a service-request with Ventyx:
"There are no plans to recertify Portal/J versions to the newest Java Plug-ins that are released. Certification
decisions are made while the software is under initial development, such as Portal/J 10.0.7 (the latest PJ release) is certified against Sun Java Plug-in Java 5 Update 12 (1.5.0_12). Rare occasions may require action (like the DST change), but this is not normal business practices. I performed a query and see no cases of other client's inquiring on this."
How is your company handling Java updates if Ventyx is not planning to support the latest version?
Not certifying the software for these Java updates exposes the workstation to security vulnerabilities.
Moved on this right away
The client site I've been working at moved on this right away as P/J 10.0.7 is scheduled to go live in the near future. Ventyx acknowledges the issue and is planning to release a patch in mid April 2008. Do not know what JRE Ventyx will choose. Client is testing 1.5.0_14 as a precaution.
Thanks for the heads up.