Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Screenshot Applet not working with Java 7u51?

Patrick Patrick9
Patrick Patrick January 14, 2014

I've updeted Java to the newest Version 7u51.

I would attach a Screenshot (JIRA 5.1.8) but get a SecutrityException: Missing rewuired Permissions manifest attribute in main jar: ... screenshot.jar.

Has anybody the same problem? Or a solution?

Answer
Watch
Like # people like this
1412 views

11 answers

1 accepted

10 votes
Answer accepted
Andy Nguyen
Andy Nguyen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 15, 2014

Hi all,

From the New security requirements for RIAs in 7u51 (January 2014), you may notice that:

  • You are required to sign all RIAs (Applets and Web Start applications).
  • You are required to set the "Permissions" attribute within the Manifest.
  • Your application will be affected if it uses Java started through a web browser. Your application will not be affected if it runs anywhere outside of a web browser.

So basically this is what you need to do on your side in order to increase the security level required by the new version of Java. It's not a bug within JIRA, no matter which versions. This issue has only come out of Java 7u51, as stated in the software's release notes:

http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html

Usually, in order to reduce the complexity of the issue, we advise the customers to use Java 7u45. There's a workaround, though, if you would still like to use Java 7u51: by opening Java Control Panel -> Security tab and then applying either of the followings:

  • lower the Security Level bar Or
  • add your JIRA's base URL to Exception Site List (like Kaia said)

Other than that, you may consider applying the security requirements, and this is a good point to start with: JAR File Manifest Attributes for Security. Kindly contact Oracle for more details then.

Cheers,
Andy

View More Comments
Dave C
Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2014

There is now a proper workaround to this, to fix it please install the new screenshot.jar on https://jira.atlassian.com/browse/JRA-35476, full instructions are in that bug report.

Like
Reply
3 votes
Kaia Helene Holmgren
Kaia Helene Holmgren January 15, 2014

I've found a solution that works for me. Open «Configure Java» and choose Security. Choose «Edit Site List..» and add the jira address e.g «https://jira.finn.no».

View More Comments
schultz9999
schultz9999 February 26, 2014

If it's not clear where to find "Configure Java", on Windows, hit Windows button and then just type "Configure Java" -- it will pop up.

Like
Reply
0 votes
Leos Junek
Leos Junek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2014

I can confirm it is happening just after installation of new JRE 7u51.

Reply
0 votes
Ben Sayers
Ben Sayers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2014

Hi all,

This issue is being tracked as JRA-35476. The fix will be released in Jira 6.1.7 and we have made the updated applet avaliable for customers who need a solution in the interum. Instrunctions on how to download and install this updated applet can be found in the description of JRA-35476.

For OnDemand customers the fix will be released in the next OnDemand update.

Cheers,
Ben

Reply
0 votes
B Mathis
B Mathis January 15, 2014

Oracle explains how to add sites to an exception list here:
https://blogs.oracle.com/java-platform-group/entry/upcoming_exception_site_list_in

If you can push that file out via GPO, you should be set.

Reply
0 votes
Patrick Gießler
Patrick Gießler January 15, 2014

It's on the PC.

Reply
0 votes
Mark Symons
Mark Symons
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2014

Can I clarify something... was this a problem caused by Java being updated on the JIRA server - or was it updated on the PC that is accessing JIRA? I want to be absolutely certain that I understand the problem.

Reply
0 votes
Deleted user January 15, 2014

Hi Andy,

I realise that going back a version is an option but this isn't a permanent solution. On the java release notes page it states that we will be forced to upgrade on the 14th Feb. http://java.com/en/download/faq/release_changes.xmlWhen will atlassian release a fix for this?

This blog post back in September details the changes: https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias

Thanks

Clarkie

View More Comments
Teck-En
Teck-En
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 17, 2014

Hi Clarkie, please kindly follow the workaround in the description of this bug ticket as suggested by Dave : https://jira.atlassian.com/browse/JRA-35476

Like
Reply
0 votes
Andy Nguyen
Andy Nguyen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 15, 2014

Hi all,

Java 7u51 does not fully support Java Applet that JIRA uses for attaching screenshots. My suggestion is to uninstall it and use Java 7u45 instead, which is a stable version that fully supports Applet. You may download the installation file here. Remember not to update Java if prompted to do so by your browser or even JIRA.

Cheers,

Andy

View More Comments
B Mathis
B Mathis January 15, 2014

Remember not to update Java if prompted to do so by your browser or even JIRA.

This advice is absolutely terrible, bordering on negligent.

I understand that Atlassian has customers who need a quick fix, but the fact is that Java is so riddled with security holes that users are best advised to upgrade to new versions immediately when they are released. This Java release fixes 36 vulnerabilities, of which 34 are remotely exploitable.

The security problems with Java Applets are so bad that it no longer matters if updates break user applications. It is now incumbent on the organizations writing Java applets to: keep them up to date; expect their apps to break with every Java update; or abandon using Java applets entirely as soon as possible.

To sum up: If users downgrade to 7u45 while they are in the process of rolling out GPOs to add sites to the exception list, that is a bad option but possibly the only one. But telling people never to upgrade is breathtakingly irresponsible, given the current state of Java security.

P.S. I'm talking about Java Applets, not the Java language

Like
Teck-En
Teck-En
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 17, 2014

Please kindly follow the workaround in the description of this bug ticket as suggested by Dave to replace the screenshot.jar: https://jira.atlassian.com/browse/JRA-35476

Like
Reply
0 votes
michel renaud
michel renaud January 14, 2014

Same here, right after updating to Java 1.7.0_51. Apparently security has been improved: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/no_redeploy.html

Is something being done about this?

Reply
0 votes
Deleted user January 14, 2014

We're having the same thing with v6.0.3.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events