PRODUCT BULLETIN: How Entrust TruePass and Entrust Authority Administration Services Customers are Affected by Java Update 7u45
On October 15, 2013, Oracle released an update to Java (7u45) that affected Entrust TruePass and Entrust Authority Administration Services customers.
NOTE: This Java update has NO adverse effect on the product’s effectiveness, but does introduce new warning messages, which require user input, when Java makes certain calls.
Who is Affected?
Any customer using Entrust TruePass or Entrust Authority Administration Services and has Java installed within their Web browser. Most browsers will automatically update to Java 7u45 upon its release.
What Will I See?
Java 7u45 was issued to tighten security constraints via additional security warning messages when a possible issue is detected. Despite these messages (example below), there are NO security vulnerabilities with Entrust TruePass or Entrust Authority Administration Services.
Specifically, Java 7u45 will prompt users (via a Security Warning message) to confirm a domain name when the Java plugin makes its first “LiveConnect” call.
Each time any of the current versions of Entrust TruePass or Entrust Authority Administration Services are invoked, Java 7u45 will generate the Security Warning message below.
What Should I Do?
Upon seeing the above message, Entrust customers may click the “Allow” button with NO adverse effects. No other warnings will appear during the current session. In the interim, each subsequent session will require an “Allow” response.
What is Entrust’s Response?
Entrust is actively developing a solution that will insert a Customer-Supplied Domain Name into the Entrust TruePass or Entrust Authority Administration Services manifest. Entrust will send you an additional notice, with a release date, once the solution is validated.
Who Can I Call?
If you have any questions or wish to speak to an Entrust support representative directly, please contact us as +1-888-690-2424.