Note: Upgrading to a 3-digit point release JRE version on your EBS web server requires a new version of the txkSetPlugin.* upgrade script which is available in Patch 21624242. See Step 2. Download and Apply the Interoperability and Prerequisite Patches.

Note: Oracle strongly recommends that Oracle E-Business Suite customers move to the latest and therefore most secure CPU version of the JRE Native Plug-in available for any certified Java family (JRE 6, 7 or 8) as listed below.

JRE 8

Oracle will release a Critical Patch update (CPU) at the same time as the corresponding Bundled Patch Release (BPR) for Java SE 8. It is recommended that Oracle E-Business Suite customers use the CPU release and only upgrade to the BPR release if advised to uptake it to fix a specific bug issue. For further information and bug fix details see Java CPU and PSU Releases Explained. 
Note: In earlier JRE releases Bundled Patch Releases (BPR) were called Patch Set Updates (PSU).

For information on patch requirements and known issues with JRE 8, check the following links within this document:

• JRE 8 Minimum Patch Requirements
• Forms Launch Issues -> javax.net.ssl.SSLException: Received fatal alert: close_notify
• JRE 8 Users: Possible Focus Loss After Forms Launch
• Internet Explorer: Applet Launch Delay

JRE 1.8.0_101 (8u101) CPU

The latest standard JRE release is available for download through the Java and Oracle Java SE Downloads public sites. This is also available as a patch from My Oracle Support which is listed in the JRE Parameter Settings table.

Known Issues

If you are using IE, the 3-digit release version will not be recognized when using the standard numeric CLSID in your config file. This causes extra pop-ups when running any Java content. See Known Issue: JRE 1.8.0_101 May Cause Extra Pop-Ups When Using IE for further information. Users affected by this issue are recommended to upgrade to JRE 1.8.0_102 instead where this issue is fixed.

JRE 1.8.0_102 (8u102) BPR

The latest standard JRE BPR release is available as a patch from My Oracle Support which is listed in the JRE Parameter Settings table. It is recommended the BPR release is only used if you have been advised to uptake it to fix a specific bug issue.

EBS Related Bug Fixes

This release fixes the following bug issues. If these fixes are required, upgrade to this release instead of JRE 1.8.0_101:

1. Known Issue: JRE 1.8.0_101 May Cause Extra Pop-Ups When Using IE.
2. Coexistence Known Issue: 3-Digit Point Release Versions Not Recognized by Java 8.

JRE 7

The JRE 7 stream has reached 'End of Life and is no longer available through the public download sites. Oracle E-Business Suite users can continue to run JRE 7 during the extended support period of their EBS release. For further information see Java SE 7 End of Public Updates Notice.

JRE 1.7.0_111 (7u111) CPU

JRE 7 has reached 'End of Life', JRE 1.7.0_85 (7u85) and higher point release versions of JRE 7 are no longer available through the public download sites. Oracle E-Business Suite users can continue to run JRE 7 during the extended support period of their EBS release.The standard build and also a build which now has the 'Java Auto Update Mechanism' removed is also available as a patch from My Oracle Support which are listed in the JRE Parameter Settingstable.

 

JRE 6

JRE 6 has reached 'End of Life', JRE 1.6.0_51 (6u51) and higher are no longer available through the public download sites. Oracle E-Business Suite users can continue to run JRE 6 during the extended support period of their EBS release. For further information see Implications of Java 6 End of Public Updates for EBS Users.

JRE 1.6.0_121 (6u121) CPU

This is available as a patch download from My Oracle Support which is listed in the JRE Parameter Settings table.

Browser Version	Windows 10  (64-bit)	Windows 8.1  (64-bit)	Windows 7 (64-bit)
IE 11 (64-bit) 1	JRE 1.8.0_51 (64-bit) and higher JRE 1.7.0_85 (64-bit) and higher	JRE 1.8.0_25 (64-bit) and higher JRE 1.7.0_10 (64-bit) and higher JRE 1.6.0_37 (64-bit) and higher	JRE 1.8.0_25 (64-bit) and higher JRE 1.7.0_10 (64-bit) and higher JRE 1.6.0_32 (64-bit) and higher

¹ Internet Explorer is only certified running Desktop Mode on Windows 8.1 and Windows 10r. The Metro version does not support Java and is not certified for Oracle E-Business Suite.

Browser  Version	Windows 10  (32-bit and 64-bit)	Windows 8.1 (32-bit and 64-bit)	Windows 7 (32-bit and 64-bit)	Windows Vista (32-bit)
IE 11 1	JRE 1.8.0_51 and higher JRE 1.7.0_85 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_37 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_24 and higher	Not Certified
IE 9	Not Certified	Not Certified	Not Certified	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_03 and higher
Firefox ESR 45.x	JRE 1.8.0_51 and higher JRE 1.7.0_85 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_37 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_10 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_10 and higher
Firefox ESR 38.x	JRE 1.8.0_51 and higher JRE 1.7.0_85 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_37 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_10 and higher	JRE 1.8.0_25 and higher JRE 1.7.0_10 and higher JRE 1.6.0_10 and higher

¹ Internet Explorer is only certified running Desktop Mode on Windows 8.1 and Windows 10. The Metro version does not support Java and is not certified for Oracle E-Business Suite.

Oracle E-Business Suite 12.2 Users are certified running JRE 1.7.0_10 and higher or JRE 1.6.0_27 or higher when running a 32-bit browser.

Patch 17555224 conflicts with the October 2013 CPU Patch 17337741. To avoid this conflict or to simply apply the latest release that includes this fix, apply Patch 19849290.

For details about Oracle E-Business Suite R12.2 Online Patching, refer to Oracle® E-Business Suite Maintenance Guide, Release 12.2.

See Discoverer with JRE 1.8 for further information.

Windows Vista SP2, Windows 7 SP1 (32-bit & 64-bit) Windows 8.1 (32-bit & 64-bit) and Windows 10 (32-bit and 84-bit)

• Oracle forms 10.1.2.3 or higher with Patch 14614795 or later (See Document 437878.1 titled, 'Upgrading OracleAS 10g Forms and Reports in Oracle E-Business Suite Release 12' for the latest available forms patches)
• SSL Users
  • 10.1.0.5 (32-bit) version of Patch 6370967 - 'TLS 1.0 handshake fails when the client is running on Vista' applied to the AS 10.1.3 Home. (Note: This patch is also required for Windows XP, Windows 7 and Windows 8)
    • Note: This fix is included in the April 2011 AS 10.1.3.5 CPU patch and later.

On the Application tier as the file system owner source your RUN file system.

On the Application tier as the file system owner source your APPS env file.

Note: Historically, the JRE upgrade scripts (txkSetPlugin.*) have been designed to work with JRE plugin versions of up to 2 digits e.g. JRE 1.6.0_07 (JRE 6u7), JRE 1.7.0_85 (JRE 7u85) etc. 
Users wanting to install three digit releases on their server e.g. JRE 1.8.0_101 (8u101) etc. must apply the latest JRE upgrade script which is available through Patch 21624242. This will work with all Java releases irrespective of the version number up to 3 digits. Additionally, the new scripts can also be used to automatically configure the Dynamic and Family CLSID values for IE users if required (The CLSID is only used by Internet Explorer). This is an optional parameter and therefore does not alter the standard command format that has been run historically and will continue be run by the majority of users.

Note: If you want to change the default JRE Plug-in version you are currently using and have previously applied the interop patch to your environment there is no need to apply it again. Skip this step and continue to Section 3: Upgrade and Configuration and run the JRE Upgrade Script.

To install up to a 3 digit Java release on your web server (e.g. JRE 1.8.0_101) or simply to uptake the latest upgrade script, apply interoperability Patch 21624242:R12.TXK.C.

If you are not upgrading to a 3-digit release version you may continue to run the original default scripts that come with 12.2.x if required.

To install up to a 3 digit Java release on your web server (e.g. 1.8.0_101) or simply to uptake the latest upgrade script, apply the appropriate interoperability patch.

• Oracle E-Business Suite 12.1 users: Patch 21624242:R12.TXK.B

If you are not upgrading to a 3-digit release version you may continue to run the scripts from the old JRE Plug-in interoperability Patch 4377566 if required.

Note: Due to a change in version numbering branch line standards the new txkSetPlugin.sh version for 12.1.3 will not overwrite the old version from the original Patch 4377566. Before applying Patch 21624242:R12.TXK.B, rename your current version to allow the new version to install normally:

OracleAS 10g Patches

It is also strongly recommended that the latest OracleAS 10g patches are applied if they have not been applied previously.

Apply the latest 10.1.2.3 Forms Bundle patch then regenerate the jar files through 'adadmin'.

For information on the latest 10g patch requirements please see Document 437878.1 titled, 'Upgrading OracleAS 10g Forms and Reports in Oracle E-Business Suite Release 12'.

JRE uses a 'Non-Static Versioning' model, meaning, for Internet Explorer users, the version installed here denotes the minimum version that will be used to access Oracle E-Business Suite. (Historically when running a 'Static Versioning'model the version installed would denote the specific version that would have to be used to access Oracle E-Business Suite from the desktop client.)

For further information including the behavior when using 'next-generation Java Plug-in technology' (JRE 1.6.0_10 and higher) see, Appendix B: Static vs Non-Static Versioning and Set Up Options

Download the latest "JRE" update (Do not download the "Server JRE" version) from the Java SE Downloads page or as a patch from My Oracle Support as listed in the JRE Parameter Settings table.

• Click the JRE Download button for the appropriate Java version
• Click the Accept License Agreement button
• Download the Windows x86 Offline (32-bit) or Windows x64 (64-bit) version as required

The latest JRE 6 versions are only available through a patch, see Document 1439822.1, titled 'All Java SE Downloads on MOS' for a list of patch numbers.

If an earlier version of the JRE Plug-in is required, it can be downloaded from the Oracle Java Archive site or as a patch from My Oracle Support as listed in the JRE Parameter Settings table.

• Click on the required Java SE version link e.g. Java SE 7
• Select the required Java SE Runtime Environment version link e.g. Java SE Runtime Environment 7u45
• Click the Accept License Agreement button
• Download the Windows x86 Offline (32-bit) or Windows x64 (64-bit) version as required

Step 2.2.1. Rename the JRE Plugin File

Rename the downloaded JRE Native Plugin file to j2se<jversion>.exe

The jversion parameter is simply the Java family (18, 17 or 16) concatenated with the point release version in a 5 digit format and is listed in the JRE Parameter Settings table.

For example:

jre-8u51-windows-i586.exe or jre-8u51-windows-x64.exe would be renamed j2se18051.exe
jre-7u85-windows-i586.exe or jre-7u85-windows-x64.exe would be renamed j2se17085.exe
jre-6u101-windows-i586.exe or jre-6u101-windows-x64.exe would be renamed j2se16101.exe

Step 2.2.2. Place the Renamed JRE Plugin on the Web Application Tier

Place the renamed JRE Plugin file onto the web application tier in the directory as appropriate to your Oracle E-Business Suite release.

Oracle E-Business Suite 12.2.x Users

Move the j2se<jversion>.exe file to the web application tier and place it in the following directory in the RUN File System:

[COMMON_TOP] refers to the top level directory where the common utilities are installed. By default, this is the parent directory of $JAVA_TOP.

Oracle E-Business Suite 12.1.x Users

Move the j2se<jversion>.exe file to the web application tier and place it in the following directory:

[COMMON_TOP] refers to the top level directory where the common utilities are installed. By default, this is the parent directory of $JAVA_TOP.

Run the $FND_TOP/bin/txkSetPlugin.sh script against the web node of the application tier.

The txkSetPlugin.sh script updates the JRE version information in your AutoConfig context file and runs AutoConfig to incorporate the new values throughout your application. This script must be run using the following command:

Where:

Parameter Value	Parameter Description
jversion	The JRE version you wish to install ion a 5 digit format. This value is listed in the 'jversion Parameter' column in the appendix JRE Parameter Settings.
clsid_param	This is an optional parameter that is only available if you are running the latest txkSetPlugin script available through the JRE Interop Patch 21624242. Valid values are dyn to specify a Dynamic CLSID or fam to specify a Family CLSID. For further information see Dynamic and Family CLSID.

The standard command using JRE 1.8.0_51 as an example would be:

The command to use the Dynamic CLSID with JRE 1.8.0_51 as an example would be:

The script will prompt you for the following values if it does not find them automatically. If this is the case ensure you have correctly sourced your environment and run the script again:

• Location of APPSORA.env file, if not present in the default location $APPL_TOP
• Location of the AutoConfig Context File.
• Password for the APPS user in the database (If the correct value is returned by the script you may press the return key at the prompt).

Run the %FND_TOP%\bin\txkSetPlugin.cmd script against the web application tier node.

The txkSetPlugin.cmd script updates the JRE version information in your AutoConfig context file and run's AutoConfig to incorporate the new values throughout your application. This script must be run using the following command:

Where:

Parameter Value	Parameter Description
appsora_path	Full path to your APPSORA.cmd file (This may be APPSsid_host.cmd)
apps_pwd	Password for APPS user in the Database
jversion	The JRE version you wish to install, without decimal points or underscores. (e.g. 17079) This value is listed in the 'jversion Parameter' column of appendix JRE Parameter Settings.
clsid_param	This is an optional parameter that is only available if you are running the latest txkSetPlugin script available through Patch 21624242. Valid values are dyn to specify a Dynamic CLSID or fam to specify a Family CLSID. For further information see Dynamic and Family CLSID.

The standard command using JRE 1.8.0_51 as an example would be similar to:

The command to use the Dynamic CLSID with JRE 1.8.0_51 as an example would be similar to:

Enable the Java Console on your desktop client through the 'Java Control Panel' by setting:

JRE 6 32-bit Version

JRE 7 32-bit Version

JRE 8 64-bit Version

Note: If a higher version of JRE than the one just installed is shown, it may be because a higher version has previously been installed on the desktop. You can check the versions installed through the 'Java Control Panel':

JRE 1.8.0_101 does not recognize the 3-digit point release from the numeric CLSID: CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA and only picks up the 2-digit number. Incorrectly it therefore looks for 1.8.0_01 on the desktop causing the following pop-up as it cannot be found:

Selecting 'Run with the latest version' will cause forms to launch using JRE 1.8.0_101.

Selecting 'Cancel' will prevent forms from launching.

To avoid this problem, upgrade to JRE 1.8.0_102 where this issue is fixed..

This issue does not affect users running with a Dynamic or Family CLSID where, If JRE 1.8.0_101 is the latest release on the desktop, it will launch seamlessly.

For further information see Oracle Security Alert for CVE-2016-0636.

This issue is fixed in the following JRE releases:

Running Java content with Firefox ESR 38.4.0 using JRE 7 or JRE 8 may cause Firefox to crash. For example, this may be seen when closing your Oracle E-Business Suite browser session.

JRE 8 Users

This has been fixed for JRE 8 users in JRE 1.8.0_66-b18 which is now available for download from the Oracle Java SE Downloads page. This fix is not included in JRE 1.8.0_66-b33 which fixes the Internet Explorer: Applet Launch Delayissue, meaning Firefox users can currently only run JRE 1.8.0_66-b18 to fix this issue.

Consolidated Fix

To fix both the Firefox: Session Crash and the Internet Explorer: Applet Launch Delay issues, apply JRE 1.8.0_66-b35 which is available through Patch 22286087 - Oracle JDK 8 Update 66 b35.

JRE 7 Users

This issue is fixed for JRE 7 users in Patch 22217483 - Oracle JRE 7 Update 91 b33.

Launching Java content through Internet Explorer will show a delay of around 20-25 seconds delay before the applet starts to load (Java Console will come up if enabled). This occurs using the following JRE releases:

• JRE 1.7.0_91 (Pre build 33)
• JRE 1.8.0_60
• JRE 1.8.0_65
• JRE 1.8.0_66 (Pre build 33)
• JRE 1.8.0_71

This issue does not affect Firefox where the applet starts as usual after only a few seconds.

JRE 8 Users

This issue is fixed for JRE 8 users in the following releases::

• JRE 1.8.0_72 ( Patch 22187076 - Oracle JDK 8 Update 72 )
• JRE 1.8.0_66-b33 which is available through Patch 22097409.
  • If you also use Firefox browsers see the Consolidated Fix. note if using this release.

JRE 7 Users

This issue is fixed for JRE 7 users in the following releases:

• JRE 1.7.0_95 ( Patch 22187044 - Oracle JRE 7 Update 95 ) and higher releases of JRE 7.
• JRE 1.7.0_91-b33 ( Patch 22217483 - Oracle JRE 7 Update 91 b33 ).

Note: Although Java patches may contain both the JRE and JDK releases you only need the JRE version installed on the desktop client to uptake this fix.

When launching Java through JRE 1.6.0_85 on the desktop, a command window may open from the launcher program, <JRE_INSTALL_DIR>\java\jre6\bin\jp2launcher.exe displaying the message:

Forms will continue to launch normally but the command window will remain open on the desktop.

This error will also not occur if using JRE 7 and JRE 6 coexistence on your desktop where for example JRE 1.6.0_85 would run on top of JRE 1.7.0_71 as outlined in Multiple Client Java Plug-in Versions.

This issue is fixed in JRE 1.6.0_91 and later. 
This issue is also fixed for 64-bit users in JRE 1.6.0_85-b31 (64-bit) through Patch 19952394 - Oracle JDK 6 Update 85 b31.

"Your Java Version is Insecure"

Trying to run a version of JRE that is below the security baseline or past its expiration date can cause the following warning message to display:

Windows 7 Users

Clicking "Update" will download and attempt to install the latest version of the JRE Plug-in from java.com.
Clicking "Block" will stop the application from running.
Clicking "Later" will close the message and allow the application to run.

Suppressing the Message

If you want to prevent this message appearing again until the next new JRE release becomes available check the "Do not ask again until the next update is available" checkbox and then select the "Later" button.

This option updates the users deployment.properties file as follows:

The above example is based on JRE 1.7.0_17, if the JRE version was 1.7.0_21 the numbering would be "10.21.2" rather than "10.17.2"

An administrator may update this information for all their users deployment.properties file so that they do not need to go through the manual steps outlined above on first launch.

The users deployment.properties file is held in the following directory:

Windows Vista, 7 and 8: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment

Other Ways to Suppress this Message

Customers who wish to keep up to date with the later Java releases but also want control over when they upgrade can prevent this message appearing by using a special build of JRE 7 which has the 'Java Auto Update Mechanism' turned off. These versions are available as a patch download, see Document 1439822.1 titled 'All Java SE Downloads on MOS' for a list of JRE versions and their patch numbers. Although Java patches contain both the JRE and JDK releases you only need the JRE version installed on the desktop client to uptake this feature.

The 'Java Auto Update Mechanism' is turned off by default on all builds of JRE 1.6.0_60 (6u60) and higher.

For further information on using this patch please see:

Document 1553875.1 - Handling New JRE Security Dialogs
Document 1557737.1 - Support entitlement for Java SE when used as part of another Oracle Product

JRE 1.7.0_40 and Higher Users

If your installed JRE 7 release falls below the security baseline, or passes it's built-in expiration date, an additional 'JRE Out of Date' warning is shown to users to update their installed JRE to the latest version.

To suppress this specific warning message, add the following entry in the deployment properties file:

For more information, see Deployment Configuration File and Properties.

The Certificate Revocation Lists (CRL) check may fail if using an LDAP URL causing forms launch to fail with the following error:

The CRL check was introduced in JRE 7u25 so this error may also be seen when using earlier releases than JRE 7u45 in certain circumstances.

How to Fix this Issue

This Issue is fixed in JRE 7u51-b32 and higher which is only available through Patch 17981166.

(All Java patches contain both the JRE and JDK releases. Only extract the JRE version of Java from the patch and install on your desktop to fix this issue.)

Workaround

If you are unable to upgrade at this time, turn off the CRL check in the Java Control Panel as a temporary workaround:

Running JRE 1.7.0_45 (7u45) on an Oracle E-Business Suite environment that is using JDK 4 on the application tier will fail with the following error in the Java Console (Jar files signed against JDK 4 are not compatible with this JRE release):

How to Fix this Issue

To fix this issue follow the steps below:

1. Upgrade the JDK version of your application tier node by following the appropriate document below:

• Using Latest Java 6.0 Update With Oracle E-Business Suite Release 12 (Document 455492.1)
• Using JDK 7.0 Latest Update with Oracle E-Business Suite Release 12.0 and 12.1 (Document 1467892.1)

2. Regenerate the jar files using the 'force' option through adadmin.

Oracle E-Business Suite 12.2.x Users - Patch 17545215
Oracle E-Business Suite 12.1.x Users - Patch 17191279

"Your security configuration will not allow granting permission to self signed certificates"

By default, JRE 1.7.0_21 (7u21) and higher will no longer run with a 'Very High' security setting set within the Java Control Panel when using Self-Signed certificates. Trying to run Oracle Forms-based content using such a certificate will pop the following message:

After clicking through or closing these messages the following error will appear in the Java Console and forms will not launch:

JRE 1.7.0_21 and higher run on a default security setting of 'High'. If you wish to use a 'Very High' security setting please sign the jar files with a Trusted Certificate. The security level can be changed using the slider under the 'Security' tab within the 'Java Control Panel'.

For full details regarding the code signing changes please see - Java Applet & Web Start - Code Signing and Setting the Security Level of the Java Client.

For further information on Jar signing in EBS see Document 1591073.1 titled, 'Enhanced JAR File Signing for Oracle E-Business Suite'.

Security Alert

JRE 1.7.0_11 (7u11) is a CPU security release which includes the fix for Oracle Security Alert CVE-2013-0422. It is highly recommended that customers on the JRE 7 stream upgrade to this release of higher.

Security Alert

JRE 1.6.0_24 (6u24) is a critical patch update which fixes security vulnerabilities in Oracle Java SE including CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number) which can affect users running JRE 1.6.0_23 (6u23) and earlier.

For further information regarding this security alert please see alert-cve-2010-4476-305811.html

Although the impact of this vulnerability on desktops is minimal and the desktop will not be compromised Oracle recommends that customers upgrade to "JRE 1.6.0_24 (6u24) or higher" as soon as possible.

Java Certificate Warning - Publisher Unknown

If you are using a self-signed certificate for jar signing the Publisher will display as UNKNOWN in the Java 'Warning - Security' window when running JRE 1.6.0_24 (6u24) or higher. For further information please see Connecting to an Oracle E-Business Suite Instance for the First Time.

Do you want to run this application?

An Application is requesting permission to load a resource from location below.

Resizing the Forms Applet Window

Resizing the forms applet window multiple times may cause the application to freeze when using JRE 1.6.0_10 or JRE 1.6.0_11. This is fixed in JRE 1.6.0_12 (6u12). For further details please see Bug 7485019 - Resizing the Forms Applet Window Hangs the Forms Session.

Right Click in Forms Field

Menu access by right clicking in a forms field may cause the application to freeze when using next-generation Java Plug-in through JRE 1.6.0_10 or JRE 1.6.0_11. This is fixed in JRE 1.6.0_12 (6u12).

Windows Rendering slowly using JRE 1.6.0_10 and Higher

Certain graphics cards (for example NVIDIA GeForce, ATI Radeon) may cause windows to render and display slowly, after moving the form within the window when using next-generation JRE Plug-in technology through JRE 1.6.0_10 or higher. This issue is fixed in JRE 1.6.0_14 and higher.

If JRE upgrade is not possible at this time; to workaround the issue in Oracle E-Business Suite it is recommended to either update the appsbase.htm file on the web server OR update the individual desktop clients.

Solution1: Modify the appsbase.htm file

Solution 2: Update each Individual Desktop Client

Applet in iframe is Displayed in FWK Menu Windows

Running Java content using JRE 1.8.0_72 or higher on Oracle E-Business Suite 12.2.x can leave the applet window displaying in the FWK Menu page on the initial launch.

Patch Fix

To fix this issue, apply the patch below as approproate to your Oracle E-Business Suite release:

12.2.5 Users:

To fix this issue, apply Patch 22892644:R12.FWK.C or later by following its readme.

12.2.4 Users

To fix this issue, apply Patch 23119976:R12.FWK.C or later by following its readme.

Workaround

If you cannot apply the patch fix at this time you can workaround the issue using one of the following methods:

1. Refresh the page.
2. Click a link to open a form.

javax.net.ssl.SSLException: Received fatal alert: close_notify

In JRE 8 the Java Control Panel has the following values checked by default:

SSL users running JRE 8 may see the following error in the 'Java Console' when trying to launch forms or other Java content:

SSL users running JRE 7 (where these values have been set) may see a similar error in the 'Java Console' when trying to launch forms or other Java content:

To fix this issue, apply the applicable "OHSTLS 1.2 with Client Certificate Authentication" patch for your EBS release as outlined in the JRE 8 Minimum Patch Requirements.

Workaround

If you are unable to apply this patch at this time or are waiting for its release on your platform, you can workaround the issue by unchecking the following values in the Java Control Panel:

FRM-92095: Oracle JInitiator version too low. Please install version 1.1.8.2 or higher.

The above error may be seen when trying to launch forms using the JRE 7.x or higher client Plug-in. To fix this issue please ensure you have applied the JRE 7 pre-requisite Patch 14614795 or later as outlined in JRE 7 Minimum Patch Requirements.

After applying the patch regenerate your jar files through ADADMIN with the the force option on.

OracleAS 10g Patches

Please apply the latest 10.1.2.3 Forms Bundle patch then regenerate the jar files through 'adadmin'.

For information on the latest 10g patch requirements please see Document 437878.1 titled, Upgrading OracleAS 10g Forms and Reports in Oracle E-Business Suite Release 12'.

JRE8 Users: Possible Focus Loss After Forms Launch

Clicking outside the frame onto the desktop or other application during forms launch may cause a loss of focus within the form once it's launched. This can occur in all Oracle E-Business Suite releases when using JRE 8. If this occurs pressing the 'tab' key should regain the correct focus within the form.

To fix this issue, apply Patch 21539521 or later.

Note: The latest forms MLR that also includes this fix is available through Patch 22698265. Users should apply this latest patch instead of the previous one.

Browser Window Opens Behind the Forms Window

Opening an html page from the forms navigator may cause the html window to open behind the navigator window when using Internet Explorer.

Windows Vista and Windows 7 Users

This is fixed for Windows Vista and Windows 7 users running the default IE tab browser settings or using non tab browser settings in JRE 1.6.0_27 (6u27).

Workarounds

If you are unable to upgrade the Java Plug-in at this time please try one of the following workarounds.

1. Alter the tabbed browser settings in IE7 or IE8

To workaround this issue when using IE7 or higher select the following options in the browser;

'Tools' - 'Internet Options' -> 'General' -> 'Tabs' -> 'Settings' -> 'Enable Tabbed Browsing' -> 'Always switch to new tabs when they are created'.

Also select either 'Let Internet Explorer decide how pop-ups should open' OR 'Always open pop-ups in a new tab' from;

'Tools' -> 'Internet Options' -> 'General' -> 'Tabs' -> 'Settings' -> 'Enable Tabbed Browsing' -> 'When a pop-up is encountered:'

2. Alter the Registry Settings using TweakUI (XP Users)

The Microsoft power tool TweakUI is only available for Windows XP. Altering the registry settings as follows may resolve the issue for all Internet Explorer versions.

3. Turn off Next-Generation Java

Turning off next-generation java will workaround the issue for all Internet Explorer versions (IE6 and higher) when using the default browser settings. This can be turned off as follows:

Control Panel -> Java -> Advanced -> Java Plug-in -> Enable the next-generation Java Plug-in (requires browser restart)

Firefox Users

This issue is fixed for users running Firefox in JRE 1.6.0_30 (6u30) and higher by setting the following browser options:

• Tools -> Options -> Content -> Enable JavaScript (checked)
• Tools -> Options -> Content -> Enable JavaScript -> Advanced… (button) -> Raise or lower windows (checked)
• Tools -> Options -> Tabs -> Open new windows in a new tab instead  (unchecked)

Type Ahead in Forms

If focus is moved out of the window, while a form is loading (for example if a message window pops up and takes the focus), any characters that were typed before the form opened will not register in the form. This is expected behavior with the native JRE Plug-in.

Internet Explorer "Close Window" Link - Modal Window

“The webpage you are viewing is trying to close the tab, Do you want to close this tab?”.

Using the "Close Window" link within an HTML page opened from the "Forms Navigator Menu" through Internet Explorer can cause the following modal window to pop.

This requires the user to acknowledge they wish to close form by clicking the 'Yes' button therefore creating an extra keystroke.

To fix this issue please upgrade to JRE 1.6.0_27 (6u27) or higher.

Running any of the following functionalities using JRE 1.6.0_18 (6u18) through to JRE 1.6.0_22 (6u22) with Internet Explorer 6 or 7 may error with;

'fndgfm.jsp error : The current session is invalid. Unable to proceed without a valid session'.

• 'File -> Export' functionality
• Opening attachments in forms
• Opening an HTML form to a new window from forms.
• Opening an Applet in a new window from forms
• Trying to logon again after forms session timeout fails

To fix this issue it is recommended that users upgrade to JRE 1.6.0_23 (6u23) or higher. If you cannot upgrade at this time it is recommended to remain on JRE 1.6.0_17 (6u17) or use one of the patched releases of the JRE 6u22, JRE 6u21 or JRE 6u20 streams of the Plug-in. These versions are only available through the following patches:

JRE 1.6.0_22 build 3 (6u22-b03) through Patch 10189354
JRE 1.6.0_21 build 8 (6u21-b08) through Patch 10021403
JRE 1.6.0_20 build 5 (6u20-b05) through Patch 9915543

Note: If you are affected by this issue, do not download JRE 1.6.0_22, JRE 1.6.0_21 or JRE 1.6.0_20 through the usual channels or through the Java Auto Update Mechanismas these releases do not contain this fix. The standard Java SE versions available are:

JRE 1.6.0_22 build 4 (6u22-b04)
JRE 1.6.0_21 build 6 (6u21-b06)
JRE 1.6.0_20 build 2 (6u20-b02)

Patch Installation Instructions for the Desktop

The patch can be downloaded and installed directly to a desktop as follows:

1. Download the required patch to your desktop 
2. Extract the j2se160xx.exe (where xx = the version of JRE you are installing) 
3. Run the executable to install the Plug-in

Distributing the Patched Releases of the JRE Plug-in to Users

If you wish to distribute a patched release of the JRE Plug-in as a download through Oracle E-Business Suite follow the standard JRE Plug-in upgrade instructions in this document. If users are upgrading to a higher JRE release the Plug-in will be downloaded and installed in the usual way as described in this document.

If users have already installed the same Plug-in version number that does not include the fix from the usual download sources or through the 'Java Auto Update Mechanism', they will not be offered the Plug-in release for download from Oracle E-Business Suite until the current version is uninstalled from the desktop. Using JRE 1.6.0_22 (JRE 6u22) as an example:

JRE 1.6.0_22 (JRE 6u22) Users

If you already have JRE 1.6.0_22 build 4 (JRE 6u22-b04) from the usual download site or through the 'Java Auto Update Mechanism' installed on your desktop, uninstall it as follows:

Uninstall the existing JRE 6u21 Plug-in

1. Uninstall the Plug-in from your desktop (see Uninstalling a JRE Plug-in Version from your Desktop Client)
2. Install the new release on the desktop or download it through Oracle-E-Business Suite

Alternatively, if you download the JRE 6u22-b03 release from Patch 10189354 you can simply overwrite the existing version with the newer release as follows:

Overwriting your Existing JRE6u22 Release

1. Run the patched j2se16022.exe on the desktop 
2. A Java Setup window will open stating;
"This software has already been installed on your computer. Would you like to reinstall it?"
3. Click the "Yes" button
4. Continue with the installation

Workaround

To workaround the issue please disable next-generation java through the 'Java Control Panel' as follows:

Control Panel -> Java -> Advanced -> Java Plug-in -> Enable the next-generation Java Plug-in (requires browser restart)

Note: Turning off next generation java can cause forms launch issues in certain very specific circumstances, see Forms Launch Issues for further information. Running JRE 6u20-b02 may also prevent the file opening when running the 'File->Export' functionality. Please apply Patch 9915543 (JRE 6u20-b05) and turn next generation java on again to fix the problem.

For further information also see Document 1054293.1 .

Chinese (*) Characters

Characters in any workflow diagram are incorrectly displayed when using 'Chinese (*)' locale settings on the desktop client, running JRE 1.6.0_17 (6u17) or JRE 1.6.0_18 (6u18). For further details please see Bug 9383553 - Fonts Incorrectly Displayed in Workflow Diagram Using JRE 6u18. This issue is fixed in JRE 1.6.0_19 (6u19)

Accented Characters in Modal Windows

Where two or more keys are required to input accented characters, the accent does not appear when typing into a modal window. For example in the 'Find' field of an LOV, only the non-accented character will show. If you are using Oracle Forms version 10.1.2.2 or earlier, please apply Patch 5526175.

Japanese JIS X 0213:2004 Character Set

The Japanese 'JIS X 0213:2004 Character Set' is included in Windows Vista and is also available through a Microsoft package for Windows XP. This character set only provides partial support for the Oracle E-Business Suite. There is no support for the supplementary character set, while combining characters is partially supported with the appropriate fonts. Currently, there is no Oracle font support, however a solution to this issue is being investigated and will be announced in due course.

Arabic Characters

When Arabic characters Alef and Lam are joined in the middle of a word, they appear incorrectly at runtime. This issue is fixed in JRE 1.5.0_17 and JRE 1.6.0_12 (6u12).

Available Fixes

Release 12.1.x Users

To fix this issue, apply Patch 17259273:R12.TXK.B (which includes fndjar.dep version 120.55.12010000.35) or later.

Workarounds

If you are unable to apply this patch fix at this time, one of the following workarounds can be used to prevent the activation of the warning window and allow the affected functionalities to work normally in the meantime.

Java Control Panel

Select the following option in the 'Java Control Panel' from the desktop client;

• Start -> Control Panel -> Java (icon) -> Advanced -> Security -> Mixed Code (sandboxed vs. trusted) security verification
• Check the option 'Enable - hide warning and run with protections'
• Click the 'OK' button

deployment.properties File

Add the following entry to the deployment.properties file on the desktop client;

• deployment.security.mixcode=HIDE_RUN

For information on updating the deployment.properties file, please reference the Deployment Configuration File and Properties document.

JRE 7 SSL Error

Forms launch may fail for users running JRE 7 on SSL enabled Oracle E-Business Suite environments with the following error in the Java Console:

To fix this issue please apply the 10.1.0.5 (32-bit) version of Patch 6370967 - 'TLS 1.0 handshake fails when the client is running on Vista' to AS 10.1.3 with OPatch. (Note: This patch is also required for Windows XP and Windows 7)

SSL Enabled Webcache Environments

If you are connecting to an SSL enabled Webcache instance using JRE 1.6.0_xx please ensure the following parameter is checked in the 'Java Control Panel' on the desktop client';

Control Panel -> Java -> Advanced (tab) -> Use SSL 2.0 compatible ClientHello format

JRE 6 is not truly SSL 2.0 compatible TLS 1.0 clients that support SSL Version 2.0 servers must send SSL Version 2.0 client hello messages. TLS servers should accept client hello format if they wish to support SSL 2.0 clients on the same connection port.

Without this parameter checked, forms will not launch and the following error will appear in the java console;

'Visualize Relationships' may not display through Customers Online. The applet window will open with an error, displaying a red cross in the corner. This is due to a JRE Plug-in mismatch between the version being used by Oracle E-Business Suite and the version that is stipulated in the WF_RESOURCES table. For further details please see Bug 9560111 - Visualize Relationships Applet Fails to run with JRE.

Workaround

To workaround the issue if you are unable to apply the patch fix at this time, please update the WF_RESOURCES table with the dynamic classid to allow the use of the latest available Plug-in on any users desktop as follows;

Discoverer with JRE 1.8

Discoverer users running JRE 1.8.0_25 or higher must upgrade to Oracle BI Discoverer (11g) 11.1.1.7 and also apply Patch 20219002 by following its readme.

Discoverer with JRE 1.7

Discoverer users running OracleBI Discoverer (11g) 11.1.1.7 or higher should apply Patch 20219002 by following its readme.

Discoverer users running JRE 1.7.10 or higher must upgrade to Oracle BI Discoverer (11g) 11.1.1.6 or higher.

Discoverer (11g) 11.1.1.6 users must apply Patch 13877486. (Also see Document 233047.1 titled, 'How To Find Oracle BI Discoverer 10g and 11g Certification Information').

Discoverer with JRE 1.6

Discoverer users running JRE 1.6.0_03 or higher must upgrade to Oracle BI Discoverer 10.1.2.2 CP6 or higher.

JVM Shared, not allowed to set security manager

Discoverer may display the following error when trying to launch from another application or a managed link URL:

To fix this issue please apply the following patch as applicable to your Discoverer release:

Oracle BI Discoverer (11g) 11.1.1.7 Users - Patch 17303613

Oracle BI Discoverer (11g) 11.1.1.6 Users - Patch 17319353

Multiple Java Console Windows Open

With the 'Show Console' option set in the Java Control Panel, launching a forms based application through IE may cause two separate 'Java Console' windows to open. Accessing further applets from the same Oracle E-Business Suite session may also cause further 'Java Console' windows to appear. This is expected behavior due to Loosely-Coupled IE (LCIE). This functionality splits the browsers frame and its tabs into separate processes on the desktop to improve performance and browser recovery if a tab crashes. This will not always be seen because not every tab will necessarily be started in its own process because LCIE will attempt to balance reliability with performance. Therefore the issue of multiple java console windows is most likely to be seen if running from a high specification multi-core processor desktop.

If required you can prevent the java console from appearing by running the following from your desktop client;

Control Panel -> Java icon -> Advanced tab -> Java Console -> select the 'Hide Console' radio button

JRE Cache Directory

The JRE cache directory can no longer be changed through the Java Control Panel. The Change button is disabled under 'Java Control Panel' -> 'General' (tab) -> 'Settings' -> 'Location'. The default cache is set to a low-integrity directory under the users home:

Users wishing to change the cache location must do so through the deployment.properties file:

For information on updating the deployment.properties file, please reference the Deployment Configuration File and Properties document.

Control Panel -> Java (icon)

C:\Program Files (x86)\Java\jre6\bin\javacpl.exe

Static Versioning (Historical information)

Static versioning denotes the behavior by which a specific version of the Java Plug-in must be used to access an application regardless of whether later JRE Plug-in versions were also installed on the desktop client. This was the default behavior when accessing Oracle E-Business Suite through Oracle JInitiator. This behavior could also be maintained using classic JRE Plug-in releases (JRE 1.6.0_07 and lower) through registry changes on the desktop which ceased with the introduction of next-generation Java (JRE 1.6.0_10 and higher). With static versioning Oracle E-Business Suite would use a specific Plug-in version meaning users could only access the instance if using that particular Plug-in version.

Non-Static Versioning

Non-Static versioning denotes the behavior by which the latest (and therefore the most secure) Java Plug-in version installed on the desktop client is used to access an application. With this model the Plug-in version set on the web server is the minimum version that can be used to run a forms-based (professional user interface) responsibility from the desktop client. If multiple versions equal to or greater than the version specified are installed on the desktop client the preference will be to connect using latest available version.

Java Auto Update Mechanism (32-bit JRE)

By default the 'Java Auto Update Mechanism' is enabled in the 'Java Control Panel' when a 32-bit JRE Plug-in is installed on the desktop client. With this enabled users may be automatically upgraded to a later JRE version on their desktop client.

Disabling the Java Auto Update Mechanism

JRE Releases with Auto Update Off

Customers that wish to control when their users are upgrade to the latest JRE release may use special versions of the JRE Plug-in that have the 'Java Auto Update Mechanism' turned off. JRE Plug-in releases with Auto Update turned off can only be downloaded through My Oracle Support. The required patch number is listed in the JRE Parameter Settings table within this document. These are also listed in Document 1439822.1, titled 'All Java SE Downloads on MOS' and look for patches named 'Oracle JRE X Update XX with Auto Update Off' e.g. 'Oracle JRE 7 Update 79 with Auto Update Off'.

Auto Update is turned off by default on all builds of JRE 1.6.0_60 (6u60) and higher.

Standard JRE Releases

To prevent the automatic update of higher JRE Plug-in versions this feature may also be disabled when using a standard JRE release with one of the options below:

Option 1: From the 'Java Control Panel'

• From the 'Start Menu', select 'Control Panel'
• Double click the 'Java' icon
• Select the 'Update' tab
• Uncheck the 'Check for Updates Automatically' box
• Click the 'Never Check' button on the 'Java Update -Warning' pop up window
• Click 'OK' to close the 'Java Control Panel'

Option 2: Through the Registry

• Set all the following keys to 0:
  • HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\EnableJavaUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\NotifyDownload
  • HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy\NotifyInstall
• If required you may also delete the following key to stop the 'jusched.exe' program launching on startup which will remove the 'update' tab from the java control panel. (This is put back if you later install JRE):
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

Before editing the Microsoft Windows registry, users are strongly advised to review Windows registry information for advanced users (Microsoft Knowledge Base Article 256986).

Multiple Client Java Plug-in Versions

This section provides an overview of the coexistence of multiple JRE Plug-in versions installed on a single desktop client for use through Internet Explorer.

Note: If you require further control over calling different JRE releases for different applications or security access see the Deployment Rule Set. documentation.

Coexistence of Different JRE Families on the Desktop Client

In the correct circumstances two different JRE families may seamlessly coexist on the same desktop client and allow connection to the same or multiple Oracle E-Business Suite environments using one plug-in or the other. This can be useful for testing purposes and connection to multiple Oracle E-Business Suite environments that may be calling different Plug-in streams. It may also be possible to connect to the same environment using different Plug-in streams seeAdding Additional JRE Plug-in Versions in EBS.

Security Baseline

The 'Java Security Baseline' function is applicable when different JRE family versions are installed on the desktop client and the web server is calling a lower JRE family version.

The security baselines for the recent releases are as follows:

JRE 8 Security Baseline	JRE 7 Security Baseline	JRE 6 Security Baseline
1.8.0_101	1.7.0_111	1.6.0_121
1.8.0_91	1.7.0_101	1.6.0_115

The security baselines for each JRE version are stated in the Update Release Notes.

Coexistance Using the Latest JRE Releases

Running different JRE streams seamlessly from the same desktop using the recommended Java security setting or higher (High or Very High) requires the latest available JRE CPU release with the equivalent JRE family baseline. In some cases you may also be able to run this function using a primary release below the latest CPU, however it will cause extra pop-ups and may not function at all.

Examples:

The table below gives some examples outlining the expected behavior when running multiple JRE releases from the same desktop client. Your web server must explicitly call the secondary JRE version as shown in the table. Java content will initially launch using the primary (highest) JRE family release which will then evaluate certain 'rules', once satisfied it will pass control to the secondary (lower) JRE family release.

Desktop Client Primary Version	Desktop Client Secondary Version	web server version (appsweb.cfg) 1	Java Console Output Example
1.8.0_101	1.8.0_91	clsid:CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA sun_plugin_version=1.8.0_91	Java Plug-in 11.101.2... Using JRE version 1.8.0_91 Java HotSpot(TM)..
1.8.0_102	1.7.0_111	clsid:CAFEEFAC-0017-0000-0111-ABCDEFFEDCBA sun_plugin_version=1.7.0_111	Java Plug-in 11.102.2... Using JRE version 1.7.0_111 Java HotSpot(TM)..
1.7.0_111	1.7.0_101	clsid:CAFEEFAC-0017-0000-0101-ABCDEFFEDCBA sun_plugin_version=1.7.0_101	Java Plug-in 10.111.2... Using JRE version 1.7.0_101 Java HotSpot(TM)...

¹ Internet Explorer uses the clsid value for calling the JRE version. Mozilla Firefox uses the sun_plugin_version value for calling the JRE version.

Coexistence Known Issue: 3-Digit Point Release Versions Not Recognized by Java 8

It is currently not possible to run 3-digit point release versions of JRE on top of JRE 8. Only the final 2-digits are recognized and therefore the correct version is not found. For example if trying to use the coexistance rules to run JRE1.7.0_101 on top of JRE 1.8.0_91 a pop up message will display stating:

"This application would like to use a version of Java (1.7.0_01) that is not installed on your system.We recommend running the application with the latest version of Java on your computer."

If you click the "Run with the latest version" button, the Java content will simply launch using JRE 1.8.0_91.

Fix

This issue is fixed in JRE 1.8.0_102.

Coexistence Using Older JRE Releases

It is recommended that users upgrade to the latest JRE CPU release running on 'High' or 'Very High' Java security settings. Using the default settings you cannot run older versions of JRE together. Coexistence of older JRE versions can be achieved but it requires the Java security levels to be lowered. This is therefore not recommended as a long term solution but can be useful for testing purposes for example. Versions that are 2 below the latest security baseline, or versions that are past their expiry date can be deemed Older versions. The following provides a brief overview of the required settings for running older versions of JRE from different families together. The same principles can be used if you wish to run two versions from the same family.

Running JRE 8 and JRE 7 from the same desktop

• Ensure the web server is set to call the version of JRE 7 you want to use
• From the Java Control Panel:
  • Add the your environments URL (e.g. https://server.example.com:4443) under: Security (tab) -> Exception Site List.
  • Click Security (tab) -> Restore Security Prompts -> Restore All
  • Clear the Cache: General (tab) -> Settings -> Delete Files

Running JRE 8 and JRE 6 from the same desktop

• Ensure the web server is set to call the version of JRE 6 you want to use
• From the Java Control Panel:
  • Add the your environments URL (e.g. https://server.example.com:4443) under: Security (tab) -> Exception Site List.
  • Click Security (tab) -> Restore Security Prompts -> Restore All
  • Uncheck later TLS settings: Advanced (tab) -> Advanced Security Settings -> TLS 1.1 and 1.2
    • (These are checked by default in JRE 8)
  • Clear the Cache: General (tab) -> Settings -> Delete Files

Running JRE 7 and JRE 6 from the same desktop

• Ensure the web server is set to call the version of JRE 6 you want to use
• From the Java Control Panel:
  • Reduce the security level to Medium: Security (tab) -> Security Level
  • Click Security (tab) -> Restore Security Prompts -> Restore All
  • Clear the Cache: General (tab) -> Settings -> Delete Files

Dynamic and Family CLSID

In most cases users will continue to upgrade their EBS web server using a CLSID pointing to a specific version. If you are using the latest JRE upgrade scripts through the application of Patch 21624242 there is the additional option of using the 'Dynamic' or 'Family' CLSID in your configuration if required. This is outlined in Section 3: Upgrade and Configuration within this document. While these can be used to exert some control of Java selection, they will still adhere to the usual Java security rules.

The 'CLSID' value is used by Internet Explorer when ascertaining the version of Java to use when running any Java content and is therefore only applicable when using that browser. Firefox uses an open 'mimetype' along with the java_version parameter and therefore provides limited java version control.

Numeric CLSID

Using a numeric CLSID pointing to a specific JRE release is is what has been used historically with Oracle E-Business Suite. This is useful for controlling the minimum JRE version that can used for security or other reasons. The version set here specifies the minimum version of JRE that can be used to access any Java content. If multiple versions are installed on the desktop it will initially try and launch on the latest version from highest JRE family available that is greater than the version specified by the CLSID. Depending on the security rules and the Security Baseline the specified version may then be used to run the Java content.

Dynamic CLSID

The Dynamic CLSID will try to run using the latest version from the highest Java family installed on the desktop. It will only try to download a Java version from the EBS web server if there is no version of JRE available on the desktop. This can be useful if you have different users running different JRE releases and/or families.

Family CLSID

Using the Family CLSID will try and run with the latest version of JRE it can find on the desktop of the stated Java family or a higher Java family. For example if you are using the Family CLSID and have both JRE 6 and JRE 7 installed, Java content will try and launch using the latest version of JRE 7 it can find. If you also have JRE 8 installed it will launch using the JRE 8 release. This can be useful if you have different users running different versions and/or families but you want to restrict users running an old Java family release.

General Warning Messages

Warning - Unavailable Version of Java Requested

Trying to call a version of Java that is past it's expiration date when using the recommended 'High' or 'Very High' security settings will cause the following warning message to pop.

Selecting 'Run with the latest version' will cause forms to launch using the higher JRE version on your desktop.

Selecting 'Cancel' will prevent forms from launching.

An Application would like access to an out-of-date version of Java

If you have JRE 1.7.0_21 or higher installed on your desktop with Java security set at 'Medium' (Not Recommended) or have JRE 1.7.0_17 or earlier installed on your desktop running with their default Java security settings the following security warning may display:

Selecting 'Run with the latest version on your system...' will cause forms to launch using JRE 1.7.0_25.

Selecting 'Allow this application to run with the requested version...' will launch using JRE 1.6.0_43 on top of JRE 1.7.0_25.

The choice made by the user in response to this security message is stored in the Java cache. Choosing which version to use is therefore remembered when accessing the environment in future and the warning will not pop again. If you wish to change your choice and run using the other the version to access the environment you can make this message pop again as below:

JRE 1.7.0_40 and Earlier

If running JRE 1.7.0_40 or earlier you can restore the security certificates by clearing the 'Installed Applications and Applets' in the Java Cache:

JRE 1.7.0_45 and Later

If running JRE 1.7.0_45 or later you can restore the security certificates by selecting the 'Restore Security Prompts' button:

Adding Additional JRE Plug-in Versions in EBS

It is recommended that only one JRE version is used to access a single Oracle E-Business Suite instance

There may be occasions where it is desirable to test and compare changes in functionality or security across different Plug-in versions in a test system. Users may access the same Oracle E-Business Suite instance from the same desktop client using different JRE client Plug-in versions in the following ways.

The txkSetPlugin script outlined in Step 2.1. Apply the JRE Interoperability Patch section above, is only run for the version of JRE that you wish to have as your default Plug-in.To add additional JRE versions to be run against the same environment follow the steps below.

Adding a JRE Version

Using JRE 1.6.0_91 as an example.

1. Copy the j2se16091.exe file to your $OA_HTML directory to allow user download of the Plug-in at runtime. (The sun_plugin_url parameter below denotes the Plug-in file name and download directory).

2. Take a backup copy of your original $FND_TOP/admin/template/forms_web_1012_cfg.tmp file.

3. Add the following information under [myExtensions] at the bottom of your $FND_TOP/admin/template/forms_web_1012_cfg.tmp file.

4. Enter the forms URL against the ICX: Forms Launcher profile at user level for the appropriate E-Business Suite user. (If required, you may set up a new user through the System Administrator Responsibility for this). In this example, logging in as this user will cause JRE 1.6.0_91 to be used as the Plug-in instead of the default version providing JRE 1.6.0_91 is the highest available version of JRE available on that particular desktop client or a suitable security baseline release.

The name you used in the update above under step 3, e.g. [J16091] must be referenced as the 'config' parameter like the example below:

5. Run autoconfig to filter the changes through to the runtime version of appsweb.cfg.

IE Browser Settings for User Download of the Java Plug-in (oaj2se.exe)

Oracle recommends that customers running Oracle E-Business Suite through a Microsoft Internet Explorer (IE) browser should use a 'Medium' security setting through the 'Trusted Sites' zone in the browser at runtime. Further information on browser settings are available from Document 389422.1 titled, 'Recommended Browsers for Oracle E-Business Suite Release 12'.

If the appropriate Plug-in or higher is not already installed on the desktop client, you should be prompted to download it when trying to connect to a 'forms link' through an Oracle E-Business Suite forms-based (professional user interface) responsibility.

With a medium security setting, after clicking on a 'forms link', a message similar to the following should appear at the top of the browser window;

JRE 6 Users

"The website wants to install the following add-on: 'Java(TM) Runtime Environment 6.0 Update 38' from 'Sun Microsystems, Inc.'. If you trust this website and the add-on and want to install it, click here..."

JRE 7 Users

'The website wants to install the following add-on: 'Java SE Runtime Environment 7.0 Update 10' from 'Oracle America, Inc.'. If you trust this website and the add-on and want to install it, click here...'

If you see this message, follow the steps below to install the Plug-in:

1. Click on the message above and select 'Install ActiveX Control...'
2. Once the browser has stopped processing, click on the 'forms link' again, and the oaj2se.exe file should start to download
3. Once the download has completed, a security warning pop-up window will ask, 'Do you want to install this software?'
4. Click on the 'Install' button and follow the on screen instructions

Alternatively, you can avoid this message by temporarily altering the security settings for the initial install, using one of the two methods below. Once the Plug-in has been installed on the desktop client, the browser security settings should be reset to 'medium'.

Method A: Change Security Setting to Medium-low

1. Select 'Tools' -> 'Internet Options -> 'Security' (Tab)' from the browser menu.
2. Select 'Trusted Sites' -> 'Custom Level' (button)
3. From the 'Reset custom settings' drop down select 'Medium-low'
4. Click the 'Reset...' button and accept the changes.
5. Press the 'OK' buttons on the 'Security Settings' and 'Internet Options' windows.
6. Close the browser and start a new browser session for the settings to take effect.
7. After launching Oracle E-Business Suite and downloading the oaj2se.exe file onto your desktop client, please reset the security setting back to 'Medium'.

Method B: Change Individual Parameter Settings

1. Select 'Tools' -> 'Internet Options -> 'Security' (Tab)' from the browser menu.
2. Select 'Trusted Sites' -> 'Custom Level' (button)
3. Under 'Settings' -> 'ActiveX controls and Plug-ins'
4. Change 'Automatic prompting for ActiveX controls' to 'Enable'
5. Change 'Download unsigned ActiveX controls' to 'Prompt'
6. Click the 'OK' button and accept the changes and click the 'OK' buttons to close the window
7. Close the browser and start a new browser session for the settings to take effect.
8. After launching Oracle E-Business Suite and downloading the oaj2se.exe file onto your desktop client, please reset
   'Automatic prompting for ActiveX controls' to 'Disable' and
   'Download unsigned ActiveX controls' to 'Disable.

Connecting to an Oracle E-Business Suite Instance for the First Time

"The application's digital certificate cannot be verified. Do you want to run the application?"

If accessing Oracle E-Business Suite using a Forms-based (Professional user interface) responsibility where the Java certificate for the environment you are accessing has not previously been installed into the Java certificate store, the following warning window will display:

JRE 7 Users

JRE 7u40 and Higher Users

If your Jar files are still signed with a self-signed certificate, the option to 'remember the decision' for future logins has been removed in JRE 1.7.0_40 (7u40) and later. This warning message will therefore appear each time you start a new session requiring the user to agree to accept the risk before running.

Tick the checkbox and click the 'Run' button to open the form.

To prevent this security window popping it is recommended that you sign all your jars using a trusted certificate authority (CA). Signing can be done using either an official CA (such as Verisign, Thawte etc.) or an in-house CA. For further information on Jar signing requirements see Document 1591073.1 titled, 'Enhanced JAR File Signing for Oracle E-Business Suite'.

Running with a Self-Signed Certificate

If your Jars are signed with a self-signed certificate you can still launch Java content and also prevent this window from popping by utilizing a Deployment Rule Set. However, the DeploymentRuleSet.jar file must itself be signed with a certificate from a Trusted CA, either an official CA (such as Verisign, Thawte etc.).

If your Jars are signed with a self-signed certificate you can also still launch Java content using a self-signed certificate by utilizing the Exception Site List feature from the desktop. However, this will not suppress this warning message. Users will still be required to respond to this warning each time they launch a new session.

JRE 7u21 and Lower Users

If accessing Oracle E-Business Suite using a Forms-based (Professional user interface) responsibility where the Java certificate for the environment you are accessing has not previously been installed into the Java certificate store, the following, or similar, security warning window will display:

Check the 'I accept the risk and want to run this application' box to verify you trust the certificate. 
Click the 'Hide Options' button and check 'Do not show this again for apps from the publisher and location above'. 
Click the 'Run' button to open the form. 
Once the certificate has been successfully installed, this message will not appear again when accessing this environment from your desktop client.

JRE 6 Users

JRE 6u60 and Lower Users

Check 'Always trust content from this publisher' to verify you trust the certificate.
Click the 'Run' button to open the form.
Once the certificate has been successfully installed, this message will not appear again when accessing this environment from your desktop client.

JRE 6u65 and Higher Users

To further enhance Java security the option to install the certificate into the Java certificate store and remember the decision for future logins when using self-signed certificates has been removed in JRE 1.6.0_65 (6u65) and higher. This warning message will therefore appear each time you start a new session if using self-signed certificates. To prevent this message appearing sign your jar files using a trusted CA by following Document 1591073.1.

Click the 'Run' button to open the form.

Note: If you are using a self-signed certificate for jar signing the Publisher will display as UNKNOWN in the Java 'Warning - Security' window as shown above. This is an intended change in behavior to avoid misrepresentation and spoofing attacks. Trusted signing authorities will continue to display the publisher name as in previous JRE Plug-in releases.

1. From the Windows 'Control Panel' click on 'Programs and Features'.
2. Select the appropriate version of 'J2SE Runtime Environment' and click the 'Uninstall' button.
3. Select the appropriate options in the dialogs which follow. (An administrator's password is required for this).

0 ­ off
1 ­ basic
2 ­ network, cache and basic
3 ­ security, network and basic
4 ­ extension, security, network and basic
5 ­ LiveConnect, extension, security, network, temp and basic

1. Open the Java Plug-in Control Panel on your desktop through: Start -> Settings -> Control Panel -> Java 
2. Ensure Advanced (tab) -> Java Console -> Show Console is checked
3. Ensure Advanced (tab) -> Debugging -> Enable tracing is checked
4. Enter the required tracing level under Advanced (tab) -> Java Runtime Parameters (Using tracing level 5 as an example):

1. Open the Java Plug-in Control Panel on your desktop through: Start -> Settings -> Control Panel -> Java 
2. Ensure Advanced (tab) -> Debugging -> Enable logging is checked

Windows Vista, 7, 8 and 10

Note: Odd number versions (e.g. 1.8.0_101) denote that it is a Critical Patch Update (CPU) release. Even number versions (e.g. 1.8.0_102) are generally Bundled Patch Releases (BPR). Users are recommended to only use the BPR release if they are being impacted by any additional fixes, if any, affecting Oracle E-Business Suite.

¹ Patch No. Standard Public Build: This patch contains the same JRE build that was/is available from the public download sites and through the 'Java Auto Update Mechanism'.

² Patch No. Auto Update Off Build: This patch contains the standard JRE build (usually build 30) with the 'Java Auto Update Mechanism' turned off. This is specifically for customers who wish to keep up to date with the latest Java 32-bit releases but also want control over when their users upgrade. The auto update function is only available for the 32-bit versions of JRE. All JRE 64-bit releases come with auto update turned off by default.

Note: Java patches generally contain both the JRE and JDK releases. Please extract and use the JRE version of Java from the patch, the JDK version is not required for the purposes of this document.