Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Security issue with JRE 9.0.1

Dr. Zathras
in 360 Works General Support

Featured Replies

We use 360Works ScriptMaster and SuperContainer Companion plugins with FileMaker Pro 18 Advanced running on Mac OS  X 10.15. On first run they download and install jre 9.0.1 into the User's Library/Application Support directory.

Everything is working well, but our IT Security requires us to run Rapid7 on all of our Macs and it's got a problem with the JRE. Specifically, it states:

Obsolete Version of the Java Runtime Environment. Versions of the Java Runtime Environment prior to 8 (1.8.0), in addition to versions 9 and 10 are no longer supported. Unsupported versions of Java may contain vulnerable security flaws.

Library/Application Support/360Works/Plug-ins/jre/9.0.1/Contents/Home/lib/jrt-fs.jar

Do the 360Works plugins require the presence of this jrt-fs.jar file? If not, can I just delete it to keep Rapid7 happy? If it's required, is there any way to replace it with a supported version?

Thanks.

Colin Hunter

Hi Colin,

Our Mac plugins are compiled in Java 9 and need a Java 9 Runtime environment in order to operate so removing that file will cause issues or the plugin to not enable. I am unfamiliar with Rapid7 but perhaps it has a way to whitelist specific files?

  • Author

Thank you for your reply. Rapid7 is a cross-platform tool which scans our Macs and PCs for any software which is no longer supported by the manufacturer or which has a known security vulnerability. If it finds anything, we get a nastygram from IT Security warning us we have to update or remove the offending program.

Yes, we can ask for a flagged file to be whitelisted, but we have to justify the request. Are you saying Rapid7 is wrong about JRE 9.0.1? Is it still being supported by Oracle and therefore not a security risk?

Thanks.

Colin Hunter

Hi Colin,

The JRE that gets downloaded by our plugins does not get installed onto the system. It runs only when our plugins are running and is used exclusively by them. This means that only the plugins could cause a security risk by doing something nefarious "behind the scenes" which I can assure you they don't. 

That said, our development roadmap does not currently include a change to the required JREs so it will need to be whitelisted in order for you to be able to use our plugins on your system.

Please let us know if you have any questions!

  • Author

Thank you for this additional information. I've passed it on to our IT Security people who will hopefully grant our whitelist request for JRE's jrt-fs.jar file.

Colin Hunter

Create an account or sign in to comment

https://fmforums.com/topic/108230-security-issue-with-jre-901/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.