Effect of Java Critical Patch Updates on TestNav 8
Pearson Technical Bulletin – February 11, 2014
Effect of Java Critical Patch Updates on TestNav 8
What’s the purpose of this technical bulletin?
The purpose of this technical bulletin is to help TestNav 8 users shape their program’s policy with respect to Java updates during scheduled online testing windows.
What’s the issue?
If you are using Java 7, when Oracle releases Java Critical Patch Updates, Java will automatically check against your version and it may notify you that an update is available.
In these cases, you must accept the Java Critical Patch Update if you’re running Java 7. Because TestNav (and any other product that uses a java applet) will not run until the update is made, the update notification could disrupt students currently testing.
Who’s affected?
- Computer browsers running Java 7 that still have their expiration check enabled will be affected by Java Critical Patch Updates. (If the expiration check is disabled, the browsers will not be affected.)
- Computer browsers running Java 5 (1.5.x) and Java 6 (1.6.x) will not be affected by Java Critical Patch Updates.
Why is browser-based TestNav dependent on Java?
TestNav uses the Java plugin within a browser to ensure that the browser runs in secure mode for high-stakes assessments. Pearson continually monitors Oracle’s Critical Patch Updates and we validate the TestNav software against these updates prior to their release. TestNav users, however, also must be aware of how Java Critical Patch Updates may affect their online testing network.
How does Oracle release Critical Patch Updates?
Oracle releases Critical Patch Updates on a quarterly basis. For example, on January 17, 2014 Oracle released an update to Java 7 that addressed critical security vulnerabilities in Java 7. Oracle requires users that run Java 7 to update to the latest release of Java 7. Oracle does not require users to update from Java 7 to Java 8.
Oracle will release another Critical Patch Update on April 15, 2014. We know that this release will occur during test administration windows of several of Pearson’s customers. Oracle’s scheduled Critical Patch Updates are listed here: http://www.oracle.com/technetwork/topics/security/alerts-086861.html
What do we need to do when Java releases a Critical Patch Update?
This is an important question because the answer may have implications for your online testing infrastructure and the overall success of your online testing program. There is no single answer to this question; the correct answer for you depends on which version(s) of Java currently are running in the browsers of your online testing computers. Here are our guidelines:
-> Computer configurations not affected by Java Critical Patch Updates
If a test delivery computer is configured as described in the cases below, and the computer “passes” System Check and the TestNav login verification is successful, then the Oracle updates to Java will not affect your online testing.
- If a computer is running Java 6 on a Mac with Safari, and the computer “passes” System Check and the TestNav login verification is successful, then Oracle updates to Java will not affect your online testing.
- If a computer is running Java 6 on Windows with Chrome or Firefox, and the computer “passes” System Check and the TestNav login verification is successful, then Oracle updates to Java will not affect your online testing.
- If a computer is running Java 5 or Java 6 on Windows with IE, and the computer “passes” System check and the TestNav login verification is successful, then Oracle updates to Java will not affect your online testing.
- If a computer is running Java 7, and this Java option* is set to “false” deployment.expiration.check.enabled=false, then Oracle updates to Java will not affect your online testing.
* This option is used when a more controlled rollout of the Java update is planned. Generally this is used in conjunction with a configuration management tool. For more information on how to set this setting, see Oracle’s option to disable the “JRE out of date” warning: http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html and
Oracle’s Deployment Configuration File and Properties: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
The computer configurations listed above will not be affected by Java Critical Patch Updates released by Oracle during your online testing window. The update notices will not be automatically pushed by Oracle to your browsers and online testing will continue uninterrupted. TestNav will continue to deliver tests on computers running Java 6 or Java 5 or Java 7 (with deployment.expiration.check.enabled=false).
Java updates, if needed, can be made manually after your online testing windows closes.
-> Computer configurations affected by Java Critical Patch Updates
For computer configurations (especially those running Java 7) other than the four listed above, Oracle updates to Java will affect your online testing. You should be aware of the Java update schedule and establish a plan of action.
Windows and Mac computers running Java 7 not configured as above will receive notice of Java updates from Oracle. Oracle will require that the update be made -- even when a school may be in the middle of online testing. Students’ test sessions could be disrupted. TestNav (and any other java applet) will not run until the update is made.
What if I’m not sure which version of Java my testing computers are running?
The System Check for TestNav tool (http://systemcheck.ref.testnav.com) will examine your testing computers to check whether your operating systems, browsers, and java environments are TestNav ready.
What about the security settings on browsers?
We support Oracle’s recommendations regarding browser security settings. For details about the recommended security levels in the Java Control Panel, see Oracle’s recommendations here: http://www.java.com/en/download/help/jcp_security.xml
Note regarding Java updates on other applications and security settings
We have been informed by customers who updated their computers to the latest release of Java (1.7.0_51) that other applications that require Java (other than TestNav) may no longer work after the update. (In other words, TestNav works but other applications using Java may not). If this occurs, you may need to lower the security settings on the Java Control Panel to allow the other applications to work. See Oracle’s instructions for changing security settings here: http://www.java.com/en/download/help/jcp_security.xml.
Oracle option to disable warning
Java has made available a setting that will allow Java updates to be applied at the administrator’s discretion after the update is made available. See Oracle’s instructions for how to change settings for Option to disable the “JRE out of date” warning: http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html and
Oracle’s Deployment Configuration File and Properties: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html.
Browser and minimum Java versions
These tables show the versions of Java that TestNav 8 supports. These are the same tables used by SystemCheck.
TestNav 8 / Windows
Browser | Supported Java Versions |
IE 9 | 1.5, 1.6, 1.7 |
IE 10 | 1.6, 1.7 |
IE 11 | 1.7 |
Chrome | 1.6, 1.7 |
Firefox | 1.6.30, 1.7 |
TestNav 8 / Mac
Browser | Supported Java Versions |
Safari 5.1 | 1.6.0.65 |
Safari 6 | 1.6, 1.7 |
Safari 6.1 | 1.6, 1.7 |
Safari 7 | 1.6, 1.7 |
Firefox | 1.6.30, 1.7 |