Copyright © 1997-2018 F-Secure Corporation. All rights reserved.
‘F-Secure’ and F -logo are wp-signup.phped trademarks of F-Secure Corporation. F-Secure product and technology names and F-Secure logos are either trademarks or wp-signup.phped trademarks of F-Secure Corporation. Other product names and logos referenced herein are trademarks or wp-signup.phped trademarks of their respective companies.
This product may be covered by one or more F-Secure patents, including the following:
GB2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233
Portions Copyright © 2004 BackWeb Technologies Inc.
This product includes Java™ Runtime Environment (JRE).
Copyright © 1993, 2018, Oracle and/or its affiliates.
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
Copyright © 2010 The Apache Software Foundation.
This product includes software developed by the Eclipse Foundation (http://www.eclipse.org/).
Copyright © 2010 The Eclipse Foundation.
This product includes H2 Database developed by H2 Group (http://www.h2database.com).
This product includes software developed by INRIA, France Telecom.
Copyright © 2000-2005 INRIA, France Telecom. All rights reserved.
This product includes SLF4J software developed by QOS.ch.
Copyright © 2004-2008 QOS.ch.
The license terms for third-party open source components are linked or in full below in this document.
General
This document contains the latest information about the F-Secure Policy Manager 14.01 release. We recommend that you read this document before installing the product.
- Supported functionality
- F-Secure Policy Manager differences between the Windows and Linux versions:
- Push Installation and Microsoft Windows Installer (MSI) package support features are available only when F-Secure Policy Manager Console is running on Windows platforms.
What’s new in this version?
This section describes the new features, enhancements and most important issues that have been solved.
- Fixed issues compared to version 14.00
-
- Exporting Client Security MSI package from the Console does not require local administrator rights.
- Subdomain administrators can export installation packages and start policy-based upgrades.
- Active Directory rules and user authentication might fail due to LDAPS certificate validation issues.
- Device control generates alerts when blocking devices
- The alerts now contain the name of the currently logged-in user if available, or ‘System’ otherwise.
- Device Control block alert’s severity is not configurable; Security type is always applied.
- The Console’s Policy and Inheritance reports now contain all policy settings.
- Trailing backslashes are not added for real-time folder exclusions ending with the wildcard.
- Firewall rules are properly deleted and edited when custom sorting is applied.
- Web Reporting table sorting works in localized versions.
- The Web traffic scanning > Trusted sites table is marked with the ‘CS13.x hosts only’ tag. 14.x clients’ trusted sites for Web traffic scanning are combined with the Web Content Control > Trusted sites configuration.
- New features and improvements
-
- New Dashboard
- The new Dashboard view highlights the overall Server health, status of main features, hosts in the managed environment, and network activity.
- Server-related sections do not depend on selection in the policy domain tree and are shown only for admins who have full access rights.
- The links representing data flows in the environment are animated and highlight potential networking issues, e.g. long inactivity from managed hosts and heavy traffic.
- Host issues that require the administrator’s attention are listed at the bottom of the Dashboard. The administrator can choose which issues to see and what severity to assign. Discovered issues are analyzed for a possible resolution, which is suggested for each affected host.
- Important Server events are shown on the Dashboard and can be searched to monitor server activities and to investigate issues.
- Support for Client Security 14
- Client Security 14.00 introduces significant changes in the architecture, which include communication with Policy Manager. This includes changes in all data formats, incremental status from the endpoints, the new set of alerts, and server notifications when policies change.
- The new Firewall and Application control features are managed only from the Standard view.
- Client Security Standard and Premium editions are now distributed as a single JAR file that contains both editions. The product edition is selected when you configure the package with Remote Installation Wizards based on the entered keycode. Keycodes are validated at this stage. The product edition defines the set of features to install. The full feature set for the edition are always installed and can be disabled using policies if necessary.
- Trial keycodes are no longer needed for evaluating the product. The evaluation logic is enforced on the Policy Manager side, which blocks centralized configuration from the Console after the evaluation period expires. Remote Installation Wizards detect when Policy Manager runs in evaluation mode and do not ask for a keycode in this case.
- The Restart options page was previously hidden when exporting an MSI package, because MSI installation always restarted the computer. Now the Restart options page is shown.
- It is now possible to turn off sidegrade completely when configuring the Client Security installer.
- The Offload scanning agent is now activated using the policies included in the installation package instead of selecting the corresponding feature in the Remote Installation Wizard. Also, the agent can be activated at any time from the Console > Settings > Real-time scanning > Virtualization support policies instead of reinstalling the product.
- Support for the new firewall engine
- F-Secure firewall is replaced with the Windows firewall engine. It is automatically turned on after installing Client Security 14.00, unless explicitly disabled in the policies.
- Centralized configuration experience remained unchanged as much as possible. The main difference in the configuration logic is the introduction of profiles, which compared to Security levels do not use a policy inheritance model but use a copy-on-modify approach instead. In addition to a set of firewall rules, the profiles contain a number of related settings.
- Network services list is now treated as a global dictionary, which is the same for all Policy Manager administrators.
- Internet Shield’s Application control feature is no longer supported in Client Security 14.00 and is superseded by a new version of Application control. To better reflect the nature of the old Application control, it is renamed to Network access control.
- New Application control
- The new Application control allows you to restrict virtually any application from starting based on powerful rules defined by the administrator.
- Application control management employs the same concept of profiles as the firewall.
- Other changes and improvements
- Alerts view now features a text search field.
- The quarantine management table now links to hosts that report a certain quarantined item.
- Virus definitions are not downloaded when there is less that 2GB of free disk space.
- The ‘Virus definitions are old’ alert is not sent by Policy Manager if hosts do not request updates from this instance.
- Instead of having multiple settings to configure real-time scanning exclusions, there is now a single editor: Console > Settings > Real-time scanning > Files and applications excluded from scanning.
- ‘Disallow user changes’ toggles in the Standard view are shown only for the settings that can be modified from the host local user interface.
- It is now possible to configure multiple recipients with a different set of reports generated in Web Reporting.
- Scanning reports with detected infections now produce a number of corresponding security alerts which are visible in the Console and Web Reporting reports.
- Policy Manager visuals are aligned with the current F-Secure brand.
- Added dependency for the fontconfig package that is required for exporting PDF reports.
- Dropped support for Debian 7.
- The default DataGuard trusted applications are now enabled with the “Discover trusted applications automatically” option instead of the predefined entries in the trusted applications list.
- New Dashboard
- Known issues
-
- Host identities are not reused after upgrading from Client Security 12.x or 13.x series. This results in duplicated hosts in the Policy Manager domain tree when randomly generated host identifiers are in use.
- Default polices should always be included when exporting the Client Security 14 installation package for environments where Policy Manager Server is not accessible directly by managed hosts and Policy Manager Proxies are used as frontends.
- Policy-based repair operation and shifting between Premium and Standard editions are not supported. Use uninstallation and installation operations instead.
- #43799 – AUS (BW server watchdog) may hang upon exit and only ‘killall’ solves this. The F-Secure Policy Manager Server startup script detects this and warns the user if this happens, including instructions on how to solve it.
- #44881 – Issue with “useradd” in Policy Manager debian packages can cause problems if UID/GID spaces are synchronized between several servers. As a workaround, you may create Policy Manager users/groups manually before installation.
- The following warnings may appear on rpm upgrades, but you can safely ignore them:
- warning: erase unlink of /opt/f-secure/fspms/lib/xmlgraphics-commons-2.1.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/xml-apis-1.0.b2.jar failed: No such file or directory
- warning: erase unlink of /opt/f-secure/fspms/lib/websocket-servlet-9.3.16.v20170120.jar failed: No such file or directory
Installation
- Key codes for installation
- The installation does not require a key code.
- System requirements for F-Secure Policy Manager Server
-
- Dual core CPU 2 GHz or higher, 2GB RAM.
- Minimum of 10 GB of free hard disk space. When managing Premium clients, an additional 10 GB is needed for serving software updates.
If the /tmp folder is mounted as a separate file system, it should have at least 1 GB of free hard disk space. - One of the following Linux platforms:
- Red Hat Enterprise Linux 6, 7
- CentOS 6, 7
- SuSE Linux Enterprise Server 11, 12
- SuSE Linux Enterprise Desktop 11, 12
- openSUSE Leap 43.2
- Debian GNU Linux 8 (Jessie)
- Debian GNU Linux 9 (Stretch)
- Ubuntu 14.04 (Trusty Tahr)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
- One of the following browsers:
- Firefox
- Internet Explorer
- Google Chrome
Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.
- System requirements for F-Secure Policy Manager Console
-
- CPU 2 GHz or higher, 1GB RAM.
- 300 MB of free hard disk space
- One of the following Linux platforms:
- Red Hat Enterprise Linux 6, 7
- CentOS 6, 7
- SuSE Linux Enterprise Server 11, 12
- SuSE Linux Enterprise Desktop 11, 12
- openSUSE Leap 43.2
- Debian GNU Linux 8 (Jessie)
- Debian GNU Linux 9 (Stretch)
- Ubuntu 14.04 (Trusty Tahr)
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 18.04 (Bionic Beaver)
Note: The product may also work on other Linux versions. However, no other Linux version is officially supported.
- Installation and start-up
- Server
Red Hat, CentOS, SuSE
Enter the following commands as the root user:
- Install the packages:
# rpm -i fspms-14.01.<build_number>-1.x86_64.rpm - Configure Policy Manager Server:
# /opt/f-secure/fspms/bin/fspms-config
Note: Policy Manager Server requires Linux capabilities and the 32-bit version of the libstdc++ library. Make sure these packages are installed before installing Policy Manager Server. SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 administrators might need to explicitly enable Linux File System Capabilities by adding ‘file_caps=1’ as a kernel boot option (see SUSE Linux Enterprise Server 11 release notes for more details: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP4).
Debian, Ubuntu
Enter the following commands as the root user:
- Install the packages:
# dpkg -i fspms_14.01.<build_number>_amd64.deb - Configure Policy Manager Server:
# /opt/f-secure/fspms/bin/fspms-config
Note: Policy Manager Server requires Linux capabilities and the 32-bit version of the libstdc++ library. Make sure these packages are installed before installing Policy Manager Server. Use Multiarch capabilities (https://wiki.debian.org/Multiarch/HOWTO) to install the 32-bit library onto a 64-bit platform.
You can check the server components’ status by entering following commands as a normal user:
# /etc/init.d/fspms statusConsole
Red Hat, CentOS, SuSE
Enter the following command as the root user:
# rpm -i fspmc-14.01.<build_number>-1.x86_64.rpm
Debian, UbuntuEnter the following command as the root user:
# dpkg -i fspmc_14.01.<build_number>_amd64.deb
F-Secure Policy Manager Console installs to /opt/f-secure/fspmc/ directory. A new “fspmc” user group is created automatically.After the installation, add users to the “fspmc” user group to provide permissions to use F-Secure Policy Manager Console. Enter the following command as the root user:
# /usr/sbin/usermod -aG fspmc <user id>Enter the following command to list all current groups the user is a member:
# groups <user id>After you have added users to the group, click the F-Secure Policy Manager Console item in F-Secure group in programs menu to start it.
You can also start Policy Manager Console from the command line by entering:
# sg fspmc -c /opt/f-secure/fspmc/fspmc
- Install the packages:
- Upgrade
-
- Create a full backup of Policy Manager data (h2db, preferences etc). Consult Policy Manager Administrator’s Guide, “Backing Up & Restoring F-Secure Policy Manager Console Data” section for instructions on how to create a full backup.
- To upgrade Policy Manager components, follow the instructions in the following sections.
Note: You should uninstall Automatic Update Agent manually if it is not needed for any other F-Secure products on the same machine.
Red Hat, CentOS, SuSE
Enter the following commands as the root user:
# rpm -U fspms-14.01.<build_number>-1.x86_64.rpm
# rpm -U fspmc-14.01.<build_number>-1.x86_64.rpmNote: Policy Manager Server requires Linux capabilities. Make sure this packages is installed before installing Policy Manager Server. SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 administrators might need to explicitly enable Linux File System Capabilities by adding ‘file_caps=1’ as a kernel boot option (see SUSE Linux Enterprise Server 11 release notes for more details: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP4).Debian, Ubuntu
Enter the following commands as the root user:
# dpkg -i fspms_14.01.<build_number>_amd64.deb
# dpkg -i fspmc_14.01.<build_number>_amd64.deb
Note : Policy Manager Server requires Linux capabilities. Make sure this package is installed before installing Policy Manager Server.
- Uninstallation
- Red Hat, CentOS, SuSE
To uninstall Policy Manager components, enter the following commands as the root user:
# rpm -e f-secure-policy-manager-server# rpm -e f-secure-policy-manager-consoleDebian, Ubuntu
To uninstall Policy Manager components, enter the following commands as the root user:
# dpkg -r f-secure-policy-manager-server# dpkg -r f-secure-policy-manager-consoleNote: To prevent accidentally deleting potentially irreproducible data created by Policy Manager components – log files, MIB files, domain tree, policies, configuration files and preferences – the uninstallation does not remove the following directories. Remove these directories manually to completely remove the software by entering the following commands as the root user:
# rm -rf /var/opt/f-secure/fspms# rm -rf /var/opt/f-secure/fsaus# rm -rf /etc/opt/f-secure/fspms# rm -rf /etc/opt/f-secure/fsaus# rm -rf /opt/f-secure/fspmcIMPORTANT: Make sure that you do not destroy keys that you may need in the future.
Frequently asked questions
1) Where are the log files, configuration files and communication directory located in the Linux version?
The Policy Manager Server database files are located at:
/var/opt/f-secure/fspms/data/h2db
Enter the following commands as a normal user to list all files and their location:
Red Hat, SuSE:
# rpm -ql f-secure-<component-name>
Debian, Ubuntu:
# dpkg -L f-secure-<component-name>
Policy Manager Console:
/opt/f-secure/fspmc/lib/Administrator.error.log
Policy Manager Server:
/var/opt/f-secure/fspms/logs
/var/opt/f-secure/fsaus/log
Policy Manager Console:
/opt/f-secure/fspmc/lib/Administrator.properties
Policy Manager Server:
/etc/opt/f-secure/fspms/fspms.conf
/var/opt/f-secure/fspms/data/fspms.db.config
/var/opt/f-secure/fspms/data/fspms.proxy.config
2) Why are the files located in unusual places?
All Policy Manager files have their own location that is based on the File Hierarchy Standard (FHS). For more information on FHS, see http://www.pathname.com/fhs/.
3) Why does Policy Manager Server not start?
Make sure that you have run the configuration script:
# /opt/f-secure/fspms/bin/fspms-config
Make sure that the ports which have been configured for Policy Manager Server are active by logging in as the root user and running the ‘netstat -lnpt’ command.
4) How can I start, stop, restart, or check the status of Policy Manager components?
Policy Manager Server:
# /etc/init.d/fspms {start| stop| restart| status}
5) How can I specify a HTTP Proxy?
You should edit /var/opt/f-secure/fspms/data/fspms.proxy.config configuration file.
Restart Policy Manager Server to take the new settings into use.
6) How can I change the default ports (80 and 8080) of Policy Manager Server?
Configure these ports with the configuration script:
# /opt/f-secure/fspms/bin/fspms-config
7) How can I change the default port (8081) of Web Reporting?
Configure the Web Reporting port with the configuration script:
# /opt/f-secure/fspms/bin/fspms-config
8) Is there any diagnostic tool I can use?
Yes, use ‘fsdiag’ to collect information about your system and related packages. Enter the following command as the root user:
# /opt/f-secure/fspms/bin/fsdiag
All collocted information is stored in the ‘fsdiag.tar.gz’ archive that is located in the current directory.
9) How can I install software to remote hosts from Policy Manager Console on Linux?
Export installation packages to JAR files and use ilaunchr.exe tool to install software to hosts, for example by using logon scripts. Follow the process that is described in the manual (section 3.4.3 “Local Installation and Updates with Pre-Configured Packages”).
The ilaunchr.exe tool is in the ‘/opt/f-secure/fspmc/bin’ directory.
10) How can I configure Policy Manager for large environments?
- Increase ‘Host polling interval’ value to 30-60 minutes in Policy Manager Console.
- Use Policy Manager Proxy to minimize the database update load on Policy Manager Server.
Product documentation
The product documentation can be found on our web site: https://www.f-secure.com/en/web/business_global/downloads/policy-manager.
We look forward to hearing your comments on the functionality, usability and performance. You are welcome to give feedback and report any technical issues through our community at http://community.f-secure.com/t5/Business/bd-p/Business_Solution_Beta_Programs.
F-Secure License Terms
F-Secure license terms are available here:
http://www.f-secure.com/en/web/home_global/license-terms/
You must read and accept them before you can install and use the software.
Third-party license terms
This software includes and uses third-party code licensed under the following licenses.
- Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX
- ORACLE AMERICA, INC. (“ORACLE”), FOR AND ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES UNDER COMMON CONTROL, IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY “AGREEMENT”). PLEASE READ THE AGREEMENT CAREFULLY. BY SELECTING THE “ACCEPT LICENSE AGREEMENT” (OR THE EQUIVALENT) BUTTON AND/OR BY USING THE SOFTWARE YOU ACKNOWLEDGE THAT YOU HAVE READ THE TERMS AND AGREE TO THEM. IF YOU ARE AGREEING TO THESE TERMS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THE LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT WISH TO BE BOUND BY THE TERMS, THEN SELECT THE “DECLINE LICENSE AGREEMENT” (OR THE EQUIVALENT) BUTTON AND YOU MUST NOT USE THE SOFTWARE ON THIS SITE OR ANY OTHER MEDIA ON WHICH THE SOFTWARE IS CONTAINED.
1. DEFINITIONS. “Software” means the software identified above in binary form that you selected for download, install or use (in the version You selected for download, install or use) from Oracle or its authorized licensees and/or those portions of such software produced by jlink as output using a Program’s code, when such output is in unmodified form in combination, and for sole use with, that Program, as well as any other machine readable materials (including, but not limited to, libraries, source files, header files, and data files), any updates or error corrections provided by Oracle, and any user manuals, programming guides and other documentation provided to you by Oracle under this Agreement. The Java Linker (jlink) is available with Java 9 and later versions. “General Purpose Desktop Computers and Servers” means computers, including desktop and laptop computers, or servers, used for general computing functions under end user control (such as but not specifically limited to email, general purpose Internet browsing, and office suite productivity tools). The use of Software in systems and solutions that provide dedicated functionality (other than as mentioned above) or designed for use in embedded or function-specific software applications, for example but not limited to: Software embedded in or bundled with industrial control systems, wireless mobile telephones, wireless handheld devices, kiosks, TV/STB, Blu-ray Disc devices, telematics and network control switching equipment, printers and storage management systems, and other related systems are excluded from this definition and not licensed under this Agreement. “Programs” means (a) Java technology applets and applications intended to run on the Java Platform, Standard Edition platform on Java-enabled General Purpose Desktop Computers and Servers; and (b) JavaFX technology applications intended to run on the JavaFX Runtime on JavaFX-enabled General Purpose Desktop Computers and Servers. “Java SE LIUM” means the Licensing Information User Manual – Oracle Java SE and Oracle Java Embedded Products Document accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html. “Commercial Features” means those features that are identified as such in the Java SE LIUM under the “Description of Product Editions and Permitted Features” section.
2. LICENSE TO USE. Subject to the terms and conditions of this Agreement including, but not limited to, the Java Technology Restrictions of the Supplemental License Terms, Oracle grants you a non-exclusive, non-transferable, limited license without license fees to reproduce and use internally the Software complete and unmodified for the sole purpose of running Programs. THE LICENSE SET FORTH IN THIS SECTION 2 DOES NOT EXTEND TO THE COMMERCIAL FEATURES. YOUR RIGHTS AND OBLIGATIONS RELATED TO THE COMMERCIAL FEATURES ARE AS SET FORTH IN THE SUPPLEMENTAL TERMS ALONG WITH ADDITIONAL LICENSES FOR DEVELOPERS AND PUBLISHERS.
3. RESTRICTIONS. Software is copyrighted. Title to Software and all associated intellectual property rights is retained by Oracle and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. You acknowledge that the Software is developed for general use in a variety of information management applications; it is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use the Software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Oracle or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms.
4. DISCLAIMER OF WARRANTY. THE SOFTWARE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ORACLE FURTHER DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
5. LIMITATION OF LIABILITY. IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, EVEN IF ORACLE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ORACLE’S ENTIRE LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED ONE THOUSAND DOLLARS (U. S. $1,000).
6. TERMINATION. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software. This Agreement will terminate immediately without notice from Oracle if you fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any Software become, or in either party’s opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon termination, you must destroy all copies of Software.
7. EXPORT REGULATIONS. You agree that U.S. export control laws and other applicable export and import laws govern your use of the Software, including technical data; additional information can be found on Oracle’s Global Trade Compliance web site (http://www.oracle.com/us/products/export). You agree that neither the Software nor any direct product thereof will be exported, directly, or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation.
8. TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Oracle that Oracle owns the ORACLE and JAVA trademarks and all ORACLE- and JAVA-related trademarks, service marks, logos and other brand designations (“Oracle Marks”), and you agree to comply with the Third Party Usage Guidelines for Oracle Trademarks currently located at http://www.oracle.com/us/legal/third-party-trademarks/index.html. Any use you make of the Oracle Marks inures to Oracle’s benefit.
9. U.S. GOVERNMENT LICENSE RIGHTS. If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government’s rights in Software and accompanying documentation shall be only those set forth in this Agreement.
10. GOVERNING LAW. This agreement is governed by the substantive and procedural laws of California. You and Oracle agree to submit to the exclusive jurisdiction of, and venue in, the courts of San Francisco, or Santa Clara counties in California in any dispute arising out of or relating to this agreement.
11. SEVERABILITY. If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted, unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate.
12. INTEGRATION. This Agreement is the entire agreement between you and Oracle relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be binding, unless in writing and signed by an authorized representative of each party.
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement. Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement. These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software.
A. COMMERCIAL FEATURES. You may not use the Commercial Features for running Programs, Java applets or applications in your internal business operations or for any commercial or production purpose, or for any purpose other than as set forth in Sections B, C, D and E of these Supplemental Terms. If You want to use the Commercial Features for any purpose other than as permitted in this Agreement, You must obtain a separate license from Oracle.
B. SOFTWARE INTERNAL USE FOR DEVELOPMENT LICENSE GRANT. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM incorporated herein by reference, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce internally and use internally the Software complete and unmodified for the purpose of designing, developing, and testing your Programs.
C. LICENSE TO DISTRIBUTE SOFTWARE. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM, including, but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software, (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle’s interests consistent with the terms contained in this Agreement and that includes the notice set forth in Section H, and (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys’ fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section C does not extend to the Software identified in Section G.
D. LICENSE TO DISTRIBUTE REDISTRIBUTABLES. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Java SE LIUM, including but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute those files specifically identified as redistributable in the Java SE LIUM (“Redistributables”) provided that: (i) you distribute the Redistributables complete and unmodified, and only bundled as part of Programs, (ii) the Programs add significant and primary functionality to the Redistributables, (iii) you do not distribute additional software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable Java SE LIUM), (iv) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (v) you only distribute the Redistributables pursuant to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle’s interests consistent with the terms contained in the Agreement and includes the notice set forth in Section H, (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys’ fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section D does not extend to the Software identified in Section G.
E. DISTRIBUTION BY PUBLISHERS. This section pertains to your distribution of the JavaTM SE Development Kit Software (“JDK”) with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology (“Publication”). Subject to and conditioned upon your compliance with the restrictions and obligations contained in the Agreement, Oracle hereby grants to you a non-exclusive, nontransferable limited right to reproduce complete and unmodified copies of the JDK on electronic media (the “Media”) for the sole purpose of inclusion and distribution with your Publication(s), subject to the following terms: (i) You may not distribute the JDK on a stand-alone basis; it must be distributed with your Publication(s); (ii) You are responsible for downloading the JDK from the applicable Oracle web site; (iii) You must refer to the JDK as JavaTM SE Development Kit; (iv) The JDK must be reproduced in its entirety and without any modification whatsoever (including with respect to all proprietary notices) and distributed with your Publication subject to a license agreement that is a complete, unmodified reproduction of this Agreement; (v) The Media label shall include the following information: “Copyright [YEAR], Oracle America, Inc. All rights reserved. Use is subject to license terms. ORACLE and JAVA trademarks and all ORACLE- and JAVA-related trademarks, service marks, logos and other brand designations are trademarks or wp-signup.phped trademarks of Oracle in the U.S. and other countries.” [YEAR] is the year of Oracle’s release of the Software; the year information can typically be found in the Software’s “About” box or screen. This information must be placed on the Media label in such a manner as to only apply to the JDK; (vi) You must clearly identify the JDK as Oracle’s product on the Media holder or Media label, and you may not state or imply that Oracle is responsible for any third-party software contained on the Media; (vii) You may not include any third party software on the Media which is intended to be a replacement or substitute for the JDK; (viii) You agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys’ fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of the JDK and/or the Publication; ; and (ix) You shall provide Oracle with a written notice for each Publication; such notice shall include the following information: (1) title of Publication, (2) author(s), (3) date of Publication, and (4) ISBN or ISSN numbers. Such notice shall be sent to Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, California 94065 U.S.A , Attention: General Counsel.
F. JAVA TECHNOLOGY RESTRICTIONS. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as “java”, “javax”, “sun”, “oracle” or similar convention as specified by Oracle in any naming convention designation.
G. LIMITATIONS ON REDISTRIBUTION. You may not redistribute or otherwise transfer patches, bug fixes or updates made available by Oracle through Oracle Premier Support, including those made available under Oracle’s Java SE Support program.
H. COMMERCIAL FEATURES NOTICE. For purpose of complying with Supplemental Term Section C.(v)(b) and D.(v)(b), your license agreement shall include the following notice, where the notice is displayed in a manner that anyone using the Software will see the notice:
Use of the Commercial Features for any commercial or production purpose requires a separate license from Oracle. “Commercial Features” means those features that are identified as such in the Licensing Information User Manual – Oracle Java SE and Oracle Java Embedded Products Document, accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html, under the “Description of Product Editions and Permitted Features” section.
I. SOURCE CODE. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this Agreement. Source code may not be redistributed unless expressly provided for in this Agreement.
J. THIRD PARTY CODE. Additional copyright notices and license terms applicable to portions of the Software are set forth in the Java SE LIUM accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html. In addition to any terms and conditions of any third party opensource/freeware license identified in the Java SE LIUM, the disclaimer of warranty and limitation of liability provisions in paragraphs 4 and 5 of the Binary Code License Agreement shall apply to all Software in this distribution.
K. TERMINATION FOR INFRINGEMENT. Either party may terminate this Agreement immediately should any Software become, or in either party’s opinion be likely to become, the subject of a claim of infringement of any intellectual property right.
L. INSTALLATION AND AUTO-UPDATE. The Software’s installation and auto-update processes transmit a limited amount of data to Oracle (or its service provider) about those specific processes to help Oracle understand and optimize them. Oracle does not associate the data with personally identifiable information. You can find more information about the data Oracle collects as a result of your Software download at http://www.oracle.com/technetwork/java/javase/documentation/index.html.
For inquiries please contact: Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, California 94065, USA.
- Apache Software License – Version 2.0
- See https://www.apache.org/licenses/LICENSE-2.0
- Eclipse Public License – v 1.0
- See https://www.eclipse.org/legal/epl-v10.html
- H2 License – Version 1.0
- See http://www.h2database.com/html/license.html
- Common Development and Distribution License (CDDL) Version 1.0
- See https://opensource.org/licenses/CDDL-1.0
- spring-asm Copyright Notice and Permissions
- See https://asm.ow2.io/license.html
- SLF4J Copyright Notice and Permissions
- See https://www.slf4j.org/license.html