IBM Support

JVM security patches for IBM Lotus Notes 8.x clients

Fix readme


This technote contains download and install information for JVM security patches for IBM Lotus Notes 8.x clients (Standard and Basic) for Windows 32-bit and Linux platforms. (Mac platform not affected.)


Refer to technote #1616652 for detailed information on the related JVM security vulnerability.

Fix availability & download information

Notes 8.5.3.x, 8.5.2.x, and 8.5.1.x

For Linux and Windows, the fix is included in Notes 8.5.3 Fix Pack 3.

For Windows, another solution is the single cross-version patch linked below, which applies to Notes 8.5.3.x, 8.5.2.x, and 8.5.1.x; it can be run on a client machine with any of these releases. The script will determine the correct version and then apply the patch to the Notes JVM program directory.

Fix Central
Fix Central download link
file name

The patch linked above named 85x_Client_JVM_Security_Patch_ 11292012 .exe replaced the originally released patch named 85x_Client_JVM_Security_Patch_ 11132012 .exe.

If the original patch was applied to Notes 8.5.3 Fix Pack 2 (with or without a hotfix), it was determined that later attempts to either install a hotfix to that installation or to upgrade that installation to 8.5.3 Fix Pack 3 would appear to complete successfully (for example, no error message returned); however, the Help -> About Lotus Notes window would show the version was not updated.

This install issue has been reported to Quality Engineering as SPR MBLT92FAPE and will be addressed in all future hotfixes and Fix Packs.
    If you have already applied the original patch to 8.5.2 Fix Pack 2 (with or without a hotfix), you can avoid the install issue described above by performing any one of the following workarounds PRIOR TO installing a hotfix or Fix Pack:

    -- Create a \jvm\bin\ new_plugin\ directory


    -- Apply the new patch linked above, which will add the \jvm\bin\ new_plugin\ directory


    -- Once it's available, apply Interim Fix 1 for Notes 8.5.3 Fix Pack 3, which will include code to add the \jvm\bin\ new_plugin\ directory. This technote will be updated shortly with a target availability date for Interim Fix 1 for Notes 8.5.3 Fix Pack 3.

Notes 8.5.0.x
No fix available. Must upgrade to later release.

Notes 8.0.2.x and 8.0.1.x
Limited availability via Interim Fix starting 30 November 2012. To inquire about availability, open a Service Request with IBM Support and reference SPR KLYH8ZVQ37.

Notes 8.0.0.x
No fix available. Must upgrade to later release.

Additional information
  • You can run the downloaded executable from any directory. By default, you will not receive a prompt that install was successful. To force a prompt to appear upon install script completion, set the environment variable JVMPATCHER_UIMODE=1

    Note the following caveat:
    If you run the installer in silent mode from Command Prompt, the install process runs in the background and will immediately return control to Command Prompt.

    For installs where it is important to wait for the installer process to complete before continuing, you should use the Windows 'start' command. Combined with the '/wait' switch, the 'start' command will run the installer and wait for the process to complete before returning control to Command Prompt. (Click here for more information on the Start command.)
      start /wait 85x_Client_JVM_Security_Patch_11132012.exe -s

  • The patch will not interfere with existing Interim Fixes (hotfixes), Fix Packs, or Maintenance Releases, and it will not revise the Notes version string.
  • This patch cannot be uninstalled by running the executable a second time; doing so will not return the JVM version to its previous release. However, re-applying 8.5.3 would restore the JVM directory to pre-patch level.

Options to confirm fix is installed

OPTION 1: About IBM Lotus Notes
-- In Notes, select Help -> About IBM Lotus Notes
-- Click the "Configuration Details" button and look for the following line

java.runtime.version=pwi3260sr12ifx-20121108_01 (SR12)

You can also click "Copy to Clipboard" and then paste to a text editor to make it easier to find.

OPTION 2: Issue "java -version" command
-- In Command Prompt, navigate to \<Notes Program Directory>\jvm\bin
-- Issue the command java -version
-- The output should appear as follows:

java version "1.6.0"
Java(TM) SE Runtime Environment (build pwi3260sr12ifix-20121108_01(SR12+IV31417))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr12-20121024_126067 (JIT enabled, AOT enabled)
J9VM - 20121024_126067
JIT  - r9_20120914_26057
GC   - 20120928_AA)
JCL  - 20121108_01

Note : If you do not issue "java -version" from within the \<Notes Program Directory>\jvm\bin directory, the system JVM version will be returned instead of the Notes JVM version.

Related information

JVM security patches for Domino 8.x servers
Security Bulletin: Notes & Domino affected by vulnerabi
A simplified Chinese translation is available

Document information

More support for: IBM Notes

Software version: 8.0, 8.5

Operating system(s): Linux, Windows

Reference #: 1617185

Modified date: 19 August 2013

Translate this page: