Security warning when starting JOSM with Java 7u45/Webstart

[gwgwgwgw@…]

Since a few weeks i got a security warning when starting JOSM on this computer. Have a look to the screenshots (if it works to append them). Language of screenshots is German because of my system.
It seems that JOSM needs an update in the JAR manifest / certificate.

my system:
OS: Win7 professional 64bit german
JRE: 1.7.0.45
JOSM: 6238 (installed and webstart)

What is the expected result?
starting without security warning (from windows?) as usual

What happens instead?
I alway must accept a security warning:

no problem on another computer with XP instead of win7 64bit but same JRE and JOSM versions.

Please provide any additional information below. Attach a screenshot if
possible.

how can i append a image ???
please tell me a way to upload the 3 png files (each ~50kb)

Repository Root: http://josm.openstreetmap.de/svn
Build-Date: 2013-09-20 01:34:27
Last Changed Author: Don-vip
Revision: 6238
Repository UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
URL: http://josm.openstreetmap.de/svn/trunk
Last Changed Date: 2013-09-20 00:19:19 +0200 (Fri, 20 Sep 2013)
Last Changed Rev: 6238

Identification: JOSM/1.5 (6238 de) Windows 7 64-Bit
Memory Usage: 116 MB / 247 MB (23 MB allocated, but free)
Java version: 1.7.0_45, Oracle Corporation, Java HotSpot(TM) Client VM
VM arguments: [-Djava.security.policy=file:C:\Program Files (x86)\Java\jre7\lib\security\javaws.policy, -DtrustProxy=true, -Xverify:remote, -Djnlpx.home=C:\Program Files (x86)\Java\jre7\bin, -Djnlpx.origFilenameArg=C:\Users\katharina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\73111055-443c2a1e, -Djnlpx.remove=false, -Dsun.awt.warmup=true, -Xbootclasspath/a:C:\Program Files (x86)\Java\jre7\lib\javaws.jar;C:\Program Files (x86)\Java\jre7\lib\deploy.jar;C:\Program Files (x86)\Java\jre7\lib\plugin.jar, -Djava.util.Arrays.useLegacyMergeSort=true, -Djnlpx.splashport=49163, -Djnlp.application.href=http://josm.openstreetmap.de/download/josm.jnlp, -Djnlpx.jvm=C:\Program Files (x86)\Java\jre7\bin\javaw.exe, -Djnlpx.vmargs=-Djava.util.Arrays.useLegacyMergeSort=true -Djnlp.application.href=http://josm.openstreetmap.de/download/josm.jnlp]
Dataset consistency test: No problems found

Plugin: FixAddresses (29854)
Plugin: HouseNumberTaggingTool (29854)
Plugin: ImportImagePlugin (29854)
Plugin: PicLayer (29854)
Plugin: RoadSigns (29854)
Plugin: buildings_tools (29854)
Plugin: continuosDownload (28565)
Plugin: geotools (29767)
Plugin: jts (29854)
Plugin: log4j (29853)
Plugin: public_transport (29862)
Plugin: terracer (29854)
Plugin: utilsplugin2 (29854)

[bastiK]

The warning message says:

This application will be blocked by a future Java security update because the Manifest file is missing the attribute "Permissions"

Java doc on the permissions attribute: ​http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#permissions.

[andre-r@…]

I get the same message on Windows 8. In a second message, it says that the execution of unsigned application is going to be blocked in further releases of Java.

[anonymous]

Same for me ...

This application will be blocked by a future Java security update ...
3 days ago

win7 ultimate 64bits English

[Don-vip]

I have added new attributes in manifest for r6341, let us know if it helps (at least the warning should change).
I'm afraid we'll need a real code signing certificate if we still want to support webstart after 7u51:
​https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias

I've found this, it looks like both free and real:
​http://www.certum.eu/certum/cert,offer_en_open_source_cs.xml

Dirk have you ever heard of them ? Do you think we could try if the certificate becomes mandatory ?

@jfd553: it's no blocker you can launch JOSM using "java -jar" and you won't have this warning.