Java SE 7 Update 21 Release and more

Oracle has released three updates to Java. It is important to note that they contain several security changes. The releases are:

Java SE 7 Update 21
This release contains new features and fixes for security vulnerabilities, including a new Server JRE, JRE Installer linked with Uninstall Applet on Windows platform, changes to Security Dialogs and more. Oracle strongly recommends that all Java SE 7 users upgrade to this release. 
Release Notes   Download

Java SE 6 Update 45
This release contains fixes for security vulnerabilities. 
Release Notes   Download

Java SE Embedded 7 Update 21
This release is based on Java Development Kit 7 Update 21 (JDK 7u21) and provides specific features and support for embedded systems. 
Release Notes   Download

Security Changes 

In addition to security fixes, Oracle has included new security features in this release. These are significant:

  • Starting with Java SE 7u21, a Server Java Runtime Environment (Server JRE) package is available for deploying Java applications on servers. The Server JRE includes the same high performance JVM that is available in the JDK and JRE packages, tools for JVM monitoring and tools commonly required for server applications.  It does not include browser integration (the Java plug-in), auto-update, nor installer. Learn more in the Release Notes.

  • Changes to Java Control Panel's Security Settings - In this release, low and custom settings are removed from the Java Control Panel(JCP)'s Security Slider. Depending on the security level set in the Java Control Panel and the user's version of the JRE, self-signed or unsigned applications might not be allowed to run. The default setting of High permits all but local applets to run on a secure JRE. If the user is running an insecure JRE, only applications that are signed with a certificate issued by a recognized certificate authority are allowed to run. For more information, see the Security section of the Java Control Panel documentation.

  • Changes to Security Dialogs - Specifically, all Java code executed within the client’s browser will prompt the user. The type of dialog messages the user sees depends upon the risk factors. Low-risk scenarios present a very minimal dialog and include a checkbox to not display similar dialogs by the same vendor in the future. Higher risk scenarios, such as running unsigned jars, will require more user interaction given the increased risk. See the Java Source Blog IMP: Your Java Applets and Web Start Applications Should Be Signed.

    Resources that will be helpful for both developers and end-users are:
  • Changes to RMI - From this release, the RMI property java.rmi.server.useCodebaseOnly is set to true by default. In previous releases the default value was false. This change of default value may cause RMI-based applications to break unexpectedly. The typical symptom is a stack trace that contains a java.rmi.UnmarshalException containing a nested java.lang.ClassNotFoundException. For more information, see RMI Enhancements in Java SE 7 documentation.

  • JDK for Linux on ARM - this release includes support for JDK for Linux on ARM. The product offers headful support for ARMv6 and ARMv7.

Comments:

Do you plan to release a Server JRE for Linux 32 bits ?

Posted by Claudio Miranda on April 16, 2013 at 06:56 PM PDT #

where is "JDK for Linux on ARM"? Despite the announcement of the availability, I am not able to find it ..

Posted by guest on April 16, 2013 at 11:47 PM PDT #

I'm in the Java SE PM team.

Claudio -- sorry for slow response. At this time we intend the Server JRE packages to be 64 bit only. This is a new package, so we'll look at feedback and reconsider if needed.

@guest - you can find the JDK for Linux on ARM on the OTN download pages, here for example: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

Posted by Donald Smith on April 23, 2013 at 10:35 AM PDT #

Okay, so my computer just downloaded this update and now I can't get my chat for work to load. Have uninstalled, reinstalled, turned off firewall, even downloaded to a previous version. I have given it permissions, blah, blah, blah. This is not the first time this has happened. Any suggestions?

Posted by guest on May 08, 2013 at 03:51 AM PDT #

Check out the Java.com help center

http://java.com/en/download/help/

Posted by Tori on May 16, 2013 at 12:27 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Insider News from the Java Team at Oracle!

duke
javeone logo
Links


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
5
6
7
12
13
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today