Java SE 7 Update 25 Released
By Tori Wieldt on Jun 18, 2013
Oracle has released Java SE 7 Update 25. This release includes important security fixes. Oracle strongly recommends that all Java SE 7 users upgrade to this release. For more information, see the Oracle Java SE Critical Patch Update Advisory.
Here some important changes to note:
Java API Documentation Updater Tool
To address CVE-2013-1571, users hosting publicly facing Java API Documentation generated with javadoc 5u45, 6u45, 7u21, or earlier are strongly encouraged to re-create the Java API documentation using javadoc from 7u25 or above. Alternatively, for convenience of users and for those who have further modified the generated documentation, Oracle provides the Java API Documentation Updater, a repair-in-place tool. Source code is available if you have a non-standard environment. The Java API Documentation Updater Tool is a separate download and not included in any JDK/JRE bundles.
New JAR Manifest File Attributes
JDK 7u25 release introduces the permissions and codebase attributes in the JAR Manifest File. These attributes are used to verify that the application is requesting the correct permissions level and is accessed from the correct location. See Preventing the Repurposing of an Application document.
Developers are advised to utilize at least the new permissions attribute, and if possible the codebase attribute as well. In future releases, applications that do not include these protections may be blocked or subjected to additional warning dialogs.