Tuesday Jul 15, 2014

Releases: Java SE 8 Update 11 and Java SE 7 Update 65

Oracle has released Java SE 8 Update 11 and Java SE 7 Update 65. Developers can download the latest Java SE JDK and JRE the Oracle Technology Network.

Java SE 8 Update 11

This update release includes the following new features:

  • IANA (Timezone) Data 2014c
  • Java Dependency Analysis Tool (jdeps) 
  • New Java Control Panel option to disable sponsors
  • New JAR file attribute - Entry-Point
  • New JAXP processing limit property - maxElementDepth 

and Bug Fixes. Read the full Release Notes. Download Java SE 8 Update 11.

Java SE 7 Update 65

This update release includes the following new features:

  • IANA (Timezone) Data 2014c
  • New Java Control Panel option to disable sponsors
  • New JAXP processing limit property - maxElementDepth 

and Bug Fixes. Read the full Release Notes. Download Java SE 7 Update 65.

JRE Expiration Date

It is important to note that the JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u11) will expire with the release of the next critical patch update scheduled for October 14, 2014. For more information, see JRE Expiration Date.

Next Java SE Critical Path Updates dates that stated in Security Alerts page are:

  • 14 October 2014          
  • 20 January 2015
  • 14 April 2015

Wednesday Jan 15, 2014

Java 8 is Coming to EclipseCon

By Guest Blogger Ian Skerrett

We are very pleased to announce that we have added a Java 8 Day to EclipseCon 2014. Java 8 is scheduled to be released in March, close to the same time as EclipseCon, so we thought it would be great to have EclipseCon attendees participate in the launch of the new Java release.

In collaboration with Oracle, a new 1 day event has been added to the EclipseCon schedule. EclipseCon attendees will have the opportunity to learn about Java 8 from Oracle and Eclipse experts. There will be sessions about Lambda’s, JDT support for type annotations, the new Java 8 compact profile, JavaFX, api design with Java 8 and more. It will be a great way to accelerate your adoption of Java 8. Check out the complete schedule.

The Java 8 Day will take place on Tuesday, March 18 at the Hyatt Regency Hotel San Francisco Airport. We will be offering $200 day passes for developers that just want to attend the Java 8 content. Of course all EclipseCon attendees will also be able to attend.

Register today to take advantage of the early prices.

Monday Nov 18, 2013

Are You Ready for the Next Java SE Update?

Oracle has created two new resources, the 
Java RIA Security Checklist and the Java Security Resource Center to help you prepare for the next Java SE update, Java SE 7 update 51 (scheduled for January 2014). This release changes the deployment requirements for Applet & Web Start applications with two new requirements: 

  1. Use of the Permissions Manifest attribute
  2. Valid code signatures. 

These changes will not affect developers of back-end or client applications; the scope is limited only to Java Applets & Web Start Applications (RIAs). Read details in the blog  New security requirements for RIAs in 7u51.

Java RIA Security Checklist

The changes scheduled for Java 7 update 51 means the default security slider will require Code Signatures and the Permissions Manifest attribute. Java RIA Security Checklist
 provides best practices to help development teams track work necessary to accommodate user prompts.

Security Resource Center

Oracle has launched a new Java Security Resource Center to aggregate security-related information for the Java community based on your role: developer, system administrator, home user, or security professional.

Additional Resources

 To ensure that end users’ systems are secure when using Java-based content, Oracle strongly recommends that you always upgrade to the most recent release. You can remove old versions of Java either during upgrades or by using the Java Uninstall Tool on Java.com.

Tuesday Oct 15, 2013

Java SE 7 Update 45 Released

Java SE 7 Update 45 and Java SE Embedded 7 Update 45 are now available for download. These releases include new Date/Time capability and security updates. Release notes are here.

Java SE 7 Update 45 Changes

New Date/Time Capability

The java.util.TimeZone.setDefault(TimeZone) method has been changed to throw aSecurityException if the method is called by any code with which the security manager'scheckPermission call denies PropertyPermission("user.timezone", "write"). The new system property jdk.util.TimeZone.allowSetDefault (a boolean) is provided so that the compatible behavior can be enabled. The property will be evaluated only once when thejava.util.TimeZone class is loaded and initialized.

Security Changes


This release introduces a new warning when web pages initiate LiveConnect calls into an RIA without being properly signed/configured. Planned for the future, Java SE 7 Upate 51, January 2014 will introduce a requirement that all RIAs distributed publicly be signed by a valid certificate and contain a new Permissions attribute. These changes only affect Applet & Web Start applications (Rich Internet Applications). They do not affect other areas, such as: server-side, embedded, or client. Read more in the blog LiveConnect changes in 7u45.

Protections Against Unauthorized Redistribution of Java Applications

Starting with 7u45, application developers can specify new JAR manifest file attributes:

Application-Name: This attribute provides a secure title for your RIA.

Caller-Allowable-Codebase: This attribute specifies the codebase/locations from which JavaScript is allowed to call Applet classes.

JavaScript to Java calls will be allowed without any security dialog prompt only if:

  • JAR is signed by a trusted CA, has the Caller-Allowable-Codebase manifest entry and JavaScript runs on the domain that matches it.
  • JAR is unsigned and JavaScript calls happens from the same domain as the JAR location.

The JavaScript to Java (LiveConnect) security dialog prompt is shown once per AppletclassLoader instance.

Application-Library-Allowable-Codebase: If the JNLP file or HTML page is in a different location than the JAR file, the Application-Library-Allowable-Codebase attribute identifies the locations from which your RIA can be expected to be started.

If the attribute is not present or if the attribute and location do not match, then the location of the JNLP file or HTML page is displayed in the security prompt shown to the user.

Note that the RIA can still be started in any of the above cases.

Developers can refer to JAR File Manifest Attributes for more information.

Restore Security Prompts

A new button is available in the Java Control Panel (JCP) to clear previously remembered trust decisions. A trust decision occurs when the user has selected the Do not show this again option in a security prompt. To show prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown.

See Restore Security Prompts under the Security section of the Java Control Panel.

JAXP Changes

Starting from JDK 7u45, the following new processing limits are added to the JAXPFEATURE_SECURE_PROCESSING feature.

  • totalEntitySizeLimit
  • maxGeneralEntitySizeLimit
  • maxParameterEntitySizeLimit

For more information, see the new Processing Limits lesson in the JAXP Tutorial

Key Links

Download Java SE 7 Update 45

Release Notes

LiveConnect Changes in 7u45

What To Do If Your Applet is Blocked or Warns of "Mixed Code?"

Tuesday Sep 10, 2013

Java SE 7 Update 40 Released

Java SE 7 Update 40 is now available for download. Java SE 7 Update 40 (7u40) features and enhancements include: advanced monitoring and diagnostic capabilities that enable developers to gather detailed runtime information and perform efficient data analysis without impacting system performance; a new security policy that gives system administrators greater control over Java running on desktops; improved performance and efficiencies for Java on ARM servers and support for Mac OS X retina displays. It also includes bug fixes and enhancements.

Java Mission Control

Java Mission Control is a set of tools to monitor, manage, profile, and eliminate memory leaks in your Java applications. Java Mission Control together with Java Flight Recorder create a complete tool chain to continuously collect low level and detailed runtime information and enables after-the-fact incident analysis. 

Release Notes

Deployment Rule Set

The Deployment Rule Set is a new security feature in JDK 7u40 that allows a system administrator to completely control which applets or Java Web Start applications an end user is permitted to execute and which version of the Java Runtime Environment (JRE) is associated with them. Deployment Rule Set provides a common environment to manage employee access in a controlled and secure manner. Learn More

Tuesday Jun 18, 2013

Java SE 7 Update 25 Released

Oracle has released Java SE 7 Update 25. This release includes important security fixes. Oracle strongly recommends that all Java SE 7 users upgrade to this release. For more information, see the Oracle Java SE Critical Patch Update Advisory.

download Java


Release Notes

Here some important changes to note: 

Java API Documentation Updater Tool 

To address CVE-2013-1571, users hosting publicly facing Java API Documentation generated with javadoc 5u45, 6u45, 7u21, or earlier are strongly encouraged to re-create the Java API documentation using javadoc from 7u25 or above. Alternatively, for convenience of users and for those who have further modified the generated documentation, Oracle provides the Java API Documentation Updater, a repair-in-place tool. Source code is available if you have a non-standard environment. The Java API Documentation Updater Tool is a separate download and not included in any JDK/JRE bundles.

New JAR Manifest File Attributes

JDK 7u25 release introduces the permissions and codebase attributes in the JAR Manifest File. These attributes are used to verify that the application is requesting the correct permissions level and is accessed from the correct location. See Preventing the Repurposing of an Application document.

Developers are advised to utilize at least the new permissions attribute, and if possible the codebase attribute as well. In future releases, applications that do not include these protections may be blocked or subjected to additional warning dialogs.

Thursday Apr 18, 2013

Getting Started with Oracle Java ME Embedded 3.3 on the Keil Evaluation Board

The new release this week of Oracle Java ME Embedded 3.3 for ARM Cortex M3 make the Oracle Java ME Embedded product available as a reference binary for the Keil MCBSTM32F200 platform for development/evaluation purposes. This binary comes integrated with RTX OS. To help you get up and running, Oracle Java Evangelist Angela Caicedo has created a new two part video that shows you all the steps you need to follow to develop your first applications using Java ME Embedded 3.3 on the Keil evaluation board.

Video: Getting Started with Java ME Embedded 3.3 Part One

   Part I

This new tutorial video provides the step-by-step guide to get Oracle Java ME Embedded for ARM Cortex M3 up and running on the on Keil evaluation board: from the configuration of the software and hardware, and how to    test; how to connect to the command line and logging interfaces; and of course how to get started with this Java ME Embedded application. Angela walks us through how to install, update and even uninstall the application.

Video: Getting Started with Java ME Embedded 3.3 Part Two

Part Two

In the second video, Caicedo uses Netbeans 7.3 with Oracle Java ME SDK 3.3 NetBeans Plugin, Java ME SDK 3.3 (early access) and the Oracle Java ME Embedded 3.3 for ARM Cortex M3/RTX software distribution to create an embedded application, run it on an emulator and provides tips on how you can debug your application. Then using these tools you will be taken through the steps to create your first application, deploy it, and test that everything is running properly.

Oracle Java ME Embedded 3.3 complete product functionality such as peripheral IO, AMS operations, headless operations, functionality for remote application management/configurability, etc. is available on the Keil MCBSTM32F200 platform. Download and see the documentation on OTN to learn more.


Insider News from the Java Team at Oracle!



« May 2016