Java SE 7 Update 45 and Java SE Embedded 7 Update 45 are now available for download. These releases include new Date/Time capability and security updates. Release notes are here.
Java SE 7 Update 45 Changes
New Date/Time Capability
The java.util.TimeZone.setDefault(TimeZone) method has been changed to throw aSecurityException if the method is called by any code with which the security manager'scheckPermission call denies PropertyPermission("user.timezone", "write"). The new system property jdk.util.TimeZone.allowSetDefault (a boolean) is provided so that the compatible behavior can be enabled. The property will be evaluated only once when thejava.util.TimeZone class is loaded and initialized.
This release introduces a new warning when web pages initiate LiveConnect calls into an RIA without being properly signed/configured. Planned for the future, Java SE 7 Upate 51, January 2014 will introduce a requirement that all RIAs distributed publicly be signed by a valid certificate and contain a new Permissions attribute. These changes only affect Applet & Web Start applications (Rich Internet Applications). They do not affect other areas, such as: server-side, embedded, or client. Read more in the blog LiveConnect changes in 7u45.
Protections Against Unauthorized Redistribution of Java Applications
Starting with 7u45, application developers can specify new JAR manifest file attributes:
Application-Name: This attribute provides a secure title for your RIA.
- JAR is signed by a trusted CA, has the
Application-Library-Allowable-Codebase: If the JNLP file or HTML page is in a different location than the JAR file, the Application-Library-Allowable-Codebase attribute identifies the locations from which your RIA can be expected to be started.
the attribute is not present or if the attribute and location do not
match, then the location of the JNLP file or HTML page is displayed in
the security prompt shown to the user.
Note that the RIA can still be started in any of the above cases.
Developers can refer to JAR File Manifest Attributes for more information.
Restore Security Prompts
A new button is available in the Java Control Panel (JCP) to clear previously remembered trust decisions. A trust decision occurs when the user has selected the Do not show this again option in a security prompt. To show prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown.
See Restore Security Prompts under the Security section of the Java Control Panel.
Starting from JDK 7u45, the following new processing limits are added to the JAXP
For more information, see the new Processing Limits lesson in the JAXP Tutorial.