- Java 8 Launch Webcast
- JavaOne 2014 Call for Papers Now Open!
- See Java in Action at SXSW
- Compete in the IoT Developer Challenge!
- Java EE 8 Community Survey: The Next Phase
- Vert.x: A Project to Watch
- Develop Java Applications Using a Raspberry Pi
- Java ME Embedded 8 Early Access 2
- NightHacking: Program a Robot
- Register today for the Oracle Java ME Embedded MOOC!
Tuesday Jan 14, 2014
Monday Nov 18, 2013
By Tori Wieldt on Nov 18, 2013
Oracle has created two new resources, the Java RIA Security Checklist and the Java Security Resource Center to help you prepare for the next Java SE update, Java SE 7 update 51 (scheduled for January 2014). This release changes the deployment requirements for Applet & Web Start applications with two new requirements:
- Use of the Permissions Manifest attribute
- Valid code signatures.
These changes will not affect developers of back-end or client applications; the scope is limited only to Java Applets & Web Start Applications (RIAs). Read details in the blog New security requirements for RIAs in 7u51.
The changes scheduled for Java 7 update 51 means the default security slider will require Code Signatures and the Permissions Manifest attribute. Java RIA Security Checklist provides best practices to help development teams track work necessary to accommodate user prompts.
Oracle has launched a new Java Security Resource Center to aggregate security-related information for the Java community based on your role: developer, system administrator, home user, or security professional.
Tuesday May 07, 2013
By Yolande Poirier on May 07, 2013
Tune in on May 8th at 10:00am Pacific for a LIVE PartnerCast focused on Java updates, hosted by Geoff Morton, Group Vice President of Worldwide Java Sales.
The agenda is:
- Oracle Java Embedded Technologies with Edward Zou, Vice President, Product Management, Oracle
- Oracle's Device to Data Center Platform with Henrik Stahl, Senior Director, Product Management, Oracle
- Eurotech M2M Technical Building Blocks Based on Oracle Java Embedded technologies and Hitachi SuperJ OSGi platform with Hilary Tomasson, VP Marketing, Eurotech North America
Viewers will be able to participate in the live Q&A during the show by asking questions through twitter @oraclepartners and using #OPN.
To watch this event, please visit Oracle PartnerNetwork homepage on May 8th, 2013 at 10:00 AM PST.
Tuesday Feb 19, 2013
By Tori Wieldt on Feb 19, 2013
Oracle has released Updates to February 2013 Critical Patch Update for Java SE. This update contains fixes for additional security vulnerabilities. Oracle recommends that customers apply Critical Patch Updates (CPUs) as soon as possible. You can read details on the Oracle Software Security Assurance Blog.
Released today is:
Since JRE 6 has reached its End of Public Updates, Oracle is taking steps to protect consumer desktops. Oracle will not leave a version of Java installed for which Oracle no longer provide security updates.
In order to do so, when updating from JRE 6, the update mechanism will not only install the latest version of JRE 7 but will also remove the highest version of JRE 6 on the system. This change will happen when the system is updated via the auto-update mechanism or by checking for updates directly from the Java Control Panel. For more information, read the Java SE 7 Update 15 Release Notes.
As always, consumers can get the Java Runtime Environment (JRE) from Java.com. Developers can get the Java Development Kit (JDK) and the Java Runtime Environment (JRE) from the Oracle Technology Network.
Monday Dec 17, 2012
By Tori Wieldt on Dec 17, 2012
On December 11, 2012 Oracle released Java SE 7 Update 10 (Java SE 7u10). This release includes enhanced security features and support for new platforms.
Enhanced Security Features
The JDK 7u10 release includes the following security enhancements:
- The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
- The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
- New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.
Java SE 7 Update 10 (Java SE 7u10) supports Windows 8 Desktop Mode1 with IE 10, and Mac OS 10.8. For more information, refer to the Oracle Certified System Configurations page.
Download and Release Notes
Thursday Aug 30, 2012
By Tori Wieldt on Aug 30, 2012
Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547. These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
- Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html
- Java users should download the latest release of JRE at http://java.com
- Windows users can take advantage of the Java Automatic Update to get the latest release
JUG leader John Yeary tweeted "I want to take a moment to THANK #Oracle for doing the right thing. Too often people don't say thanks enough when they get it right." Thanks for your thanks.
For More Information
Wednesday Dec 21, 2011
By Janice J. Heiss on Dec 21, 2011
As Goyal explains, “The article starts with the basics—updating simple text strings—and then moves to updating images. Finally, the article shows the easiest way to update the core application files, which Java ME makes quite easy. However, this ease can come at a price in terms of extra network traffic.”
Goyal concludes the article with some basic advice:
“If you don’t need to update the entire source code for your application, use the connection classes provided within the javax.io package, such as ContentConnection and HttpConnection, to update static data, such as text and images.
On the other hand, if you need to provide a mechanism for updating the entire source code, make sure you follow a valid update process on the server, and use platformRequest(String) with a URL that ends in jad to provide the updates. The device’s interface will then make sure the updates are applied by removing the old MIDlet and installing the new updated version.”
Read the complete article here.