Tuesday Jan 14, 2014

Java SE 7 Update 51 Released

Java SE 7 Update 51 (Java SE 7u51) is now availableThis update release contains several enhancements and changes, as well as important security fixes. Oracle strongly recommends that all Java SE 7 users upgrade to this release. For more information, see the Oracle Critical Patch Update Advisory. See the release notes for the complete list of changes in this release, including:

- Changes to Security Slider (see this blog for additional information and the Java Control Panel documentation):
- Block Self-Signed and Unsigned applets on High Security Setting
- Require Permissions Attribute for High Security Setting
- Warn users of missing Permissions Attributes for Medium Security Setting
- Exception Site List: The Exception Site List feature allows end users to run Java applets and Java Web Start applications that do not meet the latest security requirements. Rich Internet Applications that are hosted on a site in the exception site list are allowed to run with the applicable security prompts. (See this blog for additional information and the Exception Site List documentation).
- Jarsigner updated to encourage timestamping
- Prompt users to clear previously remembered decisions
- Change in Default Socket Permissions
- Change in JAXP Xalan Extension Functions

Java SE Embedded 7 Update 51 is also now available. Java SE Embedded 7 Update 51 is based on Java Development Kit 7 Update 51 (JDK 7u51) and provides specific features and support for embedded systems. See the release notes for additional details.

To learn more about this release and for information on best practices see the Java Product Group, Product Management blog.

Monday Nov 18, 2013

Are You Ready for the Next Java SE Update?

Oracle has created two new resources, the 
Java RIA Security Checklist and the Java Security Resource Center to help you prepare for the next Java SE update, Java SE 7 update 51 (scheduled for January 2014). This release changes the deployment requirements for Applet & Web Start applications with two new requirements: 

  1. Use of the Permissions Manifest attribute
  2. Valid code signatures. 

These changes will not affect developers of back-end or client applications; the scope is limited only to Java Applets & Web Start Applications (RIAs). Read details in the blog  New security requirements for RIAs in 7u51.

Java RIA Security Checklist


The changes scheduled for Java 7 update 51 means the default security slider will require Code Signatures and the Permissions Manifest attribute. Java RIA Security Checklist
 provides best practices to help development teams track work necessary to accommodate user prompts.

Security Resource Center


Oracle has launched a new Java Security Resource Center to aggregate security-related information for the Java community based on your role: developer, system administrator, home user, or security professional.

Additional Resources

Note:
 To ensure that end users’ systems are secure when using Java-based content, Oracle strongly recommends that you always upgrade to the most recent release. You can remove old versions of Java either during upgrades or by using the Java Uninstall Tool on Java.com.

Tuesday May 07, 2013

Live OPN PartnerCast: Java Update

Tune in on May 8th at 10:00am Pacific for a LIVE PartnerCast focused on Java updates, hosted by Geoff Morton, Group Vice President of Worldwide Java Sales.


The agenda is:

- Oracle Java Embedded Technologies with Edward Zou, Vice President, Product Management, Oracle
- Oracle's Device to Data Center Platform with Henrik Stahl, Senior Director, Product Management, Oracle
- Eurotech M2M Technical Building Blocks Based on Oracle Java Embedded technologies and Hitachi SuperJ OSGi platform with Hilary Tomasson, VP Marketing, Eurotech North America

Viewers will be able to participate in the live Q&A during the show by asking questions through twitter @oraclepartners and using #OPN.

To watch this event, please visit Oracle PartnerNetwork homepage on May 8th, 2013 at 10:00 AM PST.

Tuesday Feb 19, 2013

Updates to February Critical Patch Update for Java SE

Oracle has released Updates to February 2013 Critical Patch Update for Java SE. This update contains fixes for additional security vulnerabilities. Oracle recommends that customers apply Critical Patch Updates (CPUs) as soon as possible. You can read details on the Oracle Software Security Assurance Blog.

Released today is:

Auto-update and Manual Update of JRE 6 will Replace JRE 6 with JRE 7

Since JRE 6 has reached its End of Public Updates, Oracle is taking steps to protect consumer desktops. Oracle will not leave a version of Java installed for which Oracle no longer provide security updates. 

In order to do so, when updating from JRE 6, the update mechanism will not only install the latest version of JRE 7 but will also remove the highest version of JRE 6 on the system. This change will happen when the system is updated via the auto-update mechanism or by checking for updates directly from the Java Control Panel. For more information, read the Java SE 7 Update 15 Release Notes.  

As always, consumers can get the Java Runtime Environment (JRE) from Java.com. Developers can get the Java Development Kit (JDK) and the Java Runtime Environment (JRE) from the Oracle Technology Network.  

Monday Dec 17, 2012

Java SE 7u10: Enhanced Security Features and Support for New Platforms

On December 11, 2012 Oracle released Java SE 7 Update 10 (Java SE 7u10). This release includes enhanced security features and support for new platforms.

Enhanced Security Features

The JDK 7u10 release includes the following security enhancements:

  • The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

For more information, read Henrik Stahl's blog Oracle JDK 7u10 Released with New Security and the documentation Setting the Level of Security for the Java Client.

New Supported Platforms

Java SE 7 Update 10 (Java SE 7u10) supports Windows 8 Desktop Mode1 with IE 10, and Mac OS 10.8.
 For more information, refer to the Oracle Certified System Configurations page. 

Download and Release Notes

Java SE 7u10 is available on OTN Download Page.
To learn more about the release, please see the Java SE 7u10 Release Notes.
For information about the other Java releases last week, read the Java Source blog "Java SE Updates." 

Thursday Aug 30, 2012

Java Security Update

Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. 

JUG leader John Yeary tweeted "I want to take a moment to THANK #Oracle for doing the right thing. Too often people don't say thanks enough when they get it right." Thanks for your thanks. 

For More Information

Oracle Security Alert for CVE-2012-4681

Change to Java SE 7 and Java SE 6 Update Release Numbers


Wednesday Dec 21, 2011

Updating Java ME Applications

A new article up on otn/java, by Java ME expert Vikram Goyal, titled “Updating Java ME Applications,” demonstrates how easy it is to update the text, images, and source code for Java ME applications. Goyal explains that updating a Java ME application includes updating static data, such as text and images, as well as code components of the application. In the article, he develops a sample app that illustrates how to update an application.

As Goyal explains, “The article starts with the basics—updating simple text strings—and then moves to updating images. Finally, the article shows the easiest way to update the core application files, which Java ME makes quite easy. However, this ease can come at a price in terms of extra network traffic.”

Goyal concludes the article with some basic advice:

“If you don’t need to update the entire source code for your application, use the connection classes provided within the javax.io package, such as ContentConnection and HttpConnection, to update static data, such as text and images.

On the other hand, if you need to provide a mechanism for updating the entire source code, make sure you follow a valid update process on the server, and use platformRequest(String) with a URL that ends in jad to provide the updates. The device’s interface will then make sure the updates are applied by removing the old MIDlet and installing the new updated version.”

Read the complete article here.



About

Insider News from the Java Team at Oracle!

duke
javeone logo
Links


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
5
6
7
12
13
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today