Tuesday, September 10, 2013

Oracle Java Update


Oracle released the Java SE 7u40 today.  In addition to bug fixes and enhancements, the update includes the following:
  • advanced monitoring and diagnostic capabilities that enable developers to gather detailed runtime information and perform efficient data analysis without impacting system performance; 
  • a new security policy that gives system administrators greater control over Java running on desktops; 
  • improved performance and efficiencies for Java on ARM servers and support for Mac OS X retina displays.

If Java is still installed on your computer, it is recommended that this update be installed.

For those people who have desktop applications that require Java and cannot uninstall it, Java can now be disabled in Internet Explorer.  See Microsoft Fix it to Disable Java in Internet Explorer.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Java ControlPanel
(Image via Sophos Naked Security Blog)

3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

Download Information

Download link:   Java SE 7 Update 40

Verify your version:  http://www.java.com/en/download/testjava.jsp

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

Starting with the October 2013 Critical Patch Update, security fixes for Java SE will be released under the normal Critical Patch Update schedule. A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release.

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 15 October 2013
  • 14 January 2014
  • 15 April 2014
  • 15 July 2014


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: