Over a million developers have joined DZone.

Java 7 Update 11 Released to Address Security Issues

DZone's Guide to

Java 7 Update 11 Released to Address Security Issues

· Java Zone ·
Free Resource

Get the Edge with a Professional Java IDE. 30-day free trial.

On Sunday, Oracle released Java 7 Update 11 in order to address the recent security issues that had lead Mozilla to add recent versions of Java to it's add-on blocklist.  With the latest update in place, you should be able to re-enable Java in your browser with peace of mind. 

However, according this latest article on Reuters, there may still be further security flaws:

Adam Gowdiak, a researcher with Poland's Security Explorations who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.

"We don't dare to tell users that it's safe to enable Java again," said Gowdia

In case you missed the news, the 0-day  exploit allows attackers to run arbitrary code on client systems through malicious web pages. The thing is that this exploit wouldn't have worked if Oracle had issued a complete fix for a insecure implementation of the Reflection API.

Let's assume that's all in the past now - what was changed in this latest update? Mainly the default security level has been changed to high, from medium, for all applets and webstart applications. This means the user is always warned before any unsigned application is run. 

One thing: if you have the standalone version JavaFX 2.x installed, you'll have issues seing the security level slider in Control Panel. To get around this just uninstall the standalone version.

This whole issue has people a bit spooked about Java in their browser. Will you go ahead and re-enable Java on your web browser? Or are you going to take the ultra-cautious approach, and wait until security analyists say that all is well with Java?

Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}