Java 7 Update Includes Security Features

Thursday, September 12, 2013 @ 04:09 PM gHale


Oracle released the Java standard edition version 7 update 40 (7u40), which includes bug fixes and some new features.

The most notable security patch appears to be a fix for a plugin deployment bug that failed to block expired certificates for users that were operating at the “very high” security level.

RELATED STORIES
Users Still Don’t Patch Java, Flash Bugs
Hackers can Forge Java Security
Sophisticated Hacks on Java Native Layer
Java 6 Zero Day Now in Play

Oracle is also making two new features available to users with commercial licenses, one called flight recorder and another called mission control.

The Java flight recorder feature creates a record of the development process in the Java virtual machine and the mission control feature provides developers with an interface to roll back the clock and access that record, essentially allowing them to revisit any part of the development process. Java SE product manager Aurelio Garcia-Ribeyro said in a video on Oracle’s website the features will be useful for fixing bugs that emerge after an application deployed.

“The idea is you will be able to find out things that only happen in production,” Garcia-Ribeyro said. “So there are some bugs that you cannot see because you need to have the application leaking memory for 30 days or something. For those types of bugs, that’s when you need mission control and flight recorder.”

Java SE 7u40 also shipped with a new local security policy. Garcia-Ribeyro said Oracle has a problem: Though they regularly ship new versions of Java SE that contain new features and vulnerability fixes, many of their enterprise users choose not to install these updates because they are running older applications that may not be compatible with the newer versions of Java SE.

The local security policy will give the administrators at these enterprises the ability to choose which particular applications can access each specific version of the Java runtime environment, allowing them to run old Java versions for old applications and the most up-to-date Java versions for newer applications and limit their exposure to security vulnerabilities.

The latest edition of the JDK has also disabled the “remember this decision” feature that automatically approved self-signed applets. All unsigned and self-signed applets will now need approval on a per-use basis.



Leave a Reply

You must be logged in to post a comment.