Java version 7 update 40 has been released by Oracle. This is the latest version available for users who run Java on their PCs. Java is a programming language and computing platform. It is also a software package that runs on more than 850 million personal computers worldwide. There are lots of applications and websites that will not work properly unless you have Java installed.
This update release contains important enhancements for Java applications:
Deployment Rule Set
Deployment rule set allows a desktop administrator to control the level of Java client compatibility and default prompts across an organization.
For a summary of this feature, see Deployment Rule Set documentation.
Option to disable the “JRE out of date” warning
Starting from 7u40, a new deployment property deployment.expiration.check.enabled is available. This property can be used to disable the “JRE out of date” warning.
When the installed JRE (7u10 or later), falls below the security baseline or passes it’s built-in expiration date, an additional warning is shown to users to update their installed JRE to the latest version. For businesses that manage the update process centrally, users attempting to update their JRE individually, may cause problems.
To suppress this specific warning message, add the following entry in the deployment properties file:
deployment.expiration.check.enabled=false
For more information, see Deployment Configuration File and Properties.
New Security Warnings for Unsigned and Self-Signed Applications
New warnings are added in the dialogs for Unsigned and Self-Signed applications.
From the dialogs for Unsigned and Self-Signed applets, “Remember this decision” option has been removed. In addition, the previously remembered decisions for self-signed and unsigned applets will be ignored.
For more information, see Security Dialogs.
Local Applets return NULL for DocumentBase
Beginning with JDK 7u40, an applet’s getDocumentBase() method will return NULL when the applet is running from the local file system.
If applet needs to load resource, here are the options:
- If the resource is in the applet’s JAR(s), the user should be able to load it with class
ClassLoader getResoruceAsStreamdirectly, without needing the codebase information. - If the resource is in an arbitrary location, which is not inside the applet’s JAR(s), the user must have other ways to get to that location, since it is not part of the applet resource. For example, the
user.homejava system property, provided their applet hasall-permissions.
JAXP Security Improvements
JDK 7u40 release contains Java API for XML Processing (JAXP) 1.5, which adds the ability to restrict the set of network protocols that may be used to fetch external resources. For more information, see JEP 185: JAXP 1.5: Restrict Fetching of External Resources.
Default x.509 Certificates Have Longer Key Length
Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. This restriction is applied via the Java Security property, jdk.certpath.disabledAlgorithms. The default value of jdk.certpath.disabledAlgorithms is now as follows:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
In order to avoid the compatibility issue, users who use X.509 certificates with RSA keys less than 1024 bits, are recommended to update their certificates with stronger keys. As a workaround, at their own risk, users can adjust the key size to permit smaller key sizes through the security property jdk.certpath.disabledAlgorithms.
The following are some of the notable bug fixes included in JDK 7u40.
Area: deploy/plugin
Synopsis: Aborting the update after clicking “Update” on the “Java is insecure” warning message forwards all applets to java.com/download.
When an older JRE is installed on the system, launching a web page with an applet prompts the user with “Java is insecure” message. If the user clicks on the “Update” button on the message but later aborts the update process, user is automatically redirected to http://java.com/download page.
This is not the expected behavior. The issue is fixed in JDK 7u40 release.
Area: deploy/plugin
Synopsis: Expired (but otherwise valid) certificate are not blocked at VeryHigh Security Level.
The issue is fixed in JDK 7u40 release.
Java is one of the applications that is managed and updated by ODS. If you are a current customer, ODS will automatically update your version of Java over the next few days. The update will install silently. No user interaction is required. There are no additional fees or charges for ODS to update your version of Java.
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at https://htechsolutions.biz/contact-us