boot13The latest offering of Java from Oracle is version 8, update 60. This new version adds some uninteresting functionality and fixes a few bugs. Some of the fixes are related to security, but none appear to address critical vulnerabilities, so there doesn’t seem to be any urgency about updating. See the release notes for additional details.
Category Archives: Java
Java 8 Update 51 fixes 25 vulnerabilities
Yesterday, Oracle released a huge set of updates for all its products, in the July installment of their quarterly Critical Patch Update.
Included in the updates is a new version of Java, version 8 update 51. The new Java includes fixes for at least 25 security vulnerabilities. Anyone who uses a web browser with Java enabled should install the new version as soon as possible. According to Oracle, exploits for at least one of the Java vulnerabilities have been seen in the wild.
Java 8u45 released
Oracle has released Update 45 for Java 8. Anyone using Java should install the update as soon as possible, since it contains fixes for at least fourteen security vulnerabilities.
NOTE: Java 7 is no longer being updated, so if you’re still using it, you should upgrade to Java 8 as soon as possible. If Java is configured to auto-update itself, it will upgrade Java 7 to Java 8 automatically.
Update 2015May14: The final update for Java 7 was 7u79/7u80, released on April 14, 2015.
Java 8 Update 40 released
On March 3, Oracle announced a new version of Java 8, designated Update 40. This update includes a variety of improvements for stability and performance, but no security fixes.
The release notes for Java JDK 8 Update 40 provide the technical details.
Java 8u31 fixes 19 security issues
New versions of Java were announced by Oracle yesterday. Java 8 update 31 and Java 7 update 76 can be obtained from the main Java download site.
Users are being encouraged to upgrade from Java 7 to Java 8. The download page now offers Java 8 instead of Java 7. Computers configured for Java auto-updates will be automatically upgraded from 7 to 8. And according to Oracle, Java 7 will see its final updates in April 2015.
Brian Krebs has additional details.
Java 8 ready for general use
Back in March, Java 8 was made available for developers and anyone else interested in testing it. Soon afterward, Oracle clarified their position on Java 8, explaining why it was not available on the main Java site.
As of October 27, Java 8 (update 25) is now available for general use, and can be obtained from the main Java site.
Patch Tuesday for October 2014
Yesterday saw eight security bulletins and associated patches from Microsoft, as well as two new versions of Java from Oracle, and a new version of Adobe Flash.
The Microsoft updates include three flagged Critical. The updates address twenty-four CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer. A post on the MSRC blog provides a good overview.
Two new versions of Java from Oracle address as many as 25 security vulnerabilities in Java 7 and 8. If you’re using a web browser with Java enabled, you should install Java SE 8 Update 25 and/or Java SE 7 Update 72 as soon as possible. Unfortunately, Oracle has made things a bit confusing by saying that you should install SE 7 Update 72 only if you are being affected by the issues fixed in that version, and otherwise to install Update 71. Our recommendation is to install Update 72.
The new version of Flash is 15.0.0.189, and it includes fixes for at least three security vulnerabilities. If you’re like most people and use a browser with Flash enabled, you should update to the new version as soon as possible.
Java 8 Update 20 released
Java 8 is not yet available from the main Java site (java.com), because it’s officially still in the developer testing/acceptance phase. The current end-user version of Java is Version 7 Update 67.
However, you can download Java 8 from the Oracle web site.
The latest version of Java 8 is Version 8 Update 20. It was made available on the Oracle site on September 18. Java 8u20 contains some new features, and fixes numerous bugs, including several security vulnerabilities.
Of particular interest to system administrators is the new Java 8 Advanced Management Console, which includes several tools that should make it easier to monitor and understand Java client systems.
Java 7 Update 67 fixes problems caused by previous release
Apparently Java 7 Update 65 created problems for some Java installations, preventing certain applications from launching.
On August 4, Oracle released Update 67 for Java 7. The new version fixes the problems introduced in Update 65. Anyone experiencing problems with their Java 7 installation should install Update 67. This is not a security update.
New Java updates fix 20 vulnerabilities
Oracle published its most recent quarterly Critical Patch Update bulletin on Wednesday. The bulletin describes updates to most of Oracle’s products, including its flagship database software, but the updates of interest to most people are those related to Java.
New versions of Java include fixes for twenty security vulnerabilities, many of which could be exploited by attackers to gain control of affected computers. The Java SE 8 Update 11 and Java SE 7 Update 65 release announcement outlines some new features, while the full release notes for Java 7 Update 65 and Java 8 Update 11 provide additional details.
As usual, given the severity of the vulnerabilities fixed by these new versions, you are strongly encouraged to update as soon as possible, particularly if you are using a Java-enabled web browser. Brian Krebs has more.