dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
15079
share rss forum feed


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

6 recommendations

Java for Windows Version 7 Update 40

Recommended Version 7 Update 40

»www.java.com/en/download/windows_manual.jsp

What is Java?

Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing.

Basic troubleshooting tips for Java issues
If you are having problems related to Java, the following tips should help you getting things working.

»www.java.com/en/download/help/tr···java.xml
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 recommendations

Thanks Nick. /sigh Yet another set of updates to install
--
Don't feed trolls--it only makes them grow!

SpHeRe31459
Premium
join:2002-10-09
Sacramento, CA
kudos:2
reply to NICK ADSL UK
Oh SOB, I didn't think there was a Java update this month (the next release wasn't scheduled until the 15th of October). I even checked earlier today just in case and nothing.

Something else to deal with at work in the morning...

I hate, hate, hate that while Adobe has started to follow MS's lead on patch Tuesday protocol, where both vendors have their updates available by 10AM PST, Oracle pretty much just puts them up whenever they feel like it (and it doesn't even have to be a Tuesday), usually at 12PM PST, but sometimes it's whenever they feel like it that day.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to NICK ADSL UK
Thanks for the update Nick
LOL! Update 40... Can I please get a build number that's safe to use since the last 40 suck.
»www.oracle.com/technetwork/java/···261.html


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
Would build 42 (The Answer -- 6 by 8 -- Hitchhikers Guide) be any better?
--
Don't feed trolls--it only makes them grow!


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet
reply to NICK ADSL UK
please note that these Java updates are security bug updates as for getting a piece of software that requires java to work well that's a bit hit and miss at this time

Update Release Notes
Update Release Notes Index
--------------------------------------------------------------------------------

Java™ SE Development Kit 7, Update 40 (JDK 7u40)
The full version string for this update release is 1.7.0_40-b43 (where "b" means "build"). The version number is 7u40.

Highlights
This update release contains several enhancements and changes including the following:

Java Mission Control (JMC) Release Notes
JavaFX Release Notes
New Features and Changes
Retina Display support on Mac OS X
Olson Data 2013d
JDK 7u40 contains Olson time zone data version 2013d. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u40 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
7 1.7.0_25
6 1.6.0_51
5.0 1.5.0_51

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

JRE Expiration Date
The expiration date for JRE 7u40 is 12/10/2013. After this date, Java will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Java Mission Control (JMC) 5.2 Release Notes
Java Mission Control (JMC) is a commercial feature available for java users with a commercial License.

JDK 7u40 includes the first release of Java Mission Control (JMC) that is bundled with the Hotspot JVM. For more information, see JMC Release Notes.

JavaFX Release Notes
JavaFX is now part of JDK. JDK 7u40 release includes JavaFX version 2.2.40.

For a list of bug fixes included this release, see JavaFX Bug Fixes page.

For a list of known JavaFX issues, see Known Issues.

JDK for Linux ARM
Serviceability Agent support: Serviceability Agent (SA) is now supported in JDK for ARM.

ARM hard float support: 7u40 adds ARM Hard-Float ABI (ARMHF) support in addition to existing ARM Soft-Float ABI support. The ARMHF bundle is labeled arm-vfp-hflt.

A target system must provide access to ld-linux-armhf.so.3 dynamic linker/loader through a hard or symbolic link.

New Features and Changes

Retina Display support on Mac OS X
Retina screens will now display content correctly. Previously rendering had been blurry. See 8000629.

Deployment Rule Set
Deployment rule set allows a desktop administrator to control the level of Java client compatibility and default prompts across an organization.

For a summary of this feature, see Deployment Rule Set documentation.

Option to disable the "JRE out of date" warning
Starting from 7u40, a new deployment property deployment.expiration.check.enabled is available. This property can be used to disable the "JRE out of date" warning.

When the installed JRE (7u10 or later), falls below the security baseline or passes it's built-in expiration date, an additional warning is shown to users to update their installed JRE to the latest version. For businesses that manage the update process centrally, users attempting to update their JRE individually, may cause problems.

To suppress this specific warning message, add the following entry in the deployment properties file:

deployment.expiration.check.enabled=false

For more information, see Deployment Configuration File and Properties.

New Security Warnings for Unsigned and Self-Signed Applications
New warnings are added in the dialogs for Unsigned and Self-Signed applications.

From the dialogs for Unsigned and Self-Signed applets, "Remember this decision" option has been removed. In addition, the previously remembered decisions for self-signed and unsigned applets will be ignored.

For more information, see Security Dialogs.

Local Applets return NULL for DocumentBase
Beginning with JDK 7u40, an applet's getDocumentBase() method will return NULL when the applet is running from the local file system.

If applet needs to load resource, here are the options:

If the resource is in the applet's JAR(s), the user should be able to load it with class ClassLoader getResoruceAsStream directly, without needing the codebase information.
If the resource is in an arbitrary location, which is not inside the applet's JAR(s), the user must have other ways to get to that location, since it is not part of the applet resource. For example, the user.home java system property, provided their applet has all-permissions.

JAXP Security Improvements
JDK 7u40 release contains Java API for XML Processing (JAXP) 1.5, which adds the ability to restrict the set of network protocols that may be used to fetch external resources. For more information, see JEP 185: JAXP 1.5: Restrict Fetching of External Resources.

Default x.509 Certificates Have Longer Key Length
Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. This restriction is applied via the Java Security property, jdk.certpath.disabledAlgorithms. The default value of jdk.certpath.disabledAlgorithms is now as follows:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize and -XX:MaxNewSize=, or by the option -Xmn (the latter option is equivalent to setting both NewSize and MaxNewSize to ). If the above options are not used, then the young generation size is computed as a fraction of the maximum heap size.

Workaround: Use a young generation size that is at least 768 KB (for 32-bit JVM) or 1536 KB (for 64-bit JVM).

Area: hotspot/runtime
Synopsis: Java causes MacOSX to crash with kernel panic

The JVM could cause kernel panic on MacOSX v10.8.1 and v10.8.2. It is an MacOSX issue which is not reproduced on v10.8.3. User needs to upgrade to the latest MacOSX 10.8.x version to avoid this issue.

Area: deploy/plugin
Synopsis: Local applet could not be launched with Firefox 23

This is a Firefox bug and a fix will be provided in a future release. This regression is introduced due to a fix against issues related to same-origin policy under Firefox. For more details, see »bugzilla.mozilla.org/show_bug.cgi?id=902375.

Workaround: To work with Firefox 23, under Firefox preferences, set the property "security.fileuri.strict_origin_policy" to false.

JavaFX
Area: Packager
Synopsis: Packager for Mac OS generates invalid ICNS icon.

After an application is packaged with the native Mac OS packager, the .app bundle contains an invalid ICNS icon. When developers try to submit this application to Mac App Store, the Application Loader fails with the error reporting about an invalid ICNS icon.

Workaround:

To overcome the issue, perform the following steps:

Change dir into generated bundles directory (./dist/bundles). There you can find MyApp.app.
Write entitlements for your application. All programs, delivered by Mac App Store, are started within sandbox, so you have to describe needs of your application in some specific format, described on Apple official sites: some template you can find here. Let this file be named MyApp.entitlements.
For some packager bug, we had to remake icon in ./dist/bundles/MyApp.app/Resources:

$ cd ./dist/bundles/MyApp.app/Resources
$ iconutil -c iconset MyApp.icns
$ rm -f MyApp.icns
$ iconutil -c icns MyApp.iconset
$ rm -rf MyApp.iconset
$ cd ../../../../
Sign your .app:
codesign -f -s "3rd Party Mac Developer Application: "
--entitlements MyApp.entitlements MyApp.app.
Sign all sub-libraries and jars:
find MyApp.app -name "*.jar" -or -name "*.dylib" |
xargs codesign -f -s "3rd Party Mac Developer Application: "
--entitlements MyApp.entitlements.
Build signed .pkg:
$ productbuild --component MyApp.app /Applications
--sign "3rd Party Mac Developer Installer: "
--product MyApp.app/Contents/Info.plist MyApp.pkg
Don't be confused by different certificated: there must be at least two certificates: Application certificate and Submission/Installer certificates.

For more information see, JavaFX issue RT-31417.

Area: Graphics
Synopsis: The WebView component doesn't support HiDPI rendering.

See JavaFX issue RT-31729.

Area: Graphics
Synopsis: The HiDPI support cannot be enabled inside a LoDPI browser.

See JavaFX issue RT-30912.

Area: Graphics
Synopsis: Point and Spot lights of the Lighting effect are not affected by coordinate scaling.

The coordinates of the lighting sources are not adjusted for the coordinate transform of a node and are actually relative to its bounding box, which makes positioning the lights properly for an arbitrary node tricky.

For more information, see JavaFX issue RT-31849.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to NICK ADSL UK
It won't update on XP.

Why the huge jump from 25 to 40?


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
said by Mele20:

Why the huge jump from 25 to 40?

Because Oracle has decided to create a completely asinine numbering methodology: »www.oracle.com/technetwork/java/···258.html
--
less talk, more music

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to NICK ADSL UK
Click for full size
I can't install it (at least not from the Java panel applet updater) because Oracle says the file is either "unsigned" or "corrupt" and its security integrity cannot be verified....geez. This is on my XP Pro computer. If I uninstall the current version and then try a direct, full offline download of the latest version maybe that will install.....BUT do I even want to install this considering what the update notes say:

"Release Highlights

Options Removed for Unsigned and Self-signed Applications
Starting with Java 7 Update 40, the option for Do not show this again for this app is no longer available. Unlike previous versions, the user cannot suppress the security dialog for an unsigned application and will have to select the option, I accept the risk and want to run this app each time to run the unsigned application.
New Security Warning for Unsigned and Self-signed Applications
Message added Running unsigned applications like this will be blocked in a future release because it is potentially unsafe and a security risk. "

EVERY JAVA APPLET I USE IS UNSIGNED. I only use Java for Speed tests and those applets are unsigned. I keep Java disabled unless I need to run a speed test. Come December, the next Java update will block these applets! So, I think I may as well just stay with ver 25 on both computers (unless/until the applets get signed).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
said by Mele20:

EVERY JAVA APPLET I USE IS UNSIGNED.

So now you'll just have to click "Yes, run my unsigned Java app" each time you use the unsigned JAR with Java 7 Update 40. It will work, just require another annoying step.
--
less talk, more music


90115534
Someone is sabotaging me.Finding out who
Premium
join:2001-06-03
Kenner, LA
reply to NICK ADSL UK
Thanks.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Ctrl Alt Del
Yes BUT the NEXT version of Java will forbid unsigned applets to run AND read this:

"Java Expiration Date

The expiration date for 7u40 is December 10, 2013.
If the Java plugin is unable to contact the Oracle Java backend servers for an extended period of time it will start offering additional protection and warnings after the expiration date. Users receiving expiration date messages are strongly encouraged to update Java to the latest release."

I draw the line here. Oracle is getting too intrusive. That says, I think, (although it is not too clear) that because I check DO NOT CHECK FOR UPDATES that this new version 40, that doesn't want to install, will AUTOMATICALLY start blocking unsigned applets after Dec 10. I am NOT enabling check for updates automatically (even once a month) so it looks like ver 25 will be the last version I use unless/until the speed test developers cough up a signed applet which they may very well do since it is being forced that they do this if they want users with current Java (after Dec 10) to be able to use their applets.

Of course, by Dec 10 on Win 8 computer Fx 17ESR will have auto updated to ver 24 ESR and Mozilla will probably block an older version of Java....so maybe I can't win...except on XP with such an old version of Fx that Mozilla doesn't care what version of Java I use. I guess I have to hope the applet developers will sign their code by then. Or maybe IE 10 will let me use an older Java version. Mozilla is the too aggressive, threatening browser when it comes to Java...not IE but then by December I might have installed Win 8.1 which will install IE 11 which might behave differently....

Java can't run on XP until I tell Process Guard EACH TIME to allow it and then the Proxomitron blocks it until I allow it. I already have plenty of safeguards for Java. Plus, I keep Java disabled in the browsers until I get ready to do a speed test. (Flash is the scary one not Java).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1

3 edits
said by Mele20:

The expiration date for 7u40 is December 10, 2013.
If the Java plugin is unable to contact the Oracle Java backend servers for an extended period of time it will start offering additional protection and warnings after the expiration date. Users receiving expiration date messages are strongly encouraged to update Java to the latest release."

This is a different "feature" than blocking unsigned JARs from running.

Now every Java have a built in expiration date (Java 7 Update 40 is Dec 10). When time moves past that expiration date, the Java runtime itself will start showing you a dialog saying your Java is out of date and that you really need to update it.

This is in addition to the built in Java Updater, which checks Oracle's servers for newer versions. The Java Updater will tell you that a newer version of Java is available. The expiration date will simply say there's probably a newer version of Java out there, you should go get it.

For example, if you installed Java 7 Update 40 on a PC that has no internet connection whatsoever, the Java Updater will never tell you there's a newer version of Java, but the expiration date will eventually expire and prompt you that you should check for yourself of a newer version.

The expiration date is to really get people to update their Java, even those that disable the Java Updater, but you can ignore it and continue to use the old insecure version of Java.

Also, the expiration date feature was introduced in Java 7 Update 10: »www.oracle.com/technetwork/java/···995.html. So your Java 7 Update 25 also has a built in expiration date, which happens to be November 15, 2013: »www.oracle.com/technetwork/java/···741.html
--
less talk, more music


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to NICK ADSL UK
For all you tweakers out there that don't want Java phoning home - disable MSCONFIG entry jusched.exe