Security → Oracle Critical Patch Updates [Java] Jan 20, 2015

Oracle Critical Patch Update Pre-Release Announcement - January 2015
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2015, which will be released on Tuesday, January 20, 2015. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. - »www.oracle.com/technetwo ··· 971.html

Oracle Java SE
This Critical Patch Update contains 19 new security fixes for Oracle Java SE.
14 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0.

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
• Java SE
• Java SE Embedded
• JRockit

Affected versions:
Oracle Java SE, version(s) 5.0u75, 6u85, 7u72, 8u25
Oracle Java SE Embedded, version(s) 7u71
Oracle JRockit, version(s) R27.8.4, R28.3.4

When available on Jan 20, updates will be found at:
Java 8 (consumer site) - »java.com/en/download/manual.jsp
Java 7/8 (Oracle site ) - »www.oracle.com/technetwo ··· d=ocomen

New Java today. New Java today. Woot!

. o O ("State of the Union Java")

Just waiting for it to show up on their sites.

Auto-update Notice
Coincident with the January 2015 CPU release users with the auto-update feature enabled will be migrated from Oracle JRE 7 to Oracle JRE 8.

quote:

---

Oracle will start auto-updating Windows 32-bit and OS X, Java Runtime Environment (JRE) users from JRE 7 to JRE 8 in January 2015.

The Java auto-update mechanism is designed to keep Java users up-to-date with the latest security fixes. To achieve this goal Windows and OS X users that rely on Java’s auto-update mechanism will have their JRE 7 replaced with JRE 8.

Oracle will start auto-updating all Windows 32-bit and OS X users from JRE 7 to JRE 8 with the update release of Java, Java SE 8 Update 31 (Java SE 8u31), due in January 2015.

• JRE 8 has been the default version on Java.com since October 2014 and is now being used by millions of users.
• As we did when JRE 6 was replaced by JRE 7, we will auto-update users of the older release to the newer version of Java.
• As always, all users are encouraged to update to the most recent Java versions available for public download.
• In March 2014 Oracle announced the End of Public Updates for their Java SE 7 products for April 2015.

---

Also see - Java SE 7 - End of Public Updates Notice

Yup. Based on previous releases and my memory that happens mid/late afternoon Eastern Time.

I'm seeing

• Java SE 8u31

• Java SE 7u75/76

at the Oracle site (I don't use java.com).

If you install the new version(s) don't forget to remove the

SunJavaUpdateSched

autorun if you dislike phone homers.

Thanks Stuart.

Installed both versions of 8 31. 32 bit and 64 bit.
After the 32 bit install it informed of the old version (8 25?) needing to be uninstalled so I said yes. Apparently it didn't install over the top which is strange.

64 bit version installed without complaints.

That's not new.

»Re: Java, Oracle JRE 8 update 20

I've never had that pop up and been doing this a long time

The popup might be new. I uninstalled the old version first as I knew it was no longer overwritten.

That's why JavaRa has been discontinued:
»singularlabs.com/news/si ··· -javara/