After the huge media impact that followed up the full disclosure of the vulnerability in Java 7 Update 10, many national and international organizations have started to recommend to their readers to uninstall Java (Germany’s BSI, US-Cert). Oracle couldn’t just stand and see how their market share is disappearing and has started over the weekend to work an a fix which now is open for the masses.
Among the fixes, we see other three issues fixed:
- Default Security Level Setting Changed to High
- The Java Control Panel Doesn’t Show Security Level Slider
- Problems with Registration of Plugin on Systems with Stand-alone Version of JavaFX Installed
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u11 are specified in the following table:
|JRE Family Version||JRE Security Baseline
(Full Version String)
If you have Java 6, you can see here more details about how to upgrade.
I strongly suggest that if possible, to uninstall any older Java version and install only the latest.
So, is this the end of this escalation ? No, by far no.
We have seen that Oracle is able to work fast and under a huge international pressure. This is good, but those who know how software development works also know that developing critical software under pressure has only one consequence: even more bugs.
That’s why we still recommend to keep Java deactivated unless you desperately need it for your work. Consider as an alternative to have a browser with Java activated for use with the Java based applications you need and another browser without Java for everyday use.
After performing the installation, you can double check the Java version by visiting this page.