Oracle Ships Java 7 Update 11 With Vulnerability Fixes 243
An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."
Java and Flash (Score:5, Informative)
Re:Java or Javascript? (Score:4, Informative)
Many websites utilize Java through in-line apps and modern browsers make the installation process fairly simple (ie, a couple of on-page redirects and a pop-up window which takes care of it all - the same way most browsers simplify Flash installation simply because it's so universal). For example, nVidia's video-card-dectection routine is in Java and if it's not installed, will helpfully let you know and give a button to click to download it. Minecraft, of course, requires Java. Many development tools and even many network management packages are written in Java.
Java on PCs is quite widespread and thus by default, so is Java on browsers.
Javascript, as you rightly raise, is altogether different, and prevalant on all browers by default (even though different browsers have different JS interpreters) and has nothing to do with the JRE.
Re:Java and Flash (Score:2, Informative)
You have to manually install it or a piece of software you run needs it and installs it. No modern browser needs it nowadays.
Re:What about Java 6 (et al)? (Score:5, Informative)
Re:Java or Javascript? (Score:3, Informative)
RuneScape and all of FunOrb (also made by Jagex -- the creators of Runescape) are also Java Applets.
Other than games, you'll see sites use Java Applets for simulations, etc. -- things that are either computationally intensive or too complex. Since Java is object-oriented, has tons of built-in data structures, garbage collection, and runs off the client's (pretty fast) JVM in which there is a JVM available for the popular OSes, it's a better alternative to JavaScript or Silverlight for these tasks.
Re:Leftovers (Score:4, Informative)
Older versions of Java defaulted to side-by-side installation mode, which was then kept even after newer releases were installed on top.
Newer versions default to in-place upgrade mode instead.
It's poorly documented, and as far as I know, the only way to fix it is to completely uninstall and re-install the latest version.
Re:Java or Javascript? (Score:5, Informative)
Javascript absolutely has nothing to do with Java.
Netscape realized for the web to take off as a platform it needed to do more than just display text and pictures so logic was needed. Netscape invented Livescript. Sun didn't like it and was in talks with making Java used instead of Livescript for dynamic web content.
So Netscape made a deal to rename Livescript Javascript with the contract to include jre with Netscape 3. It has nothing to do with it other than pure marketing name to confuse users to spread synergy to Java instead which is what Sun hoped as Livescript aka Javascript was very limited at the time.
It became a standard to this day.
Re:Is this really a fix? (Score:5, Informative)
People who read this site are mostly geeks, nerds, IT, developers, or some such who are computer literate. But, NO ONE who reads this site is ignorant of how pervasive Java is. NO ONE who reads this site is completely ignorant of the ways in which John and Jane Q. Public uses their computers.
Like DavidClarkeHR's mother, my wife "needs" Java. Her computer may suffer any number of ills, and she'll ignore them. But, if she can't play her Pogo Games, the old broad is going to make my life miserable until the problem is fixed. To her, "the internet" pretty much means Pogo, Facebook, email, Craig's List, classified ads in the Texarkana Gazette, and a little bit of news.
Oh, wait - how can I forget her soap operas? The woman has given up on television, and watches her daily shows on the computer now.
THAT is the internet, for millions of people.
Java don't work? "I WANT IT FIXED BEFORE I GET HOME FROM WORK!! You can forget about taking trash out, you can forget to pick your clothes up off the bathroom floor, you can leave the sink full of dirty dishes, BUT FIX MY INTERNET!!"
Re:OS X version is Lion + (Score:4, Informative)
Backporting security fixes to an old OS X release isn't feasible for Oracle because they don't own the particular codebase that targeted Snow Leopard and earlier. Apple forked the JDK under a commercial license from Sun back in the day, incorporating OS X specific implementation details, which for earlier Java releases lies in Apple HQ.
When Apple handed over the reins to Oracle, any code they contributed back to the OpenJDK codebase would have been for the then current OS X revision (Lion) and thus likely unportable to Snow Leopard without modification. Code "Soy Latte" existed some 4 years ago as a community effort to port OpenJDK to OS X 10.5 and later but this was never the "official" port used by Apple.
Were Apple any better during their stewardship of Java? I seem to remember JRE versions were tied to releases of OS X. Our efforts to develop a Swing application were stifled because our user base (e.g. schoolkids with iBooks) were stuck forever on Java 1.5.
So blame Oracle but some of the blame goes back to Jobs, who in later years did much to sideline Java.
Re:Is this really a fix? (Score:5, Informative)
Minecraft does not need the java browser plug-in.