Java SE 7 Update 65 (expires 14 October 2014)
Download (Windows: 32-bit, 64-bit / OS X: 64-bit) / Release Notes / Bug Fixes / Risk Matrix
Java SE 8 Update 11 (expires 14 October 2014)
Download / Release Notes / Bug Fixes
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.July 2014 Critical Patch Update Released
This Critical Patch Update provides 20 additional security fixes for Java SE. The highest CVSS Base Score for the Java vulnerabilities fixed in this Critical Patch Update is 10.0. This score affects a single Java SE client vulnerability (CVE-2014-4227). 7 other Java SE client vulnerabilities receive a CVSS Base Score of 9.3 (denoting that a complete compromise of the targeted client is possible, but that that access complexity to exploit these vulnerabilities is “medium.”) All in all, this Critical Patch Update provides fixes for 17 Java SE client vulnerabilities, 1 for a JSSE vulnerability affecting client and server, and 2 vulnerabilities affecting Java client and server. Oracle recommends that home users visit http://java.com/en/download/installed.jsp to ensure that they run the most recent version of Java. Oracle also recommends Windows XP users to upgrade to a currently-supported operating system. Running unsupported operating systems, particularly one as prevalent as Windows XP, create a very significant risk to users of these systems as vulnerabilities are widely known, exploit kits routinely available, and security patches no longer provided by the OS provider. (Source)JRE Expiration Date
This JRE (version 7u65) will expire with the release of the next critical patch update scheduled for 14 October 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u65) on 15 November 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.New Features and Changes
New Java Control Panel option to disable sponsors
Currently, to disable sponsor offers at the time of installation, the user can de-select the option during installation or can pass SPONSORS=0 as a commandline option.
In this release, a new Java Control Panel (JCP) option to disable sponsors is available. To use this option, go to JCP's "Advanced" tab, and check or uncheck "Suppress sponsor offers when updating Java".
This option is applicable to 32 and 64-bit Windows operating systems. (Source)
Last edited by Arthur; 15th July 2014 at 11:51 PM.
I bloody created my image last week.......
Still on Ver 7. Wont move just yet.
i wish they wouldnt expire it and actually do some testing before release so they dont have to fix 20 critical bugs again in a few months. The sooner i can sack off java flash and shockwave the happier i will be
If say I have rolled out Java7u51 via gpo, would you recommend removing it and adding 7u65 as a fresh install, or adding it as an update to 51?
the last time I tried removing and installing flash 7u25 just hung and then didn't do anything, unfortunately I also update flash, shockwave, reader etc at the same time. chaos ensued....
Last edited by smithson83; 16th July 2014 at 08:52 AM.
In a 28mb download, how do they find 20 vulnerabilities every bloody month. I mean, I know the code base is probably a little long in the tooth, but it is still that sloppy?
Cheers again for the heads up...
Davit2005 (5th August 2014)
Only the 15th attempt at the build, what with these KMDF drivers etc. etc.
Java is a complete PITA, I need the older version to administer the Fibre Channel Switches, but I need a newer version to iLO the servers and it is normally when I add new servers that I have to setup the FC switches to connect to the servers AAARRRGGGHHHH.
Last edited by Davit2005; 5th August 2014 at 09:30 AM.
I have a ancient version for a KVM.
There are currently 1 users browsing this thread. (0 members and 1 guests)