Oracle released on Tuesday the Java standard edition version 7 update 40. Java 7u40 includes fixes for a long list of bugs and a number of new features as well.

The most notable security patch appears to be a fix for a plugin deployment bug that failed to block expired certificates for users that were operating at the “very high” security level. You can find the entire list of bugs resolved with this update on Oracle’s bug fixes page.

Oracle is also making two new features available to users with commercial licenses, one called flight recorder and another called mission control. The Java flight recorder feature creates a record of the development process in the Java virtual machine and the mission control feature provides developers with an interface to roll back the clock and access that record, essentially allowing them to revisit any part of the development process. Java SE product manager Aurelio Garcia-Ribeyro explained in a video hosted on Oracle’s website that the features will be particularly useful for fixing bugs that emerge after an application has been deployed.

“The idea is you will be able to find out things that only happen in production,” Garcia-Ribeyro explained. “So there are some bugs that you cannot see because you need to have the application leaking memory for 30 days or something. For those types of bugs, that’s when you need mission control and flight recorder.”

Java SE 7u40 also shipped with a new local security policy. Garcia-Ribeyro explains that Oracle has a problem: though they regularly ship new versions of Java SE that contain new features and vulnerability fixes, many of their enterprise users choose not to install these updates because they are running older applications that may not be compatible with the newer versions of Java SE.

The local security policy will give the administrators at these enterprises the ability to choose which particular applications can access each specific version of the Java runtime environment, allowing them to run old Java versions for old applications and the most up-to-date Java versions for newer applications and limit their exposure to security vulnerabilities.

The latest edition of the JDK has also disabled the “remember this decision” feature that automatically approved self-signed applets. All unsigned and self-signed applets will now need to be approved on a per-use basis.

Categories: Web Security

Comment (1)

Comments are closed.