Never one to skimp on patches, Oracle is expected to release 113 of them tomorrow as part of its quarterly Critical Patch Update.
The company also clarified that Java 7 versions will continue to work on the end-of-life Microsoft Windows XP platform and Oracle security updates for Java on XP machines will continue.
“This end of support announcement has been misread as ‘Java no longer works on Windows XP’ or ‘Oracle will stop Java updates from being applied on Windows XP.’ These statements are not correct,” said Oracle vice-president of product management in the Java Platform Group Henrik Stahl. “We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future. In particular, we expect that JDK 7 will continue to work on Windows XP.”
The same cannot be said for JDK 8, Oracle said, which is not supported on XP. JDK 8, in fact, has known issues with the installer and likely won’t load onto an XP computer.
“The important point here is that we can no longer provide complete guarantees for Java on Windows XP, since the OS is no longer being updated by Microsoft,” Stahl said. “We strongly recommend that users upgrade to a newer version of Windows that is still supported by Microsoft in order to maintain a stable and secure environment.”
Support for JDK 7 from Oracle, meanwhile, runs out next April. Oracle, Stahl said, may continue to support Java 7 users with security patches if use remains relatively high.
Java SE patches, ranging from version 5 update 65 through version 8 update 5, are expected among tomorrow’s quarterly CPU. Oracle announced that it expects to release 20 new security patches for Java tomorrow, all of which could be remotely exploited without authentication. The vulnerabilities affect not only Java SE, but also JRockit, Oracle’s Java Virtual Machine built into Oracle Fusion Middleware.
Separately, there will be 29 patches for Fusion Middleware, 27 enable remote code execution, Oracle said. Fusion Middleware is the most affected product by tomorrow’s patches; vulnerable components being patched include GlassFish Server, iPlanet Web Server and WebLogic Server among others.
Oracle Database Server will also be patched for five vulnerabilities, one of them remotely exploitable, while there will be 10 patches released for MySQL Server, none of which are remotely exploitable.
Oracle is also expected to patch Oracle Hyperion, Oracle Enterprise Manger Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle People Soft and Siebel CRM suites, Oracle Communications Applications, Oracle Retail Applications, Sun Systems Products Suite and Oracle Virtualization.