With widespread security concerns over Java vulnerabilities, Oracle released an updated version titled Java 7 last Tuesday. The new standard edition version 7 update 40, Java 7u40, fixes an array of bugs found in earlier versions, introduces new security features, and secures the coding language better.
Oracle’s official bug fixes page lists the most relevant and highly vulnerable fixes made in the new Java version. The most prominent of them all is the plugin deployment bug. It was the reason behind the issue where users with ‘high security level’ browsing were allowed to enter websites which has expired SSL Certificate because the program didn’t block them. Not to mention, it didn’t even display a warning message which led to serious losses for consumers.
Flight Recorder & Mission Control
The company has added two new security features which will be part of the commercial licenses; namely, Flight Recorder and Mission Control.
The purpose of using flight recorder is to record the entire development process in Java virtual machine. Mission control works closely with this technology, allowing developers to visit any part of the development process to identify issues and roll back to a particular time in order to promote stability in the Java platform. Product manager, Aurelio, explained in a video that the new features will help fix bugs that often rise after an application is successfully deployed.
Security features in the updated version favor commercial license owners to access the entire development cycle; usually only available for program developers. By using this feature, they can better assess what their company requires, remove or roll back components to increase stability with performance, and have increased control over the Java platform. When some bugs cannot be seen at all and have been an issue for a long time, the developer can make use of mission control and flight recorder to identify the leak.
Local Security Policy
Java 7 has a local security policy with the enterprise edition that allows administrators to specify the set of applications that will be given access to Java run time environment. They can chose to allow older Java versions to run with older software programs and the latest ones will have access to newer versions; a wise move to patch security vulnerabilities. Latest JDK forces users will approve unsigned and self-signed applets manually. The “remember this decision” for auto approving self-signed applets has been disabled.