RUNNING THIS APPLET: Java security has changed quite a lot over the years and running this
applet has gotten much more complicated.
In part this is because the applet is unsigned. In the Bizarro world of Oracle, unsigned applets are treated as more dangerous than signed applets.
This is backwards for two reasons. First, unsigned applets run in a restricted Java sandbox whereas signed applets are given unrestricted access
to the system. Yes, the sandbox has been buggy and broken, but some security is better than none. Second, it shows a faith in the Certificate
Authority system that is unwarranted.
As of Oct 2014 and Java 7 Update 71 and Java 8 Update 25, the applet above can be run with Java set to the default "high" security level.
There will be assorted "as you sure" type prompts both from Java and your web browser, but it will run. However, this site, javatester.org,
needs to first be added to the "Exception Site List" using the Java Control Panel. When adding sites to the list, you have to
prefix them with HTTP colon slash slash. Java will object to HTTP but it will accept it. There is no HTTPS version of this site. Also, if
you add "javatester.org" to the list, you must then go to "javatester.org" as "www.javatester.org" will fail.
Because it is unsigned, this applet will not run with Java set to the "very high" security level.
|
NEW SECURITY IN JAVA 7 UPDATE 51: January 27, 2014.
Update 51 changed the default security rules for unsigned
Java applets such as the one on this page. By default, Java no longer runs any unsigned applets. In the Java
control panel, the default security level with Update 51 is "High" which Oracle describes as "Java applications identified by a
certificate from a trusted authority will be allowed to run". What this does not say is that unsigned applets will not run, at least
not by default. If you get an error on this page that says "Application blocked by security settings" this is probably why.
One way to run an unsigned applet is to lower the security level to "Medium". The other way is to add trusted
websites to a new exception list that Oracle/Java maintains. This list is not to be confused with the list of trusted applets
that Firefox or Chrome maintains. Yes, there are now three lists of applets that are naughty and nice.
|
YOUR BROWSER LIES: Java 7 Update 10 introduced a new checkbox that disables the use of Java in all browsers.
By and large, this is a good thing, but there seems to be a failure to communicate between Java and many web
browsers. As a result, all the browsers I have tried so far incorrectly report that Java is not installed when, in fact,
it may be installed but this new security feature has been enabled.
As of Java 7 Update 71 and Java 8 Update 25 this is still true on Windows machines. Interestingly, if Java is disabled system-wide for use in
web browsers (its on the Security) tab, both Chrome and Firefox will not even show the Java plug-in as being installed. On the flip side,
Firefox 33 on Windows 7 reports that "Browser has Java disabled" when Java is not installed. |
| JAVA VERSION HISTORY
(Wikipedia has this too) |
JAVA 8 Release History
Java 8 became the default on Windows on Oct 14, 2014. See the Java 8 FAQ
Java 8 is not officially supported on Windows XP
but should work.
Oracle has a release history for Java 7 and 8 and
Release notes for Java 8
Wikipedia also has a release history for Java 8.
|
- As of July 19, 2016 the latest version of Java 8 is Update 101
It is the new security baseline.
It is due to expire October 19, 2016.
- As of April 19, 2016 the latest version of Java 8 is Update 91
It is the new security baseline.
It is due to expire July 19, 2016.
- As of March 23, 2016 the latest version of Java 8 is Update 77
It is the new security baseline.
Like the previous version, it is due to expire April 19, 2016.
- As of February 5, 2016 the latest version of Java 8 is Update 73
The security baseline remains Update 71.
It is due to expire April 19, 2016.
- As of January 19, 2016 the latest version of Java 8 is Update 71
It fixes a bunch of bugs and is the new
security baseline. It is due to expire April 19, 2016.
- As of November 16, 2015 the latest version of Java 8 is Update 66
It fixes a bunch of bugs, yet the
security baseline remains Update 65.
It is due to expire January 19, 2016.
- As of October 20, 2015 the latest version of Java 8 is Update 65
It fixes a bunch of bugs and is the new
security baseline.
It is due to expire January 19, 2016.
- As of August 18, 2015 the latest version of Java 8 is Update 60
It is a "limited update" with no security fixes. The Security Baseline remains Update 51.
Like Update 51, Update 60 is due to expire October 20, 2015.
- As of July 14, 2015 the latest version of Java 8 is Update 51
It fixes 25 security vulnerabilities and is due to expire October 20, 2015.
- As of April 14, 2015 the latest version of Java 8 is Update 45
This release contains 13 bug fixes and
is due to expire July 14, 2015.
- As of March 5, 2015 the latest version of Java 8 is Update 40
This release contains bug fixes
and enhancements but no security related fixes. It is due to expire April 14, 2015. See InfoWorld and The Register.
- As of Jan 20, 2015 the latest version of Java 8 is Update 31
- As of Oct 14, 2014 the latest version of Java 8 is Update 25
This became the default version of Java for new installs.
- As of Aug 19, 2014 the latest version of Java 8 is Update 20
- As of July 15, 2014 the latest version of Java 8 is Update 11
- As of April 15, 2014 the latest version of Java 8 is Update 5
- Java 8 was first released March 18, 2014
|
Java 7 Release History (a.k.a version 1.7.x)
Java 7 was the default for new installations from May 31, 2012 until Oct. 14, 2014
Java 7 is slated for retirement in April 2015
Oracle maintains two current editions of Java 7, a CPU and a PSU.
Use the CPU by default.
Java 7 users will be auto-updated to Java 8 starting in late January 2015
See the official Oracle Release
history for Java 7
See the Wikipedia Release history for Java 7 |
- On July 15, 2015 Java 7 Update 85 was released.
As it is not available publicly, I will no longer maintain this release history.
See the links just above for release histories from Oracle and from Wikipedia.
- On April 14, 2015 Oracle released two editions of Java 7, the CPU and PSU (see link above)
The CPU (Critical Patch Updates) edition is
Update 79
The PSU (Patch Set Update) edition is
Update 80.
Most people should use the CPU edition. Both have the same security related bug fixes.
The Security Baseline is Update 79. Both are set to expire July 14, 2015.
- On Jan 20, 2015 Oracle released two editions of Java 7, the CPU and PSU (see link above)
The CPU (Critical Patch Updates) edition is
Update 75
The PSU (Patch Set Update) edition is
Update 76.
Most people should use the CPU edition. Both have the same security related bug fixes.
The Security Baseline is Update 75. Both are set to expire April 14, 2015.
- As of Oct 14, 2014 the latest version of Java 7 is a tie!
For the first time, there are two latest versions,
Update 71 and
Update 72.
They have the same security related bug fixes but Update 72 includes "additional non-critical stability fixes".
Version 71 is intended
for most users.
The Security Baseline is Update 71. Both are set to expire January 20, 2015.
A computer that can't phone home to Oracle will have both these versions expire February 20, 2015.
- As of Aug 4, 2014 the latest version of Java 7 is Update 67 (replacing
Update 65)
This release fixes one non-security bug.
- As of July 15, 2014 the latest version of Java 7 is Update 65 (replacing
Update 60)
This release fixes 20
bugs and is the new security baseline.
Update 65 is scheduled to expire on October 14, 2014 when the next group of bugs will be fixed
A computer that can't phone home to Oracle will have Update 65 expire Nov. 15, 2014
- As of May 29, 2014 the latest version of Java 7 is Update 60 (replacing
Update 55)
This release fixes a
large number of bugs, but none seem to be security related.
The security baseline remains Update 55.
Update 60 is scheduled to expire on July 15, 2014 the same date as Update 55.
A computer that can't phone home will have Update 60 expire Aug. 15, 2014 (same as Update 55)
- As of April 14, 2014 the latest version of Java 7 is Update 55 (replacing
Update 51)
This release fixes 37 security flaws, 35 of which
are remotely exploitable
Update 55 is scheduled to expire on July 15, 2014 when the next group of bug fixes are released.
A computer that can't phone home (to verify new patches) will have Update 55 expire Aug. 15, 2014.
- As of January 14, 2014 the latest version of Java 7 is Update 51 (replacing
Update 45)
This release fixes 36 bugs, almost all of which are remotely exploitable.
Update 51 is scheduled to expire on April 15, 2014 when the next group of bug fixes are released.
A computer that can't phone home (to verify new patches) will have Update 51 expire May 15, 2014.
- As of October 15, 2013 the latest version of Java 7 is Update 45 (replacing
Update 40)
This releases fixes 51 bugs
and is set to expire on Feb. 14, 2014.
- As of September 11, 2013 the latest version of Java 7 is Update 40 (replacing
Update 25)
This releases fixes a huge number of bugs
and is set to expire on Dec. 10, 2013.
- As of June 18, 2013 the latest version of Java 7 is Update 25 (replacing
Update 21)
As usual many critical bugs were fixed. See the Release Notes.
- As of April 16, 2013 the latest version of Java 7 is Update 21 (replacing
Update 17)
Over 40 bugs were fixed and new security warning messages were introduced
- As of March 4, 2013 the latest version of Java 7 is Update 17 (there was no Update 16).
Security Alert
- As of February 19, 2013 the latest version of Java 7 is Update 15 (there was no Update 14)
- As of February 1, 2013 the latest version of Java 7 is Update 13
(there was no Update 12)
Lots and
lots of bug fixes, including many security vulnerabilities
- As of January 13, 2013 the latest version of Java 7 is Update 11 (Release Notes)
It fixes a big security flaw and everyone using Java 7 should be on Update 11.
- As of December 12, 2012 the latest version of Java 7 is Update 10.
- As of October 17, 2012 the latest version of Java 7 is Update 9 which contains MANY bug fixes.
There was no Update 8.
- As of August 30, 2012 the latest version of Java 7 is Update 7 which contains a HUGE security fix.
- As of August 14, 2012 the latest version of Java 7 is Update 6 which contains no security fixes.
- As of June 12, 2012 the latest version of Java 7 is Update 5 which fixes a ton of bugs.
- As of April 27, 2012 the latest version of Java 7 is Update 4.
Download
According to Oracle: "This release includes bug fixes and performance improvements, including a new JVM, Mac OS X support ... and more!" No security patches.
- As of February 14, 2012 the latest version of Java 7 is Update 3
According to Oracle, "This release contains fixes for security vulnerabilities"
- As of December 13, 2011 the latest version of Java 7 is Update 2
(Download)
This release fixes security vulnerabilities.
- As of October 20, 2011 the latest version of Java 7 is Update 1
- On July 28, 2011 Oracle released version 7 of Java.
|
JAVA 6 Release History (a.k.a Version 1.6.x)
Java 6 is dead (unless you pay for bug fixes), laid to rest in April 2013 .
On May 3, 2012 Java 7 replaced Java 6 as the default for new installations.
See the Oracle Release Notes for public
versions of Java 6
See the Wikipedia Release Notes for all
versions of Java 6
End of Life (EOL) was originally scheduled for Feb 2013. More on this
here and
here and here.
|
- As of March 11, 2015 the latest version of Java 6 is Update 91.
Since the last public release, updates have not been made public,
as far as I know. This makes sense since the updates are only available to paying customers. I discovered the existence of Update 91 in
the release notes for Java 8, which include the security baseline for Java 6.
- As of June 18, 2013 the latest version of Java 6 remains Update 45.
This seems to finally be the end of the line for
Java 6 from Oracle (Java 6 from Apple is another thing). Today Oracle fixed many bugs in Java 7 but did not
release an update to Java 6. See Where can I get the
latest version of Java 6?
- As of April 16, 2013 the latest version of Java 6 is Update 45. (there was no update 44)
- As of March 4, 2013 the latest version of Java 6 is Update 43. (there was no update 42)
- As of February 19, 2013 the latest version of Java 6 is Update 41. (there was no update 40)
- As of February 1, 2013 the latest version of Java 6 is Update 39.
- As of December 12, 2012 the latest version of Java 6 is
Update 38.
- As of October 17, 2012 the latest version of Java 6 is Update 37. It contains
many bug fixes.
There was no Update 36. As of January 11, 2013 there is still no Update 38 available for OS X. Update 38 was
released for Windows on Dec. 12, 2012.
- As of August 30, 2012 the latest version of Java 6 is Update 35.
According to Oracle,
it "contains a security-in-depth fix."
- As of August 14, 2012 the latest version of Java 6 is Update 34
which contains no security fixes.
- As of June 12, 2012 the latest version of Java 6 is Update 33
which fixes a ton of bugs.
- As of April 27, 2012 the latest version of Java 6 is 1.6.0_32 (Version 6 Update 32).
Download
According to Oracle, "This release includes bug fixes and performance improvements." No security patches.
- As of February 14, 2012 the latest version of Java 6 is 1.6.0_31
(Version 6 Update 31)
According to Oracle, "This release contains fixes for security vulnerabilities"
- As of December 13, 2011 the latest version of Java 6 is 1.6.0_30 (Version 6 Update 30)
This release fixes
many bugs, but no security vulnerabilities.
- As of October 20, 2011 the latest version of Java 6 is 1.6.0_29 (Version 6 Update 29)
This release fixes MANY security bugs.
- As of August 24, 2011 the latest version of Java 6 is 1.6.0_27
(Version 6 Update 27)
This release fixes many bugs, but NO security bugs.
- As of June 8, 2011 the latest version of Java 6 is 1.6.0_26 (Version 6 Update 26)
This release does fix security bugs.
|