See my Defensive Computing blog at Computerworld.com  

What Version of Java Are You Using?

On a computer with multiple web browsers, be sure to check the Java version in every browser. I say this because multiple copies of Java can sometimes be installed with different browsers using different copies. Also, Java can be enabled in one browser and disabled in another.
Note: The portion of Java that runs programs is referred to as either the Java Run-time Environment (JRE) or the Java Virtual Machine (JVM).

 Method 1:  Ask Java

This is my favorite - straight from the horse's mouth (so to speak). The Java Run-time Environment is aware of its version and the company that authored it. So I wrote a very simple applet (the source code is on the About page) that gets this information from the JRE and displays it in a pink rectangle.

The version and vendor from the JRE

If Java is working, you will see a pink rectangle above with one line of text that says something like:

Java Version 1.8.0_25 from Oracle Corporation     or
Java Version 1.7.0_67 from Oracle Corporation     or
Java Version 1.6.0_45 from Sun Microsystems Inc.  or
Java Version 1.6.0_33 from Apple Inc.               

Version number translation:   1.6.0_34   is, in English,   Java 6 Update 34
The initial "1" is ignored as is the third digit. Ask Oracle why.
RUNNING THIS APPLET: Java security has changed quite a lot over the years and running this applet has gotten much more complicated.
In part this is because the applet is unsigned. In the Bizarro world of Oracle, unsigned applets are treated as more dangerous than signed applets. This is backwards for two reasons. First, unsigned applets run in a restricted Java sandbox whereas signed applets are given unrestricted access to the system. Yes, the sandbox has been buggy and broken, but some security is better than none. Second, it shows a faith in the Certificate Authority system that is unwarranted.

As of Oct 2014 and Java 7 Update 71 and Java 8 Update 25, the applet above can be run with Java set to the default "high" security level. There will be assorted "as you sure" type prompts both from Java and your web browser, but it will run. However, this site, javatester.org, needs to first be added to the "Exception Site List" using the Java Control Panel. When adding sites to the list, you have to prefix them with HTTP colon slash slash. Java will object to HTTP but it will accept it. There is no HTTPS version of this site. Also, if you add "javatester.org" to the list, you must then go to "javatester.org" as "www.javatester.org" will fail.
Because it is unsigned, this applet will not run with Java set to the "very high" security level.
NEW SECURITY IN JAVA 7 UPDATE 51: January 27, 2014.
Update 51 changed the default security rules for unsigned Java applets such as the one on this page. By default, Java no longer runs any unsigned applets. In the Java control panel, the default security level with Update 51 is "High" which Oracle describes as "Java applications identified by a certificate from a trusted authority will be allowed to run". What this does not say is that unsigned applets will not run, at least not by default. If you get an error on this page that says "Application blocked by security settings" this is probably why.

One way to run an unsigned applet is to lower the security level to "Medium". The other way is to add trusted websites to a new exception list that Oracle/Java maintains. This list is not to be confused with the list of trusted applets that Firefox or Chrome maintains. Yes, there are now three lists of applets that are naughty and nice.
YOUR BROWSER LIES: Java 7 Update 10 introduced a new checkbox that disables the use of Java in all browsers. By and large, this is a good thing, but there seems to be a failure to communicate between Java and many web browsers. As a result, all the browsers I have tried so far incorrectly report that Java is not installed when, in fact, it may be installed but this new security feature has been enabled.
As of Java 7 Update 71 and Java 8 Update 25 this is still true on Windows machines. Interestingly, if Java is disabled system-wide for use in web browsers (its on the Security) tab, both Chrome and Firefox will not even show the Java plug-in as being installed. On the flip side, Firefox 33 on Windows 7 reports that "Browser has Java disabled" when Java is not installed.
  JAVA VERSION HISTORY       (Wikipedia has this too)
 JAVA 8 Release History
  Java 8 became the default on Windows on Oct 14, 2014. See the Java 8 FAQ
  Java 8 is not officially supported on Windows XP but should work.
  Oracle has a release history for Java 7 and 8 and Release notes for Java 8
  Wikipedia also has a release history for Java 8.
  • As of July 14, 2015 the latest version of Java 8 is Update 51
       It fixes 25 security vulnerabilities and is due to expire October 20, 2015.
  • As of April 14, 2015 the latest version of Java 8 is Update 45
       This release contains 13 bug fixes and is due to expire July 14, 2015.
  • As of March 5, 2015 the latest version of Java 8 is Update 40
      This release contains bug fixes and enhancements but no security related fixes.
      It is due to expire April 14, 2015. See InfoWorld and The Register.
  • As of Jan 20, 2015 the latest version of Java 8 is Update 31
  • As of Oct 14, 2014 the latest version of Java 8 is Update 25
      This became the default version of Java for new installs.
  • As of Aug 19, 2014 the latest version of Java 8 is Update 20
  • As of July 15, 2014 the latest version of Java 8 is Update 11
  • As of April 15, 2014 the latest version of Java 8 is Update 5
  • Java 8 was first released March 18, 2014


 Java 7 Release History      (a.k.a version 1.7.x)
  Java 7 was the default for new installations from May 31, 2012 until Oct. 14, 2014
  Java 7 is slated for retirement in April 2015
  Oracle maintains two current editions of Java 7, a CPU and a PSU. Use the CPU by default.
  Java 7 users will be auto-updated to Java 8 starting in late January 2015
  See the official Oracle Release history for Java 7
  See the Wikipedia Release history for Java 7
  • On April 14, 2015 Oracle released two editions of Java 7, the CPU and PSU (see link above)
      The CPU (Critical Patch Updates) edition is Update 79
      The PSU (Patch Set Update) edition is Update 80.
      Most people should use the CPU edition. Both have the same security related bug fixes.
      The Security Baseline is Update 79. Both are set to expire July 14, 2015.
  • On Jan 20, 2015 Oracle released two editions of Java 7, the CPU and PSU (see link above)
      The CPU (Critical Patch Updates) edition is Update 75
      The PSU (Patch Set Update) edition is Update 76.
      Most people should use the CPU edition. Both have the same security related bug fixes.
      The Security Baseline is Update 75. Both are set to expire April 14, 2015.
  • As of Oct 14, 2014 the latest version of Java 7 is a tie!
      For the first time, there are two latest versions, Update 71 and Update 72.
      They have the same security related bug fixes but Update 72 includes "additional non-critical stability fixes".
      Version 71 is intended for most users.
      The Security Baseline is Update 71. Both are set to expire January 20, 2015.
      A computer that can't phone home to Oracle will have both these versions expire February 20, 2015.
  • As of Aug 4, 2014 the latest version of Java 7 is Update 67 (replacing Update 65)
      This release fixes one non-security bug.
  • As of July 15, 2014 the latest version of Java 7 is Update 65 (replacing Update 60)
      This release fixes 20 bugs and is the new security baseline.
      Update 65 is scheduled to expire on October 14, 2014 when the next group of bugs will be fixed
      A computer that can't phone home to Oracle will have Update 65 expire Nov. 15, 2014
  • As of May 29, 2014 the latest version of Java 7 is Update 60 (replacing Update 55)
      This release fixes a large number of bugs, but none seem to be security related.
      The security baseline remains Update 55.
      Update 60 is scheduled to expire on July 15, 2014 the same date as Update 55.
      A computer that can't phone home will have Update 60 expire Aug. 15, 2014 (same as Update 55)
  • As of April 14, 2014 the latest version of Java 7 is Update 55 (replacing Update 51)
      This release fixes 37 security flaws, 35 of which are remotely exploitable
      Update 55 is scheduled to expire on July 15, 2014 when the next group of bug fixes are released.
      A computer that can't phone home (to verify new patches) will have Update 55 expire Aug. 15, 2014.
  • As of January 14, 2014 the latest version of Java 7 is Update 51 (replacing Update 45)
      This release fixes 36 bugs, almost all of which are remotely exploitable.
      Update 51 is scheduled to expire on April 15, 2014 when the next group of bug fixes are released.
      A computer that can't phone home (to verify new patches) will have Update 51 expire May 15, 2014.
  • As of October 15, 2013 the latest version of Java 7 is Update 45 (replacing Update 40)
      This releases fixes 51 bugs and is set to expire on Feb. 14, 2014.
  • As of September 11, 2013 the latest version of Java 7 is Update 40 (replacing Update 25)
      This releases fixes a huge number of bugs and is set to expire on Dec. 10, 2013.
  • As of June 18, 2013 the latest version of Java 7 is Update 25 (replacing Update 21)
      As usual many critical bugs were fixed. See the Release Notes.
  • As of April 16, 2013 the latest version of Java 7 is Update 21 (replacing Update 17)
      Over 40 bugs were fixed and new security warning messages were introduced
  • As of March 4, 2013 the latest version of Java 7 is Update 17 (there was no Update 16). Security Alert
  • As of February 19, 2013 the latest version of Java 7 is Update 15 (there was no Update 14)
  • As of February 1, 2013 the latest version of Java 7 is Update 13 (there was no Update 12)
      Lots and lots of bug fixes, including many security vulnerabilities
  • As of January 13, 2013 the latest version of Java 7 is Update 11 (Release Notes)
      It fixes a big security flaw and everyone using Java 7 should be on Update 11.
  • As of December 12, 2012 the latest version of Java 7 is Update 10.
  • As of October 17, 2012 the latest version of Java 7 is Update 9 which contains MANY bug fixes.
    There was no Update 8.
  • As of August 30, 2012 the latest version of Java 7 is Update 7 which contains a HUGE security fix.
  • As of August 14, 2012 the latest version of Java 7 is Update 6 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 7 is Update 5 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 7 is Update 4.   Download
    According to Oracle: "This release includes bug fixes and performance improvements, including a new JVM, Mac OS X support ... and more!" No security patches.
  • As of February 14, 2012 the latest version of Java 7 is Update 3
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 7 is Update 2   (Download)
    This release fixes security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 7 is Update 1
  • On July 28, 2011 Oracle released version 7 of Java.


 JAVA 6 Release History       (a.k.a Version 1.6.x)
  Java 6 is dead (unless you pay for bug fixes), laid to rest in April 2013 .
  On May 3, 2012 Java 7 replaced Java 6 as the default for new installations.
  See the Oracle Release Notes for public versions of Java 6
  See the Wikipedia Release Notes for all versions of Java 6
  End of Life (EOL) was originally scheduled for Feb 2013. More on this here and here and here.
  • As of March 11, 2015 the latest version of Java 6 is Update 91.
    Since the last public release, updates have not been made public, as far as I know. This makes sense since the updates are only available to paying customers. I discovered the existence of Update 91 in the release notes for Java 8, which include the security baseline for Java 6.
  • As of June 18, 2013 the latest version of Java 6 remains Update 45.
    This seems to finally be the end of the line for Java 6 from Oracle (Java 6 from Apple is another thing). Today Oracle fixed many bugs in Java 7 but did not release an update to Java 6. See Where can I get the latest version of Java 6?
  • As of April 16, 2013 the latest version of Java 6 is Update 45. (there was no update 44)
  • As of March 4, 2013 the latest version of Java 6 is Update 43. (there was no update 42)
  • As of February 19, 2013 the latest version of Java 6 is Update 41. (there was no update 40)
  • As of February 1, 2013 the latest version of Java 6 is Update 39.
  • As of December 12, 2012 the latest version of Java 6 is Update 38.
  • As of October 17, 2012 the latest version of Java 6 is Update 37. It contains many bug fixes.
    There was no Update 36. As of January 11, 2013 there is still no Update 38 available for OS X. Update 38 was released for Windows on Dec. 12, 2012.
  • As of August 30, 2012 the latest version of Java 6 is Update 35.
    According to Oracle, it "contains a security-in-depth fix."
  • As of August 14, 2012 the latest version of Java 6 is Update 34 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 6 is Update 33 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 6 is 1.6.0_32 (Version 6 Update 32).   Download
    According to Oracle, "This release includes bug fixes and performance improvements." No security patches.
  • As of February 14, 2012 the latest version of Java 6 is 1.6.0_31 (Version 6 Update 31)
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 6 is 1.6.0_30 (Version 6 Update 30)
    This release fixes many bugs, but no security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 6 is 1.6.0_29 (Version 6 Update 29)
    This release fixes MANY security bugs.
  • As of August 24, 2011 the latest version of Java 6 is 1.6.0_27 (Version 6 Update 27)
    This release fixes many bugs, but NO security bugs.
  • As of June 8, 2011 the latest version of Java 6 is 1.6.0_26 (Version 6 Update 26)
    This release does fix security bugs.


Java on Mac Computers

Java on OS X is Bundling Crapware, Heres How to Make it Stop from How-To Geek March 17, 2015.

The rest of this topic is a bit dated, so it has been suppressed by default.
At times Java on OS X was complicated as Java 6 came from Apple and Java 7 came from Oracle.




For many years this page had eight other methods of determining the installed version of Java.
But the page got really big, so they are no longer shown by default. But, they are still available: