See my Defensive Computing blog at Computerworld.com  

What Version of Java Are You Using?

On a computer with multiple web browsers, be sure to check the Java version in every browser. I say this because multiple copies of Java can sometimes be installed with different browsers using different copies. Also, Java can be enabled in one browser and disabled in another.
Note: The portion of Java that runs programs is referred to as either the Java Run-time Environment (JRE) or the Java Virtual Machine (JVM).

 Method 1:  Ask Java

This is my favorite - straight from the horse's mouth (so to speak). The Java Run-time Environment is aware of its version and the company that authored it. So I wrote a very simple applet (the source code is on the About page) that gets this information from the JRE and displays it in a pink rectangle.

The version and vendor from the JRE

If Java is working, you will see a pink rectangle above with one line of text that says something like:

Java Version 1.8.0_25 from Oracle Corporation     or
Java Version 1.7.0_67 from Oracle Corporation     or
Java Version 1.6.0_45 from Sun Microsystems Inc.  or
Java Version 1.6.0_33 from Apple Inc.               

Version number translation:   1.6.0_34   is, in English,   Java 6 Update 34
The initial "1" is ignored as is the third digit. Ask Oracle why.
RUNNING THIS APPLET: Java security has changed quite a lot over the years and running this applet has gotten much more complicated.
In part this is because the applet is unsigned. In the Bizarro world of Oracle, unsigned applets are treated as more dangerous than signed applets. This is backwards for two reasons. First, unsigned applets run in a restricted Java sandbox whereas signed applets are given unrestricted access to the system. Yes, the sandbox has been buggy and broken, but some security is better than none. Second, it shows a faith in the Certificate Authority system that is unwarranted.

As of Oct 2014 and Java 7 Update 71 and Java 8 Update 25, the applet above can be run with Java set to the default "high" security level. There will be assorted "as you sure" type prompts both from Java and your web browser, but it will run. However, this site, javatester.org, needs to first be added to the "Exception Site List" using the Java Control Panel. When adding sites to the list, you have to prefix them with HTTP colon slash slash. Java will object to HTTP but it will accept it. There is no HTTPS version of this site. Also, if you add "javatester.org" to the list, you must then go to "javatester.org" as "www.javatester.org" will fail.
Because it is unsigned, this applet will not run with Java set to the "very high" security level.
NEW SECURITY IN JAVA 7 UPDATE 51: January 27, 2014.
Update 51 changed the default security rules for unsigned Java applets such as the one on this page. By default, Java no longer runs any unsigned applets. In the Java control panel, the default security level with Update 51 is "High" which Oracle describes as "Java applications identified by a certificate from a trusted authority will be allowed to run". What this does not say is that unsigned applets will not run, at least not by default. If you get an error on this page that says "Application blocked by security settings" this is probably why.

One way to run an unsigned applet is to lower the security level to "Medium". The other way is to add trusted websites to a new exception list that Oracle/Java maintains. This list is not to be confused with the list of trusted applets that Firefox or Chrome maintains. Yes, there are now three lists of applets that are naughty and nice.
YOUR BROWSER LIES: Java 7 Update 10 introduced a new checkbox that disables the use of Java in all browsers. By and large, this is a good thing, but there seems to be a failure to communicate between Java and many web browsers. As a result, all the browsers I have tried so far incorrectly report that Java is not installed when, in fact, it may be installed but this new security feature has been enabled.
As of Java 7 Update 71 and Java 8 Update 25 this is still true on Windows machines. Interestingly, if Java is disabled system-wide for use in web browsers (its on the Security) tab, both Chrome and Firefox will not even show the Java plug-in as being installed. On the flip side, Firefox 33 on Windows 7 reports that "Browser has Java disabled" when Java is not installed.
  JAVA VERSION HISTORY       (Wikipedia has this too)
 Java 7      (a.k.a version 1.7.x)
  Java 7 was the default for new installations from May 31, 2012 until Oct. 14, 2014
  Java 7 users will be auto-updated to Java 8 in early 2015
  See the official Oracle Release history for Java 7
  • As of Oct 14, 2014 the latest version of Java 7 is a tie!
      For the first time, there are two latest versions, Update 71 and Update 72.
      They have the same security related bug fixes but Update 72 includes "additional non-critical stability fixes".
      Version 71 is intended for most users.
      The Security Baseline is Update 71. Both are set to expire January 20, 2015.
      A computer that can't phone home to Oracle will have both these versions expire February 20, 2015.
  • As of Aug 4, 2014 the latest version of Java 7 is Update 67 (replacing Update 65)
      This release fixes one non-security bug.
  • As of July 15, 2014 the latest version of Java 7 is Update 65 (replacing Update 60)
      This release fixes 20 bugs and is the new security baseline.
      Update 65 is scheduled to expire on October 14, 2014 when the next group of bugs will be fixed
      A computer that can't phone home to Oracle will have Update 65 expire Nov. 15, 2014
  • As of May 29, 2014 the latest version of Java 7 is Update 60 (replacing Update 55)
      This release fixes a large number of bugs, but none seem to be security related.
      The security baseline remains Update 55.
      Update 60 is scheduled to expire on July 15, 2014 the same date as Update 55.
      A computer that can't phone home will have Update 60 expire Aug. 15, 2014 (same as Update 55)
  • As of April 14, 2014 the latest version of Java 7 is Update 55 (replacing Update 51)
      This release fixes 37 security flaws, 35 of which are remotely exploitable
      Update 55 is scheduled to expire on July 15, 2014 when the next group of bug fixes are released.
      A computer that can't phone home (to verify new patches) will have Update 55 expire Aug. 15, 2014.
  • As of January 14, 2014 the latest version of Java 7 is Update 51 (replacing Update 45)
      This release fixes 36 bugs, almost all of which are remotely exploitable.
      Update 51 is scheduled to expire on April 15, 2014 when the next group of bug fixes are released.
      A computer that can't phone home (to verify new patches) will have Update 51 expire May 15, 2014.
  • As of October 15, 2013 the latest version of Java 7 is Update 45 (replacing Update 40)
      This releases fixes 51 bugs and is set to expire on Feb. 14, 2014.
  • As of September 11, 2013 the latest version of Java 7 is Update 40 (replacing Update 25)
      This releases fixes a huge number of bugs and is set to expire on Dec. 10, 2013.
  • As of June 18, 2013 the latest version of Java 7 is Update 25 (replacing Update 21)
      As usual many critical bugs were fixed. See the Release Notes.
  • As of April 16, 2013 the latest version of Java 7 is Update 21 (replacing Update 17)
      Over 40 bugs were fixed and new security warning messages were introduced
  • As of March 4, 2013 the latest version of Java 7 is Update 17 (there was no Update 16). Security Alert
  • As of February 19, 2013 the latest version of Java 7 is Update 15 (there was no Update 14)
  • As of February 1, 2013 the latest version of Java 7 is Update 13 (there was no Update 12)
      Lots and lots of bug fixes, including many security vulnerabilities
  • As of January 13, 2013 the latest version of Java 7 is Update 11 (Release Notes)
      It fixes a big security flaw and everyone using Java 7 should be on Update 11.
  • As of December 12, 2012 the latest version of Java 7 is Update 10.
  • As of October 17, 2012 the latest version of Java 7 is Update 9 which contains MANY bug fixes.
    There was no Update 8.
  • As of August 30, 2012 the latest version of Java 7 is Update 7 which contains a HUGE security fix.
  • As of August 14, 2012 the latest version of Java 7 is Update 6 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 7 is Update 5 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 7 is Update 4.   Download
    According to Oracle: "This release includes bug fixes and performance improvements, including a new JVM, Mac OS X support ... and more!" No security patches.
  • As of February 14, 2012 the latest version of Java 7 is Update 3
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 7 is Update 2   (Download)
    This release fixes security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 7 is Update 1
  • On July 28, 2011 Oracle released version 7 of Java.


 JAVA 8
  Java 8 became the default on Windows on Oct 14, 2014. See the Java 8 FAQ
  Java 8 is not officially supported on Windows XP but should work.
  Oracle has a release history for Java 7 and 8.
  • As of Oct 14, 2014 the latest version of Java 8 is Update 25
      This became the default version of Java for new installs.
  • As of Aug 19, 2014 the latest version of Java 8 is Update 20
  • As of July 15, 2014 the latest version of Java 8 is Update 11
  • As of April 15, 2014 the latest version of Java 8 is Update 5
  • Java 8 was first released March 18, 2014
 

 JAVA 6       (a.k.a Version 1.6.x)
  Java 6 is dead (unless you pay for bug fixes), laid to rest in April 2013 .
  On May 3, 2012 Java 7 replaced Java 6 as the default for new installations.
  See the Release Notes for every version of Java 6
  End of Life (EOL) was originally scheduled for Feb 2013. More on this here and here and here.
  • As of June 18, 2013 the latest version of Java 6 remains Update 45. This seems to finally be the end of the line for Java 6 from Oracle (Java 6 from Apple is another thing). Today Oracle fixed many bugs in Java 7 but did not release an update to Java 6. See Where can I get the latest version of Java 6?
  • As of April 16, 2013 the latest version of Java 6 is Update 45. (there was no update 44)
  • As of March 4, 2013 the latest version of Java 6 is Update 43. (there was no update 42)
  • As of February 19, 2013 the latest version of Java 6 is Update 41. (there was no update 40)
  • As of February 1, 2013 the latest version of Java 6 is Update 39.
  • As of December 12, 2012 the latest version of Java 6 is Update 38.
  • As of October 17, 2012 the latest version of Java 6 is Update 37. It contains many bug fixes.
    There was no Update 36. As of January 11, 2013 there is still no Update 38 available for OS X. Update 38 was released for Windows on Dec. 12, 2012.
  • As of August 30, 2012 the latest version of Java 6 is Update 35.
    According to Oracle, it "contains a security-in-depth fix."
  • As of August 14, 2012 the latest version of Java 6 is Update 34 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 6 is Update 33 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 6 is 1.6.0_32 (Version 6 Update 32).   Download
    According to Oracle, "This release includes bug fixes and performance improvements." No security patches.
  • As of February 14, 2012 the latest version of Java 6 is 1.6.0_31 (Version 6 Update 31)
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 6 is 1.6.0_30 (Version 6 Update 30)
    This release fixes many bugs, but no security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 6 is 1.6.0_29 (Version 6 Update 29)
    This release fixes MANY security bugs.
  • As of August 24, 2011 the latest version of Java 6 is 1.6.0_27 (Version 6 Update 27)
    This release fixes many bugs, but NO security bugs.
  • As of June 8, 2011 the latest version of Java 6 is 1.6.0_26 (Version 6 Update 26)
    This release does fix security bugs.
Java on Macs
For many years Apple Mac users have been stuck with old buggy versions of Java. For whatever reason, Java on the Mac was maintained by Apple, while Java on Windows, Linux and Solaris came from Oracle (previously from Sun). Apple was frequently late in releasing the latest versions of Java for OS X leaving Mac users exposed to known flaws.

Around August 2012, this changed. While Java version 6 for OS X still comes from Apple exclusively, Java version 7 is available from Oracle to users running Lion and Mountain Lion. What has not changed is that Apple is still late in delivering updates. Java 6 Update 38 was released by Oracle for Windows in the middle of Dec. 2012. This was written a month later and Apple has still not released Update 38 for OS X.

Oracle has some technical restrictions for Java 7 running on OS X. First off, Java 7 is only available on an "Intel-based Mac running Mac OS X 10.7.3 (Lion) or later". In addition, Java 7 is not available for Chrome because it only supports 64 bit browsers on OS X. Safari and Firefox are supported. In addition, Oracle notes that "installing Java on a Mac is performed on a system wide basis, for all users, and administrator privileges are required. You cannot install Java on a single-user basis." For more, see How do I get Java support for Mac? from Oracle.

DISABLING JAVA in OS X BROWSERS

If a Mac user only needs Java 6 for an application, they may want to disable it in all their browser(s) using the Java Preferences app (/Applications/Utilities/).

If a Mac user needs Java for a website, they may want to disable it in the browser they use most of the time and leave it enabled in another browser used just on the site(s) where Java is required. Below are instructions to disable Java 6 in OS X browsers:

SAFARI: Go to Preferences, then Security. There is an "Enable Java" checkbox, turn it off.
CHROME: In the address bar enter "about:plugins" without the quotes. Find the Java plugin (the description is "Java Plug-In 2 for NPAPI Browsers", then click the Disable link.
FIREFOX: Click on Tools, then Add-Ons, then Plugins. Look for the Java Deployment Toolkit and/or the Java Platform SE and disable them.
How To Disable Java in your Mac Web Browser
Scared Of Flashback? Here’s How To Disable Java On Your Mac And Stay Safe
How to disable the Java web plug-in in Safari from Apple for OS X 10.4, 10.5, 10.6 and Lion

JAVA OS X RELEASE HISTORY

Oct. 15, 2013
Apple released Java 6 Update 65 for OS X Snow Leopard 10.6.8, Lion 10.7, and Mountain Lion 10.8. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 45.

Sept. 11, 2013: Oracle released a new version of Java 7, Update 40 for Lion and Mountain Lion.

June 18, 2013
Apple released Java 6 Update 51 for OS X despite the fact that Oracle failed to update their copy of Java 6. Apple calls the update "Java for OS X 2013-004". Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 25.

April 16, 2013
Apple released Java 6 Update 45 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 21.

March 4, 2013
Apple released Java 6 Update 43 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 17.

February 19, 2013
Apple released Java 6 Update 41 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 15.

February 1, 2013
Apple released Java 6 Update 39 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 13. See Java updates available for OS X on February 1, 2013.

January 14, 2013
Oracle released Java 7 Upate 11 for Lion and Mountain Lion.

October 17, 2012
Java 6 Update 37 for OS X was released by Apple the day after it was released by Oracle for Windows and Linux. It is available for Snow Leopard 10.6.8, Lion 10.7 and Mountain Lion 10.8. However, on Lion and Mountain Lion, Apple no longer allows Java 6 in web browsers. On these systems, users now have to download Java 7 from Oracle to use Java applets in web pages.

September 5, 2012
Java 6 Update 35 was released by Apple. They went from Update 33 to Update 35. This update is available on Snow Leopard (10.6) and the two Lion editions of OS X (10.7 and 10.8). It is not available for Leopard. On Snow Leopard, Apple refers to this update as "Java for Mac OS X 10.6 Update 10." On the Lions, Apple refers to this update as "Java for OS X 2012-005."

August 30, 2012
Java 7 Update 7 was released by Oracle

June 12, 2012
Java for Macs was updated to version 1.6.0_33 (version 6 Update 33) on OS X v10.6.8 and later (get it) and OS X Lion v10.7.something, a.k.a. version 2012-004 (get it).
According to Apple: "This update configures web browsers to not automatically run Java applets. Re-enable Java applets by clicking the region labeled "Inactive plug-in" on a webpage. If no applets have been run for an extended period of time, the Java web plug-in will deactivate."
Older versions of OS X were not updated.
See some useless apple documentation.

April 3, 2012
Important security updates issued. See More than 600,000 Macs infected with Flashback botnet and Java update for OS X patches Flashback malware exploit. Mac users running OS X 10.5 Leopard should not use Java, because Apple has stopped supporting Java on Leopard. The last version of Java for OS X 10.5 has known bugs that will not be fixed.
Java for Mac OS X 10.6 Update 7 updates Java to 1.6.0_31
Java for Mac OS X 10.7 Lion 2012-001 updates Java to v1.6.0_31

For many years this page had eight other methods of determining the installed version of Java.
But the page got really big, so they are no longer shown by default. But, they are still available: