See my Defensive Computing blog at Computerworld.com  

What Version of Java Are You Using?

On a computer with multiple web browsers, be sure to check the Java version in every browser. I say this because multiple copies of Java can sometimes be installed with different browsers using different copies. Also, Java can be enabled in one browser and disabled in another.
Note: The portion of Java that runs programs is referred to as either the Java Run-time Environment (JRE) or the Java Virtual Machine (JVM).

 Method 1:  Ask Java

This is my favorite - straight from the horse's mouth (so to speak). The Java Run-time Environment is aware of its version and the company that authored it. So I wrote a very simple applet (the source code is on the About page) that gets this information from the JRE and displays it in a pink rectangle.

The version and vendor from the JRE

If Java is working, you will see a pink rectangle above with one line of text that says something like:

Java Version 1.7.0_21 from Oracle Corporation     or
Java Version 1.6.0_45 from Sun Microsystems Inc.  or
Java Version 1.6.0_33 from Apple Inc.               

Version number translation:   1.6.0_34   is, in English,   Java 6 Update 34
The initial "1" is ignored as is the third digit. Ask Oracle why.
NEW SECURITY IN JAVA 7 UPDATE 51: January 27, 2014.
Update 51 changed the default security rules for unsigned Java applets such as the one on this page. By default, Java no longer runs any unsigned applets. In the Java control panel, the default security level with Update 51 is "High" which Oracle describes as "Java applications identified by a certificate from a trusted authority will be allowed to run". What this does not say is that unsigned applets will not run, at least not by default. If you get an error on this page that says "Application blocked by security settings" this is probably why.

One way to run an unsigned applet is to lower the security level to "Medium". The other way is to add trusted websites to a new exception list that Oracle/Java maintains. This list is not to be confused with the list of trusted applets that Firefox or Chrome maintains. Yes, there are now three lists of applets that are naughty and nice. When adding a site to Oracles exception list, you need to start the entry with "HTTP://" or "HTTPS://".

Oracle has, arguably, done the totally wrong thing here. Unsigned applets run inside a sandbox that walls them off from the rest of your computer. At least they are walled off when one of the hundreds and hundreds of bugs in Java are not being exploited. In contrast, signed applets run outside the sandbox and can do anything the operating system allows. Reasonable people might well consider signed applets the much greater security risk. And that whole "trusted certificate authority" bit is really a scam.
YOUR BROWSER LIES: Java 7 Update 10 introduced a new checkbox that disables the use of Java in all browsers. By and large, this is a good thing, but there seems to be a failure to communicate between Java and many web browsers. As a result, all the browsers I have tried so far incorrectly report that Java is not installed when, in fact, it may be installed but this new security feature has been enabled. Just an FYI.
  RECENT JAVA VERSIONS       (see also Wikipedia)
 Version 1.7.x (a.k.a Java 7) Release Notes history   Download Here
  • As of January 14, 2014 the latest version of Java 7 is Update 51 (replacing Update 45)
      This release fixes 36 bugs, almost all of which are remotely exploitable.
       Update 51 is scheduled to expire on April 15, 2014 when the next group of bug fixes are released.
       A computer that can't phone home (to verify new patches) will have Update 51 expire May 15, 2014.
  • As of October 15, 2013 the latest version of Java 7 is Update 45 (replacing Update 40)
      This releases fixes 51 bugs and is set to expire on Feb. 14, 2014.
  • As of September 11, 2013 the latest version of Java 7 is Update 40 (replacing Update 25)
      This releases fixes a huge number of bugs and is set to expire on Dec. 10, 2013.
  • As of June 18, 2013 the latest version of Java 7 is Update 25 (replacing Update 21)
      As usual many critical bugs were fixed. See the Release Notes.
  • As of April 16, 2013 the latest version of Java 7 is Update 21 (replacing Update 17)
      Over 40 bugs were fixed and new security warning messages were introduced
  • As of March 4, 2013 the latest version of Java 7 is Update 17 (there was no Update 16). Security Alert
  • As of February 19, 2013 the latest version of Java 7 is Update 15 (there was no Update 14)
  • As of February 1, 2013 the latest version of Java 7 is Update 13 (there was no Update 12)
      Lots and lots of bug fixes, including many security vulnerabilities
  • As of January 13, 2013 the latest version of Java 7 is Update 11 (Release Notes)
      It fixes a big security flaw and everyone using Java 7 should be on Update 11.
  • As of December 12, 2012 the latest version of Java 7 is Update 10.
  • As of October 17, 2012 the latest version of Java 7 is Update 9 which contains MANY bug fixes.
    There was no Update 8.
  • As of August 30, 2012 the latest version of Java 7 is Update 7 which contains a HUGE security fix.
  • As of August 14, 2012 the latest version of Java 7 is Update 6 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 7 is Update 5 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 7 is Update 4.   Download
    According to Oracle: "This release includes bug fixes and performance improvements, including a new JVM, Mac OS X support ... and more!" No security patches.
  • As of February 14, 2012 the latest version of Java 7 is Update 3
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 7 is Update 2   (Download)
    This release fixes security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 7 is Update 1
  • On July 28, 2011 Oracle released version 7 of Java.
 Version 1.6.x (a.k.a Java 6 Update x)   Release Notes History
 NOTE: Java 6 is now dead, unless you are willing to pay for bug fixes. It was scheduled to die (End of Life or EOL) in February 2013 but actually got its last free bug fix in April 2013. See also this and this and this.
  • As of June 18, 2013 the latest version of Java 6 remains Update 45. This seems to finally be the end of the line for Java 6 from Oracle (Java 6 from Apple is another thing). Today Oracle fixed many bugs in Java 7 but did not release an update to Java 6. See Where can I get the latest version of Java 6?
  • As of April 16, 2013 the latest version of Java 6 is Update 45. (there was no update 44)
  • As of March 4, 2013 the latest version of Java 6 is Update 43. (there was no update 42)
  • As of February 19, 2013 the latest version of Java 6 is Update 41. (there was no update 40)
  • As of February 1, 2013 the latest version of Java 6 is Update 39.
  • As of December 12, 2012 the latest version of Java 6 is Update 38.
  • As of October 17, 2012 the latest version of Java 6 is Update 37. It contains many bug fixes.
    There was no Update 36. As of January 11, 2013 there is still no Update 38 available for OS X. Update 38 was released for Windows on Dec. 12, 2012.
  • As of August 30, 2012 the latest version of Java 6 is Update 35.
    According to Oracle, it "contains a security-in-depth fix."
  • As of August 14, 2012 the latest version of Java 6 is Update 34 which contains no security fixes.
  • As of June 12, 2012 the latest version of Java 6 is Update 33 which fixes a ton of bugs.
  • As of April 27, 2012 the latest version of Java 6 is 1.6.0_32 (Version 6 Update 32).   Download
    According to Oracle, "This release includes bug fixes and performance improvements." No security patches.
  • As of February 14, 2012 the latest version of Java 6 is 1.6.0_31 (Version 6 Update 31)
    According to Oracle, "This release contains fixes for security vulnerabilities"
  • As of December 13, 2011 the latest version of Java 6 is 1.6.0_30 (Version 6 Update 30)
    This release fixes many bugs, but no security vulnerabilities.
  • As of October 20, 2011 the latest version of Java 6 is 1.6.0_29 (Version 6 Update 29)
    This release fixes MANY security bugs.
  • As of August 24, 2011 the latest version of Java 6 is 1.6.0_27 (Version 6 Update 27)
    This release fixes many bugs, but NO security bugs.
  • As of June 8, 2011 the latest version of Java 6 is 1.6.0_26 (Version 6 Update 26)
    This release does fix security bugs.
NOTE: On May 3, 2012 Oracle changed the version of Java installed by default on Windows from 6 to 7.
The last edition of v6 installed by default was Update 32. The first default edition of v7 was Update 4.
Java on Macs
For many years Apple Mac users have been stuck with old buggy versions of Java. For whatever reason, Java on the Mac was maintained by Apple, while Java on Windows, Linux and Solaris came from Oracle (previously from Sun). Apple was frequently late in releasing the latest versions of Java for OS X leaving Mac users exposed to known flaws.

Around August 2012, this changed. While Java version 6 for OS X still comes from Apple exclusively, Java version 7 is available from Oracle to users running Lion and Mountain Lion. What has not changed is that Apple is still late in delivering updates. Java 6 Update 38 was released by Oracle for Windows in the middle of Dec. 2012. This was written a month later and Apple has still not released Update 38 for OS X.

Oracle has some technical restrictions for Java 7 running on OS X. First off, Java 7 is only available on an "Intel-based Mac running Mac OS X 10.7.3 (Lion) or later". In addition, Java 7 is not available for Chrome because it only supports 64 bit browsers on OS X. Safari and Firefox are supported. In addition, Oracle notes that "installing Java on a Mac is performed on a system wide basis, for all users, and administrator privileges are required. You cannot install Java on a single-user basis." For more, see How do I get Java support for Mac? from Oracle.

DISABLING JAVA in OS X BROWSERS

If a Mac user only needs Java 6 for an application, they may want to disable it in all their browser(s) using the Java Preferences app (/Applications/Utilities/).

If a Mac user needs Java for a website, they may want to disable it in the browser they use most of the time and leave it enabled in another browser used just on the site(s) where Java is required. Below are instructions to disable Java 6 in OS X browsers:

SAFARI: Go to Preferences, then Security. There is an "Enable Java" checkbox, turn it off.
CHROME: In the address bar enter "about:plugins" without the quotes. Find the Java plugin (the description is "Java Plug-In 2 for NPAPI Browsers", then click the Disable link.
FIREFOX: Click on Tools, then Add-Ons, then Plugins. Look for the Java Deployment Toolkit and/or the Java Platform SE and disable them.
How To Disable Java in your Mac Web Browser
Scared Of Flashback? Here’s How To Disable Java On Your Mac And Stay Safe
How to disable the Java web plug-in in Safari from Apple for OS X 10.4, 10.5, 10.6 and Lion

JAVA OS X RELEASE HISTORY

Oct. 15, 2013
Apple released Java 6 Update 65 for OS X Snow Leopard 10.6.8, Lion 10.7, and Mountain Lion 10.8. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 45.

Sept. 11, 2013: Oracle released a new version of Java 7, Update 40 for Lion and Mountain Lion.

June 18, 2013
Apple released Java 6 Update 51 for OS X despite the fact that Oracle failed to update their copy of Java 6. Apple calls the update "Java for OS X 2013-004". Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 25.

April 16, 2013
Apple released Java 6 Update 45 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 21.

March 4, 2013
Apple released Java 6 Update 43 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 17.

February 19, 2013
Apple released Java 6 Update 41 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 15.

February 1, 2013
Apple released Java 6 Update 39 for OS X, the same day that Oracle released it for Windows and Linux. Java 7 for Lion and Mountain Lion was updated today by Oracle to Update 13. See Java updates available for OS X on February 1, 2013.

January 14, 2013
Oracle released Java 7 Upate 11 for Lion and Mountain Lion.

October 17, 2012
Java 6 Update 37 for OS X was released by Apple the day after it was released by Oracle for Windows and Linux. It is available for Snow Leopard 10.6.8, Lion 10.7 and Mountain Lion 10.8. However, on Lion and Mountain Lion, Apple no longer allows Java 6 in web browsers. On these systems, users now have to download Java 7 from Oracle to use Java applets in web pages.

September 5, 2012
Java 6 Update 35 was released by Apple. They went from Update 33 to Update 35. This update is available on Snow Leopard (10.6) and the two Lion editions of OS X (10.7 and 10.8). It is not available for Leopard. On Snow Leopard, Apple refers to this update as "Java for Mac OS X 10.6 Update 10." On the Lions, Apple refers to this update as "Java for OS X 2012-005."

August 30, 2012
Java 7 Update 7 was released by Oracle

June 12, 2012
Java for Macs was updated to version 1.6.0_33 (version 6 Update 33) on OS X v10.6.8 and later (get it) and OS X Lion v10.7.something, a.k.a. version 2012-004 (get it).
According to Apple: "This update configures web browsers to not automatically run Java applets. Re-enable Java applets by clicking the region labeled "Inactive plug-in" on a webpage. If no applets have been run for an extended period of time, the Java web plug-in will deactivate."
Older versions of OS X were not updated.
See some useless apple documentation.

April 3, 2012
Important security updates issued. See More than 600,000 Macs infected with Flashback botnet and Java update for OS X patches Flashback malware exploit. Mac users running OS X 10.5 Leopard should not use Java, because Apple has stopped supporting Java on Leopard. The last version of Java for OS X 10.5 has known bugs that will not be fixed.
Java for Mac OS X 10.6 Update 7 updates Java to 1.6.0_31
Java for Mac OS X 10.7 Lion 2012-001 updates Java to v1.6.0_31

 Method 2: Windows Control Panel (updated Jan. 12, 2013)

Java, like any normal Windows application, shows up in the list of installed programs in the Control Panel. In Windows XP, select Add or Remove Programs. In Windows 7, click on Programs and Features. Note however, that just because Java is installed, does not mean that any particular web browser on your computer is using it. Java can be disabled system-wide or disabled in one particular browser.

For Java version 6, the Name column displays a user-friendly "Java (TM) 6 Update 37". This would appear at the top of this page as "1.6.0_37". The version column, under Windows 7, displays this same version information as 6.0.370. Yes, three different formats for the same information. This is typical with Java.

Java 7 appears as "Java 7 Update 10" in the Name column, but the version is 7.0.100.

In old days, Java version 1.5.0, looked like: "J2SE Runtime Environment 5.0 Update 6". J2SE meant Java. Runtime Environment refers to the JVM (Java Virtual Machine). 5.0 meant 1.5.0. Update 6 refered to the version of version 1.5.0. In English, it meant Java version 1.5.0_06. Way back, with Sun's Java version 1.4.2, the Control Panel entry looked like "Java 2 Runtime Environment, SE v1.4.2._06". This meant that version 1.4.2_06 was installed on the computer.

The Control Panel also offers access to the Java Control Panel (the "Java" entry). On the General tab, click the About button to see the installed version. This works for both Java 6 and Java 7.

 Method 3: OS X Snow Leopard 10.6 (updated Feb. 10, 2013)

Java 6 (from Apple, not Oracle) was pre-installed on Snow Leopard. Java 7 is not available.

To see the installed version of Java 6, go to the Applications -> Utilities folder and run the Java Preferences program.

Another way to see the Java version is with the

java -version
command in Terminal.

NOTE: Java 6 is updated on Snow Leopard using the standard Software Update feature of the operating system.

According to Oracle (Note for Users of Macs that Include Apple Java 6 Plug-in) there can be multiple copies of Java 6 installed. They say: "If you have not yet installed Apple's Java Mac OS X 2012-006 update, then you are still using a version of Apple Java 6 that includes the plug-in and the Java Preferences app. ... The Applications -> Utilities -> Java Preferences application is part of Apple's implementation of Java ... Under Apple's implementation of Java, it was possible to have multiple JREs installed, and the Java Preferences app was used to determine the first compatible version that would be used."

 Method 4: OS X Lions (Updated March 15, 2013 | Feb 10, 2013)

The situation on Lion (10.7) and Mountain Lion (10.8) is confusing. Java was not pre-installed by Apple. These systems can have either Java 6, Java 7 or both installed. Java 6 comes from Apple, Java 7 from Oracle. Each works a bit differently. For example, there can be multiple copies of Java 6 installed, but Java 7 only allows a single version. At the time this was written, I did not have access to a Mac running Lion or Mountain Lion, so I can not personally verify the below.

If Java 6 is the only installed version of Java, then determining its version is probably the same on OS X 10.7 and 10.8 as documented above for 10.6. However, Java 6 is able to run applets in web pages on Snow Leopard (10.6) but not in Lion (10.7) and Mountain Lion (10.8).

According to Oracle, there are two ways to determine the installed version of Java 7:

  1. From System Preferences click the Java icon from the Other category. This launches the Java Control Panel. Click About...
    If there is no Java icon under System Preferences, then Java 7 is not installed.

  2. Type the following in a Terminal window:
     % /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -version

John Martellaro at Macobserver says that you can learn the installed version of Java 7 from the Java Control Panel (System Preferences -> Java). Go to the Java tab and click on the View button.

Updating Java 7: Java does not yet self-update. While the checking for new versions is automatic, the actual software update is manual. From the Apple menu, chose System Preferences, then View, then Java to see the Java Control Panel. Go to the Update tab and click on the Update Now button.

A Mac that was upgraded from Java 6 to Java 7 is the most confusing case. In October 2012, Paul Ducklin of Sophos wrote "Keeping track of which Java version you have, and whether it's the latest and most secure, can be a bit tricky, especially for Apple users." He notes that after the update, Java applications default to using version 6, whereas online applets default to version 7.

Apple's Java 6 was able to run applets (Java programs in web pages) on Lion and Mountain Lion until October 2012, when Apple upgraded Java 6 from Update 35 to Update 37 (see the Java for OS X 2012-006 update). According to Oracle, the 2012-006 update from Apple uninstalled the Apple-provided Java applet plug-in from all web browsers. This meant that to run Java applets on websites, Mac users needed to install Java 7 from Oracle. But the story does not end there.

Apple offers instructions (How to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality) on how to disable Java 7 and re-enable the Java 6 browser plug-in. And Oracles Mac OS X Platform Install FAQ has instructions for running Java 6 on an OS X system that has Java 7 installed, in a command line environment.

Note 1: An installed JRE from Oracle will not appear in the Java Preferences.app.

Note 2: If you are viewing this page with the Chrome browser on an OS X system with Java 7 installed, the applet at the top of the page will not work. This is because Java 7 on Lion and Mountain Lion is 64 bit, while Chrome is 32 bit. Java 7 on Lion and Mountain Lion works with Safari and Firefox.

Note 3: Oracles JRE 7 Installation for Mac OS X points out that Java 7 on a Mac is installed on a system wide basis, for all users, and that administrator privileges are required. Java 7 cannot be installed for a single user.

Note 4: Java 7 Update 6 and later requires OS X 10.7.3 (Lion) or later.

 Method 5: Java command on Windows

On Windows XP, open a command window and enter the following command

java -version

The output will look something like:

java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
Java HotSpot(TM) Client VM (build 20.6-b01, mixed mode, sharing)

You can also use the command   "java -fullversion"   and produce output such as:

java full version "1.6.0_17-b04"

As of Windows 7, this no longer works (not sure about Vista). It produces the error shown below, which is also produced on an XP machine without any version of Java from Oracle installed.

'java' is not recognized as an internal or external command, operable program or batch file.

 Method 6:  Firefox on Windows (updated Jan. 11, 2013)

(1) Mozilla, the company behind Firefox, has a plugin checker page that both reports the installed version of Java and whether it is "up to date" or "outdated" (last verified with Firefox 18). Java 7 Update 10 is reported as "Java(TM) Platform SE 7 U10". Java 6 Update 37 is reported as "Java(TM) Platform SE 6 U37".

(2) In Firefox 18, do Tools -> Add-ons, then click on Plugins in the left side column. Java 6 Update 37 will display as "Java(TM) Platform SE 6 U37 6.0.370.6". It will also say "Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers". Java 7 Update 10 will display as "Java(TM) Platform SE 7 U10 10.10.2.18". It will also say "Next Generation Java Plug-in 10.10.2 for Mozilla browsers".

(3) In Firefox 18, you can enter go to the address bar and enter:

about:plugins

Java 7 Update 10 is identified here as "Java(TM) Platform SE 7 U10." Java 6 Update 37 is identified here as "Java(TM) Platform SE 6 U37".

 Method 7: Windows Java Systray Icon (updated Jan. 12, 2013)

If the Java coffee cup is displayed in the Windows System Tray (a.k.a Notification area) you can right click on it and select "About Java Technology" to open a window showing the installed version of Java. The display of this Java icon is optional and can be configured in the Java Control Panel on the Advanced tab. In my experience, the default is to display the icon in Java 6 but suppress it in Java 7.

 Method 8: JavaScript

March 2010: This JavaScript based approach was offered by Malcolm at nuearth dot com. Sun provides a 16k JavaScript file with handy functions, one of which will test the version of Java installed.See their advice on using the script. DeployJava usage is described in the deployment toolkit script. The following sample script will check and see if the proper version of Java is installed and will display a message if not.

-- In Head----
   [script src="http://java.com/js/deployJava.js"][/script]
---In Bbody-----
[div id="dynamiccontent" ][/div]
[script type="text/javascript"]
deployJava.do_initialize();
var java_message ='Products XYZ requires Java 7 or higher. Download from www.java.com'
function altercontent()
{if( deployJava.versionCheck("1.7")==false )
    { if (document.all)  {dynamiccontent.innerHTML=java_message;}
      else if (document.getElementById)
            {rng = document.createRange();
             el = document.getElementById("dynamiccontent");
             rng.setStartBefore(el);
             htmlFrag = rng.createContextualFragment(java_message);
             while (el.hasChildNodes()) { el.removeChild(el.lastChild);  }
             el.appendChild(htmlFrag);
           }
    }
}
window.onload=altercontent
[/script]

 Method 9: Other Java Testers

Other Testers page list other Java Testers in addition to testers for Flash, QuickTime, and more.