Java 7 Update 10 (7u10) and newer versions now include a feature that will notify the user when the version of Java being used is out of date or has known security vulnerabilities and an updated version that fixes those vulnerabilities is available for download.
When you encounter a page that includes a Java application and your version of Java is considered out of date, the Java Update Needed message will be shown. We recommend that you click Update to open the java.com download page to get the latest version of Java. If you chose to click Block the Java plug-in will be disabled in the browser and Java applications can not be run in the browser until Java is updated.
If you are unable to complete the installation of Java, you may encounter an issue, getting redirected to Java.com when visiting a page with a Java application.
Java versions below Java 7 Update 25 (7u25) will show the message Your Java version is insecure, rather than Your Java version is out of date.
Message formatting varies based on operating systems.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin.
For systems unable to reach the Oracle Servers, a secondary mechanism expires the JRE. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version. Users receiving expiration date messages are strongly encouraged to update Java to the latest release. For more information see JRE Expire Date. (docs.oracle.com)