Java.com

Download Help

Help Resources


Get Java Installation Help Now

Java 7 Release Highlights


This article applies to:
  • Java version(s): 7.0

This page highlights changes impacting end users for each Java release. More information about changes can be found in the release notes for each release.
» Java 7 release dates

Java 7 Update 55 (7u55)

Release Highlights
  • The frequency of some security dialogs has been reduced on systems that run the same Rich Internet Application (RIA) multiple times.
  • Using "*" in Caller-Allowable-Codebase Attribute
    If a stand-alone asterisk (*) is specified as the value for the Caller-Allowable-Codebase attribute, then calls from JavaScript code to RIA will show a security warning, and users have the choice to allow the call or block the call. For more information, see JAR File Manifest Attributes for Security documentation.
  • Disabling Sponsor Offers in the Java Installer
    During the installation of Java, users may be presented with the option of downloading and installing sponsor offers, such as browser add-ons, or security software. With 7u55 and later releases of Java, sponsor offers can be bypassed entirely by using "SPONSORS=0" as an option, when installing Java via the command line:
    • Manually download the 32bit online installer for 7u55 to your local machine.
    • Click the Windows Start Button/Menu. From the available Menu choices, select the 'Search box' and enter the text "command" in it.
    • A list of matches will appear. Select 'Command Prompt' from the available Programs list.
    • Navigate to the folder containing the downloaded installer, e.g.:
      cd c:\Users\<username>\Downloads
    • To start the installation, in the Command Prompt window type:
      jre-7u55-windows-i586-iftw.exe SPONSORS=0
    The option to disable sponsors will persist across all future updates and re-installs of Java. Note that sponsor offers, and therefore this functionality, is only applicable to online 32bit JRE installers and Auto Update mechanisms for the Windows operating system. FAQ
  • Bug Fix: Java plugin compatibility with Windows 8.1 IE 11 enhanced protected mode
    Starting in this release Java Plug-in is compatible with Windows Enhanced Protected Mode (EPM) on Windows 8.1 and IE 11. You should no longer see any warning related to EPM when trying to run an applet in Internet Explorer (IE). There is a special case for 64-bit Windows - EPM requires both 32-bit and 64-bit Plug-in installed. Please make sure you have both 32-bit and 64-bit JRE installed, otherwise there will be a warning from IE, but Java Plug-in will still run under EPM.
Java Expiration Date

The expiration date for 7u55 is July 15, 2014. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u55) on August 15, 2014. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u55 Release notes


Java 7 Update 51 (7u51)

Security Feature Enhancements
  • Changes to Security Slider
    • Block Self-Signed and Unsigned applets on High Security Setting
    • Require Permissions Attribute for High Security Setting
    • Warn users of missing Permissions Attributes for Medium Security Setting
  • Restore Security Prompts - Clear Remembered Trust Decisions
    In Java 7u51, users are given an option to restore the security prompts for any prompts that were hidden prior to installing the latest release. It is recommended that users restore security prompts every 30 days to ensure better protection.
    A trust decision occurs when the user has selected the Do not show this again option in a security prompt. To show the prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown. See Restore Security Prompts under the Security section of the Java Control Panel.
  • Exception Site List
    The Exception Site List feature allows end users to run Java applets and Java Web Start applications (also known as Rich Internet Applications) that do not meet the latest security requirements. Rich Internet Applications that are hosted on a site in the exception site list are allowed to run with the applicable security prompts. See the Exception Site List FAQ for more information.
Other Changes
  • Update jarsigner to encourage timestamping
    Timestamping for a signed jar is now strongly recommended. The Jarsigner tool will print out an informational warning at signing or verifying when timestamp is missing. For more information see Signing JAR Files.
  • Bug Fix: Clarify jar verifications. The jarsigner tool prints out more messages when there are severe warnings and -strict is on. Read the tooldoc(link) for details.
Java Expiration Date

The expiration date for 7u51 is April 15, 2014. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u51) on May 15, 2014. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u51 Release notes


Java 7 Update 45 (7u45)

Security Feature Enhancements
  • Restore Security Prompts
    A new button is available in the Java Control Panel to clear previously remembered trust decisions. A trust decision occurs when the user has selected the Do not show this again option in a security prompt. To show the prompts that were previously hidden, click Restore Security Prompts. When asked to confirm the selection, click Restore All. The next time an application is started, the security prompt for that application is shown. See Restore Security Prompts under the Security section of the Java Control Panel.
  • Protections Against Unauthorized Redistribution of Java Applications
    Starting with 7u45, application developers can specify new JAR Manifest file attributes which: Developers can refer to JAR File Manifest attributes for more information.
Java Expiration Date

The expiration date for 7u45 is February 14, 2014. After this date, Java will provide additional warnings and reminders to update to the newer version.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u45 Release notes


Java 7 Update 40 (7u40)

Security Feature Enhancements
  • Options Removed for Unsigned and Self-signed Applications
    Starting with Java 7 Update 40, the option for Do not show this again for this app is no longer available. Unlike previous versions, users cannot suppress the security dialog for an unsigned application and will have to select the option, I accept the risk and want to run this app each time to run the unsigned application.
  • New Security Warning for Unsigned and Self-signed Applications
    Message added Running unsigned applications like this will be blocked in a future release because it is potentially unsafe and a security risk.
  • Default x.509 Certificates Have Longer Key Length
    Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. In order to avoid the compatibility issue, users who use X.509 certificates with RSA keys less than 1024 bits are recommended to update their certificates with stronger keys. For more information, see Java PKI Programmer's Guide or JSSE Reference Guide.
User Experience Enhancements
  • Retina Display support on Mac OS X
Other Changes
  • Bug fix: Aborting the update after clicking Update on the Java version is insecure warning message forwards all applets to java.com/download.
    When an older Java version is installed on the system, launching a web page with an applet prompts the user with Java version is insecure message. If the user clicks on the Update button on the message but later aborts the update process, the user is automatically redirected to java.com/download page. This is not expected behavior. The issue is fixed in the 7u40 release.
  • Bug fix: Expired (but otherwise valid) certificate are not blocked at Very High Security Level. The issue is fixed in the 7u40 release.
  • Deployment Rule Set (for System and Desktop Administrators)
    Starting with 7u40, a new Deployment Rule Set feature is available for enterprises that manage their Java desktop environment directly, and provides a way for enterprises to continue using legacy business applications in an environment of ever-tightening Java applet and Java Web Start application security policies.
  • Option to disable the Java version is out of date warning
    For businesses that manage the update process centrally, a new deployment property can be used to disable the Java version is out of date warning. For more information, see Deployment Configuration File and Properties.
  • Local Applets return NULL for DocumentBase (for Developers)
    Beginning with 7u40, an applet's getDocumentBase() method will return NULL when the applet is running from the local file system.
Java Expiration Date

The expiration date for 7u40 is December 10, 2013. After this date, Java will provide additional warnings and reminders to update to the newer version.

» 7u40 Release notes


Java 7 Update 25 (7u25)

Security Feature Enhancements
  • Changes to Security Dialogs
    Security dialogs added for certificate revocation.
  • Certificate Revocation
    Before signed Java applets and Java Web Start applications are run, the signing certificate is checked to ensure that it has not expired or been revoked. Advanced options in the Java Control Panel can be set to manage the checking process.
  • New JAR Manifest File Attributes
    7u25 release introduces the permissions and codebase attributes in the JAR Manifest File. Application developers can use these attributes to verify that the application is requesting the correct permissions level and is accessed from the correct location.
  • LiveConnect Blocked under Some Conditions
    LiveConnect calls from JavaScript to Java API are blocked when the Java Control Panel security slider is set to Very High level, or when the slider is at the default High level and the JRE has either expired or is below the security baseline.
Java Expiration Date

The expiration date for 7u25 is November 15, 2013. After this date, Java will provide additional warnings and reminders to update to the newer version.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u25 Release notes


Java 7 Update 21 (7u21)

Security Feature Enhancements
User Experience Enhancements
Java Expiration Date

The expiration date for 7u21 is July 18, 2013. After this date, Java will provide additional warnings and reminders to update to the newer version.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u21 Release notes


Java 7 Update 17 (7u17)

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-1493.

» 7u17 Release notes


Java 7 Update 15 (7u15)

Auto-update and manual update of Java 6 will replace Java 6 with Java 7

When updating from Java 6, the update mechanism will not only install the latest version of Java 7 but will also remove the highest version of Java 6 on the system. This change will happen when the system is updated via the auto-update mechanism or by checking from updates directly from the Java Control Panel.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u15 Release notes


Java 7 Update 13 (7u13)

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u13 Release notes


Java 7 Update 11 (7u11)

Default Security Level Setting Changed to High

The default security level for Java applets and web start applications has been increased from Medium to High. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the High setting the user is always warned before any unsigned application is run to prevent silent exploitation.

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422.

» 7u11 Release notes


Java 7 Update 10 (7u10)

Platform Support
  • Support for Mac OS X 10.8 and Windows 8 Desktop mode
Security Feature Enhancements
  • The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • New dialogs to warn you when the Java Runtime Environment (JRE) is insecure (either expired or below the security baseline) and needs to be updated.
Java Expiration Date

Starting with 7u10, all JREs will contain a hard-coded expiration date. The expiration date is calculated to end after the scheduled release of the next Critical Patch Update. After this date, Java will provide additional warnings and reminders to update to the newer version.

» 7u10 Release notes


Java 7 Update 9 (7u9)

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u9 Release notes


Java 7 Update 7 (7u7)

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2012-4681.

» 7u7 Release notes


Java 7 Update 6 (7u6)

Platform Support
  • Support for Mac OS X 10.7.3 and above
Security Feature Enhancement
Dialogs updated for apps signed with trusted certs
  • Always trust content from this publisher is unchecked by default
  • More detailed messaging in dialogs

» 7u6 Release notes


Java 7 Update 5 (7u5)

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u5 Release notes


Java 7 Update 4 (7u4)

Platform Support
  • JDK Support for Mac OS X 10.7.3 and above
Security Feature Enhancement
  • Multi-action required for self-signed apps

» 7u4 Release notes


Java 7 Update 3 (7u3)

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

» 7u3 Release notes


Java 7 Update 2 (7u2)

Enhanced Security Through Old Release Warnings

If users have a version of Java on their systems that is below the security baseline, a warning message is displayed before an application or an applet can be run.

» 7u2 Release notes


Java 7 Update 1 (7u1)

This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE Critical Patch Update advisory.

» 7u1 Release notes


Java 7 Release

» JDK and JRE 7 Release notes


We think you might also be interested in:

Select Language | About Java | Support | Developers
Privacy | Terms of Use | Trademarks | Disclaimer

Oracle