Oracle has officially released Java 7, the first major update to the software platform in fiveyears, to include some security updates and several new features.
The new Java 7features include the use of elliptic curve cryptography and the option to switch off weakerencryption schemes. The Java 7 security enhancements also include improvements to Java SecureSocket Extension and TLS communications, which can prevent some potential attacks.
Oracle says the new Java 7 version coexists with the latest Java 6 Update 27 version and is available for download. Oracle stillmakes use of different installers for the 32 and 64-bit versions for all operating systems (Linux,Solaris & Windows).
Writing on the SANS security blog, researcher Raul Siles warned users to disable Java v6.
From a security perspective, if Java 7 is installed (using Windows as the sampleplatform) on a system that already has Java 6 installed, both versions will remain, so if youonly want to run the latest version, ensure you uninstall any previous versions (as we had to do inthe past but with the same major release) and do not leave vulnerable Java 6 releases around, hesaid. Considering Java is one of the most targeted pieces of client software today, be ready forfuture updates on both, Java 6 and Java 7 in your IT environments (perhaps Java 6u28 and Java7u1), and plan in advance on how to manage them.
0 comments:
Post a Comment