Security enhancements in Java SE 7 update 10

Oracle has updated the standard edition of the Java platform with the release of Java SE 7 update 10. The update contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8.

The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications.

The levels run from Low, where most unsigned apps will run unprompted unless they request an old version of Java or want to request protected resources, to Very High, where any Java app in the browser will generate a prompt and, if the current version of Java is regarded as insecure, no unsigned apps will run. Between Low and Very High are Medium, where unsigned apps only run unprompted if the current version of Java installed is considered secure, and High, where all unsigned Java apps induce a prompt.

The new functionality also allows the sandbox warning banner to be enabled or disabled and allows JNLP apps to ask the user for increased access or not. Further details of the security level are available. The levels can be configured in the Java Control Panel or, only on Windows, through the command line. The developers have also added new dialogs to warn of out of date or insecure Java runtimes.

Among the bug fixes is a fix for a Windows command line issue which saw wildcard expansions in the class path not working on Windows. The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site.

(djwm)