Oracle has officially released Java 7, the first major update to the software platform in five years, to include...
some security updates and several new features.
The new Java 7 features include the use of elliptic curve cryptography and the option to switch off weaker encryption schemes. The Java 7 security enhancements also include improvements to Java Secure Socket Extension and TLS communications, which can prevent some potential attacks.
Oracle says the new Java 7 version coexists with the latest Java 6 Update 27 version and is available for download. Oracle still makes use of different installers for the 32 and 64-bit versions for all operating systems (Linux, Solaris & Windows).
Writing on the SANS security blog, researcher Raul Siles warned users to disable Java v6.
“From a security perspective, if Java 7 is installed (using Windows as the sample platform) on a system that already has Java 6 installed, both versions will remain, so if you only want to run the latest version, ensure you uninstall any previous versions (as we had to do in the past but with the same major release) and do not leave vulnerable Java 6 releases around,” he said. “Considering Java is one of the most targeted pieces of client software today, be ready for future updates on both, Java 6 and Java 7 in your IT environments (perhaps Java 6u28 and Java 7u1), and plan in advance on how to manage them.”