The investigating agency Kaspersky Labs uncovered in mid January that the Red October attackers used the Rhino exploit in Java as an additional delivery vector.
Oracle has published a major security update for Java. The update was originally scheduled for February 19th, but was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".
The last publicly available release of Java 6 is to be released on February 19th 2013. After that date all new security updates, patches, and fixes for both the runtime and SDK of Java SE 6 will only be available through My Oracle Support, and will therefore only be available to users with a commercial license with Oracle.
Following a spate of high-profile security issues, Oracle's head of Java Security, Milton Smith, is promising that the vendor will fix issues with the platform, and improve its communication to community members.
VMware's SpringSource team have recently announced plans for Spring 4.0, the next update to the framework, with new features including support for Java SE 8, Groovy 2, parts of Java EE 7, and WebSockets. InfoQ spoke to Spring framework co-founder Juergen Hoeller to find out more about the plans.
On top of repeated security breaches to the Java browser plug-in, the long-established practice of including unrelated browser add-ons with the Java runtime installer is giving end-users another reason to avoid the Java platform.
Oracle today released Java 7u11 with security fixes for remote code execution vulnerabilities related to escaping the applet sandbox through crafted reflection API calls. Read on to find out more about it, and how to find out if you are affected or not.
JSR 337 expert group has ratified Oracle chief architect Mark Reinhold's proposal to defer Project Jigsaw to Java 9. Were the stated reasons sufficient motivation for this deferment?
Following refactoring work carried out over the summer to simplify and refine the API, JSR 310, the long running Java Specification Request led by Stephen Colebourne to replace Java's complex date APIs, has been added to the feature list for Java 8. It is expected to arrive in January 2013’s milestone 6 release.
Brian Goetz, Java Language Architect at Oracle and specification lead for the Lambda expressions project, has announced that mailing lists for JSR 335 will be made publicly available.
Java developers across the ecosystem have been swift to react to Mark Reinhold's announcement last week that project Jigsaw, Oracle's planned modularity framework for Java, will now be delayed until Java 9.
Mark Reinhold has announced on his blog that the Java Jigsaw modularity proposal has been moved from inclusion in Java SE 8 and deferred into Java SE 9. This will allow Java SE 8 to be released on schedule in August 2013, whilst the modularity proposal can be refined with wider visibility for inclusion in August 2015's Java SE 9 release.
Oracle have today released NetBeans 7.1, with a strong emphasis on GUI enhancements. The product includes developer support for JavaFX 2.0, significant updates to the Swing Builder (Matisse), and tools for visual debugging of both JavaFX and Swing user interfaces. For web GUI, NetBeans continues to flesh out its already strong HTML 5 coverage, adding support for CSS3.
Just before Christmas, Oracle released a second update to Java SE 7, and a 30th for Java SE 6. As part of the Java 7 release, the Java Development Kit (JDK) now includes the SDK for developing JavaFX applications and, the JavaFX Runtime is now installed with the JRE.
On October 18th, Oracle released Java 7 Update 1, bringing Java 7 much needed stability and fixing a critical issue. InfoQ takes a look at what new performance improvements are included.