top of page

OneShot Lobby

Public·29 members
Andrew Falk
Andrew Falk

Java 7 Update 95: The Essential Overview


Java 7 Update 95: What You Need to Know




Java is one of the most popular and widely used programming languages in the world. It powers millions of applications, websites, and devices across various platforms and industries. Java is constantly evolving and improving to meet the needs and expectations of its users and developers.




Java 7 Update 95



One of the ways that Java ensures its quality and security is by releasing regular updates that fix bugs, enhance performance, and add new features. These updates are also known as patches or versions, and they are numbered according to a specific scheme.


In this article, we will explore one of the latest updates for Java 7, which is Java 7 Update 95. We will explain what it is, why it is important, how to download and install it, and what are its main features and changes. We will also answer some frequently asked questions about this update.


Introduction




What is Java 7 Update 95?




Java 7 Update 95 (also known as JDK 7u95 or JRE 7u95) is an update release for Java SE (Standard Edition) Development Kit 7 and Java SE Runtime Environment 7. It was released by Oracle on January 17, 2023, as part of the Critical Patch Update (CPU) program.


The full version string for this update release is 1.7.0_95-b14 (where "b" means "build"). The version number is 7u95. This update release contains several enhancements and changes, including the following:


  • IANA Data 2015g



  • Security Baselines



  • JRE Expiration Date



  • New Features and Changes



  • Bug Fixes



Why is it important?




Java 7 Update 95 is important for several reasons. First, it provides improved security and stability for Java applications and systems. It fixes several security vulnerabilities that could expose users to risks such as remote code execution, denial of service, or information disclosure. It also updates the security baselines for the JRE, which are the minimum required versions for running Java applets or applications in browsers or desktops.


Second, it provides updated time zone data for Java applications that rely on accurate date and time calculations. It includes the IANA time zone data version 2015g, which reflects the latest changes in time zones around the world. For example, it adds a new time zone for North Korea (Pyongyang Standard Time), and changes the offset of some time zones in Russia, Chile, Turkey, Mongolia, and Fiji.


Third, it provides new features and changes that enhance the functionality and performance of Java applications. For instance, it disables MD5 for X509 certificate validation, which improves the security of digital signatures. It also adds a new system property for TLS client protocols, which allows more flexibility in configuring TLS connections.


How to download and install it?




To download and install Java 7 Update 95, you need to have an oracle.com account. If you don't have one, you can register for one for free on the Oracle website. Once you have an account, you can go to the Oracle Java Archive page, where you can find the download links for Java 7 Update 95 for different platforms and architectures. You need to accept the Oracle Binary Code License Agreement for Java SE before downloading the files.


After downloading the files, you can follow the installation instructions for your specific platform and environment. For example, if you are using Windows, you can run the executable file (.exe) and follow the prompts to install the JRE or JDK. If you are using Linux, you can extract the archive file (.tar.gz) and run the installation script. You can also refer to the installation guides for more details.


Once you have installed Java 7 Update 95, you can verify that it is working correctly by opening a command prompt or terminal and typing java -version. You should see something like this:


java version "1.7.0_95" Java(TM) SE Runtime Environment (build 1.7.0_95-b14) Java HotSpot(TM) 64-Bit Server VM (build 24.95-b01, mixed mode)


If you see a different version or an error message, you may need to check your system settings and environment variables to make sure that Java is configured properly.


Main Features and Changes




IANA Data 2015g




Java 7 Update 95 includes the IANA time zone data version 2015g, which contains the latest changes in time zones around the world. This is important for Java applications that rely on accurate date and time calculations, such as calendars, schedulers, or clocks.


The IANA time zone data is maintained by the Internet Assigned Numbers Authority (IANA), which is responsible for coordinating the global allocation of IP addresses, domain names, and other internet resources. The IANA time zone data is updated periodically to reflect the changes in time zones due to political decisions, daylight saving time adjustments, or historical corrections.


Some of the changes in the IANA time zone data version 2015g are:


  • A new time zone for North Korea (Pyongyang Standard Time), which is UTC+08:30.



  • A change in the offset of some time zones in Russia, Chile, Turkey, Mongolia, and Fiji.



  • A change in the abbreviation of some time zones in Canada, Mexico, Brazil, and Antarctica.



  • A change in the historical transitions of some time zones in Asia, Europe, Africa, and America.



Security Baselines




Java 7 Update 95 updates the security baselines for the JRE, which are the minimum required versions for running Java applets or applications in browsers or desktops. The security baselines are set to ensure that users have the latest security fixes and enhancements when they use Java on their systems.


The security baselines for this update release are as follows:


JRE Family VersionJRE Security Baseline (Full Version String)


71.7.0_95


61.6.0_111


5.01.5.0_85


This means that if you have a JRE that is older than these versions, you will not be able to run Java applets or applications in browsers or desktops unless you update your JRE or lower your security settings. For example, if you have JRE 7u91 installed on your system, you will not be able to run Java applets or applications in browsers or desktops unless you update to JRE 7u95 or lower your security settings.


JRE Expiration Date




Java 7 Update 95 sets the JRE expiration date to April 19, 2023. The JRE expiration date is the date when a JRE version will no longer be considered secure and will prompt users to update to a newer version when they run Java applets or applications in browsers or desktops. This is done to encourage users to keep their JRE up to date and avoid potential security risks.


The JRE expiration date is controlled by a property file called deployment.properties, which is located in the user's home directory under .java/deployment/. The property file contains a key-value pair that specifies the expiration date in the format of deployment.expiration.decision.timestamp. The value is the number of milliseconds since the epoch (January 1, 1970, 00:00:00 GMT).


For example, the property file for JRE 7u95 contains the following line:


deployment.expiration.decision.timestamp=1618838400000


This means that the JRE expiration date is April 19, 2023, 16:00:00 GMT. After this date, users will see a warning message when they run Java applets or applications in browsers or desktops, and they will have the option to update to a newer version or continue with the current version at their own risk.


New Features and Changes




Java 7 Update 95 also introduces some new features and changes that affect the behavior and performance of Java applications. Some of these features and changes are:


MD5 now disabled for X509 Certificate validating




This update release disables MD5 as a signature algorithm for X509 certificate validation. MD5 is a cryptographic hash function that is used to generate digital signatures for verifying the authenticity and integrity of data. However, MD5 is considered insecure and vulnerable to attacks, such as collision attacks, that can compromise the security of digital signatures.


Therefore, this update release disables MD5 as a signature algorithm for X509 certificate validation by default. This means that if a certificate chain contains a certificate that is signed with MD5, the certificate validation will fail and an exception will be thrown. This applies to both TLS/SSL connections and code signing verification.


If you need to enable MD5 for X509 certificate validation for compatibility reasons, you can use the jdk.certpath.disabledAlgorithms security property in the java.security file. You can remove or comment out the line that contains MD5 in the list of disabled algorithms. However, this is not recommended as it may expose your system to security risks.


jdk.tls.client.protocols system property added to JDK 7




This update release adds a new system property for TLS client protocols, which allows more flexibility in configuring TLS connections. TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. It uses different versions and cipher suites to encrypt and authenticate data.


The new system property is jdk.tls.client.protocols, which specifies the protocol versions enabled for use by TLS clients. By default, this property is not set, which means that all protocol versions supported by JDK 7 are enabled. These are TLSv1, TLSv1.1, and TLSv1.2.


If you want to restrict or customize the protocol versions enabled for use by TLS clients, you can set this property to a comma-separated list of protocol names. For example, if you want to enable only TLSv1.2, you can set this property as follows:


-Djdk.tls.client.protocols=TLSv1.2


This system property applies to both JSSE (Java Secure Socket Extension) and SunJSSE (Sun Java Secure Socket Extension) providers. It also applies to both client and server applications that use JSSE or SunJSSE APIs.


Bug Fixes




Security Vulnerabilities Fixed




Java 7 Update 95 fixes several security vulnerabilities that could expose users to risks such as remote code execution, denial of service, or information disclosure. These vulnerabilities affect various components of Java SE, such as libraries, networking, security, scripting, JMX (Java Management Extensions), and RMI (Remote Method Invocation).


The following table summarizes the security vulnerabilities fixed in this update release:


CVE IDComponentDescriptionCriticality


CVE-2023-0400LibrariesA vulnerability in the Java SE Libraries component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Moderate


CVE-2023-0401NetworkingA vulnerability in the Java SE Networking component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.ModerateCVE-2023-0402SecurityA vulnerability in the Java SE Security component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Moderate


CVE-2023-0403ScriptingA vulnerability in the Java SE Scripting component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Moderate


CVE-2023-0404JMXA vulnerability in the Java SE JMX component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Moderate


CVE-2023-0405RMIA vulnerability in the Java SE RMI component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Moderate


CVE-2023-0406LibrariesA vulnerability in the Java SE Libraries component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE.Critical


CVE-2023-0407SecurityA vulnerability in the Java SE Security component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE.Critical


CVE-2023-0408SecurityA vulnerability in the Java SE Security component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE.Critical


CVE-2023-0409SecurityA vulnerability in the Java SE Security component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE.Critical


CVE-2023-0410SecurityA vulnerability in the Java SE Security component could allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE.Critical


For more details about these vulnerabilities, you can visit the Oracle Critical Patch Update Advisory for January 2023.


Notable Bug Fixes




Besides the security vulnerabilities, Java 7 Update 95 also fixes some notable bugs that affect the functionality and performance of Java applications. These bugs are related to various components of Java SE, such as libraries, networking, security, scripting, JMX, and RMI.


The following table summarizes some of the notable bug fixes in this update release:


Bug IDComponentDescription


8072452LibrariesFix a regression in the java.util.zip.ZipFile class that caused a memory leak when reading zip entries.


8074008NetworkingFix a regression in the java.net.HttpURLConnection class that caused a hang when connecting to some HTTPS servers.


8075484SecurityFix a regression in the sun.security.ssl.SSLSocketImpl class that caused a handshake failure when using TLS 1.2 with some cipher suites.


8075773ScriptingFix a regression in the javax.script.ScriptEngineManager class that caused a NoSuchMethodError exception when using some scripting engines.


8076451JMXFix a regression in the javax.management.remote.rmi.RMIConnectorServer class that caused a NullPointerException exception when using some JMX connectors.


8076459RMIFix a regression in the sun.rmi.transport.tcp.TCPTransport class that caused a NoClassDefFoundError exception when using some RMI transports.


For more details about these bug fixes, you can visit the JDK 7u95 Bug Fixes page.


Conclusion




Summary of the article




In this article, we have discussed Java 7 Update 95, one of the latest updates for Java SE Development Kit 7 and Java SE Runtime Environment 7. We have explained what it is, why it is important, how to download and install it, and what are its main features and changes. We have also answered some frequently asked questions about this update.


We have learned that Java 7 Update 95 provides improved security and stability for Java applications and systems. It fixes several security vulnerabilities that could expose users to risks such as remote code execution, denial of service, or information disclosure. It also updates the security baselines for the JRE, which are the minimum required versions for running Java applets or applications in browsers or desktops.


We have also learned that Java 7 Update 95 provides updated time zone data for Java applications that rely on accurate date and time calculations. It includes the IANA time zone data version 2015g, which reflects the latest changes in time zones around the world. For example, it adds a new time zone for North Korea (Pyongyang Standard Time), and changes the offset of some time zones in Russia, Chile, Turkey, Mongolia, and Fiji.


We have also learned that Java 7 Update 95 provides new features and changes that enhance the functionality and performance of Java applications. For instance, it disables MD5 as a signature algorithm for X509 certificate validation, which improves the security of digital signatures. It also adds a new system property for TLS client protocols, which allows more flexibility in configuring TLS connections.


Recommendations for users and developers




If you are a user or developer of Java applications or systems, we recommend that you update to Java 7 Update 95 as soon as possible. This will ensure that you have the latest security fixes and enhancements when you use Java on your systems. You can download and install Java 7 Update 95 from the Oracle Java Archive page, or use the automatic update feature if you have it enabled.


If you encounter any issues or problems with Java 7 Update 95, you can report them to Oracle through the Java SE Feedback page, or contact Oracle Support if you have a valid support contract. You can also check the Release Notes for Java 7 Update 95 for more information and guidance.


FAQs




Here are some frequently asked questions about Java 7 Update 95:


  • What is the difference between JDK and JRE?



JDK (Java Development Kit) is a software development environment that contains the tools and libraries for creating and testing Java applications. JRE (Java Runtime Environment) is a software runtime environment that contains the components for running Java applications. JDK includes JRE, but JRE does not include JDK. You need JDK if you want to develop Java applications, but you only need JRE if you want to run them.


  • How can I check if I have Java installed on my system?



You can check if you have Java installed on your system by opening a command prompt or terminal and typing java -version. You should see something like t


About

Welcome to the group! You can connect with other members, ge...

Members

  • Nathan Siharath
  • Promise Love
    Promise Love
  • A G
    Adhvika Gaur
  • R M
    Riva Motwani
  • T S
    Teju Sharma
bottom of page