Java™ SE Development Kit 7, Update 11 (JDK 7u11)

The full version string for this update release is 1.7.0_11-b21 (where "b" means "build") and the version number is 7u11.

Olson Data 2012i

JDK 7u11 contains Olson time zone data version 2012i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u11 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String) 7 1.7.0_11 6 1.6.0_37 5.0 1.5.0_38 1.4.2 1.4.2_40

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Reminder

If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel.

If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422.

In addition, the following change has been made:

Area: deploy

Synopsis: Default Security Level Setting Changed to High

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Known Issues

Area: deploy/jcp

Synopsis: The Java Control Panel Doesn't Show Security Level Slider

In the 7u10 release of the JRE, a slider was added to the Security tab of the Java Control Panel (JCP). This slider allows you to set the level of security of apps that run in the browser (by using Java Plugin) to Very High, High, Medium, or Low. In some cases, when a standalone copy of JavaFX 2.x has also been installed, the Security tab of the JCP does not display the security level slider.

Workaround: Uninstall the standalone JavaFX 2.x.

Area: deploy

Synopsis: Problems with Registration of Plugin on Systems with Stand-alone Version of JavaFX Installed

Problems with Registration of Plugin on Systems with Stand-alone Version of JavaFX Installed Users that have a JRE 6 release, Java FX 2.x release and JRE 7 all installed will have problems upgrading to the latest JRE 7 release due to a bug in version comparison logic.

Workaround: Uninstall the standalone JavaFX 2.x.

For more information, see 8005410 (will be fixed in the next update release).