Oracle Takes Action on Java Security
Lead Java developer vows policy changes and more attention to fixing problems.
Java has spent considerable time in the headlines recently because of a string of significant security issues, many of them affecting web servers and other Internet-based web applications. Oracle, which has owned and maintained Java since purchasing Sun Microsystems in 2009, publicly addressed those issues in a blog post announcing several policy changes regarding future Java development and updates. In a post at the Oracle Security Assurance blog, lead Java developer Nandini Ramani outlined the changes.
The first change described in the post is an effort to speed up security fixes and updates. Recent patch updates have included a record number of fixes, and Oracle pledges to continue operating at this accelerated rate. In a move that might be controversial with Java's user and developer base, the team is integrating the Java security update schedule with the Oracle Critical Patch Update system used for other Oracle products. In other words, Java security updates will no longer be handled as a separate process but will fall under the overall Oracle security update system. This move will undoubtedly reduce Java's independence, but it might lead to the inclusion of more systematic security testing.
The company is also planning to work on "addressing the limitations of the existing Java in browser trust/security model." Changes will give the end user and system administrator more control over the security environment. Additional changes include modifications to signed applet policies and default plug-in security.
Issue 268/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.
-
Linux Mint 21.1 Now Available with Plenty of Look and Feel Changes
Vera has arrived and although it is still using kernel 5.15, there are plenty of improvements sure to please everyone.