Latest News: insert Special Offer

Out-of-date Java versions and risk of serious security vulnerabilities

One of our users of Liquid Notes today pointed out that Oracle has started pushing the latest build of Java 8, Update 31, to users. With the installer of that version comes a tool that checks for out-of-date versions of Java on your machine.

While that is a good thing to clean your system of out-of-date versions of Java, many of you will be surprised by the text it reads in that tool when detecting any old version of Java: "Your machine is at risk for serious security vulnerabilities. It is highly recommended that you promptly uninstall out-of-date versions."

Find herewith more information on this issue.

Java installer and out-of-date version detection

First of all, and probably most important, there is no need to panic should this message appear on your machine. This is unfortunate and inapt wording by Oracle - it certainly doesn't build much trust with end users, especially in light of the security concerns surrounding Java that arose last year.

While we are not the developers of Java and hence do not have the level of insight that Oracle's engineers have, no additional critical threats or exploits have been discussed publicly by the Java team. This also includes old versions of the runtime.

Interestingly, the Java 8 installer will display above message also if you have been running the very latest build of Java on your machine. Also, it will try to remove out-of-date versions from your machine which may lead to Liquid Notes not working anymore (Note: Liquid Notes doesn't support Java 8 at the moment).

Check the list of Java versions to be uninstalled

You can prevent this from happening by checking the list of out-of-date Java versions foreseen to be uninstalled. In the Java dialog box, click on See List of the Java versions and verify what versions are being presented there.

On Windows, Liquid Notes supports both Java 6 and 7. On Mac OS X only Java 6 is supported presently. Make sure that you deselect either of these versions so they do not get uninstalled by the Java update service.

We are already working on establishing compatibility with Java 8, however this requires thorough testing as it has been done with previous versions of Java before we can release the software.

blog comments powered by Disqus