The company released patches from 98 security issues in its products, 14 in Java
Computerworld | Apr 15, 2015 4:44 AM PT
Oracle released patches for 98 security issues across a wide range of products, including 14 in Java. This marks the last free patch for Java 7, and users are being encouraged to upgrade to version 8.
Three of the Java vulnerabilities patched Tuesday have the maximum severity score of 10 in the Common Vulnerability Scoring System (CVSS), which means that they can be exploited over the network without authentication and can lead to a full compromise of the system’s confidentiality and integrity.
The end of free Java 7 security patches is “huge news,” according to John Matthew Holt, chief technology officer at application security firm Waratek. Holt said it will cause “enormous headaches and disruption to millions of application owners around the world.”
“Oracle’s rapid end of life schedule for Java versions is great for innovation and language evolution,” Holt said via email. “However, there is a dangerous tradeoff: now millions of Java 7 applications will have to defend themselves against code level vulnerabilities without the benefit of future fixes.”