Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that. “Oracle plans to deprecate ...

This is to prevent drive-by-downloads, as Oracle explains: This affects the conditions under which unsigned (sandboxed) Java web applications can run.

Oracle has released Java 7 Update 13 to address two vulnerabilities in its software, one of which was being exploited in the wild.

Two of the critical flaws, in Java’s 2D component (CVE-2016-0494) and in Java’s AWT (CVE-2015-8126), can only be exploited through sandboxed Java Web Start applications and Java applets.

The technology company Oracle is retiring its Java browser plug-in. The software is widely used to write programs that run in web browsers.

Java Network Launch Protocol (JNLP) files are used to launch applications from a hosted web server on a remote desktop client. Software such as Java Plug-in and Java Web Start programs use JNLP ...

CVE-2016-0636, which affected Oracle Java SE 7u97, 8u73 and 8u74, scored a 9.3 on the CVSS 2.0. In this CPU, Oracle reminded affected users to apply the fixes if they haven’t already done so.

For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run.

Oracle will support Java Web Start in Java 8 until March 2025 and products that have dependencies on Web Start will be supported on a timeline determined by those products.