Oracle Ships Java 7 Update 11 With Vulnerability Fixes

An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."

Re:And I still can't use it....

[c0lo]

I think Double.NaN is your problem here... Not Java.

If an API call doesn't sanitize/check its input but causes a core dump, then it's the API problem, not the callers'.

Re:Is this really a fix?

[hairyfeet]

A better question would be when is somebody gonna step up and stop slapping band aids on the bullet wound that is JavaScript and come up with something better. JavaScript was never designed for security, nor really built for all this "Web 3.0" crap and the way the web has evolved either you fuck the website owners or you risk getting pwned. You block all ads with ABP like I do by default for my users? The rate of infection drops right off the scale, pretty much the only infections you see after that is when they choose to download something funky.

Frankly its time to come up with something new, something designed with security in mind and by default sandboxing that won't allow a single webpage to call 3 dozen other addresses just to build the page. HTML V5 is a mess and worse than Flash in every single way, CPU, memory, bandwidth, its just terrible, and you feel sorry for these little sites that say "please don't block us" but as long as they keep getting ads from third parties with no control or accountability what else can you do?

The mess that is Java is just a symptom of a much larger problem, that website builders want and need to do more than plain JavaScript can do but at the same time the way you can just drop a link into any website and have it call up a malware server halfway around the world and have it dump shit right onto your PC is totally fucked up. We sent guys to the fricking moon, surely we can come up with a new language that will give website builders the tools they need without making it so damned easy to infect a machine.