The full version string for this update release is 1.7.0_55-b13 (where "b" means "build"), except for online 32bit JRE installers and Auto Update mechanisms for Windows, where the version string is 1.7.0_55-b14. The version number is 7u55.
This update release contains several enhancements and changes including the following:
JDK 7u55 contains Olson time zone data version 2013i. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u55 are specified in the following table:
|JRE Family Version||JRE Security Baseline (Full Version String)|
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 7u55) will expire with the release of the next critical patch update scheduled for July 15, 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u55) on August 15, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
JavaFX is now part of JDK. JDK 7u55 release includes JavaFX version 2.2.55.
The frequency of some security dialogs has been reduced on systems that run the same RIA multiple times.
If a stand-alone asterisk (*), or asterisk as part of a top level domain such as (*.org), is specified as the value for the
For more information, see JAR File Manifest Attributes for Security documentation.
During the installation of Java, users may be presented with the option of downloading and installing sponsor offers, such as browser add-ons, or security software. With 7u55 and later releases of Java, sponsor offers can be bypassed entirely by using
"SPONSORS=0" as an option, when installing Java via the command line:
The option to disable sponsors will persist across all future updates and re-installs of Java.
Note that sponsor offers, and therefore this functionality, is only applicable to online 32bit JRE installers and Auto Update mechanisms for the Windows operating system.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 7u55 Bug Fixes page.
The following are some of the notable bug fixes in this release:
Synopsis: java plugin compatibility with windows 8.1 / IE 11 enhanced protected mode
Starting in this release Java Plug-in is compatible with Windows Enhanced Protected Mode (EPM) on Windows 8.1 and IE 11. You should no longer see any warning related to EPM when trying to run an applet in Internet Explorer (IE). There is a special case for 64-bit Windows - EPM requires both 32-bit and 64-bit Plug-in installed. Please make sure you have both 32-bit and 64-bit JRE installed, otherwise there will be a warning from IE, but Java Plug-in will still run under EPM.
See JDK-8024903 (not public).
Synopsis: Enhanced CORBA initializations
The system property
org.omg.CORBA.ORBSingletonClass is used to configure the system-wide/singleton ORB. The handling of this system property has changed to require that the system wide/singleton ORB be visible to the system class loader. This is a change from previous releases where the singleton ORB was located using the thread context class loader of the first thread to call the no-argument
ORB.init method. The implication of this change is that the system-wide/singleton ORB needs to be deployed on the class path or in the extension directory.
Applications that bundle their own ORB and only configure the property
org.omg.CORBA.ORBClass should not be impacted by this change. The per-application ORB will be located via the thread context class loader of the thread calling the 2-argument
ORB.init method as before.
See 8025005 (not public).
Synopsis: Custom entities mapping files are no longer loaded with full permission
Legacy code may use the JDK internal API
SerializerFactory to create a
Serializer. In the process, a custom entity mapping file may be specified through the format parameter. The custom file was then loaded with full permission. As of this release, files that complies with
java.util.ResourceBundle format, that is, with a
".properties" extension, will continue to be loaded with full permission. However, any other custom mapping files will require specific file access permission when the program is running with a
The workaround to any issues caused by lack of permission to using an arbitrary file as the entity mapping file is, either changing the file to a resource bundle, or granting file read permission.
See 8029282 (not public).
Synopsis: JAF initialisation in SAAJ clashing with the one in
After initialization of SAAJ components, the
javax.mail library may fail to work under certain circumstances, which in turn could break the javax.mail's JAF setup.
A possible workaround is to re-add the javax.mail handler before using
MailcapCommandMap mailMap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); mailMap.addMailcap("multipart/mixed;;x-java-content- handler=com.sun.mail.handlers.multipart_mixed");