Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.

Oracle will support Java Web Start in Java 8 until March 2025 and products that have dependencies on Web Start will be supported on a timeline determined by those products.

Researchers from the Polish firm Security Explorations have identified a serious vulnerability in the latest version of Java that completely bypasses the new security level Oracle recently ...

The technology company Oracle is retiring its Java browser plug-in. The software is widely used to write programs that run in web browsers. But Oracle said modern browsers were increasingly ...

The three flaws affect Java deployments that load and run untrusted code, such as clients running sandboxed Java Web Start applications or sandboxed Java applet, Oracle said in its advisory.

Oracle will remove JavaFX, Applets and Java Web Start from the JDK after Java SE 8. Swing and AWT will remain.

Good news: Oracle says the next major version of its Java software will no longer plug directly into the user’s Web browser. This long overdue step should cut down dramatically on the number of ...

Two of the critical flaws, in Java’s 2D component (CVE-2016-0494) and in Java’s AWT (CVE-2015-8126), can only be exploited through sandboxed Java Web Start applications and Java applets.

Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running.