Java插件推出改变应对近期安全漏洞 [英] Java Plug-In launch changes in response to the recent security vulnerability

问题描述

如何甲骨文已经改变了Java插件启动体验对于用户来说，在应对近期的安全漏洞？

How has Oracle changed the Java Plug-In launch experience for the user, in response to the recent security vulnerability?

• 1.7漏洞 Q＆安培; A为SO
。

• 甲骨文安全警报为CVE-2013- 0422


• 禁用Java的警告外观和放大器;在Java Web Start的影响应用

• The JRE 1.7 Vulnerability Q&A at SO.
• Oracle Security Alert for CVE-2013-0422
• Disabled Java warning appearance & affect on Java Web Start apps

推荐答案

所有的applet，可信或沙箱，现在提示（要求用户许可）在装货前。

Short answer

All applets, trusted or sand-boxed, are now prompted (the user is asked permission) before loading.

在这里，我使用甲骨文自己的测试的Java小程序的测试。选择它是，它是比较小的基础上，沙箱，由同一JRE /插件的生产商提供我们正在测试。

Here I am testing using Oracle's own Test Java applet. It was chosen on the basis that it is relatively small, sand-boxed and provided by the maker of the same JRE/Plug-In we are testing.

今天早上，我被提供到Java 1.7.0_11升级到1.7.0_13的机会。

This morning I was offered the chance to upgrade Java 1.7.0_11 to 1.7.0_13.

虽然安全漏洞固定在1.7.0_11，FF＆安培; Chrome浏览器仍然显示警告如禁用Java的警告外观和功放可见;影响到Java Web Start的应用。

While the security vulnerability was fixed in 1.7.0_11, FF & Chrome were still showing the warnings as seen in Disabled Java warning appearance & affect on Java Web Start apps.

通过引进1.7.0_13，事情似乎又有变化。现在不是警告用户的浏览器（本身），会出现这样的JRE警告：

With the introduction of 1.7.0_13, things seem to have change again. Now instead of the browser (itself) warning the user, a JRE warning like this appears:

选择<大骨节病>运行看到：

在一个侧面说明：这不要为这个应用程序消息左下角再次显示这在过去很少或没有影响。现在，在这种情况下，似乎整个浏览器工作被关闭和重新启动，和不同的浏览器之间。欢呼！

On a side note: That Do not show this again for this app message on the lower left had little or no effect in the past. Now in this situation, it seems to work across the browser being closed down and restarted, and between different browsers. Hurrah!

所以奉劝您的用户'检查​​'。

So advise your users to 'check it'..

有如FF的经历，但忽略权限在另一个浏览器允许永久

Has an experience like FF, but ignores permissions permanently allowed in another browser.

镀铬似乎仍然显示出它确实为1.7.0_11最初的警告。

Chrome still seems to be showing the initial warning it did for 1.7.0_11.

随后的一旦获得批准，的去到Oracle /插件提示所看到的FF。

Then once that is approved, goes to the Oracle/Plug-In prompts as seen for FF.

这篇关于Java插件推出改变应对近期安全漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！