Update: Java will be upgraded to the latest version once a security patch has been released.
September 17, 2012: Instead of downgrading to version 6, the latest version of Java 7 has been applied to CLAS-managed machines.
August 30, 2012: On Monday UF Information Security announced that a vulnerability had been discovered in all releases of Java 7. Due to the unique nature of Java, the vulnerability can be exploited on Windows, Mac and Linux computers.
CLAS IT has been patiently waiting for Oracle to provide us with a security patch, but now that a zero-day exploit has been discovered in the wild, it is time for us to take action. We will be pushing out a downgrade to all of our managed Windows machines that will roll Java back to version 6 (release 34) sometime today. Windows users that are connected to CLAS IT and the UF Active Directory will have this applied to them automatically.
Effect on Applications
We do not expect this downgrade to cause any problems, but it is possible an application that requires Java breaks. If you encounter a problem with an application after the downgrade, please open a ticket with CLAS IT informing us what application has broken, and the steps we would need to take to replicate the problem.
Downgrading Java Manually
Units that are not managed by CLAS IT, or that are running non-Windows operating systems, will need to manually downgrade their Java Environment manually. This will mostly impact Linux users, as most Mac users are on Java release 6 already, unless they manually upgraded.
Related Links
- Verify Java Version [Java.com]