Although Java 8’s Developer Preview was just released, Oracle has been busy making sure that Java 7 is still well maintained with the release of JDK 7 Update 40, the first update release under the new update versioning scheme. The new update is more about bug fixes and features and although there are security changes, there’s no security fixes in it.
JavaFX has now become part of the JDK with this release, though it remains to be seen if JavaFX will gain traction as a GUI platform before Oracle engineer Swing to depend on it. Mac OS X users with Retina displays will be pleased to find that those screens are now supported so no more fuzzy Java on MacBook Pros and less squinting developers. One thing that may catch developers is the implementation of JEP 185 in JDK7U40 – this updates JAXP to version 1.5 which in turn adds the ability to restrict which network protocols can be used to fetch external resources. If your app uses JAXP to get external XML resources, you’ll want to read over the JEP for that.
For those folks deploying Java in the enterprise, rhere’s a new Deployment Set Rules mechanism to let enterprises nail down their what permissions and what restrictions desktop installations run with. Also, watch out for the JRE expiration dates which came in in update 10; for JDK7U40, from 12 October 2013 the JRE will start nagging about it needing updating. Good news though is that there’s now a deployment property which can disable this check. Also the security warnings for signed and unsigned applets now lack a “Remember this decision” button. Do remember, the best advice is still though do not sign applets as this gives them way too much power (see this CERT blog) and unless you really really need it, disable Java in your browser.
Oracle’s also rolled in Java Mission Control JMC, a commercial feature for no-overhead deep monitoring the JVM and apparently the result of the JRockit/Hotspot JVM merge which has been ongoing. Despite One limitation may slow people from throwing money at Oracle to use it… from the notes “JMC does not include or run with a security manager, so a user must ensure to run the JMC client in a secure environment”… At least the JMC is available for “development and evaluation” with the JDK so developers should be able to make use of it outside of production.