Unpatched Java 7 Vulnerability

[Steelclaw]

Just a heads up, for those who are jumping on the Java 7 bandwagon:

The latest Java 7 (and probably all Java 7 releases up to it) has a pretty serious flaw [1] that allows a malicious Java applet to take over your computer. This type of attack is usually done via a malicious website or malicious advertisement served on an otherwise legitimate website.

Fortunately, this means that you can protect yourself from the most common attack vectors by disabling your browser's Java plugin, or restricting the applets it loads to the bare minimum required for site functionality by using an add-on like NoScript. Java 6 may not have this flaw, so running the latest Java 6 (update 34) may also help protect you.

I advised the rest of the dev team of this issue, so you can expect a more formal statement in regards to how this impacts Istaria. This post is just a heads up, regardless of whether you're using the new launcher or not.

You can examine your browser's plugins for known security issues at this site:
https://browsercheck.qualys.com


Footnotes:
1. http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4681

[Mimir]

Thanks much

[Steelclaw]

In an unexpected turn of events, Oracle just released an update with security fixes for Java 7 and Java 6. Go update!

You should be running one of these:
Java 1.7 update 7
Java 1.6 update 35

[Northwind]

IF we run java 7.u7 will Istaria still be working?

[Gimthen]

In an unexpected turn of events, Oracle just released an update with security fixes for Java 7 and Java 6. Go update!

You should be running one of these:
Java 1.7 update 7
Java 1.6 update 35

Does this mean the patch will be re-applied very shortly?

[Peaches]

I think I will wait a bit of time before I redownload java. Better to be safe than sorry.

[Kryodrache]

This is frustrating. Without the java update, I cannot play Minecraft. WITH the java update, I cannot play Istaria.

This game.
Hates.
Me.
So much.

Just one problem after another -.-

[Steelclaw]

WITH the java update, I cannot play Istaria.

Huh? I have no problems with the new launcher and Java 7 update 7. (Which, btw, re-introduced some previously fixed, unreleased vulnerabilities... just can't win.)

What issues are you having?

[Kryodrache]

Well, basically, the launcher refuses to work for me with Java 7. I first noticed it when it was unable to update... so I looked into it, said it couldn't find a .jav file... so I uninstalled 7, and it worked.

[Guaran]

The Java 7 update 7 still has some unpatched 0-days, stick with 1.6 update 35 for now.

[Steelclaw]

Java 1.6u35 sounds like a good bet, yes, though installing it is more trouble than I'm willing to go through. I just gave up for now, and disabled the Java browser plugin.

Regarding Kryodrache's trouble, assuming you're using the launcher from JavaLauncherII.jar, I suspect that you had a botched Java deployment.

[Hoberton]

Any clue as to when this game will be able to run on Java 7 update 7?

[Guaran]

FYI Java 7 Update 9, and Java 6 Update 37 are out now.

Java 7 http://www.java.com/en/download/manual.jsp

Java 6 http://www.java.com/en/download/manual_v6.jsp

[Hoberton]

FYI Java 7 Update 9, and Java 6 Update 37 are out now.

Java 7 http://www.java.com/en/download/manual.jsp

Java 6 http://www.java.com/en/download/manual_v6.jsp

Does Istaria run on these new updates?

[Guaran]

I'm at work, so I haven't tried them. Give them a try, more likely than not they will work.

In any event you want these applied since they protect your pc from java based malware.

These updates would only affect the java launcher (jlauncher.exe). The old launcher will work regardless (Launcher.exe).

File names from memory someone correct me if I spelled one wrong.

[Knossos]

Java 7 Rev 9 is working fine for me.

Knossos