Oracle’s scheduled release for Java 8 this September has been pushed back to March 2014 as engineers focus on speeding up Java security fixes.
The delay to Java 8 is Oracle’s latest effort to convey that security is a top priority and improve its response time to newfound flaws.
In January Milton Smith, Oracle’s head of Java security, announced the company would “get Java fixed up” and “communicate our efforts widely”.
Earlier that month the US Department of Homeland Security took the unusual step of urging computer users to disable the Java browser plugin despite an emergency update that was supposed to fix Java flaws popular crime kits were exploiting.
Since then, Oracle has released five critical Java updates, with each accompanied by a chorus of security experts advising consumers to disable Java in the browser, regardless whether a known vulnerability exists.
Tackling existing Java security issues has already taken its toll on Oracle’s Java 8 schedule, most significantly in the form of delays to enhancement proposals being developed under Project Lamba, which is the “sole driving feature” of the next release, according to Mark Reinhold, chief architect of Oracle’s Java Platform Group.
“Maintaining the security of the Java Platform always takes priority over developing new features, and so these efforts have inevitably taken engineers away from working on Java 8. It’s one of the reasons why some features slipped past Milestone 6 (M6), our original Feature-Complete target at the end of January,” wrote Reinhold.
“Looking ahead, Oracle is committed to continue fixing security issues at an accelerated pace, to enhance the Java security model, and to introduce new security features. This work will require more engineer hours than we can free up by dropping features from Java 8 or otherwise reducing the scope of the release at this stage.”
“As a consequence of this renewed focus on security the Java 8 schedule, with a GA release in early September, is no longer achievable.”
Under the new proposed schedule, Oracle will aim to release Java 8 on March 18, 2014.
Follow @CSO_Australia and sign up to the CSO Australia newsletter.