Good news from the world of online security: Oracle, developer of the Java plugin that has been making browsers insecure since 1995, has finally announced that it’s sending it six feet under.
The Java plugin isn’t dead immediately: it will be deprecated in the next release of the Java Developer Kit, which is a fancier way of saying Oracle will sweep it under the rug, and encourage people not to use it. The functionality will be “fully removed” in some later release, once everyone’s said their final farewells.
It’s a move that is entirely logical, and really too late. Chrome, Firefox and Microsoft Edge have all either killed support for plugins, or announced that they’re going to do so in the near future, leaving no room to support the Java plugin.
More importantly, Java is a terrible blight on our computer security that must be stopped at all costs. Everyone from independent developers to the Department of Homeland Security have shit on Java for opening up access to a billion computers thanks to zero-day programming bugs. So long, Java; we won’t miss you.
By late 2015, many browser vendors have either removed or announced timelines for the removal of standards based plugin support, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies.
With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology.
Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.
Early Access releases of JDK 9 are available for download and testing at http://jdk9.java.net. More background and information about different migration options can be found in this short whitepaper from Oracle.
Post your thoughts below in the comment section.