Oracle has announced that it will kill the much-maligned Java browser plugin in the next release of the Java Development Kit, slated for release next year.
For years, the bundled plugin put users at risk with its numerous security flaws. Antivirus software maker Kaspersky claimed the Java plugin was responsible for half of all cyber attacks in 2012; last July, hackers were discovered exploiting a vulnerability in it in an attempt to infect NATO members’ systems.
The plugin, which enabled developers to launch small apps in Web pages, will be entirely deprecated in Java 9. Oracle is encouraging users to migrate away from building Java Applets to its plugin-free Java Web Start technology.
Oracle’s decision comes months after Chrome and Firefox developers announced plans to remove support for plugins, which means that the company’s efforts to further develop Java for browsers would be a waste.
Still, it’s good to see insecure software getting the boot. Numerous major vulnerabilities in Adobe’s Flash plugin came to light last year, after which Chrome and Firefox removed support for it. Adobe even renamed its Flash authoring tool for 2016 to ditch the beleaguered brand.
➤ Moving to a Plugin-Free Web [Java Platform Group, Product Management Blog]