As of April 15, 2015, Oracle is no longer providing public updates of the Java 7 runtime environment (JRE) or software development kit (JDK).
SAS 9.3 and SAS 9.4, however, continue to rely on Java 7 for support of business production. SAS has therefore contracted with Oracle to continue receiving security updates (not feature enhancements) to Java 7 for the foreseeable future. This will ensure that our customers are protected from the ever-changing cyber threats aimed at Java 7. Oracle plans to release updates quarterly – that is, four times a year.
Keeping up to date with Java releases
The Security Bulletins support site provides a quick indicator of the versions of Java that are available. This site references the SAS Technical Support Usage Note 55188 which provides step-by-step instructions for identifying what update(s) you need, and retrieving the update from SAS.
Customers will be asked to complete a click-through license when retrieving the software. The Java 7 updates delivered by SAS are authorized for use only with a SAS deployment.
Because of timing, some SAS orders may not include the latest version of Java. Whether you are installing SAS for the first time or you are installing a maintenance update, we encourage you to check the Java version to ensure that you are using the latest available version.
Follow these high level steps to update Java for your SAS deployment.
- Confirm that you are running SAS 9.4, or SAS 9.3M2. If you have questions, check your deployment registry.
- Refer to the SAS note to identify the files you need to retrieve.
- Initiate the electronic download (after completing the click-through license).
- Follow the installation instructions provided with each package.
- The install process differs for some versions and some operating systems.
- For SAS 9.3 deployments, you need a JDK in addition to the JRE. Follow the steps in the package.
- If your site is manually configured for secure communications with CA- or site-signed certificates, they will need to be re-imported to the JRE default truststore.
SAS 9.4 and JAVA 8
A common default on desktop systems is for Java 7 to automatically update to Java 8. To meet this need, Java 8 is only supported for SAS applications on a very limited basis, mostly just for the SAS 9.4 clients, notably those relying on Java Web Start such as the SAS Enterprise Miner thin client. See SAS Note 52644 for more information about updating your SAS environment to support Java 8 on your desktop
As mentioned earlier, Oracle will release quarterly security updates to Java 7 to SAS. SAS will test the release, package the installer and instructions, and then post it to support.sas.com. The next one should occur in October, 2015. Then again January, 2016. And so on.
SAS will track these releases on the Security Bulletins from SAS page. Customers are advised to monitor that web page regularly for information.
Customers can also subscribe to the TSNEWS-L listserv, monitor the SAS blogs, receive e-newletters, etc. by visiting the SAS Technical Support Happenings page.
Rob, Most enterprise are having the policy on being applying the latest releases of common available software. It is not a desktop policy but an enterprise policy as of regulations.
That makes the position of using SAS with an outdated java version very uncomfortable.