It's time to update Java again! Everyone who plays Minecraft uses Java. And as such it's very important that you keep it up-to-date since it's known for it's many security issues.
This time they patched well over 40 security leaks, most of which were of the kind that can be exploited remotely. Here's the changelog for those interested:
Spoiler!
New Features and Changes
Retina Display support on Mac OS X
Retina screens will now display content correctly. Previously rendering had been blurry. See 8000629.
Deployment Rule Set
Deployment rule set allows a desktop administrator to control the level of Java client compatibility and default prompts across an organization.
For a summary of this feature, see Deployment Rule Set documentation.
Option to disable the "JRE out of date" warning
Starting from 7u40, a new deployment propertydeployment.expiration.check.enabled is available. This property can be used to disable the "JRE out of date" warning.
When the installed JRE (7u10 or later), falls below the security baseline or passes it's built-in expiration date, an additional warning is shown to users to update their installed JRE to the latest version. For businesses that manage the update process centrally, users attempting to update their JRE individually, may cause problems.
To suppress this specific warning message, add the following entry in the deployment properties file: deployment.expiration.check.enabled=false
For more information, see Deployment Configuration File and Properties.
New Security Warnings for Unsigned and Self-Signed Applications
New warnings are added in the dialogs for Unsigned and Self-Signed applications.
From the dialogs for Unsigned and Self-Signed applets, "Remember this decision" option has been removed. In addition, the previously remembered decisions for self-signed and unsigned applets will be ignored.
For more information, see Security Dialogs.
Local Applets return NULL for DocumentBase
Beginning with JDK 7u40, an applet's getDocumentBase() method will return NULL when the applet is running from the local file system.
If applet needs to load resource, here are the options:
If the resource is in the applet's JAR(s), the user should be able to load it with class ClassLoader getResoruceAsStream directly, without needing the codebase information.
If the resource is in an arbitrary location, which is not inside the applet's JAR(s), the user must have other ways to get to that location, since it is not part of the applet resource. For example, the user.home java system property, provided their applet has all-permissions.
Default x.509 Certificates Have Longer Key Length
Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. This restriction is applied via the Java Security property,jdk.certpath.disabledAlgorithms. The default value ofjdk.certpath.disabledAlgorithms is now as follows:jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
In order to avoid the compatibility issue, users who use X.509 certificates with RSA keys less than 1024 bits, are recommended to update their certificates with stronger keys. As a workaround, at their own risk, users can adjust the key size to permit smaller key sizes through the security propertyjdk.certpath.disabledAlgorithms.
For more information, see Java PKI Programmer's Guide or JSSE Reference Guide.
Bug Fixes
For a list of bug fixes included in this release, see JDK 7u40 Bug Fixes page.
If you have a 64-bit OS then make sure you get the 64-bit version since it will give you quite a big performance boost over the regular 32-bit version when playing Minecraft.
And as always, if you don't absolutely need to run Java applets inside your browser then you should disable the browser integration. If you don't know how, then please read this: How do I disable Java in my web browser?