Oracle got it right when it delayed a brand new release of Java 8 and redirected its engineering effort to fixing security issues in the current version of Java. It underscores the acknowledgement form Oracle about the seriousness of Java security flaws and their resolve to fix those issues. Java 8 was scheduled to be released in the September 2013 time frame with many new features, including support for programming in a multicore environment. This decision should make sure that Java 8 will not only include all security fixes of Java 7, but also will go through a thorough security testing cycle. You can find comments from Java platform group’s chief architect Mark Reinhold here.
In my opinion, the delay in release of Java 8 is worth the wait.
For an overview of recent Java 0day vulnerabilities please see our Java coverage bellow: