April 23rd 2013
A few members of the MultiBit community have asked us for advice regarding the current security status of Java since there has been a lot of confusion and misinformation out on the Web. Here is what we know and how it relates to your use of MultiBit.
Oracle have issued security advice stating that Java in the browser running applets is vulnerable to attack. Java running on servers, desktops and embedded devices is not vulnerable to these attacks.
MultiBit uses Java running on the desktop which is safe.
We recommend that you keep your Java installation running at the latest available stable release. This will contain security fixes and performance enhancements that will contribute to keeping your machine secure.
MultiBit is open source. This means that you can go to GitHub and download the same code that is used to build it for release. You can build it on your machine using your own trusted tools. You can even modify it to suit your needs if you like.
MultiBit is, and always will be, free and open source.
Every official release of MultiBit comes as digitally signed code. This means that you know who released it and whether you can trust that signature or not. If it does not have the MultiBit signature as listed in the download and release notes then it is not genuine and you should be cautious.
Always get your updates from MultiBit.org