最新漏洞的详细信息尚未公开.但是，我的理解是，它仅影响Java浏览器插件.建议的缓解措施是禁用Java浏览器插件.没有提及非插件Java，因此我认为可以肯定地说，仅由于安装了Java 7，您的开发机就不会受到攻击.

The details of the latest vulnerability have not been made public. However, my understanding is that it only affects Java browser plugins. The recommended mitigation is to disable the Java browser plugins. No mention is made of non-plugin Java, so I think it is safe to assume that your dev machine is not vulnerable simply by virtue of having Java 7 installed.

但是，Java Web Start/JNLP呢?可以调用吗?

However, what about Java Web Start/JNLP? Could that get invoked?

我不这么认为.我认为可以肯定地发现问题的人会想到这种潜在的攻击媒介. (但简单的常识表明，您一开始就不想启动随机的JNLP程序...)

I don't think so. I think it is safe to assume that the people who found the problem would have thought of that potential attack vector. (But simple common sense says that you wouldn't want to be launching random JNLP programs in the first place ...)