After Oracle refuses to treat it as a vulnerability. A security research firm released details of a Java 7 sandbox bypass known as “Issue 54” that Oracle does not regard as a security vulnerability.
Source: http://news.softpedia.com/news/Details-of-Java-7-Issue-PublishedAfter-Oracle-Refuses-to-Treat-It-as-a-Vulnerability-337954.shtml