I installed Java version 45 on a test machine. High security setting says that one can can't run unsigned or self-signed apps on older versions of Java, and in fact it fails to run a self-signed applet.
How is this version able to detect that it is an older version? It certainly wasnt an older version when it was first deployed.
Java configuration, mainly the security baseline, gets updated as soon as you receive the new version notification, even if you choose "update later" . At that point you are executing java 7u45 but using an updated launcher, so it knows you have an older version running, and it applies the updated security checks.
I would assume that somewhere in jnlp internals it makes a call to oracle's servers and checks what version is the latest and whether it your currently running version is old.
You can inspect the calls with a packet inspector and even try to spoof it to see whether you can circumvent that rather crude security measure.
