Oracle JDK 7u11 released

Oracle has released Security Alert CVE-2013-0422 to address the flaw in Java software integrated with web browsers. More information about this Security Alert is available on https://blogs.oracle.com/security. This is a blog that discusses when the bug was reported and actions that Java users need to take to secure their systems.

Java SE 7 Update 11 is available from the following download sites:

Comments:

Good to know. I also learned that fixes were pushed to OpenJDK and that there was a Icedtea build a day after also incorporating those patches.

HOWEVER, I think situations like this would warrant for Oracle to automatically create a new J7u(x) branch on OpenJDK when things like these happen... that would keep versions in sync any eliminate any and all speculation about what fixes were pushed where.

Just my 0.02 worth
Best
FC

Posted by Fernando Cassia on January 18, 2013 at 05:34 PM PST #

I can only assume that by branch you mean a Mercurial forest, as we don't use Mercurial branches within the OpenJDK JDK7 Updates Project.

Forests are for code development. Releases that are developed within the OpenJDK JDK7 Updates Project get their stabilization forest in the OpenJDK Mercurial repository during the development, like jdk7u/jdk7u6. Releases that are not, like 7u11, well, obviously don't.

Accordingly, there is no need to create an OpenJDK JDK 7 Update Project stabilization forest for 7u11 once it has been released, since that release has then already been, well, developed and released.

For more information on how the OpenJDK JDK 7 Updates Project works, please consult that Project's web site at http://openjdk.java.net/projects/jdk7u/ . If you have further questions, please bring them up on that Project's jdk7u-dev mailing list.

Dalibor Topic
Principal Product Manager @ Java Platform Group
Oracle

Posted by Dalibor Topic on January 23, 2013 at 02:01 AM PST #

Thanks for the explanation Dalibor.

I might be slow, but I still find the explanation a bit confusing.

Let me rephrase: When ´normal users´ -say a Linux user of distro ´x´ which incorporates OpenJDK reads about a security update and that JDK 7 update N has been released, it might make things easier to understand if immediately OpenJDK 7 update N is released as well, and if the source of that release 7uN becomes also available on http://openjdk.java.net/projects/jdk7u/ via http://jdk7.java.net/source.html

For instance, I read the page right now and I see "In addition, the source code for the last release, 7u6, is available as a ZIP file here".

Well, I read that and I think "wait a minute, J7u6 is 5 releases behind from 7u11!".

In other words, when is a release not a release? It might be a matter of semantics, but surely causes confusion. If the last release is 7u6, why not call 7u11 actually OpenJDK7u6 fixpack 11"?.

I am just thinking aloud.

FC

Posted by Fernando Cassia on January 23, 2013 at 03:24 AM PST #

Post a Comment:
Comments are closed for this entry.
About

Henrik Stahl is VP of Product Management in the Java Platform Group at Oracle, and is responsible for product strategy for Java ME and SE.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today