Oracle just released the February 2013 Critical Patch Update for Java SE. Oracle accelerated the release of this update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers has been addressed with this Critical Patch Update. In addition to a number of security in-depth fixes, this update contains fixes for 50 security vulnerabilities. Oracle strongly recommends that customers apply CPU fixes as soon as possible. You can read details on the Oracle Software Security Assurance Blog.
Recent changes to the Java Community Process (JCP) program "focus on the way the organization itself is structured and organized" explained Patrick in this interview. The changes will result from the implementation of three Java Specification Requests (JSRs). The first JSR, the JSR 348, makes the process more open and transparent to facilitate developers' participation. It was released a year ago and Heather witnessed increased transparency in projects, additional participation and a simplified release process. "They are using public issue trackers and public discussion alias on projects. More people from the community are commenting and participating in the JSRs. The process of releasing final and maintenance releases is more agile," she commented.
She explained the different options for developers' participation in the JCP. Java user groups may become JCP members at no charge and contribute as a group. Individuals and user groups can contribute to the community initiative Adopt-A-JSR. Developers can give feedback on the transparency of a JSR process. Individuals, corporations and non-profit organizations (JUGs for example) can join the JCP. They then can comment on specs, join an expert group and become a spec lead
Information about the JCP program is available at jcp.org. Watch the recent presentation about Adopt-a-JSR with Martin Verburg and Java EE 7 JSR projects with Arun Gupta