Advance Notification of Security Updates for Java SE

Sun recently announced two new security response enhancements for Java SE. They include our plans for the synchronized release of Java SE security fixes, and advance customer notification of security updates. These new features are designed to complement Sun's existing Sun Alert notifications, as well as the built-in Java Auto Update tool for Microsoft Windows users. Details are available here.

The following is our first advance notification of security updates for Java SE.

On the week of October 1, 2007, Sun will be releasing security updates with JDK and JRE 6 Update 3, JDK and JRE 5.0 Update 13, and SDK and JRE 1.4.2_16. This will be followed by the release of SDK and JRE 1.3.1_21 on the second week of October 2007.

This is Sun's first step towards the simultaneous release of security fixes across all supported Java SE release families. Sun expects to fully synchronize the release of security fixes across all supported releases, including J2SE 1.3.1 in 2008. Note that J2SE 1.3.1 has completed the Sun "End of Life" (EOL) process and is only supported for the Solaris Operating Environment and customers on Sun's Vintage Support Offering.
Comments:

Does this mean that Sun will be patching ONLY the latest release per family? Or does it mean that patches for pre-existing releases will be added. For example, if the latest JRE is 1.6.0_05 will Sun still upgrade version 1.6.0._03 with a security fix?

Posted by Benny on October 02, 2007 at 04:35 AM PDT #

We are looking into offering for the FIRST TIME - security fixes for older updates as soon as next year, as part of a new Java Subscription offering for production environments. Roger Calnan had alluded to this offering in his blog "Scoping out a new JRE distribution model" at http://blogs.sun.com/JavaInProduction

Posted by Chok Poh on October 02, 2007 at 03:28 PM PDT #

Note that Java 6u3 is available for download now, from both the java.com and java.sun.com pages.

(Debian and Ubuntu have packaged versions available as well.)

-james.

Posted by James Stansell on October 03, 2007 at 03:21 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today