Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Responds To Java Security Critics With Massive 50 Flaw Patch Update

Posted by timothy on from the no-more-jeans-all-patches dept.

darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."

3 of 270 comments (clear)

  1. Clean up your shit, Oracle. by Anonymous Coward · · Score: 5, Informative

    I know Oracle didn't write Java to being with but they sure had a hard-on to acquire it, presumably so soak up profits by wedging themselves in to yet more enterprise services. I'd like them to take ownership of this issue and really hammer out these nasty problems. I know it's just the client side JVM-plugin-whatever but Oracle's behavior isn't really making me want to go out and seek other Oracle products.

    And fuck, if I can't escape this piece software at work. I've got client applications, and web applications that we rely on that absolutely require the full fat oracle JVM. I'd love to disable the plugin or do away with it all together but I can't.

    For that matter, deploying this supposedly enterprise piece of software is a massive pain in the ass. If you want to deploy it like usual (Published through AD) You've got to open the installer EXE, go to your temp folder to copy out the .msi, then use an .msi editor to create an .msp file to disable the really annoying and awful java auto-updater. (The auto updater requires admin privs to install.. And it will trigger on it's own without user intervention. It's really annoying to end users to have a UAC prompt pop up randomly out of nowhere when they're working)

    Oh yeah, and if you run the exe manually to install? Make sure you uncheck the yahoo toolbar! And this is supposed to be business software?

  2. Re:OK by farble1670 · · Score: 4, Informative

    Yeah, like Orrible's (and specifically the Java section) going to lift a finger to help Microsoft after the whole J++ fiasco

    1. that was not oracle, it was sun microsystem.
    2. it was 10 years ago. you think any of the same people are around, and have the same motivations?
    2. it wasn't a fiasco, it made sun $700 million. they were pretty happy about it.

  3. And the update is here. by mhotchin · · Score: 5, Informative

    Would it kill you idiots to post a direct link to the update in a story that is about nothing *but* the update?
    http://www.oracle.com/technetwork/java/javase/downloads/index.html