Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Settles FTC Charges Regarding Deceptive Java Security Updates (ftc.gov)

Posted by timothy on from the why-didn't-they-use-a-crystal-ball dept.

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.

2 of 33 comments (clear)

  1. Re: WTF? by gstoddart · · Score: 3, Informative

    Was it just they couldn't be bothered to remove them?

    Ding ding ding. You can have anything you want as long as you're willing to pay for it.

    The shit release management practices used by Oracle are already the user's problem.

    The FTC has decided you can't claim to have a tool which says it removes older, insecure versions and then only delete some of those older, insecure versions.

    --
    Lost at C:>. Found at C.
  2. Re:Yeah, right ... by The-Ixian · · Score: 3, Informative

    Well... Java in the web browser should just die...

    Java as a platform is just fine.

    If you follow the instructions for enterprise deployment and extract the MSI from the self-extracting archive, you won't get the updater or any adware. You will, however, still need to remove the previous version manually.

    --
    My eyes reflect the stars and a smile lights up my face.