Guest Posted May 16, 2013 Share Posted May 16, 2013 Oracle has changed the numbering of its Java security updates, prompting one expert to say, "As if Java updates weren't confusing already." View the full article Quote Link to comment Share on other sites More sharing options...
Corrine Posted May 16, 2013 Share Posted May 16, 2013 This is definitely worth the read. Limited Updates are ones that add new features, but no security fixes; Critical Patch Updates (CPUs) are those that do contain patches. Oracle said the change was required because it's been forced to issue "out-of-band," or emergency, updates to quash bugs hackers have exploited before the company knew about the vulnerabilities, much less had a chance to patch them. So Limited Updates are vulnerabilities. How does that not make Limited Updates security updates? IMO, updates for exploits, whether in the wild or due to reported bugs that have yet to be exploited are still security updates. Quote Link to comment Share on other sites More sharing options...
Corrine Posted May 17, 2013 Share Posted May 17, 2013 I decided to move this here from the ComputerWorld forum as it may help us understand what is happening with the next update, or not considering the new numbering scheme. The next Java update is scheduled for June 18. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 17, 2013 Share Posted May 17, 2013 Java? We don't need no steenkin' Java. Quote Link to comment Share on other sites More sharing options...
Corrine Posted May 17, 2013 Share Posted May 17, 2013 Me neither. Unfortunately, some people do. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 18, 2013 Share Posted May 18, 2013 Yes, some of us do need Java. And we can't treat it as if everyone can just uninstall it. So much appreciated, Corrine! Quote Link to comment Share on other sites More sharing options...
zlim Posted May 18, 2013 Share Posted May 18, 2013 I read the article a few days ago and the numbering scheme is as clear as mud to me. I wrote down these facts: limited updates in multiples of 20 and critical patches use odd numbers. I wrote down the next update values u40, u45, u51, u55, u60, u65, u71 and u75. Even with all that, I don't understand. Why not 41, 43, 47, 49, 53, 57, 59? So, I'm sure I'll read when there is a patch and just install whatever update they decide to call it. Quote Link to comment Share on other sites More sharing options...
Corrine Posted May 18, 2013 Share Posted May 18, 2013 I suspect that the odd numbers between the multiples of 20 are for internal testing builds. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted May 18, 2013 Share Posted May 18, 2013 Yes. Sadly, Java is still required for some things online. Fortunately for me, I rarely run across anything these days that is important enough to force me to reinstall it.... in Linux or Windows. Now if I could just do the same for Flash. Quote Link to comment Share on other sites More sharing options...
Corrine Posted May 18, 2013 Share Posted May 18, 2013 I agree with you 100% about Flash!!! There was a discussion about the Java numbering changes on FB and, of course, the usual uninstall Java bit. One person explained that the bank she uses requires Java! That is really unfortunate. Quote Link to comment Share on other sites More sharing options...
goretsky Posted May 19, 2013 Share Posted May 19, 2013 Hello, I was not aware until now that Oracle even had a numbering methodology for different types of releases, and this strikes me as overly confusing. At work, we simply use {major version number}•{minor version number}•{build number}•{wave}, which is similar to what Microsoft does for the majority of their big releases, and it seems to work fine. Admittedly, we're not as big as Oracle, but this works across a couple of dozen software projects with in excess of 100M seats world-wide. Pre-announcing a versioning schema like this can also have a bad side effect of allowing malicious imposters to pop up, too. Hopefully, the interim Oracle refered to will be a short one, and they'll come up with something more logical quickly that is easy for people to comprehend.. Regards, Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 19, 2013 Share Posted May 19, 2013 Oh look, he's got a Royal Fisbin... And of course Kirk's comment at the end of 'Piece of the Action' from ST:ToS, about Dr McCoy accidentally leaving his communicator behind on the planet, noting it would throw off all the odds, and that soon the'd be wanting a piece of 'our' action. The whole closing conversation was a trip. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 19, 2013 Share Posted May 19, 2013 Oh, and getting back on topic..totally agree Aryeh, hope they will find a better numbering scheme. Eric and Corrine, totally agree about Flash AND Reader too. There are plenty of great simple PDF readers that don't allow non-safe stuff to run from a PDF. Eventually with HTML5 all plugins may be moot, but then again, HTML5 comes with its own, unique security possibilities. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 19, 2013 Share Posted May 19, 2013 Or should I say malware injecting possibilities. And they thought things that make anything possible were dangerous before (ie, php for example). Well I thing we have not even begun to see the dangers of HTML5. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.