Maybe I just don’t know where to find these things, but I really shouldn’t have to poke around. Reports come through (like this one from TechRepublic) that Sun has released a new update to the JRE to patch critical flaws. So, ok, I go to see what other detail is given on the Sun site. My mistake, I go first to java.sun.com, can’t find anything. Go to www.sun.com and eventually find under the support link something that leads me to their adivisory here, here and here. But I have to search through lists of patches, and if I’d come here a week later would I have spotted it?!
The resolution to all three vulnerabilities is to update to JRE Update 4 or greater. The advisory contains a link to download. The latest JRE is Update 6. Perhaps the release notes may contain some information about the flaws fixed. The release notes are Update 5 release notes! What else has been changed in Update 6? Should I just roll it? Should I roll an earlier update so I know what’s in it? What a pile of…!
Sun, you need to sort this out. And while you’re about it, how about providing patches for the JRE instead of full reinstalls. I have 9000 clients to roll this to, and of course I have a software distribution system, but I’d rather patch the JRE than remove and install.