Versioning by numbers

Oracle updates Java version numbering in light of recent security vulnerabilities

Chris Mayer
padlock.11

Finally Oracle have bowed to growing pressure and come up with a quick-fix to the security problems besieging Java.

Following months of concerns over the security of the Java
platform,
Oracle have finally acted
, by introducing a
new Java Development Kit (JDK) numbering scheme for future
patches.

Currently, security fixing Critical Patch Updates (CPUs) only
arrive every three months, to suit the needs of enterprise
administrators, while Limited Updates add new functionality and
non-security updates. However, with vulnerabilities and emergency
patches becoming ever more frequent, Oracle’s hand has been forced
to change the structure.

As announced in a company bulletin

last Tuesday
, the company explained the type
of releases wouldn’t change but their frequency and numbering
would.

From now on, Limited Update releases will be
numbered in multiples of 20, while CPUs will be in multiples of 5
following on from the prior Limited Update, adding one when it
falls on an even number.

Therefore, the upcoming schedule for JDK 7 is as
follows:7u40 then 7u45, 7u51, 7u55.

The cycle after that will be Limited Update 7u60,
succeeded by CPUs 7u65, 7u71 and 7u75.

Crystal clear right?

Oracle say the new strategy allows them to
insert security patches when necessary, without having a knock-on
effect later in the order. The solution also retains backward
compatibility with legacy systems.

Java’s steward admitted that the solution was a
“compromise” with “a more elegant” option of “changing
the version format of the JDK to accommodate multiple types of
releases” impossible until a future major release comes along. It
would be a seismic shift which would cause incompatibilities and
would also need adequate time for developers to adjust.

While some might be confused by this approach or
say that it doesn’t go far enough, it’s the only option left on the
table for Oracle. Continuing to endure the negative press and the
wrath of the community as more security vulnerabilities are found
isn’t ideal, but neither is more upheaval than necessary just at
the moment. With Java 8 falling foul of security issues last month,
it’s now or never.

Image courtesy of CarbonNYC

Author
Comments
comments powered by Disqus