Unfortunately, it seems that Oracle will wait 4 months with patching this hole: http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html
The rationale must be: The security hole is not under full disclosure and it's a pain in the &!%$ to get these out. However, given what happened last (known security hole exploited, creating a lot of negative press and requiring a hasted out-of-band patch) I'm surprised at this approach. A security hole on a platform as ubiquitous as Java, with a future deterministic unpatch window, is likely to be worth a lot of €. Even if Oracle stands ready with a fire extinguisher, I'd much rather they prevented sparks in the first place. On Thursday, September 27, 2012 8:20:31 AM UTC+2, fabrizio.giudici wrote: > > On Wed, 26 Sep 2012 19:29:06 +0200, Casper Bang > <[email protected]<javascript:>> > > wrote: > > > The neverending story, yet another gaping hole: > > http://seclists.org/fulldisclosure/2012/Sep/170 > > > > Well, it seems that 7u7 also introduced a random error with reporting the > > MAC address... yesterday the first batch upload of Maven artefacts to > Sonatype failed apparently because of that (AFAIU MAC address is used as a > > sort of session identifier). > > -- > Fabrizio Giudici - Java Architect, Project Manager > Tidalwave s.a.s. - "We make Java work. Everywhere." > [email protected] <javascript:> > http://tidalwave.it - http://fabriziogiudici.it > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/2RkZncDM9GYJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
