6u41 will be the last public update.
See these pages:
Future updates of Java 6 will be available through the Oracle Java SE Commercial Offering Releases
Customers seeking longer standard support and maintenance periods for each major release are encouraged to migrate to the Oracle Java SE commercial offerings (Oracle Java SE Support, Oracle Java SE Advanced and Oracle Java SE Suite). Oracle Java SE commercial offerings releases will follow the Oracle standard EOL policy for licensable products. As such, during a release’s five (5) year transition period, customers will be eligible to receive Oracle Premier Support for that entire period, in accordance with their support contract with Oracle. Past those 5 years, support customers will receive critical bug and security fixes as well as general maintenance releases as per the Oracle Extended Support terms. Oracle Java SE Support puts you in control of your upgrade strategy so you can enjoy continued peace of mind, knowing that no matter which product release you're running, Oracle can support your business.
Oracle Java SE Support Roadmap*
GA Date: Dec 2006
Premier Support Until** : Dec 2013
Extended Support Until** : Dec 2016
Sustaining Support: Indefinite
A follow up question for you.
In an effort to ensure the message about the end of public update and 6u41 being the last public update is easily found, it would be good to understand were that messaging is lacking. If you looked for this information before posting, where did you look? Where would you have expected to see this messaging? Also, how was it you came to know about the 6u41 release, maybe additional messaging could be added to that communication channel?
Many thanks for the info Roger...
Regarding your second question, I would respond as follows
- I find the Oracle website a bit of a nightmare to navigate. I know that the info is there somewhere...but i always have a hard time finding it
- I know about the u41 update as I am an ITSec Pro trying to manage the nightmare that JRE on our endpoints has become!
- This u41 update is extremely significant as it's the end of the line for 6.x patches. When the next batch of vulnerabilities are found in 6.x (likely a few weeks away at most), they will remain unpatched....which will be very bad news for the untold number of enterprises/apps that do not yet support v7 on endpoints.
- IMO, Oracle should be working much harder to get the message out about this...and yet there has been relative silence about it. Why does the Feb 2013 update page (http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html) not contain a big red banner saying something like "THIS IS IT FOR V6.X UPDATES. UPDATE TO V7 NOW! Similarly, the recent blog entry should say the same: https://blogs.oracle.com/security/entry/updated_february_2013_critical_patch
- All in all, I anticipate a bit of a panic in the near future when the realisation sets it that the next 6.x vulnerabilities will go unpatched - and this will coincide with audible lip-smacking from the bad guys as they deploy their updated exploit kits on compromised websites to exploit vulnerable web browsers with the 6.x plugin.
Redhat is taking over support on Java 6 (or OpenJDK 6 to be more precise). Not a policy change, it is going to pass hands entirely.