6 Replies Latest reply: Jan 14, 2013 9:33 AM by 984569 RSS

    Latest security threat - multiple JRE versions installed

    984569
      Will the latest security threat (that just got patched) still exist if I have multiple versions of Java (including the patched 7.11 version)?
        • 1. Re: Latest security threat - multiple JRE versions installed
          gimbal2
          It does not depend on the runtime directly, it depends on the browser plugin. If a plugin is using an older version of Java (or the other way around: a browser is using a plugin from an older runtime), yes it still exists.
          • 2. Re: Latest security threat - multiple JRE versions installed
            984569
            Thx gimbal2.
            When I install a newer version on Java do browsers 'automatically' start using the newest version, exclusively? I guess I'm trying to create a measure of threat for our clients. This week we will be deploying the latest via GPO. Uninstalling the older versions will take longer if we decide it's necessary.
            • 3. Re: Latest security threat - multiple JRE versions installed
              gimbal2
              981566 wrote:
              Thx gimbal2.
              When I install a newer version on Java do browsers 'automatically' start using the newest version, exclusively?
              Depends on how you install it. When you update the runtime through the proper channels (Java updater) you don't really get a new installation but an update of the existing one. I don't know what happens when you install in other ways. It will probably be browser dependent, and of course OS dependent as well.
              • 4. Re: Latest security threat - multiple JRE versions installed
                984569
                So I guess you're saying that the safest option is to uninstall all older versions.
                • 5. Re: Latest security threat - multiple JRE versions installed
                  gimbal2
                  981566 wrote:
                  So I guess you're saying that the safest option is to uninstall all older versions.
                  When people start with "So I guess you're saying that..." they tend to be wrong. I did not say anything like that and to be honest I don't really care for people putting words in my mouth. Just to be sure you are not misunderstanding things like so many people that pass through here - I don't work for Oracle, this is a user to user forum.

                  What is the truth is that you are drawing your own conclusion - apparently you think that you should uninstall all older versions first. That is great, don't project it on me, that is your point of view and you are fully in your right to think that. It should work, seems like something to take into test runs. I'm not going to make any statements about if it is really necessary or not, I am not qualified to make such judgements. That's your job.
                  • 6. Re: Latest security threat - multiple JRE versions installed
                    984569
                    Sorry, I didn't mean to offend...
                    I do appreciate your help. I'm just looking for advise from users (such as yourself) who have more experience with Java that I do.