Reporting security flaws for OpenJDK 6

Oracle has announced that it no longer provides public updates to their proprietary Oracle Java SE 6, as of February 2013. These updates, which may include security patches, are now only available to users of Oracle Java SE 6 who have a commercial support agreement with Oracle. Users who have a need for support on Java SE 6 and are not willing to consider commercial support from Oracle have another choice.

Red Hat recently assumed a leadership role for the OpenJDK 6 project. OpenJDK is an open source and community supported implementation of the Java SE specification. Red Hat maintains its role in setting the future direction for the OpenJDK project as an active board member, represented by Red Hat’s long-time Java technical lead, Andrew Haley. OpenJDK 6 will continue to receive security fixes with the help of Red Hat’s stewardship and collaboration with the larger OpenJDK community.

OpenJDK 6 comes standard with a Red Hat Enterprise Linux subscription.  Security updates to OpenJDK 6 will be made available at no additional cost. The duration of support for each major version of OpenJDK will be at Red Hat’s discretion.

Security issues that affect Java SE 6 can be reported directly to the Red Hat Security Response Team. Issues reported to Red Hat will be resolved in OpenJDK 6, and OpenJDK patch commits will be freely available so that other Java implementations can use them as a template for their own patches. To report a security flaw in Java SE 6, please email secalert@redhat.com. All reports will be handled in confidence, and under embargo if requested. Patches will not be shipped until an agreed embargo date, and reproducers or test cases will not be published without the consent of the reporter.

One thought on “Reporting security flaws for OpenJDK 6

  1. Pingback: Security News #0×47 | CyberOperations

Comments are closed.