> I bundled the JRE with my app so the users did not need to have Java installed.
Side note here: do you track security vulnerabilities of the shipped JRE and provide updates when it happens?
Too often, I've seen java applications shipping obsolete and vulnerable JRE. And in some cases, I've seen not consistent versions across a product line.
Also wasn't there some unknowns about the right to redistribute the Oracle JRE?
I do track those. I didn't need to update my app at any point for them because most vulnerabilities in the JRE are to do with sandbox escapes and my app did not run potentially malicious code.
Side note here: do you track security vulnerabilities of the shipped JRE and provide updates when it happens?
Too often, I've seen java applications shipping obsolete and vulnerable JRE. And in some cases, I've seen not consistent versions across a product line.
Also wasn't there some unknowns about the right to redistribute the Oracle JRE?
reply