Thanks Johnny, I've raised the question with RHEL too: https://www.redhat.com/archives/rhelv6-list/2014-February/msg00027.html It looks like the RHEL-6.5 package is also b02, so there's consistency, but it does mean that there are patches missing from the release, such as the one i linked to. >From the JDK bug tracker it looks like the issue i mentioned was fixed in a build made in December (https://bugs.openjdk.java.net/browse/JDK-8029404) so its a surprise to see an older package come out with the security advisory in January. ________________________________________ From: centos-bounces@xxxxxxxxxx [centos-bounces@xxxxxxxxxx] on behalf of Johnny Hughes [johnny@xxxxxxxxxx] Sent: 19 February 2014 17:56 To: centos@xxxxxxxxxx Subject: Re: Java versions in CentOS On 02/19/2014 11:12 AM, Tom Cartwright wrote: > Hi All, > > Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as: > > java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm > > The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html > but it makes no reference to the build number, which it turns out is important. > > The build on the package in centos 6.5 is currently listed as b02: > > [........]$ java -version > java version "1.7.0_51" > OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) > OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode) > > However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111 > > I guess this raises three questions: > > 1. How is the build of the JDK selected for a security update in RHEL/CentOS? > 2. Could the b number be made more clear in the release information given its importance? > 3. Is it possible to JDK package be updated to the latest build number, given the current one has missing backports? > > Thanks, > > Tom Well, the answer to this question in relation to CentOS is easy. When Red Hat releases a package for RHEL (any package, java-1.7.0-openjdk or anything else), then we build it. As to what Red Hat selects, when they select it or why, or any of the other questions you have ... we have no idea. We build what they release when they release it on our build system. Someone who has RHEL-6.5 might be able to post the java -version from that package as a comparison. ----------------------------- http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. ----------------------------- _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos