Slow Java security updates and forced JVM downgrades

7/10 High

Oracle is slow to provide updates for known Java security bugs and has performed forced downgrades (e.g., removing Java 6 despite assuring enterprise users it wasn't affected) during patch deployments.

Java
Category
security
Workaround
none
Stage
deploy
Freshness
persistent
Scope
language
Upstream
open
Recurring
No
Buyer Type
enterprise
Maintainer
slow

Sources

Collection History

Query: “What are the most common pain points with Java for developers in 2025?4/5/2026

Oracle has been criticized for not promptly providing updates for known security bugs. When Oracle finally released a patch for widely-exploited flaws in Java 7, it removed Java 6 from users' machines, despite it being widely used by enterprise applications that Oracle had stated were not impacted by the flaws.

Created: 4/5/2026Updated: 4/5/2026