• Post Reply Bookmark Topic Watch Topic
  • New Topic

JRE 1.5.0_22 update forces 1.6.0_45 install?  RSS feed

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure if this is the right forum, so I apologize in advance.

I have a problem where I need to update from JRE 1.5.0_07 to a more recent version of JRE 1.5.0 in order to resolve a PCI vulnerability problem.
According to Oracle, I need update 26 or later if I'm on 1.5.0 -
http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html

The problem is that the highest version of 1.5.0 that Oracle has to download is update 22. They advise to use the "auto-updater" to update it past this version. However, when I do that, it tries to install Java 1.6.0 update 45, which our code is not (yet) compatible with.

So my question is - How can I get version 26 (or higher) of 1.5.0?

Thanks.

P.S. Development is working on testing higher major versions of Java, but this is an imminent issue we need to fix.
 
Marshal
Posts: 56600
172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you should install JDK7u71/72 or JDK8u25. Both are current versions.
You can find old versions in the Java download archive, but you should not use Java5/6 any more.
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am well aware that we are on vastly outdated versions.
However, I am just in IT support and am not a Java developer.
I cannot control how soon the dev team updates their code to work on newer versions of Java.

Oracle does provide links to older versions, but strangely not all updates of old versions.
For Java 5, they only have links to update 22 and older.
The vulnerability was fixed in update 26. (see my link in the OP)
 
Rancher
Posts: 3742
16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Once a version of Java reaches end of life, updates are only done for and made available to customers with a paid for support contract. I guess the version you require falls into this category.
So you will have to decide if the problem justifies buying a support contract.
 
Sheriff
Posts: 22846
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For more information about the support contracts have a look at this page: Oracle Java Archive
 
Rancher
Posts: 42972
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Strange indeed that the later Java 5 releases aren't there; I don't recall if those were maybe only released to folks who were paying for support, and not publicly.

I cannot control how soon the dev team updates their code to work on newer versions of Java.

Given that, if this was my problem, I'd escalate the issue to someone who has control over both the IT and dev teams.
 
Ranch Foreman
Posts: 3068
37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joanne Neal wrote:Once a version of Java reaches end of life, updates are only done for and made available to customers with a paid for support contract. I guess the version you require falls into this category.
So you will have to decide if the problem justifies buying a support contract.


It does indeed.
From here (assuming the paging is consistent):
"This release marks the End of Service Life (EOSL) for Java 5, and is its final public version."
Released 4th November 2010, which is (according to wiki) the EOL of 1.5. Actually the day after.
 
Bartender
Posts: 10575
66
Eclipse IDE Hibernate Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Peter Bollwerk wrote:I am well aware that we are on vastly outdated versions.
However, I am just in IT support and am not a Java developer...

I'm with Ulf here. Plainly, the Java environment in your company has been neglected so badly that your employers are now faced with 3 unpalatable (and probably mutually exclusive) solutions:
1. Upgrade to a Java version that is not EOL.
2. Live with the vulnerability.
3. Pay for a support contract (assuming you can get one after all this time, and it DOES provide you with the relevant patch).

And someone with the power to make this decision for everyone needs to know.

Winston
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks everyone.
I'll mark as resolved and give this info to my boss.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!