As you may already know from Nandini Ramani's blog post on 'Maintaining the security-worthiness of Java' from May [0], starting in October 2013, Java security fixes will be released under the Oracle Critical Patch Update schedule along with all other Oracle products. In other words, Java will now issue four annual security releases.
You can find the next four dates for Oracle Critical Patch Updates and more information about them online. [1] You can also find information about upcoming releases' version numbers, as discussed on this list in April. [2] We just released 7u40 in September - 7u60, in other words, is a couple of CPU releases away. It would be nice if there was a way for OpenJDK 7u Authors, Committers and Reviewers to flag critical fixes that have been integrated into jdk7u-dev for consideration by the Oracle JDK 7u CPU Release Team for inclusion into a CPU release before 7u60. All such fixes would still continue to be fixed in the jdk7u-dev integration forest first and would continue to follow the normal jdk7u fix process [3]. So, in order to enable critical & high impact fixes developed within this Project in OpenJDK to be considered for upcoming CPU releases, a developer requesting their fix to be considered for CPU integration can label their bug with "CPU-critical-request" in the JDK Bug System [4]. If approved by the Oracle JDK 7u CPU Release Team the label will be updated to "CPU-critical-approved" and they will then ensure that this fix gets integrated to an upcoming CPU release. All relevant updates will be processed via the bug report. Such bug fix requests should only be made for critical fixes. A guideline might be : * P1 bug OR * A serious regression which needs fixing ASAP cheers, dalibor topic [0] https://blogs.oracle.com/security/entry/maintaining_the_security_worthiness_of [1] http://www.oracle.com/technetwork/topics/security/alerts-086861.html [2] http://www.oracle.com/technetwork/java/javase/overview/jdk-version-number-scheme-1918258.html [3] http://openjdk.java.net/projects/jdk7u/groundrules.html [4] https://bugs.openjdk.java.net -- Oracle <http://www.oracle.com> Dalibor Topic | Principal Product Manager Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 <tel:+491737185961> Oracle Java Platform Group ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg ORACLE Deutschland B.V. & Co. KG Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
