On 02/19/2014 11:12 AM, Tom Cartwright wrote: > Hi All, > > Following the latest security updates from Oracle, the version of OpenJDK package is currently listed as: > > java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64.rpm > > The Redhat security advisory lists these packages: https://rhn.redhat.com/errata/RHSA-2014-0026.html > but it makes no reference to the build number, which it turns out is important. > > The build on the package in centos 6.5 is currently listed as b02: > > [........]$ java -version > java version "1.7.0_51" > OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) > OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode) > > However changes were being made in at least b10: https://bugs.openjdk.java.net/browse/JDK-8028111 > > I guess this raises three questions: > > 1. How is the build of the JDK selected for a security update in RHEL/CentOS? > 2. Could the b number be made more clear in the release information given its importance? > 3. Is it possible to JDK package be updated to the latest build number, given the current one has missing backports? > > Thanks, > > Tom Well, the answer to this question in relation to CentOS is easy. When Red Hat releases a package for RHEL (any package, java-1.7.0-openjdk or anything else), then we build it. As to what Red Hat selects, when they select it or why, or any of the other questions you have ... we have no idea. We build what they release when they release it on our build system. Someone who has RHEL-6.5 might be able to post the java -version from that package as a comparison. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140219/74c78ada/attachment-0005.sig>