I don't see a problem with that. u65 is the security fix version and u66 is a bugfix that includes u65. The openjdk project appears to have skipped straight to u66 since both were released simultaneously.>From Oracle's website: "Java SE 8u65 includes important security fixes.Oracle strongly recommends that all Java SE 8 users upgrade to this release. Java SE 8u66 is a patch-set update, including all of 8u65 plus additional features (described in the release notes)." The openjdk website lists u66 as released. On Sun, Nov 15, 2015 at 10:30 AM, Mark Felder <feld at freebsd.org> wrote:> > > On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote: > > Greetings, > > > > The following security vulnerability bug was reported about a week ago. > > Can > > someone mark the ports as insecure, please? > > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269 > > > > This is really annoying. 8u72 won't be available until *January* ?! > > http://openjdk.java.net/projects/jdk8u/releases/8u72.html > > -- > Mark Felder > ports-secteam member > feld at FreeBSD.org >
On Sun, Nov 15, 2015, at 23:00, Robert Simmons wrote:> I don't see a problem with that. u65 is the security fix version and u66 > is > a bugfix that includes u65. The openjdk project appears to have skipped > straight to u66 since both were released simultaneously. > > From Oracle's website: "Java SE 8u65 includes important security fixes. > Oracle strongly recommends that all Java SE 8 users upgrade to this > release. Java SE 8u66 is a patch-set update, including all of 8u65 plus > additional features (described in the release notes)." > > The openjdk website lists u66 as released. >Where did you see u66 on the OpenJDK site? I tried to browse the site and find the latest release and it was a futile attempt. Their website is terrible. (openjdk.java.net) CC'ing jkim@ as he has more Java port knowledge than I do... I don't foresee myself updating the port, but I can get a vuxml entry added. -- Mark Felder feld at feld.me
http://openjdk.java.net/projects/jdk8u/ That page lists it as released. On Nov 16, 2015 9:06 AM, "Mark Felder" <feld at feld.me> wrote:> > > On Sun, Nov 15, 2015, at 23:00, Robert Simmons wrote: > > I don't see a problem with that. u65 is the security fix version and u66 > > is > > a bugfix that includes u65. The openjdk project appears to have skipped > > straight to u66 since both were released simultaneously. > > > > From Oracle's website: "Java SE 8u65 includes important security fixes. > > Oracle strongly recommends that all Java SE 8 users upgrade to this > > release. Java SE 8u66 is a patch-set update, including all of 8u65 plus > > additional features (described in the release notes)." > > > > The openjdk website lists u66 as released. > > > > Where did you see u66 on the OpenJDK site? I tried to browse the site > and find the latest release and it was a futile attempt. Their website > is terrible. (openjdk.java.net) > > > CC'ing jkim@ as he has more Java port knowledge than I do... I don't > foresee myself updating the port, but I can get a vuxml entry added. > > > -- > Mark Felder > feld at feld.me >