In the past couple of weeks, there was an exploit in the wild and Java 7 update 7 released to fix it.
...affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications.
CmdLine: C:\arduino\arduino-1.0.1\arduino.exe --l4j-debugWOW64: yesWorking dir: C:\arduino\arduino-1.0.1\.Bundled JRE: javaCheck launcher: C:\arduino\arduino-1.0.1\java\bin\javaw.exe (n/a)64-bit search: SOFTWARE\JavaSoft\Java Runtime Environment...32-bit search: SOFTWARE\JavaSoft\Java Runtime Environment...Match: SOFTWARE\JavaSoft\Java Runtime Environment\1.7Match: SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_0764-bit search: SOFTWARE\JavaSoft\Java Development Kit...32-bit search: SOFTWARE\JavaSoft\Java Development Kit...Check launcher: C:\Program Files (x86)\Java\jre7\bin\javaw.exe (OK)Add classpath: lib\pde.jarAdd classpath: lib\core.jarAdd classpath: lib\jna.jarAdd classpath: lib\ecj.jarAdd classpath: lib\RXTXcomm.jarLauncher: C:\Program Files (x86)\Java\jre7\bin\javaw.exeLauncher args: -Xms128m -Xmx128m -classpath "lib;C:\Program Files (x86)\Java\jre7\lib\tools.jar;lib\pde.jar;lib\core.jar;lib\jna.jar;lib\ecj.jar;lib\RXTXcomm.jar" processing.app.BaseArgs length: 167/32768 charsExit code: 259
What I sense though is some kind of protectionism towards Java, judging by the tone of the replies... I hope this is not the default way of addressing people here.
I respectfully ask what the rules are in posting questions, so as to not offend anyone again. :|
I didn't expect to have security concerns met with comments like this. I believe I asked a legitimate question, with a legitimate concern.
... is there any IDE build that works with the latest Java patches?
As a side note, is there any policy on security by Arduino, being dependent on Java and its endless stream of security holes?
I respectfully ask what the rules are in posting questions, so as to not offend anyone again. smiley-neutral
The fact that a vulnerability has been found surely shows that things are now more secure now than they were a week ago
Well, why wouldn't it work? Surely a patch to a security problem does not change the way Java works using documented interfaces? Did you apply the Java patch? Then did you try using the IDE? What happened when you did those things?
This is the only statement in this thread that has an unfortunate "tone" in my opinion. If you open in an aggressive way like that, what can you expect?
The Arduino, per se, is not dependent on Java. The IDE is. You can choose to develop using other development tool chains, such as avr-gcc directly. You have not identified any reported vulnerability that affects the Arduino IDE.
Who is offended? My question was intended to draw out that Java is rather extensively used.
As for posting questions, being polite and courteous will usually be sufficient.
Sure, Java is extensively used, but that doesn't mean we all have to like it ...