I think we're almost there
The fact that a vulnerability has been found surely shows that things are now more secure now than they were a week ago
Well, a new hole was found in the patch just a few hours later, so it's back where it started. The difference this time is that no exploits have been found in the wild yet.
Well, why wouldn't it work? Surely a patch to a security problem does not change the way Java works using documented interfaces? Did you apply the Java patch? Then did you try using the IDE? What happened when you did those things?
I installed the 1.7 SE and disabled old versions, and was told by the IDE that I needed v1.5 or older. It works OK with the 1.6 version provided by Apple, for example. I then did a git pull and built the IDE with 1.7 as the only enabled version, but it still complained. I'm pretty sure something needs to be changed in the build or config files for 1.7 to be compiled against, but I didn't go any further.
This is the only statement in this thread that has an unfortunate "tone" in my opinion. If you open in an aggressive way like that, what can you expect?
As I mentioned, it was aggressive against Java, not Arduino. In any case, if it came across as aggressive against Arduino or the forum, I apologize.
The Arduino, per se, is not dependent on Java. The IDE is. You can choose to develop using other development tool chains, such as avr-gcc directly. You have not identified any reported vulnerability that affects the Arduino IDE.
Agreed - I just asked if there was a known one, and had confirmed earlier in the thread that the vuln only affects web start apps, not desktop apps. So nothing to worry about in this case.
Who is offended? My question was intended to draw out that Java is rather extensively used.
If nobody was offended, then all is well. Sure, Java is extensively used, but that doesn't mean we all have to like it - I have worked with other cross-platform solutions such as Qt, and have come to the conclusion (again, my own, everyone is entitled and free to think & do what they want) that developing natively on each platform is better. Let's not start a religious argument now though
As for posting questions, being polite and courteous will usually be sufficient.
Yes, will do. I hope I can be a positive contributor here