mother:
I didn't expect to have security concerns met with comments like this. I believe I asked a legitimate question, with a legitimate concern.
OK, I'll try again. The fact that a vulnerability has been found surely shows that things are now more secure now than they were a week ago (that is, if the patches are applied).
... is there any IDE build that works with the latest Java patches?
Well, why wouldn't it work? Surely a patch to a security problem does not change the way Java works using documented interfaces? Did you apply the Java patch? Then did you try using the IDE? What happened when you did those things?
As a side note, is there any policy on security by Arduino, being dependent on Java and its endless stream of security holes?
This is the only statement in this thread that has an unfortunate "tone" in my opinion. If you open in an aggressive way like that, what can you expect?
The Arduino, per se, is not dependent on Java. The IDE is. You can choose to develop using other development tool chains, such as avr-gcc directly. You have not identified any reported vulnerability that affects the Arduino IDE.
I respectfully ask what the rules are in posting questions, so as to not offend anyone again. smiley-neutral
Who is offended? My question was intended to draw out that Java is rather extensively used. As for posting questions, being polite and courteous will usually be sufficient.
However I do think your main question: "is there any IDE build that works with the latest Java patches?" could have been answered yourself by simply trying it.