The recent and critical Java CVE necessitates that everyone either uninstall, remove or update Java immediately.
My employer uses a lot of Java, and removing or uninstalling it across thousands of machines just isn’t possible. We also support 4 platforms for each new release (in 32-bit and 64-bit), so pushing out a new version of Java involves downloading, unpacking, deploying and releasing 8 different builds per version. Today’s recent news, means I have to download and deploy 16 separate builds of Java for 1.6u38 and 1.7u11 to meet the security requirements and keep us current.
Oracle’s website is painful enough to navigate, and downloading new Java releases from their site requires an interactive click-wrap agreement to be acknowledged before you can continue with the process; before the download links become visible or active in a browser to be clicked. When you attempt to download, you’ll be presented with a page that contains this:
To download an Oracle Java release from here, you have to go to their Oracle Java Download page, click “Accept License Agreement”, and then click each version of Java you want to download, to download interactively using your desktop browser to your desktop.
In a word: Ugh.
If you need to use those on a UNIX or Linux host as I do, you then have to then take those downloads that you’ve pulled with your browser, and scp/pscp (with PuTTY or similar) or rsync those over to your UNIX/Linux machine from your desktop.
Could this process possibly be more convoluted and complicated?
But there’s a solution: Wget! (with some secret sauce)
Read the rest of this entry »