This document is intended to provide information about some changes around detection and installation of Java patches starting in October 2014.
Starting in October 2014 Java started releasing updates in a new manner. The basic concept is that main critical bulletins are released with an odd number such as Java SE 7 Update 71 (CPU release), and then there is an additional bulletin that contains other bug fixes with an even numbered bulletin such as Java 7-72 (PSU release).
The full explanation for the changes can be found on Java's site, here:
Shavlik will be offering both the CPU and PSU releases. The CPU releases will be offered with a Security patch type whereas the PSU releases will be offered with a non-security patch type.
If you were to run a Security Patch scan in Protect you will only be offered the CPU release. (main security bulletin) However, if you run a WUscan (both security & non-security) you will be offered both the CPU & PSU release as missing patches. Per Java - only one version is required to be installed. If you do not use a patch group to filter out the PSU release, this version will end up being installed because it has a higher version number than the CPU release. Keep this in mind before you set up scan and deployment when using both security and non-security patch types.
Additionally, we have noticed that most often when the latest Java updates are installed they provide a return code that a reboot is required. Keep in mind that a reboot will often be required.
We suggest to refer to this document to help alleviate some pain points with updating Java:
Shavlik Protect 9.x