We have a webstart application that runs on JRE1.5.0_05. It is a very heavy swing app. Since it has been extensively tested for many man months on that version, upgrading JRE is a very expensive solution. Will a private version of that JRE have the same security issues as a public/installed JRE version? Is there any other workaround other than upgrading?
Will a private version of that JRE have the same security issues as a public/installed JRE version?
I'm not sure what you mean by publiv vs. private JRE, but a JRE is a JRE, no matter how it's installed, so all security issues will apply.
You would only need to worry about that particular bug if the code you downloaded wasn't trusted. But I gather that you/your company don't specify the use of an earlier, possibly buggy, JRE, so as long as your customers/users trust you, all is well.