[MCL-6054] Launcher Downloads old Version of Java

When launching the Windows Installer Version of Minecraft it downloads Java runtime 1.8.0_25 which is nearly 100 updates behind the most recent Version Java SE 8u121 offered by oracle. As such an old Version of Java may contain severe security issues and could be abused by malware as it is located under C:\Program Files (x86)\Minecraft\runtime\jre-x64 in most cases Minecraft itself is lowering the security of the Users PC

Linked issues

duplicates 1

MCL-5577 The New Launcher vs Staging (Java versions mismatch) Resolved

Comments 3

kumasasa 2017-02-12T14:44:59Z

When a malicious software already has access to /programfiles/minecraft/jre/old_java/ then your system UAC is misconfigured.
JAR-files are not bound to start that old Java installation, it's only used for Minecraft.

Daniel Mäckelmann 2017-02-12T15:10:43Z

I don't agree with this point of view! even a .bat script is able to run "/programfiles/minecraft/jre/old_java/bin/javaw.exe -jar Malware.jar" without needing admin rights.

kumasasa 2017-02-12T15:50:28Z

But tell me
a) how does malicous.bat and malicious.jar come to your computer
b) how can malicious.bat be executed with active UAC ?

Anyway, this issue is not a bug - it`s deliberately made like this by Mojang - and therefore invalid.