Why that doesn't work for Oracle software is beyond my knowledge, but I wonder Oracle hasn't been able to fix that in the years since they bought Java from Sun Systems. And why they can't use a contemporary version of Java [that has security patches] with their own software, rather than expose their users to potential exploits with the older versions of Java when they are using Java for other purposes like on the web.