Seems unacceptable to only release critical security updates every 4 months regardless of how serious the flaws with how quickly they can be exploited. Oracle needs to get up to speed with the reality of today or find the user-base for Java continue to shrink long term.
Yes I'm aware of the timeline of said vulnerabilities and obviously the schedule. I'm disagreeing with it is all. They should be putting out more out of band security updates sooner for major issues like this like a lot of major and even smaller outfits do vs waiting a month or two.