Sun vulns.
 

No less than 7 security holes have been identified in JRE 1.5 prior to update 6, making older versions of the JRE completely out of the question from here on in. Also, the old versions MUST be completely uninstalled before installing update 6. Lastly, the full manual install is recommended over the so-called "web" install due to potential vulnerabilities (esp on NT-based systems).

Details available at the Sun site.

We will check into the JRE 1.5.0 Update 6 for the next release. We were, however, notified of possible problems (JRE crashes) with update 6 and were recommended to use update 5. We have released a version of frostwire that did auto-install JRE 1.5.0_06, although we did not receive any reports on JRE crashes that were specific to update 6, we took the advice and rolled it back to prevent any future problems that could have occured.

We do download and install the full offline version (the install is set to silent mode. if you would like to know what the exact options are set, I can post them here). We can also uninstall it too. Although we should not mess with the users computer in such a way that may cause issues with specific user-preferencing, since it might be their preference or a specific reasoning as to why they might have multiple JRE's installed. But we could write a registry setting to indicate whether or not it was frostwire that installed it. Then we could possibly dictate whether or not to uninstall it and install a newer version.

I update java and FW manually, so its not an issue with me, but I thought it important to give a head's-up for others.

Hopefully there are no "issues" and it all goes well. Best wishes.