Oracle patched the hole in Java 7 that allows hackers to secretly download malware to your computer Thursday, in an uncharacteristic update to its software, according to Forbes. But it seems the company knew about the issue far longer than the rest of us.

Oracle usually only pushes out updates to its Java software on a quarterly basis, and many did not expect the company to provide a patch for this hole. Indeed, researchers suggested people who did not need to use Java should turn it off just in case. But while the patch is a positive step toward protecting Java users, security researchers at Security Explorations are saying that they told Oracle about the issues four months ago.

The security firm released a list of all the vulnerability reports it supposedly sent to Oracle in April, as well as confirmation that the Java creator received the bug reports. In it, Oracle says it received the report, and pushes a code update in June, but “continues to investigate” other existing issues into August.