java – Does upgrading the Java Virtual Machine version address security issues, even if I use an older language version?

Hypothetically, suppose that the Java version of X (an older version) has a known security vulnerability. If I'm using this version of Java and I say hosting web servers with this version, it's "dangerous". (Right?)

Java allows, among other things, the update of the Java virtual machine and the specification of an earlier version of the language to ensure compatibility with earlier versions. If I update the latest version of the Java Virtual Machine and continue to specify the X version, does this solve the security issues?

If so, how does it work? Does this mean that each version of the virtual machine contains all old versions (or do they have any patches to update new versions?)

When something is out of date, does this mean that it will no longer be available in later versions of the Java virtual machine, or will it continue to be available and that it resolves? this problem in later versions of the virtual machine Are teams / ops responsible for upgrading to the latest version of the Java language in addition to updating the virtual machine?

Is my terminology here? I'm just trying to understand how JVM security models work with backward compatibility.

Does the use of OracleJVM vs OpenJVM change the answer?