Java: Stable, Secure and Free. Choose Two out of Three
Jan 22, 2018 | 7 MIN READ
Jan 22, 2018 | 7 MIN READ
It’s 2018, and significant changes are happening for Java. As announced last year we’re moving to a time-based release of the JDK, rather than feature-based. This is excellent news, as it means features can be integrated when ready and developers will get access to new features much faster than they ever have before. JDK 10 will be released in March, and we’re already into ramp-down phase two, so everything is progressing according to plan. The JSR for the specification is well underway and passed public review. There are even JDK Enhancement Proposals (JEPs) being targeted to JDK 11.
The Java landscape looks good…
However, there are more changes related to this new speed of release that will make themselves apparent this year, and these might not be quite so exciting. Specifically, in January 2019, only four months after JDK 11 is released, there will be no more public updates for JDK 8.
What we’re used to with Java is what I’ve put in the title, a platform that has three important qualities, explicitly related to how it is supported.
As I said, things are changing…
With the new, time-based release cadence, the engineering effort of making updates available for numerous earlier releases would be unsustainable. To address the needs of two orthogonal groups of users, Oracle decided to switch to a Long Term Support (LTS) model. Specific JDK versions will be LTS releases, meaning they will have updates for three years (until the next LTS release). All other, intermediate, releases will be termed Feature releases and only have updates for six months (until the next Feature release). To synchronise the new system, JDK 8 has been classified an LTS release. The next one will be JDK 11, to be released in September.
The most significant change this new model includes is that there will no longer be any effective overlap for updates between releases. I’ve put that in bold and italics to make sure that this is clear. I’ll mention again that this means that public updates to JDK 8 will cease in January 2019, as that will affect a lot of users.
We’ve also created a picture that hopefully makes this easier to understand.
The implication of this change is that Java is still stable, secure and free but you must now choose two of those three qualities. When deploying Java in the future, you can’t have all three at the same time.
Let me explain this a bit more.
Suppose you are most concerned about security (as you should be) but don’t want to spend any money. To do this, you will need to switch to new versions of the JDK as soon as they are released. With no overlap (either for Feature or LTS releases) you must do this to be able to install all security-related fixes. Unfortunately, with no overlap, you must switch to a JDK release that has not had time to be tested in real production environments, so you lose the stability you had.
Alternatively, you may favour stability and zero cost. Again, this is possible; all you do is continue to use the previous LTS version after a new one is released. You continue to have the stability you’re used to, need pay nothing, but will not get security patches, as they will no longer be available for that release.
Finally, if you want stability and security, it is not going to be free. You can continue to use the previous LTS release, but access to patches will only be available through a commercial support contract.
Azul has our Zulu branded OpenJDK binaries (both Enterprise and Embedded) built from the project source, tested with the TCK/JCK and even analysed using tools we’ve created to ensure that there is no contamination of the open-source through incorrect headers. We offer this as a free download for the latest version and with commercial support for those who want it.
Again, we’ve produced a picture to help make this easier to understand.
Java SE Lifecycle 5+ Year Timeline Updated 31-Jan-2018
For further information on this and more detail on the changes to Java and the OpenJDK, there is a recording of a webinar I delivered on this subject. The slides are available here, and the recording can be accessed here.
Many Java users I’m talking to are starting to plan what they will do prior to next January when public updates of JDK 8 are scheduled to end.
Please contact us if you’d like to discuss Java support options.