Updated Choices For Java Updates
Feb 18, 2019 | 5 MIN READ
Feb 18, 2019 | 5 MIN READ
Java Updates topic is of particular significance to both Java developers and users. The reason was the release of update 202 of Oracle JDK 8, which was the final public update (for commercial users) of JDK 8 from Oracle. Users now need to think carefully about their strategy for updating the Java runtime in the future.
For non-commercial desktop users, updates to Oracle Java SE 8 will continue to be provided through the existing Java Update mechanism. According to Oracle, this will be, “…through at least the end of 2020.” It is assumed that, when the first of these updates come out in April, the license will be changed to preclude the use of these updates in a commercial deployment.
For the vast majority of Java users then, there are a number of choices available for what to do next:
Since JDK 9, Oracle has been providing two binary distributions of the JDK. The traditional Oracle JDK (from java.oracle.com) and the newer, OpenJDK binary (from jdk.java.net). As of JDK 11, these are functionally equivalent but have different licenses. The OpenJDK binaries are provided under the same license as the source code, i.e., GPLv2 with classpath exception. The Oracle JDK 11 binary is now under the Oracle Technology Network License Agreement for Java SE. This allows free use for development and testing but requires an Oracle Java SE subscription to be used in commercial production.
The Oracle OpenJDK binaries are therefore an option that is free for use in production and has regular updates. The drawback to this option is that there is no long-term support (LTS) for any of these releases. Oracle OpenJDK 11.0.2, also released last month is the last update for JDK 11. To continue to get the latest updates, users will need to update their entire JDK every six months (to keep pace with the new JDK release cadence).
When considering the use of a free distribution a critical consideration should be how updates get included. Oracle will only be contributing the source code of updates to the current OpenJDK project (the next update will, therefore, be part of the OpenJDK 12 project). For those security patches and bug fixes to be included in an OpenJDK 8 binary, it is necessary to backport the changes. Red Hat has recently taken over as the project lead of OpenJDK 8 after Oracle resigned this position. When and if updates get backported will determine how quickly free binaries will be aligned with the current JDK version.
It is also worth noting that Amazon has stated that their intention is “targeted backports from newer releases”; ones that they consider important for their customers, i.e., users of Amazon Web Services (AWS). This will lead to some potential divergence between Corretto and other free OpenJDK distributions.
So you still have a couple of months to consider your options before the next scheduled date. Which one will you choose?