Skip to content

Java Updates and Versions

Updating Java at 2022-02 Session with Oracle

Session in context of managing Java vulnerabilities

Value of Java - write once, run anywhere on Java Virtual Machine

Developer writes code, generates bytecode for running
Libraries
- Standard JDK, part of runtimes
- Third party
Key libraries that change periodically:
- Security
- Networking
- Collections
- NIO (input, output)
- Internationalization
- Date and Time
- JDBC

JDK/JVM can be updated separately from developer generated bytecode

JDKs updated at separate times from application
Example: updatable applications without need to update bytecode
- Developer - establish secure connections
- JDK:
  - JDK 1.4.2: Use SSL 3
  - JDK 6: Use TLS1.0
  - JDK17: Use TLS 1.3
  - JDK future: Use quantum encryption
JDK long term releases
- Get frequent updates, source open at OpenJDK
- 8
- 11
- 17
- Can keep in existing LTS releases and update it or upgrade to next LTS version
  - Update (e.g. 17.0.1 to 17.0.2) - low risk
    - Why? incremental performance improvements, support for OS, bug fixes, vulnerability fixes, cryptographic updates
    - When? recommend apply as soon as possible
    - Issues?
      - Cryptographic updates commonly cause issues, e.g. SHA-1 disabled
  - Upgrade (e.g. 8 > 11 > 17 > 18)
    - Why? performance, support
      - e.g. shorter start up times, better garbage collection
  - Issues
    - Check libraries
    - New warnings in code
    - Do full testing of your application

JDK has packaged usage tracker

Java Management Service (JMS), monitoring agent on each instance - send data to central location - Oracle Cloud Observability service
- Look at desktop/server/device Java usage
Shows support dates, downloads, and scripted commands to downloads
Devices can be organized into “fleets”
Show runtimes, vendors

See Also

Resources

Which Version of JDK Should I Use? | whichjdk.com - TLDR use Adoptium Eclipse Temurin LTS version due to long term support, releases, and permissive license.