[German]Oracle's sales representatives has sent a mail informing customers about a upcoming critical security update for Java SE 8, that may causing causing trouble for corporate users. Since January 2019, commercial users are only allowed to install Java 8 updates if they have an Oracle license.
Advertising
I had addressed the topic last year in August 2018, in the blog post Oracle: Have you to pay a Fee for Java SE from 2019 onward?. The Java 8 Runtime (JRE) – or specifically the updates – may no longer be used in the corporate environment without a commercial license from January 2019 onward. Since mid-July 2018, I had noticed the following dialog box.
The German dialog box text announces important information for Oracle Java SE Roadmap. It says also, business users are affected from January 2019 due to changes. The a German blog reader contacted me a few days ago and send me a link to the page Oracle Java SE 8-Releaseupdates. There you may read:
Public updates for Oracle Java SE 8 will remain available for individual, personal use through at least the end of 2020.
Public updates for Oracle Java SE 8 released after January 2019 will not be available for business, commercial or production use without a commercial license. […].
End of Life for Java 8 SE Public Updates
Here are parts of the text from Oracle's Java SE Support Roadmap (dated June 28, 2018).
(Source: Oracle)
Advertising
In a Oracle Advisory it is announced, that the support for Java 8 is discontinued.
Mail of the Oracle sales people to companies
Bleeping Computer now reported here about an e-mail Oracle sales representatives have send to customers. The e-mail rreminded them that upcoming critical security updates for Java 8 are only available to licensed users. Alex Rice, founder and CTO of HackerOne, has received the email from Oracle pictured in the following tweet.
Oracle Sales: Hello. Could we interest you in a "Non-publicly available, critical update"?
"Without proper licensing … [leaves] your environment exposed and vulnerable"
What a steaming hot dumpster fire. pic.twitter.com/V8JicyxiL7
— Alex Rice (@senorarroz) 25. März 2019
Rice told BleepingComputer that he was was quite surprised, because HackerOne "has no commercial relationship with Oracle" and that the email came "unexpectedly". Anyway, the mail caused trouble and confusion – even though Oracle clearly announced the situation in the above mentioned advisories.
Oracle refused to comment on this subject upon request to Bleeping Computer. I'm not that deep in the topic, but it seems like blackmail – Oracle wants to sell commercial licenses for JAVA. Moreover, at the end of 2020 Java 8 updates will probably stop, you have to switch to Java 9 or higher.
Take a look at Corretto
Companies that are in the unfortunate situation of having to use JAVA 8, but do not want to enter into a commercial license for JAVA with Oracle, should look for Corretto. I had already discussed this in the blog post Java: Amazons OpenJDK Corretto released.
Amazon is developing a cross-platform and production-ready distribution of the Open Java Development Kit (OpenJDK) under the name Amazon Corretto. Corretto is free and gets long-term support for 5 years for performance and security improvements. Background: Amazon uses Corretto internally for thousands of production services. Corretto is compatible with the Java SE standard. Users can develop and run Java applications on popular operating systems such as Amazon Linux 2, Windows and macOS with Corretto. Perhaps this is an alternative for those affected.
Similar articles:
Oracle: Have you to pay a Fee for Java SE from 2019 onward?
Java: Amazons OpenJDK Corretto released
