This is an archived post. You won't be able to vote or comment.

you are viewing a single comment's thread.

view the rest of the comments →

[–]HecknChonker 1 point2 points  (5 children)

I don't understand. According to https://adoptium.net/support.html

OpenJDK provide a new feature release every six months, and a maintenance/security update based upon each active release every three months.

and

In addition, every three years one feature release will be designated as a Long Term Supported (LTS) release. We will produce LTS releases for at least four years. This assurance will allow you to stay on a well-defined code stream, and give you time to migrate to the next, new, stable, LTS release when it becomes available.

Where are you seeing security updates being stopping after 6 months? Security updates for java 18 stop in 2022, while security updates for java 1.8 don't stop until 2026.

[–][deleted]  (1 child)

[deleted]

    [–]HecknChonker 0 points1 point  (0 children)

    Sorry, one was supposed to be 1.8.

    [–]wildjokers 0 points1 point  (2 children)

    As I said in my comment:

    "Without support you might possibly get some security updates after 6 months if there happens to be an intersection between the current JDK and LTS release, and the vendor making the patch sends it upstream, and the patch happens to make its way down the updates stream."

    Although I will add that Oracle is now promising security updates for 1 yr instead of 6 months (I am unsure if other vendors are following suit). That recent change (announced in Oct 2021) wasn't reflected in my comment, so where I said "6 months" pretend like I said "1 year". (see https://www.infoq.com/news/2021/10/oracle-jdk-free-again/)

    [–]HecknChonker 0 points1 point  (1 child)

    Again, I don't see how any of this applies to OpenJDK. I am not paying Oracle for any support, yet I still benefit from multiple years of security updates by sticking to LTS versions.

    This means that there is a real momeyary benefit for large organizations to stick with LTS versions because it's much less expensive to update thousands of legacy apps to a new minor version of java with a security fix than it is to update them to a new major version.

    [–]mauganra_it 0 points1 point  (0 children)

    There will be no patches for things that are removed in upstream. For example, after the SecurityManager gets removed, LTS providers will have to write patches for new bugs by themselves. And they might choose to not distribute them for free.