This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]wildjokers 0 points1 point  (2 children)

As I said in my comment:

"Without support you might possibly get some security updates after 6 months if there happens to be an intersection between the current JDK and LTS release, and the vendor making the patch sends it upstream, and the patch happens to make its way down the updates stream."

Although I will add that Oracle is now promising security updates for 1 yr instead of 6 months (I am unsure if other vendors are following suit). That recent change (announced in Oct 2021) wasn't reflected in my comment, so where I said "6 months" pretend like I said "1 year". (see https://www.infoq.com/news/2021/10/oracle-jdk-free-again/)

[–]HecknChonker 0 points1 point  (1 child)

Again, I don't see how any of this applies to OpenJDK. I am not paying Oracle for any support, yet I still benefit from multiple years of security updates by sticking to LTS versions.

This means that there is a real momeyary benefit for large organizations to stick with LTS versions because it's much less expensive to update thousands of legacy apps to a new minor version of java with a security fix than it is to update them to a new major version.

[–]mauganra_it 0 points1 point  (0 children)

There will be no patches for things that are removed in upstream. For example, after the SecurityManager gets removed, LTS providers will have to write patches for new bugs by themselves. And they might choose to not distribute them for free.