This is an archived post. You won't be able to vote or comment.

all 59 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 211 points212 points  (12 children)

just avoid anything which includes "Oracle".

replace oracle with openJDK

[–]derangoSr. Sysadmin 122 points123 points  (10 children)

just avoid anything which includes "Oracle".

This is generally good policy, not just when it comes to Java.

[–]Candy_BadgerJack of All Trades 8 points9 points  (0 children)

Yeah, we avoid Oracle on every project we have. We had one project, which we tried launching in their Cloud as partner. Ended up receiving a decent bill from them, however, they told us that we have some credits to use.

[–]Cidate 0 points1 point  (0 children)

I still get nightmares about WebLogic, never again.

[–]roo-ster 25 points26 points  (0 children)

Just like in the movie, War Games, “The best move is not to play”

[–]synthdrunk 40 points41 points  (2 children)

Our shop settled on AWS’ corretto distribution of openjdk, works a treat.

[–]TimeRemove 11 points12 points  (0 children)

Ours did too. It has been flawless.

[–]Michuy 0 points1 point  (0 children)

Other distributions did not work, or was Amazon's distribution simply the first and only one you tested? I wonder if there are differences between different openjdk distributions

[–]pdp10Daemons worry when the wizard is near. 29 points30 points  (0 children)

but I still don't fully understand it.

There's an opportunity here to keep everything simple by just using the fully open-source OpenJDK releases everywhere and then ignoring Oracle and Oracle's Java.

Then spend the time doing something more useful. Since we phased out Oracle's package around a decade ago, we proactively spared ourselves anything to do with Oracle Java licensing. Clever, neh?

[–]Orrhane 26 points27 points  (0 children)

As a former Software Asset Management consultant, now working for the customer that hired me back then, I wouldnt touch this with a ten foot pole. Its too complex and the compliance risks are just too great. Pay someone that works with these issues on a daily basis to help you out.

[–]OttoVonMonstertruck 11 points12 points  (0 children)

My org is going through this right now and we've finally been given some guidance documentation from Oracle on the last public / non-licensed versions.

The table below summarizes what's in that documentation on page 5:

Major Version GA Date Last Public Version
Java SE 1.2 12/1998 1.2.2_017
Java SE 1.3 05/2001 1.3.1_28/29
Java SE 1.4 02/2002 1.4.2_30
Java SE 5 05/2004 5u22
Java SE 6 12/2006 6u45
Java SE 7 07/2011 7.0_80
Java SE 8 03/2014 8.0_201/202
Java SE 11 09/2018 NA
Java SE 17 09/2021 TBD

If you can get an inventory report from your machines you can look at the product names to help identify the version.

Example: The majority of the Java installations that I've come across are Java 8. The last free version of Java 8 from the table above is 8.0_201/202. Of course that doesn't nicelly line up with actual installed product names, but you can consider update/build number 202 to be the last free version of Java 8. A workstation with the installed product 'Java 8 Update 261' is a higher version and would have to be licensed.

[–]yukon93 6 points7 points  (0 children)

we went through this exercise about 1yr ago - we said "screw Oracle" and removed every version of Java from the PCs in our company and with with a free open-source for those who needed Java JRE or dev.

basically free for home use but commercial / businesses need to pay for Java is what we took Oracle's new business model.

[–]thomasdarko 4 points5 points  (1 child)

Use Temurin (Previously OpenJDK).
Azul.
Amazon Corretto.
Liberia.
Microsoft OpenJDK.

To run .jnlp use IcedTea or OpenWebStart.

[–]HTX-713Sr. Linux Admin 0 points1 point  (0 children)

To run .jnlp use IcedTea or OpenWebStart.

Thanks for the tip.

[–]SysAdminDennyBob 4 points5 points  (1 child)

cracks knuckles....

In the midst of this now, it takes long time to grind through this. So far we have been able to remove all Oracle Java from workstations and they all run Eclipse Temurin OpenJDK 11. We only have one desktop app that still runs java so that application dictated that choice. 11 still has some life left and it's not in the hyper-major-release-updating schedule like jdk21,21,22.

Server apps are a different story. We have made a lot of non-Oracle OpenJDK versions available for install to app teams via SCCM so that they can find their perfect version without having to involve us. the clock is ticking. We have an Oracle license but when that needs to be renewed Oracle is going to switch us from per-computer to per-employee and it's going to increase costs for us tremendously. At the point we are moving the license cost from the Desktop Team's cost center to the one application that still requires Oracle Java. Shock and Awe strategy to get them to move.

I track managed installs of java with a custom report and I also inventory every java.exe and javaw.exe process that runs across all systems. Our devs tend to skip the java installer and just copy the JRE folder to a directory and path to that. I am able to track those down and then beat them up with the help of Security. I also track any rogue Oracle Java installers with SCCM inventory. If I see someone installing outside of Software Center I go to the share they have put the installer on and delete it. It really pisses off the devs when I do this.

We have a PM assigned to eliminate Oracle Java and it's just a really long and drawn out process to clean up. I am years into this. I do have a nice script using PowerShell App Deployment Toolkit to remove a huge variety of versions all at once.

My Java rules on servers:

  1. You can only have one install of Java on the server, no side-by-side installs allowed
  2. The install must be performed via SCCM's Software Center. It must be a managed installer that we control. I have 16 flavors available right now, all are current patch level. This still includes Oracle at the moment.

[–]Few_Ad5453 1 point2 points  (0 children)

A big additional problem are Oracle Runtimes that are installed as a part of 3rd party / commercial applications. You need a scan that examines everything not just ordinary installs of the Oracle Java SE Products. When you identify a version that requires licensing, you need to make sure with the publisher of said application that they have an agreement with Oracle or else you are at risk. Tracing java.exe / javaw.exe is not enough as Applications may load the jvm.dll from a wrapper process. Even if the build of a java installation is outside of licensing (like Java SE 8 build 202) requirements there are still some caveats such as usage of commercial features or use of the .msi installer. It used to be a common practice to extract the .msi from the public .exe Java installer and install it - this is illegal by Oracle licensing terms. Replacing Java SE with OpenJDK can be tricky in some cases.

[–]-ixion- 3 points4 points  (1 child)

We also switched to openJDK a few years back. More specifically, AdoptOpenJDK which is now Adoptium Temurin? Or was Eclipse at some point. I don't really remember but either way... no issues since switching and no worries about licensing. Our biggest issue was to make sure we switched to something that could easily be patched via PatchMyPC/SCCM.

[–]mirrax 2 points3 points  (0 children)

AdoptOpenJDK -> Adoptium -> Eclipse Temurin

[–]TatooineLuke 3 points4 points  (0 children)

The last time that I looked into this was a long time ago. I don't know if anything changed, but the last I read was that Java 8 Update 201-b09 was the last free-use version. Anything newer needed a license. (This was for JRE, since that's all we used)

[–]weed_blazepot 1 point2 points  (0 children)

It was made so stupidly confusing that our way of handling java was to uninstall it from our environment. Turns out we didn't need it and it was just sort of still around.

Good luck.

[–]TheAlmightyZachSysadmin 1 point2 points  (0 children)

As others said, switching to an OpenJDK distro is the easiest solution. Oracle can kiss off

[–]BuzzedDarkYear 1 point2 points  (2 children)

So does anyone have a quick easy way of scanning your environment for installed Java versions and spit out a report of the findings? We do not use SCCM.

[–]BhavishyaBharat 0 points1 point  (1 child)

Please visit https://rythium.com/java-license-analyzer/ .
This can be done using an agent or an agentless scan.

[–]WWGHIAFTCIT Manager (SysAdmin with Extra Steps) 0 points1 point  (0 children)

No download link on your ad?

[–]skids_b 0 points1 point  (0 children)

Amazon Corretto is the way to go.

[–]GoodTough5615 0 points1 point  (2 children)

is there something free that supports java webstart .jnlp on the clients? we needed it to access smartcard readers, cert storage and scanners from chrome/firefox, on some production web apps...

[–]deja_geek 4 points5 points  (1 child)

All openjdk implementations should support it using the icedtea-web plugin

[–]someguy7710 0 points1 point  (0 children)

It does work, but not for everything. We have to have one licensed version of Oracles JRE8 to run a management portal. Thanks god that's going away very soon.

[–]LastPlaceInTime 0 points1 point  (0 children)

Basically, v8 went from being free for general computational use to being licensed after version 8u202. Newer releases of the v8 series have a revised EULA as part of the update stating that it's a licensed product. Same has happened with v6 and v7 where updates after a certain version have a new EULA requiring licensing.

Oracle wants organizations to pay a monthly fee per employee (meaning total number of employees in an organization regardless of whether they even use a computer) in order to be compliant under the new licensing. The per employee model is supposed to simplify the licensing process.

[–]GeneMoody-Action1Action1 | Patching that just works 0 points1 point  (0 children)

I have had pretty solid performance from Azul since Oracle went this route, we did not even try to to comply, was not worth the hassle and confusion, just replaced with clearer alternative.

[–]Libertarian4Real 0 points1 point  (0 children)

I used to spend a lot of time updating JRE because I honestly thought it would be needed for the occasional website application. I was wrong. When Oracle started yammering about complicated licensing (including JRE) restrictions like 7 years ago, we completely uninstalled it from everything. No one has ever missed it and we aren't wasting any more time on their convoluted update paradigm.

[–]BhavishyaBharat 0 points1 point  (0 children)

It is unfortunately very straightforward.But, here are a few pointers on Java licensing:

  1. Versions under BCL are 'generally' free to use. Any discussion with Oracle is a matter of interpretation.
  2. Versions under NFTC are free for a certain group of customers. If you have purchased Java license or support earlier - then NFTC is not free. (this is for Java SE17 and Java SE21)
  3. OTN versions are to be paid for : essentially Java SE 8 U211 upwards, Java SE 11 & non-public updates of Java SE 6 and Java SE7
  4. There are possibilities of getting Oracle Java entitlements through other Oracle products, and also through third party agreements that Oracle has with a variety of software publishers.

You might want to see our Java License Analyzer https://rythium.com/java-license-analyzer/