java 8 update 212 Development

The Abyss of Java 11 also affects Java 8 update 212, is it its End?

06/11/19 5 min. read

A few month ago Java updated to its version Java 11 and – as a developer – I wrote the article: Will the End of Java be after version 11?

Weeks later, the scenario became a bit more optimistic and I published another post: Java 11 Makes its Comeback.

You won’t tell but the situation worsened!

It happens that Oracle updated, again, their terms of license. You can see a note in their website when you try to download Java, it says “The Oracle JDK License has changed for releases starting April 16, 2019.” And it redirects to the new license athttps://www.oracle.com/technetwork/java/javase/terms/license/javase-license.html.

You read it, and find that there is the same jargon as always but it doesn’t mention to any version. That’s the trick. Because it applies to all the versions released from April 16, 2019. So?

It affects Java 8. Anything above Java 1.8u202

From April 16, 2019 there has been the following Java releases:

What does those Java 8 fixes include?

Java 8u212 includes the following bugs:

  • JDK-8215364: JavaFX crashes on Ubuntu 18.04 with Wayland while using Swing-FX interop
  • JDK-8207070: Webstart app popup on wrong screen in a one-screen setup changing to multi-monitor
  • JDK-8189926: [Mac] Pulse timer should pause when idle
  • JDK-8210411: JavaFX crashes on Ubuntu 18.04 with Wayland
  • JDK-8211280: JavaFX build fails on Linux with gcc8
  • JDK-8213952: Relax DNSName restriction as per RFC 1123

Not very important? But the last one, that is classified as “security-libs/ java security”. We’ll need to dig that, the bug description says:

DNSName only accepts letters as the first character. RFC 1123 has relaxed that restriction:

RFC 1123, Section 2.1:


One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax

So nothing extremely dangerous, until you hit a DNS name that starts with a number. Most companies can live with that.

What about Java 8u221?

There are 55 bug fixes in Java 8u221!! Listing every single item of the list here wouldn’t be nice, let’s just see a summary:

  • 16 for  “client-libs” (1 for general, 5 for “2d” subsystem, 5 for “ava.awt” and 5 for “javax.swing”)
  • 10 for “core-libs” (1 for “java.net”, 1 for “java.util.stream”, 8 for “java.util:i18n”)
  • 4 for “hotspot” (1 for each “compiler”, “runtime”, “svc, svc-agent”)
  • 2 for “install
  • 13 for “javafx” (2 for “build”, 2 for “graphics”, 3 for “media”, 1 for “other” and 1 for “samples”, 4 for “web”)
  • 1 for “xml
  • And the scariest part: 9 for “securitylibs”. At this point we won’t give an absolute recommendation but some companies may live with those (JDK-8151225, JDK-8222137, JDK-8223499, JDK-8222136, JDK-8181594, JDK-8203228, JDK-8201317, JDK-8208648, JDK-8204909 and JDK-8193830)

Ok, so we have all the bugs reviewed and we can live with them. But do you remember the famous spoon scene in Matrix? What is the real truth behind? The reality is that a day will come with a security bug that really can expose your organization. You have to be prepared.

What JDK options do we have:

How to prepare to the day with a nasty security bug? You can pay Oracle to use their fixed version, or you can find some other company/ source that cover your ass. Since our first article we have expanded the information about JDKs:

ProviderFree DistributionExtended Updates (LTS)Commercial SupportURL
AdoptOpenJDKYesYesNohttps://adoptopenjdk.net/
Alibaba Dragonwell8 JDKYesYesNohttps://github.com/alibaba/dragonwell8/
Amazon – CorrettoYesYesNohttps://aws.amazon.com/es/corretto/
Azul ZuluYesYesYeshttps://www.azul.com/downloads/zulu/
BellSoft LibericaYesYesYeshttps://bell-sw.com/java.html
IBMNoNoYeshttps://www.ibm.com/developerworks/java/jdk
jClarityNoNoYeshttps://www.jclarity.com/adoptopenjdk-support/
OpenJDK UpstreamYesYesNohttps://adoptopenjdk.net/upstream.html
Oracle JDKYesNo*Yeshttps://www.oracle.com/technetwork/java/javase/downloads
Oracle OpenJDKYesYesNohttps://jdk.java.net
OjdkbuildYesNoNohttps://github.com/ojdkbuild/ojdkbuild
RedHatYesYesYeshttps://developers.redhat.com/products/openjdk/overview
SapMachineYesYesYeshttps://sap.github.io/SapMachine

* No all versions are LTS, Oracle decides under its own criteria which ones are LTS.

  • Free Distribution: The software is public and available to download and use.
  • Extended Updates Known as LTS (long-term support): Public Updates after the 6 month release cycle.
  • Commercial Support: Some providers offer updates and support contracts, some with cost.

Should you find Oracle as the most suitable solution for you, Oracle has a public price listing.

To sum up

The landscape has changed again, with Java 8 affected the urge to have a secure Java distribution is a must. Or pay to continue with Oracle.

We would love to have the opinion of James Gosling but since he joined AWS it seems he is not commenting on Oracle move.

Juan Tavira

Juan Tavira

Santander Global Tech

Specialist, architect and interdisciplinary geek passionate about all kinds of innovations. This is easy to say for oneself, but when my computing colleagues, my geek friends and even my wife say so, then it must be true somehow ;-). I also like to build violins as a hobby. I see code

 

Other posts