Is Java Still Free
With the release of Java 11 on 25th of September 2018, Oracle is changing its commercial strategy concerning the Oracle JDK. The Impact of this decision has a lot if implications regarding many of our applications and servers. Furthermore, Oracle has announced that as of January 2019, JDK 8 will stop receiving updates, security patches and bug fixes unless you start paying for support. In light of those changes lets analyze and find our way through this jungle.
Change in License
The Pre JDK 11 License was a BCL License, which permitted to use the Oracle JDK for “General Purpose” Computing. Now this has changed to a proprietary one. With the JDK 11 License the usage of the Oracle JDK is allowed: “…only for the purpose of developing, testing, prototyping and demonstrating Your Application and not for any other purpose.” Anything else will cost money. They even continue and state in their new License agreement: “use the Programs for any data processing or any commercial, production, or internal business purposes other than developing, testing, prototyping, and demonstrating your Application”
Change in Price
Although the usage of the Oracle JDK was free for what is considered to be “General Computing” there were quite a few use cases where a commercial license was needed, e.g. embedded devices, or usage of commercial features such as Java Flight Recorder. So the fee prior to JDK 11 was a one-time perpetual license plus an annual support fee. Now, with the JDK 11 License the license plan is based on a monthly subscription model.
So, if you want to continue to use Java for free you need to use Oracle’s OpenJDK OpenJDK is a free and open-source implementation of the Java Platform. Actually, this is Oracle’s OpenJDK build provided with the GPLv2+CPE License. It is built and provided by Oracle.
Difference Between Oracle JDK and Open JDK
The two version come with different licenses. Oracle JDK has a Proprietary License (Oracle Technology Network License Agreement) while OpenJDK comes with a (GPLv2+CPE) License (GNU General Public License v2, with the Classpath Exception)
As of Java 11 there are some more very minor differences (e.g. different behaviour when using the -XX:+UnlockCommercialFeatures option). Other than that both builds are actually the same. More than that; both JDKs are built from the same source code and undergo the same rigorous tests and testing cycles.
Previous commercial products which were solely in the Oracle JDK are now included in the Open JDK as well. These include:
Prior to Java 9 Java major versions were released on a 2 to 3 years schedule (once it even took 5 years). Minor versions were released periodically ranging from 2 to 4 months in between releases. As of Java 9 we are promised new major releases every six months (March and September) including two minor updates for each major release(one and four months after). Once a new version is out, the older version will not receive any more updates of any kind. This is the same for both JDKs.
So fundamentally, both JDKs are the same, so why pay Oracle for their JDK if we can have the same JDK for free ?
As explained in the Release Train section, we will have a new version of every 6 months. This might not suite every and each company. Many companies do not like to be with the latest version of a software. They rather like to wait for bugs to be found and use it only after it has been tested and hardened. The problem is that this Release Train does not allow this. As soon as a new version is released, the old version is not supported anymore. This means there will be no more updates, security patches and bug fixes for the older version rather one would have to upgrade to the newer version. Kind of like a forced early adopter program for all.
Chasing the Train
If we look back in the Java history we see that this is nothing new. In older versions the minor versions had quite a few bug fixes and sometimes even API changes. Back then in order to keep up with bug fixes and security patches companies had to keep updating Java on their systems. It seems to me that nothing has really changes besides that instead of incrementing minor version, we are incrementing major versions. Furthermore you always receive the latest language features. Although one might think that this is risky as they have not been thoroughly tested. Those features are years in the making and have been tested for an extended period of time. The JDK tests are truly rigorous.
There is a way not to be forced into the early adopter program. After every 5 Major versions there is an LTS (Long Term Support) version. Java 8 was a “LTS” version and now Java 11 is the next one. Such LTS version will be supported by Oracle for paying customers for the next 3 years at least. This is what the commercial subscription model is all about. The subscription entitles the company to receive updates, security patches and bug fixes. The LTS versions will have a stable non changing API. They do not get the new language features included in the newer major versions in order to avoid possible bugs and API changes. But this is of course only for Oracle JDK, as this is the service they are selling. There is no LTS support for the Open JDK.
More JDK Vendors
Now since there is a service which can be sold, there are more companies which are entering the game and offer LTS support:
Most of these companies have had a JDK for themeselves now for years and have a lot of experience with it. Some even claim that their JDK is faster and better then the one Oracle is offering.
AdoptOpenJDK is a community group. They intend to provide builds provided that other groups create and publish security patches. It seems they are trying to build a community of volunteers to provide LTS support for free. Some companies have even agreed to contribute in this effort, companies such as IBM and Red Hat.
Why not stick with Java 8
This is an interesting question. It is true that in the past systems running Java were far more vulnerable than today. This is due to the fact that in the past all browsers ran java which is not the case anymore today. Still I cannot imagine a company not acting on a possible vulnerability in their system. The golden rule states, your system is only as resillient as the least resillient piece in your system…
So you might stick with Java 8 as the compilation JDK, but I would not recommed to continue running Java 8 without updates in production. Either buy LTS support for Java 8 or upgrade to Java 11. Thanks to Java’s amazing backward compatibility, you shouldn’t have any problems running a Java 8 built application on JRE 11.
- You cannot use the Oracle builds, regardless of LTS support, without the commercial support. Either you pay, or you must use OpenJDK. This is dues to the new license.
- If you are a paying customer and then terminate your subscription and stop paying, Oracle demands you remove the Oracle JDK from your system; again, licensing issues.
I for one think that using OpenJDK is definilty a good bet, especially seeing the AdoptOpenJDK intiative. It seems to be that in any case one has to update Java frequently in order to stay on top of things security wise. I do not believe that new features will introduce any big bugs rendering the system useless. I guess I am going to stay on the free side of Java