As we look forward into 2019, we aim to continue sharing information and answering community questions via our blog posts and podcasts.  We will continue to focus on our Developer and Partner Portal, featuring items like testing coverage and reference environment testing, and we encourage you to ask your Sales Team about any specific topics or issues that we should address.  Today’s blog post is addressing the Oracle Java licensing changes and where the Identity Server is heading.

In our January 2018 release of IDS 8.2, we decoupled Java from our release binaries.  We did this at the request of several of our customers who wanted to use an alternative Java build, and to permit customers to keep their Java up-to-date outside the release cycle we maintain for the Identity Server.  This decoupling comes with a small risk, as there is the potential that another build distribution or a later build could contain non-backward compatible changes so, as always, we encourage you to perform testing before deploying into a production environment.

Generally, a wide variety of Java (JDK) builds will ensure that preceding functionality is supported (backward compatibility is maintained) from code train Java 8, but there is always potential for a JDK package to be non-compatible with our Identity Server.  So, us decoupling Java should not be viewed as our acceptance to support all implementations and builds of Java that are available.

Currently Ubisecure still test with Oracle Java 8 – often just referred to as Java 8.  Though with Oracle’s licensing model changes that are going to take place in 2019, we will be moving towards a commercially free build.  We won’t go into the licensing model here in this blog as there are several good blogs detailing what the options are for purchasing a commercial use Oracle Java 8 build or utilizing an open source Java 8 build, that you can find with a simple browser search.

That said, we would like to recommend a well-written and very detailed blog that covers many of the common options:

There are a couple of key takeaways from this linked blog of which we would like to ensure that you, our Partners and Customers, take note:

  • Oracle will support the handover of OpenJDK 8 to the community after they move on to the next version this month (01/19), via a qualified volunteering entity
  • One such entity, Red Hat, will apply for the role. They currently lead and provide regular updates to OpenJDK 7
  • Similarly, Azul Systems lead and provide regular updates to OpenJDK 6, having taken over from Red Hat
  • As well as Red Hat and Azul, other companies provide patches and fixes occasionally. This sort of activity will ramp up with OpenJDK 8, from vendors such as Amazon, IBM etc.

To summarise the options available immediately for continuing with Java SE 8:

  1. Oracle will continue to provide updates of Oracle JDK 8 until
    1. Public, personal use: December 2020
    2. Commercial use: January 2019
  2. After these dates, users can pay for support or use another provider’s Java SE 8 / OpenJDK 8 binary distribution
  3. If you operate a closed or well protected system, Oracle JDK 8 can be used indefinitely without updates – there is no requirement to purchase a license if you do not require patches or support.
  4. If you don’t use Oracle JDK 8, then your alternative provider should talk to you about options

Again, we recommend reading the full blog for a detailed explanation of the above points and more.

This means that if you are using the Ubisecure Identity Server with Oracle Java 8 and do not require any security patches, noting that there are no patches to Oracle Java 8 available at this time, then you can continue to use our Identity Server with Oracle Java 8 past January 2019.  Over the next month we will be reviewing OpenJDK and anticipate being able to advise you that a simple replacement of OpenJDK 8, in place of Oracle Java 8, is the fully tested and supported method going forward.

We will be posting an additional blog covering our internal move from Oracle Java to OpenJDK in the coming weeks.  As always if you have any questions, please don’t hesitate to reach out to the Ubisecure Support team or your account team.