Oracle Java SE might be one of the most adopted Java builds in the world. It is found in servers, desktops, and mobile devices nowadays. Most of the applications that run in a web browser use Oracle Java SE and many other applications, like Red Hat, JBoss, Tomcat and WebLogic use Oracle Java SE too.
Because of this wide application of Oracle Java SE, most of the organizations are dependent on the security patches of Oracle Java SE. Not running the security patches can result in security vulnerabilities or data breaches. Security patches are part of Oracle’s “active support” contract. That means that Oracle Java SE without active support is almost not an option anymore.
Active support on Oracle Java SE is offered by Oracle via an Oracle Java SE subscription. In the past, only the support on additional functionalities on older versions of Java SE was paid (via an Oracle Java SE license). Active support on Oracle Java SE was almost always free. However, at the end of 2016 Oracle decided to change their release policy and related license terms concerning Oracle Java SE. Patches on many of Oracle Java SE were now suddenly paid.
Oracle has stopped with selling perpetual licenses and is now fully focused on selling subscriptions including so-called “Closed Source” functionalities for Oracle Java SE. This includes support for Java SE versions that are “End of Public Updates” and now part of “Long Time Support”. Perpetual licenses bought in 2016 or earlier are however still valid and do not differ from a subscription. Long story short, patching Oracle Java SE now requires an active subscription or a perpetual license bought before 2017. By patching Oracle Java SE to a non-public version without a subscription or perpetual license, the organization will become incompliant, which can result in financial risk and possible reputational damage.
So what versions of Java SE are now covered under the new agreement with the changed release policy (Oracle Technology Network (OTN) Agreement)? Oracle choose to make a distinction between production and non-production environments and Oracle Java SE 8, update 201 and above. In non-production environments, such as prototyping, developing and testing, organizations can patch Oracle Java SE without subscription or perpetual license. Patching Oracle Java SE version 8, update 201 and above does however now need a subscription or perpetual license in production environments.
It might be possible that patching Oracle Java SE 8, update 201 and above in production is allowed without a subscription, because the server running Java SE is covered under embedded use rights via software of other parties or restricted use rights via other Oracle software. This software is for example Oracle WebLogic. Note that the “restriction” here is that the Orace Jave SE installation must be used to support that software including the restricted use right.
If you are interested in what the impact of the change in the license terms is for your organization, do not hesitate to contact The ITAM-Unit via firstname.lastname@example.org!