Vulnerability of the non LTS JDK releases

belin puppie lewiskoloh8 at gmail.com
Mon Aug 26 09:40:22 UTC 2024


I think there are so many JDK releases that are unstable. More time need to
be given to Java Languages Maintenance to improve Language functionality in
real life scenarios and environment. Is that what the Java Community
Process is for?.

On Mon, Aug 26, 2024, 6:38 AM Lovro Pandžić <Lovro.Pandzic at infobip.com>
wrote:

> Hello all,
>
>
>
> Not sure if this is the right address to talk about this issue so feel
> free to redirect me to another if it’s more appropriate.
>
>
>
> Since the introduction of 6 month cadence release JDK process there’s one
> issue in the process I think has not been addressed properly.
>
>
>
> Projects that want to follow the train in it’s tracks and be on latest,
> usually non lts, version and that use any non trivial kind of dependency
> (Spring, Sonar, …) they must accept the fact that there will be periods of
> time (usually a month or two) where they’ll be forced to stay on an
> unsupported non LTS version until all of their dependencies add support for
> latest JDK version so they can upgrade as well.
>
>
>
> With the process and all of the ecosystem in mind this is unfortunate
> because rarely anyone will want to commit to these periods of time where
> they’re basically on their own if something bad happens – e.g. a new
> critical security vulnerability is found.
>
>
>
> So I wanted to ask what’s your opinion on the matter? The message I got
> from all the talks is that JDK maintainers would generally like for people
> to upgrade to newer versions more frequently. Can something be done to
> address this problem? Can we maybe have a up to 1 year commitment of
> security fixes for non LTS releases after they have been released?
>
>
>
> Best Regards,
>
> Lovro Pandzic
>
>
>
>
>
> *Lovro Pandžić*
>
> Senior Principal Engineer
>
> *E *Lovro.Pandzic at infobip.com
>
> *M* +385921001403
>
> *A *Utinjska 29A, 10000 Zagreb, Croatia
>
> www.infobip.com
>
>
> <https://www.infobip.com/news/infobip-named-to-fast-companys-annual-list-of-the-worlds-most-innovative-companies-of-2024>
>
> <https://www.facebook.com/infobip>
> <https://www.linkedin.com/company/infobip> <https://twitter.com/Infobip>
> <https://www.instagram.com/infobip/>
> <https://www.youtube.com/channel/UCUPSTy53VecI5GIir3J3ZbQ>
>
> *GSMA Associate Member*
> This email message and any attachments are intended solely for the use of
> the addressee. If you are not the intended recipient, you are prohibited
> from reading, disclosing, reproducing, distributing, disseminating or
> otherwise using this transmission. If you have received this message in
> error, please promptly notify the sender by reply email and immediately
> delete this message from your system. This message and any attachments may
> contain information that is confidential, privileged or exempt from
> disclosure. Delivery of this message to any person other than the intended
> recipient is not intended to waive any right or privilege.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20240826/a95084cb/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/png
Size: 2551 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20240826/a95084cb/noname-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/png
Size: 19649 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20240826/a95084cb/noname-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/png
Size: 2551 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20240826/a95084cb/noname-0005.png>


More information about the jdk-dev mailing list