Lets say I have a Java 8 Web-Application, which is build and released on my local computer. On this computer I have the JDK Version JDK 8u11 installed, which I use to compile the application for a release.
On the PROD-Environment, I am using JDK 8u60.
Now, lets assume a critical security vulnerability of JDK 8, which was in JDK 8u11 and JDK 8u60, gets fixed by Oracle. Therefore Oracle releases Java JDK 8u65.
What do I need to do in order to have a secure application:
Update the JDK Version of my computer, to compile the application with the JDK 8u65 and to deploy it on PROD to get rid of the security vulnerability
OR
Do I just need to update the JDK of my PROD-Environment, to have the security issue closed?
If you need any further information, please ask.
Related
when I click on run, it displays this message in a dialog box.
' Glassfish server could not be started with JDK 16. Please select another Java SE platform.
And then it displays this error
Deployment error: Could not find Java SE Development Kit to start GlassFish Server
See the server log for details.
Is it a issue with glassfish version or jdk version? how can I fix this issue? any idea
You asked: "Is it a issue with glassfish version or jdk version?" - It's an issue with the combination of the GlassFish version and the JDK version that you are trying to use. For example, see here.
"GlassFish 6.2.5 ... officially supports JDK 11 ... runs on JDK 17 and JDK 18ea."
"GlassFish 6.1.0 ... supports JDK 11."
"GlassFish 6.0.0 ... only supports JDK 8."
And so on.
Going farther back in time:
"GlassFish 5.1 requires Oracle JDK 8 Update 144 or later."
Generally speaking, unless you have a good reason not to do so, you should try to use a Java LTS (long-term support) release. You can see a list of recent and older JDK releases, which shows which releases are LTS and which are not. LTS releases:
8
11
17
(But that does not mean GlassFish will not run on other versions. Follow the GlassFish release guidelines.)
You also tagged your question as a NetBeans question.
If you need to change the version of Java you are using in NetBeans, you can go to Tools > Java platforms > Add platform. But again, you may hit limitations where certain versions of NetBeans are not able to support certain versions of the Java JDK - so you need to check the NetBeans release guidelines for that.
For example for NetBeans 14:
"The Apache NetBeans 14 binary releases require JDK 11+, and officially support running on JDK 11 and JDK 17."
And going back to NetBeans 9:
"The main goals for this release are ... Java 9 and Java 10 Support."
This question falls somewhere between Firebase Tools, MacOS and Java. Probably 75% Java, 20% Firebase Tools and 5% MacOS.
Starting with v10.5, firebase-tools started stating that 'Support for Java version <= 10 will be dropped soon in firebase-tools#11. Please upgrade to Java version 11 or above to continue using the emulators.'
I run macOS v11.6.5 on a Macbook Pro from mid-2014. When I go to Java's Downloads page, it recommends Java 'Version 8 Update 331'. Not Java 11.
Information on downloading Java 11 seems to be scarce. Oracle's page of certified configurations includes MacOS 11, but I can't find anywhere obvious where Java 11 can be readily downloaded.
A big part of the problem seems to be the terminology used. If I run java -version, I get:
java version "1.8.0_331"
Java(TM) SE Runtime Environment (build 1.8.0_331-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.331-b09, mixed mode)
Okay, I have build 1.8 of the Java Runtime Environment, aka the JRE if you are a Java enthusiast. That is apparently what is triggering the warning in Firebase Tools.
There is also a Java product out there called 'Java SE 11'. The product itself is ambiguous, but the checksums all say 'SDK'. (A Software Development Kit: a thing that enables developers to develop Java programs. The name doesn't imply a Runtime Environment: a thing that enables Java to run on an operating system.) There is an article out there which claims that, if you install Java SE 11 and run java -version, it will spit out java version "11.0.7". That will probably satisfy Firebase Tools.
But Oracle's release notes say: 'In Windows and macOS, installing the JDK in previous releases optionally installed a JRE. In JDK 11, this is no longer an option.' No longer an option... as in now you implicitly get JRE 11 with SDK 11? Or as in the SDK and JRE are now fully divorced, and the JRE must be ferreted out of its hiding like a wild beast?
UPDATE 6/5/22: Java's checksums page now says 'JDK', and I guess that is better than 'SDK' because it implies 'Java Development Kit', which this Wikipedia article claims to include both a JRE ('java') and SDK (most of the other files).
To install Java SE:
Go here.
Scroll down to find your product. I chose Java SE 11. (Oracle will probably list later versions as they are made available.)
Choose your operating system. I chose MacOS.
Choose your file set. I chose the DMG installer.
Download your chosen file set.
5. Do whatever is required by your platform to install Java SE using the downloaded file set from #5.
After installing Java SE 11, java -version now says "11.0.14" and Firebase Tools is now satisfied. My best guess is that JRE 11 was implicitly downloaded, and that developers need to start ignoring the main Download page used by everyone else. (Why didn't the main Download page recommend Java 11 from the start?) Hopefully someone will see this question and clarify whether in the future, the 'Java SE' product implicitly includes both the JRE and SDK, and that the numbering system will always encompass both. In other words, hopefully when someone says we need 'Java 11', it means that we need to download SE 11, containing JRE 11 and SDK 11.
This link has a JDK installer that solved my problem today. I needed to close and reopen all my VScode windows to get it to work.
https://www.oracle.com/java/technologies/downloads/
With latest versions this error appears: !! emulators: firebase-tools no longer supports Java version before 11. Please upgrade to Java version 11 or above to continue using the emulators.
You can download Java SE Development Kit 18 from this link. Just choose your operating system, download and install the file. When installation is complete you need to restart you terminal and voila it works now:
firebase emulators:start
But Oracle's release notes say: 'In Windows and macOS, installing the JDK in previous releases optionally installed a JRE. In JDK 11, this is no longer an option.' No longer an option... as in now you implicitly get JRE 11 with SDK 11? Or as in the SDK and JRE are now fully divorced, and the JRE must be ferreted out of its hiding like a wild beast?
With Java 8 and earlier, the end user of a Java application was responsible for providing a Java runtime environment for the application to run on. This is what the JRE was for. The user would have to install this runtime environment on their system in order to run Java applications. This is also why the https://www.java.com/en/download/ page recommends Java 8 (the JRE), which was the last version of Java where an end-user should concern themselves with installing a runtime environment.
Starting from Java 9, it is now the application distrubutor's responsibility to provide a Java runtime that can run the application. So, there are no more JREs.
The application developer should use jlink, which is a tool included in the SDK, to create a 'runtime image' (essentially a bespoke JRE to run a single application), that can be used to run the application, and bundle that runtime image with the application. The jpackage tool can also be used to create application images (including a runtime image), as well as installers.
Starting from Java 9 the module system was introduced, making provision of JRE separately redundant.
Through, it seems that it was still possible to download it. For example, from here now Java 9 archive
Also, here it's only stated that :
Restructure the JDK and JRE run-time images to draw a clear distinction between files that developers, deployers, and end-users can rely upon and, when appropriate, modify, in contrast to files that are internal to the implementation and subject to change without notice.
The new image structure eliminates this distinction: A JDK image is simply a run-time image that happens to contain the full set of development tools and other items historically found in the JDK.
So no talk about complete removal.
From : jdk-9
When you install jdk-9, public jre-9 also gets installed automatically.
Also, I was thinking that started from Java 9 the custom runtime should be always created using the jlink, but it seems it's enforced now only from Java 11.
From the release notes of Java 11 here Oracle JDK release notes:
In Windows and macOS, installing the JDK in previous releases optionally installed a JRE. In JDK 11, this is no longer an option.
In this release, the JRE or Server JRE is no longer offered. Only the JDK is offered. Users can use jlink to create smaller custom runtimes.
But then I can find a lot of discussions like those:
Where is Java 9 JRE?
Create jre from OpenJDK Windows
Why did Java 11 JRE not install with JDK and where is the download for just the Java 11 JRE?
Is there an openjdk-11-jre?
Is this the case and it is not possible to download JRE directly since Java 11? Or am I mixing implementations between (Oracle and OpenJDK)? Or were those discussions above misleading?
Edit: I don't need to download the jre, I could create it via jlink or use already avaialble solution, my question is more of a theoretic.
Is this the case and it is not possible to download JRE directly since Java 11? Or am I mixing implementations between (Oracle and OpenJDK)?
It is correct (mostly). From Java 11 onwards, neither Oracle JDK or OpenJDK JDK has a corresponding JRE available for public downloads.
However (and this is where you are incorrect) other distributors of Java do provide JRE downloads (or packages) as an option. Details may be found via the "Java is still free" link below.
When JRE was completely discontinued as a separate offering?
It was discontinued for the Oracle and OpenJDK distributions with Java 11. The Java 11 release notes state:
"In this release, the JRE or Server JRE is no longer offered. Only the JDK is offered. Users can use jlink to create smaller custom runtimes."
I have not been able to find any earlier public announcements from Oracle about the discontinuance of their JRE releases. (If someone finds one, please comment ...)
Please note: this is a specific answer to the specific questions asked by the OP. For more information on the status of Java vis-a-vis licenses, distributions, vendors, support, and whether or not Java is "free", I recommend that you read the following:
"Java is still free" written by the Java Champions community of independent Java leaders and experts.
It is a "live" document, and is likely to remain a good source of up-to-date information; i.e. more likely to be up-to-date than this Answer!
First of all, the question is incorrect. JRE was not discontinued. It was only discontinued by Oracle. For example, on Linux, JRE is still available*:
$ apt-cache search openjdk-11-jre
openjdk-11-jre - OpenJDK Java runtime, using Hotspot JIT
openjdk-11-jre-headless - OpenJDK Java runtime, using Hotspot JIT (headless)
openjdk-11-jre-zero - Alternative JVM for OpenJDK, using Zero
* requires repository ppa:openjdk-r/ppa
Some other JDK providers still offer JRE as well:
Azul Zulu offers JRE.
AdoptOpenJDK offers JRE.
Liberica JDK offers JRE.
I have a java web start application which runs from a web page. I use deployJava.js to detect java installation on user's system. Minimum java version required is 1.6. However even if user has only 1.6 installed it still forces user to update it to 1.7 or 1.8(just runs autoupdate automatically and you can do nothing to it).
How can I stop autoupdate and run app using already installed version of java ?
How can I stop autoupdate..
AFAIK you can't. Not that you should. Earlier versions of the JRE might have (known, published, and eminently exploitable) security bugs.
I have a project for school written with jdk 1.7. This application will be distributed to other groups and we want to document the necessary user system requirements. I'm assuming that the user will need the jre corresponding to jdk 1.7. Is this correct? Or what is the best recommendation for the user? The latest jre version?
JRE 1.7 + version will be good to use.
On a side note:-
It is nothing like that your Java 6 code will not run on Java 7 code. The difference is that the speed increases when running them on later runtimes. This is because Java is constantly evolving, not just the language but also the JVM (Java virtual machine). SO it would be an added advantage of speed if you choose to use the later versions.
Latest JRE version which will be 1.7+ is good.
JRE 1.7 version.
If you want to target, let's say, a Java 6 VM, then you can do that with the Java 7 SDK tools. You can specify which target VM you wish to support, but you have to know that a version 6 VM might not support all the features a version 7 VM will.
Note that if you use the -target and/or the -source options to javac, you may be able to compile with a recent JDK and run with an older JRE.