This discussion is archived
6 Replies Latest reply: Mar 12, 2013 7:40 AM by gimbal2 RSS

Java 6 is EOL...but for how much longer will patches be released?

992252 Newbie
Currently Being Moderated
Oracle released Java6u41 yesterday...but does anyone know for how much longer 6.x patches will be released considering that Java 6 is now EOL.

thanks!
  • 1. Re: Java 6 is EOL...but for how much longer will patches be released?
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    6u41 will be the last public update.

    See these pages:
    https://www.java.com/en/download/manual_v6.jsp
    https://www.java.com/en/download/faq/java_6.xml
    http://www.oracle.com/technetwork/java/javase/eol-135779.html#Java6-end-public-updates


    Future updates of Java 6 will be available through the Oracle Java SE Commercial Offering Releases

    Customers seeking longer standard support and maintenance periods for each major release are encouraged to migrate to the Oracle Java SE commercial offerings (Oracle Java SE Support, Oracle Java SE Advanced and Oracle Java SE Suite). Oracle Java SE commercial offerings releases will follow the Oracle standard EOL policy for licensable products. As such, during a release’s five (5) year transition period, customers will be eligible to receive Oracle Premier Support for that entire period, in accordance with their support contract with Oracle. Past those 5 years, support customers will receive critical bug and security fixes as well as general maintenance releases as per the Oracle Extended Support terms. Oracle Java SE Support puts you in control of your upgrade strategy so you can enjoy continued peace of mind, knowing that no matter which product release you're running, Oracle can support your business.

    Oracle Java SE Support Roadmap*
    GA Date: Dec 2006      
    Premier Support Until** : Dec 2013      
    Extended Support Until**      : Dec 2016
    Sustaining Support: Indefinite
                   
    -Roger
  • 2. Re: Java 6 is EOL...but for how much longer will patches be released?
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    A follow up question for you.
    In an effort to ensure the message about the end of public update and 6u41 being the last public update is easily found, it would be good to understand were that messaging is lacking. If you looked for this information before posting, where did you look? Where would you have expected to see this messaging? Also, how was it you came to know about the 6u41 release, maybe additional messaging could be added to that communication channel?

    Thank you,
    Roger
  • 3. Re: Java 6 is EOL...but for how much longer will patches be released?
    992252 Newbie
    Currently Being Moderated
    Many thanks for the info Roger...

    Regarding your second question, I would respond as follows

    - I find the Oracle website a bit of a nightmare to navigate. I know that the info is there somewhere...but i always have a hard time finding it
    - I know about the u41 update as I am an ITSec Pro trying to manage the nightmare that JRE on our endpoints has become!
    - This u41 update is extremely significant as it's the end of the line for 6.x patches. When the next batch of vulnerabilities are found in 6.x (likely a few weeks away at most), they will remain unpatched....which will be very bad news for the untold number of enterprises/apps that do not yet support v7 on endpoints.
    - IMO, Oracle should be working much harder to get the message out about this...and yet there has been relative silence about it. Why does the Feb 2013 update page (http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html) not contain a big red banner saying something like "THIS IS IT FOR V6.X UPDATES. UPDATE TO V7 NOW! Similarly, the recent blog entry should say the same: https://blogs.oracle.com/security/entry/updated_february_2013_critical_patch

    - All in all, I anticipate a bit of a panic in the near future when the realisation sets it that the next 6.x vulnerabilities will go unpatched - and this will coincide with audible lip-smacking from the bad guys as they deploy their updated exploit kits on compromised websites to exploit vulnerable web browsers with the 6.x plugin.

    cheers!
  • 4. Re: Java 6 is EOL...but for how much longer will patches be released?
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Thank you! Great feedback.
    Let me pass your recommendations about the messaging.

    -Roger
  • 5. Re: Java 6 is EOL...but for how much longer will patches be released?
    996361 Newbie
    Currently Being Moderated
    Ok, so we know update 41 was not the last patch, and 43 was released this month. So is this now the new final release, or has the policy changed?
  • 6. Re: Java 6 is EOL...but for how much longer will patches be released?
    gimbal2 Guru
    Currently Being Moderated
    Redhat is taking over support on Java 6 (or OpenJDK 6 to be more precise). Not a policy change, it is going to pass hands entirely.

    http://www.theregister.co.uk/2013/03/08/red_hat_openjdk_6_leadership/

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points