NOTICE: Oracle Java users need to switch to a supported version

Thursday, May 23, 2019

This information was sent via email to the IT Security Community, Frontline Notify (FLN), and unix-admins on May 23, 2019.

Summary

Oracle now requires a paid subscription to Java SE for commercial users to receive important updates and security patches. If you are responsible for a university instance of Java, it is critical that you use an up-to-date version and keep it updated with security patches as they are released. Oracle Java users need to either purchase a subscription (available in the ITS Software Store) or switch to other comparable software and keep it updated. For details, see ITS: Oracle Java SE Subscriptions.

Problem

Oracle has changed its pricing model for Java, and subscriptions are required for support and updates, including security patches. Other support contracts have been discontinued. If you use Oracle Java and have not yet purchased a subscription, please do so as soon as possible or switch to alternate supported software.

Threats

Unsupported software is at risk over time as new bugs and vulnerabilities are identified and exploited.

Affected Versions

All versions of Oracle Java Standard Edition (SE).

Action Items

MiWorkspace staff members are working with unit representatives to identify unit-specific applications that require Java and deploy the appropriate solution. No action is required by individual MiWorkspace customers or users.

ITS staff members are working now to take appropriate action on use of Java for other ITS-provided services as needed.

Questions, Concerns, Reports

You can contact the ITS Service Center to reach ITS Software Services for help using the ITS Software Store.

References