Business users of Java SE 8 have been told that they will no longer receive patches and security updates for the software from the beginning of next year, unless they write a cheque for a commercial licence.
Ordinary users will not need to worry as they will have the same access to Oracle Java SE 8 updates as they do today through at least the end of 2020.
Oracle said that iIn most instances, the Java-based applications you run are licensed separately by a company other than Oracle – for example, games you play on your PC are likely developed by a gaming company.
“These applications may run on the Java platform and be dependent on Oracle Java SE 8 updates beyond 2020. Accordingly, Oracle recommends you contact your application provider for details on how they plan to continue to provide application support to you.”
Oracle gave its warning as it announced a critical patch security update for April, where it addressed a total of 254 security vulnerabilities across a wide range of its products.These include Spectre-related vulnerabilities in Solaris systems, named CVE-2017-5753, or also known as Spectre variant 1.
Java specifically was patched for 14 CVE-listed vulnerabilities, including 12 that were remotely exploitable without user notification. Three of the flaws, CVE-2018-2825, CVE-2018-2826, and CVE-2018-2814 were said to have allowed Applet or Java Web Start apps to either crash or take over Java SE.