Get the damn memo already: Java11 reached end-of-life years ago
Christian
4 minutes
Photo by Chevanon Photography: https://www.pexels.com/photo/person-performing-coffee-art-302899/
In this case: Rundeck
They state the following in their installation documentation:
Rundeck depends on Java 11. The Java 14 packages will satisfy this dependency however Rundeck will not function properly with them. It is recommended to install the
openjdk-11-jre-headlesspackage manually.
Source: https://docs.rundeck.com/docs/administration/install/linux-deb.html
Java11 reached end-of-life years ago! And some Linux distributions don't have packages for it . The Java version is Java22. And the current version is Java21.
Utilizing https://endoflife.date/ we can easily get an overview of the respective dates.
Free builds from Oracle: https://endoflife.date/openjdk-builds-from-oracle: End of life reached: 19th March, 2019.
Paid builds from Oracle: https://endoflife.date/oracle-jdk: Premier Support reached end-of-life on 30th September 2023. Extended Support last until 31th January 2032.
RedHat builds of OpenJDK: https://endoflife.date/redhat-build-of-openjdk: Support ends 30th October 2024. With paid extended life-cycle support 1 it ends 31th October 2027.
However this is just for the OpenJDK packages!
The really important part is: Are there any Java11 packages for the operating system being used?
RedHat Linux Enterprise Server 9 contains Java1.8, Java11 and Java17.
SuSE Linux Enterprise Server 15 SP6 contains Java1.8, Java11 and Java17.
Ubuntu 24.04 - the current LTS version, provides OpenJDK packages for version 11, 17 and 21.
Debian Stable (Bookworm currently) ships with OpenJDK 17 only.
is not me. Java11 was released in September 2018. That is 6 years ago. Java14 eleased in March 2020. Four years ago.
Which is included in released distributions? Or least make it work with them? This annoys me. Yes, it's nice that you offer packages for non-commercial distributions - but if I can't install your software because of missing dependencies at all.
Either by their own processes & standards or by law/insurances.
They literally can't install or even run older unsupported versions of Java11 packages. This effectively forces them additional support packages for older . Great! RHEL or SLES drop Java11 support. (Well, at least OpenJDK11 is already somewhat confirmed for RHEL10. I don't know if only with a valid ELS subscription or not. SuSE Java11 and SLES16 as I know
Or they run one of the big non-commercial distributions like Debian or Ubuntu. Sure, Ubuntu 24.04 would be a alternative. But what if the doesn't any Ubuntu servers? Should there be one or two Ubuntu servers thousands, just for one meagre application?
Create completely new Ansible and/or Puppet just for a handful of servers a completely different OS? Maybe even different software for other basic tasks like backup, LDAP integration, etc. in case the current software doesn't support Ubuntu LTS? This can easily a long (and ) software . Not the new required .
"Just use docker."
You do understand that Docker is no solution to security risks when the container runs the same outdated software, yes? Sure it's good for mitigation/reduction of the attack surface but it doesn't fix the underlying problem.
And this annoys me. We really should hold enterprise software accountable to higher standards.
I do understand fairly well that someone at Pagerduty must have thought: "Well, all major (commercial) Linux distributions still support Java11, so there is no business risk for us. And for the rest we just provide container images via Docker." Yep, this is the reason why we sometimes can't have nice things. Total neglect of the wider responsibility while additionally ignoring the fact that Java11 needs to be included in all these commercial distributions as still too many software products rely on it.
it the attention it deserves. If you don't a about your . And those assumptions won't be .
