Securing Payara Server and Payara Micro with a Supported JDK
Originally published on 20 Dec 2018
Last updated on 08 Jan 2019
As you probably already know, Oracle decided to stop providing public updates for Oracle Java Development Kit 8 (JDK 8) in January 2019. Public updates and security fixes will be provided by Oracle only for the latest version of Oracle JDK, for 6 months until the next new version. While personal users will still continue to get updates for Oracle JDK 8 until December 2020, commercial companies that plan to use it after January 2019 will either need to become Oracle customers or switch to a JDK 8 distribution supported by someone else to receive regular updates with critical and security fixes.
If you run Payara Server or Payara Micro on Oracle JDK 8 without commercial support from Oracle after January 2019, the Java Virtual Machine (JVM) may contain security issues that won't get fixed and may impact the security of your systems. The security fixes in Payara Platform provided every month for Payara Enterprise customers and quarterly for the general public are not enough to secure against vulnerabilities in the JDK. However, there is a solution.
Fortunately, OpenJDK, which is the base for Oracle JDK, is open source. There are several companies that provide support for it, including supporting OpenJDK 8. One of them, Azul Systems, provides both free packages of JDK 8 as Zulu JDK, and commercially-supported packages with the Zulu Enterprise JDK.
Payara Platform supports Zulu JDK and we recommend using the community Zulu JDK for all users of the community stream of Payara Server or Payara Micro. Zulu Enterprise JDK offers more frequent private releases and provides guaranteed 8-year access to bug fixes, security updates, and other fixes as needed.
Because we at Payara Services care about securing the applications our customers run on the Payara Platform, we've partnered with Azul Systems to offer you the best of both worlds. We offer free support for Zulu Enterprise JDK until 2024 to our customers, with all the bug fixes and security updates from Azul Systems as soon as they are available. With a Payara Enterprise subscription, you'll get support for all Payara Platform products and get access to all bug fixes, enhancements, and quarterly and emergency security updates for Zulu Enterprise JDK to run them with a secure JDK.
Watch the replay of our webinar:
We've also created an in-depth blog to help you Understand Payara Services OpenJDK Support Benefits.
We provide our Payara Enterprise customers full support for their applications running on Payara Server or Payara Micro including the JDK. If we discover that the source of any of your issues is in the JDK itself, we'll work with Azul Systems to provide a solution for you within your usual Payara Enterprise support services. You'll no longer need to figure out which support desk to contact with your issues, you'll get all support seamlessly under one roof! Find out more about our support offerings.
Request More Info About OpenJDK Support
Other related articles:
- How to keep OpenJDK 8 Support with Security Updates Through 2024
- Security Features of Payara Server You Don't Know About
- Java EE Security API (JSR 375/Soteria) with JWT Tokens
- Security Auditing in Payara Server Part 1
- Fine Tuning Payara Server in Production
- 5 More Production Features of Payara Server 5 You Probably Don't Know About
Related Posts
How to Update An Application Using JAXB from JDK 8 to JDK 11
Published on 18 Jun 2021
by Rudy De Busscher
0 Comments
Payara Platform Supports TLS 1.3 on JDK 8
Published on 13 Mar 2020
by Susan Rai
0 Comments