Updating Java refers to installing a newer build of the same version you currently use. Updating your Java version is key to keeping the foundation of your application safe and stable. Let’s see what types of updates for your Java runtime are available, which Java versions can be updated for free, and how to update your JDK depending on the platform.
Table of Contents
Why you need to update Java
Updating your JDK is as important as updating any other software. The risks of not updating Java include security breaches due to exploits of known vulnerabilities and unstable operation due to bugs.
Just a couple of numbers:
- 10 Common Vulnerabilities and Exposures (CVEs) were discovered and patched in jDk in 2023 alone;
- 135 CVEs were discovered and patched in JDK 11 between October 2018 and April 2023.
Every known vulnerability in your project can serve as an open backdoor for malicious actors. Sometimes, the impact of a vulnerability is so serious it has ripple effects globally. One example of such a vulnerability is Log4Shell, a Remote Code Execution (RCE) vulnerability in the Log4J library with the highest CVSS score of 10, which affected millions of systems worldwide. Even despite the fact that the vulnerability was patches and new versions of Log4J are free of it, the vulnerability is still being exploited because the older versions of this library are deeply rooted into software supply chains and are used sometimes as an indirect dependency.
Therefore, Java updates provide you with:
- Security patches,
- Bug fixes,
- Performance optimizations introduced with minor enhancements to the runtime and backports from newer JDK versions (although the older the Java release, the less improvements and features get backported there).
Note that if enhancing the performance of your Java application is critical to you, but you are not ready to migrate to a newer Java version, you can take advantage of Liberica JDK Performance Edition that couples JVM 17 and JDK 8 or 11, allowing for instant performance boost without dependency updates and major code changes.
Java updates schedule
Java updates schedule overview
Updating Java means moving within a major release, for instance, from JDK 21.0.1 to JDK 21.0.3. It is not the same as upgrading, which means migrating to a newer version, for instance, from JDK 8 to JDK 17.
LTS vs feature releases
Updates to the ‘active’ OpenJDK branches, that is, Long-Term Support (LTS) versions and a current feature version, are released quarterly, commonly on the third Tuesday of January, April, July, and October. These updates include security patches for known vulnerabilities and bug fixes.
Vendor-specific support lifecycles
LTS versions receive updates for several years, but the lifecycle depends on the vendor and the Java version (see a comparative table of JDK support from major vendors here). Feature releases receive updates for six months.
Critical Patch Update and Patch Set Update: what’s the difference?
There are two types of updates available for your Java runtime: Critical Patch Update (CPU) and Patch Set Update (PSU):
- CPU updates include patches for CVEs and the most critical bug fixes. They affect a smaller range of Java libraries and so can be integrated into the project without the risk of disrupting the workflow.
- PSU updates include all patches and fixes from CPU plus non-critical fixes, enhancements, and feature updates.
Most OpenJDK release only PSU builds, and three vendors — Oracle, BellSoft, and Azul — provide CPU builds in addition to PSU.
Which Java versions receive free updates
OpenJDK vendors provide free updates for major LTS versions for commercial and personal use, but the range of versions depends on the vendor. For instance, SAP and Microsoft don’t provide updates for JDK 8. BellSoft releases updates for all LTS versions: 8, 11, 17, and 21.
If you use Oracle Java, the situation is a bit more complicated. In short, Oracle Java 8 and 11 public updates are available for personal use only. Starting with Java 17, Oracle releases free updates for personal and commercial use for three years, and after that you must either migrate to the next LTS release or acquire a license to continue receiving updates for Oracle Java used in enterprise. For more information about differences between personal and commercial use, various Oracle Java licenses and Oracle’s pricing policy, refer to the Java licensing overview.
What if you use Java 6 or 7? Unfortunately, there are no free updates for these releases, and most vendors don’t support them. But if migration to newer Java versions is off the table for now, BellSoft provides commercial Java 6 & 7 builds with quarterly security updates and 24/7 support service.
For Java versions below 6 & 7 there are no updates at all, so we recommend upgrading at least to Liberica JDK 6(7) to receive security patches, or to Liberica JDK 8 if you’d like to get updates until 2031. The BellSoft engineers will be happy to help you with the migration, contact us to learn more!
How to know which Java version you use
Regardless of an operating system, the fastest way to check which Java version is currently in use is to run:
java -version
openjdk version "21.0.3" 2024-04-16 LTS
OpenJDK Runtime Environment (build 21.0.3+10-LTS)
OpenJDK 64-Bit Server VM (build 21.0.3+10-LTS, mixed mode, sharing)If you get the message “java is not recognized as an internal or external command”, you need to configure a JAVA_HOME variable and add the JDK /bin subdirectory to the PATH.
For macOS and Linux:
export PATH=<Liberica installation dir>/bin:$PATH
export JAVA_HOME=<Liberica installation dir>For Windows:
- Select Properties → Advanced system settings → Environment variables.
- Select 'Path' in System variables, click Edit → New, type
C:/<path-to-jdk-installation-directory>/bin/ - Select ‘New’ under System variables, type JAVA_HOME in Variable name, and type the path to JDK installation directory in Variable value.
How to update your Java version
Note that different JDK vendors provide different delivery channels for their software, so some of the alternatives described below may not be available with your vendor.
We use Liberica JDK 21, the latest minor release available at the moment of writing this article, as an example.
How to update Java on Windows
If you don’t use package managers, there are two convenient ways to update Java on Windows:
Download the .msi file and follow the instructions in the JDK Setup Wizard. This will overwrite the existing JDK installation.
Alternatively, you can install Liberica JDK silently without user interaction by running
msiexec /i bellsoft-jdk21.0.3+12-windows-amd64.msi /qn /quiet /norestart /l*v "Liberica_install.log"The second option is to download the .zip file, unpack JDK and set the PATH and JAVA_HOME environment variables as described in the section above. You may want to delete the previously installed version to save space.
You can also use Windows PowerShell to download and unpack the .zip file:
Invoke-WebRequest "https://download.bell-sw.com/java/21.0.3+12/bellsoft-jdk21.0.3+12-windows-amd64.zip"
Expand-Archive bellsoft-jdk21.0.3+12-windows-amd64.zip -DestinationPath .For more detailed instructions on Liberica JDK installation on Windows, see the relevant Liberica JDK Installation Guide.
How to update Java on macOS
To update Java on macOS, you can download the .dmg, .pkg, .tar.gz, or .zip package:
- In the case of the .dmg file, follow the instructions in the installer that pops up when you double-click the file. The existing JDK installation will be overwritten.
- If you download the archive, unpack the file and set the PATH and JAVA_HOME environment variables as described in the section above. You may want to delete the previously installed version to save space.
You can also download and unpack the archive with the following commands:
wget https://download.bell-sw.com/java/21.0.3+12/bellsoft-jdk21.0.3+12-macos-amd64.zip
unzip bellsoft-jdk21.0.3+12-macos-amd64.zipFor more detailed instructions on Liberica JDK installation on macOS, see the relevant Liberica JDK Installation Guide.
How to update Java on Linux
There are two ways to update Java on Linux: using a repository or Installing the binary manually.
If you already installed Java via the Linux repository, you can simply update the repository package index and upgrade all packages or one specific package by specifying its name.
For instance, for apt-based systems:
sudo apt-get update
sudo apt-get upgrade bellsoft-java21For apk-based systems such as Alpine or Alpaquita:
apk update
apk upgrade bellsoft-java21For yum-based systems:
sudo yum update
sudo yum upgrade bellsoft-java21For manual upgrade of Liberica JDK on various Linux distributions, refer to the relevant Liberica JDK Installation Guide.
Package managers
If you installed Java using one of the following package managers: SDKMAN, Homebrew, SCOOP, Chokolatey, winget, update the JDK package accordingly.
SDKMAN:
sdk upgrade javaHomebrew:
brew reinstall liberica-jdk21SCOOP:
scoop update liberica21Chokolatey:
choco upgrade libericajdkwinget:
winget upgrade --id BellSoft.LibericaJDK21Containers
Updating the base image of your containerized application is essential to keep your cloud workloads safe. If you use the specific image version, update it to the newest one in your Dockerfile, for instance,
FROM bellsoft/liberica-runtime-container:jdk-21.0.3-stream-muslAs BellSoft provides continuous updates to its Liberica Runtime Container images (based on Liberica JDK and Alpaquita Linux), you can use the latest tag or a major version (for instance, bellsoft/liberica-runtime-container:jdk-21-stream-musl), and everytime you rebuild your container, you will have the latest available base image with fixes and patches in the JDK and Linux.
Discovery API
BellSoft provides the option of browsing and downloading Liberica JDK binaries via REST Discovery API. You can discover:
- The latest Liberica JDK release,
- The latest Liberica DK LTS release,
- Whether your Liberica JDK version is the latest version,
- A link for downloading without parsing JSON,
- Supported systems and architectures.
To learn more about discovering and downloading Liberica JDK releases via Discovery API, refer to Liberica JDK Product Discovery API.
