OpenJDK - Does CentOS OpenJDK benefits from security fixes of the RHEL OpenJDK ?

[sylmarch]

As you probably know, Oracle changes the lifecycle of the Java JDK.

Starting from January 2019, Oracle JDK 8 stops receiving free public security updates.
If you are using Java on production servers and don't want to buy a licence, you have to use an OpenJDK implementation as Oracle JDK need a commercial licence for production purpose since January 2019.

Besides, to get last security fixes for free, you will have to update your OpenJDK instance every 6 months, as soon as a new major release is published. That's because Oracle doesn't backport security fixes from OpenJDK N+1 to OpenJDK N as soon as OpenJDK N+1 is released.
An other solution is to use the OpenJDK implementation of another vendor that performs security fixes.

I find that RHEL provides such kind of OpenJDK implementation ( https://access.redhat.com/articles/1299013 ). Otherwise, RHEL is not free...

I'm new to CentOS and, as far as I understand, CentOS is built from RHEL source code.

Thus, could you tell me if CentOS OpenJDK immediatly benefits from the security fixes of the RHEL OpenJDK?

Thanks!

P.S. : another interesting document that has been writen by Java Champions: https://docs.google.com/document/d/1nFG ... aBr_5pKuHo

[TrevorH]

CentOS is a rebuild of the sources used by Redhat to build RHEL. For individual bug fixes, as they are released by RH, they are rebuilt and released for CentOS, usually within hours or days.

When a new point release of RHEL comes out - for example 7.6 came out on Oct 30th - the process takes longer as all packages have to be rebuilt and tested. CentOS 7.6 was released at the start of December but the packages that go to make up that point release were made available via the optional "CR" repo around the 12th Nov.

As long as the fixes you're interested in have been publicly released by Redhat for RHEL (i.e. they are not private ones or one that you need to pay a separate subscription for) then they would be rebuilt as above.