Alert

Too early to upgrade to Java 10

Customer Alert 20180321

Oracle has fulfilled a promise to speed the pace and volume of Java SE releases, announcing the immediate availability of Java SE 10.  In a news release announcing the first in a promised series of updates every six months, Oracle described four key enhancements:

  • Local-variable type inference: enhances the Java language to extend type inference to declarations of local variables with initializers.
  • Parallel Full GC for G1: improves G1 worst-case latencies by making the full GC parallel.
  • Application Class-Data Sharing: optimizes startup time and footprint by extending the existing Class-Data Sharing (“CDS”) feature to allow application classes to be placed in the shared archive.
  • Experimental Java-Based JIT Compiler: enables the Java-based JIT compiler, Graal, to be used as an experimental JIT compiler on the Linux/x64 platform

However, within hours of the release reports surfaced within the Java community of a flaw that crashes the compiler.

Waratek Advice

Members of the Java developer community have long expressed concern about Oracle’s six month release cycle and the risk of rushing new features to market that could break an application’s functionality.  Today’s first release proves those concerns are justified.

Despite worries around the impacts of a more rapid release schedule, the availability of Java 10 also ends public security updates for Java 9.  Users are required to upgrade to Java 10 to continue patching their JVMs with Oracle’s public quarterly security patches.

Waratek recommends customers carefully consider when to upgrade their applications to a more recent version of Java SE.  Waratek’s virtual patching feature eliminates the urgency to upgrade in order to continue receiving Oracle security patches.  Waratek allows customers to instantly apply functional equivalent Virtual Critical Patch Updates without fear of breaking an application, requiring application downtime or source code changes – meeting compliance requirements to patch on a timely basis.

Customer who are required by policy or regulation to use current versions of the Java platform may use Waratek’s virtual upgrade feature to instantly lift an out-of-support version of Java (Java SE versions 4 through 8) to a current version without rewriting the application.

Related alerts

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.