Oracle to demand business users buy licence to run Java SE 8 from next year

Buy a commercial licence or lose out on patches and bug fixes, Oracle warns

Business users of Java SE 8 have been warned that they will no longer receive patches and security updates for the software from the beginning of next year, unless they buy a commercial licence.

Users of Java for individual, personal use, will continue to have the same access to Oracle Java SE 8 updates as they do today through at least the end of 2020.

"In most instances, the Java-based applications you run are licensed separately by a company other than Oracle (for example, games you play on your PC are likely developed by a gaming company)," the firm announced in a statement.

"These applications may run on the Java platform and be dependent on Oracle Java SE 8 updates beyond 2020. Accordingly, Oracle recommends you contact your application provider for details on how they plan to continue to provide application support to you."

The company announced the news alongside its latest critical patch security update for April, where it addressed a total of 254 security vulnerabilities across a wide range of its products.

Some of the more notable patches within the update is a fix for the never-ending Spectre-related vulnerabilities in Solaris systems, named CVE-2017-5753, or also known as Spectre variant 1.

While Oracle said it has already mitigated most of the Spectre/Meltdown processor design bugs in its products back in January, this new one adds some further fixes for Solaris versions 10 and 11.3.

Java specifically was patched for 14 CVE-listed vulnerabilities, including 12 that were remotely exploitable without user notification. Three of the flaws, CVE-2018-2825, CVE-2018-2826, and CVE-2018-2814 were said to have allowed Applet or Java Web Start apps to either crash or take over Java SE.

The software company advises checking your system and installing the updates ASAP to ensure all products are running on the latest versions and thus as safe from the hands of those pesky cyber criminals as possible.