Java is a programming language and software platform. Examples of applications that use Java are numerous and widespread but include web browsers, office applications, and even games like Minecraft are based on Java.

The full version string for this update release is 22.0.2+9 (where "+" means "build"). The version number is 22.0.2. Complete release notes for Java 22.0.2 can be found here.

If you need to run Java applications, downloading and installing the JRE (Java Runtime Environment) is enough. If you're developing Java applications, you'll want to download the JDK, which also includes the JRE.

For full information and terms, refer to the OTN License Agreement for Java SE. The OTN License Agreement for Java SE for current Oracle Java SE releases allows them to be used, without cost:

  • (i) For personal use on a desktop or laptop computer, such as to play games or run other personal applications.
  • (ii) For development, testing, prototyping, and demonstrating applications, including to use by/with profilers, debuggers, and Integrated Development Environment tools.
  • (iii) For use with some approved products, such as Oracle SQL Developer, or as an end user of a software application created by an approved product. (referred to as "Schedule A" and "Schedule B" Products in the OTN License Agreement for Java SE)
  • (iv) With identified Oracle Cloud Infrastructure products.

The latest version of Java is Java 24 or JDK 24 released on March 2025. However, many versions of Java are actively maintained for compatibility purposes. Java 8, Java 11, Java 17 and Java 21 are the four long-term support versions recommended by Oracle alongside the latest release. You can download the version you need below:

Java 8 is the last free software public update for commercial use, which explains why it remains popular even though it was released back in 2014. Oracle plans to maintain it until at least 2030. Also, you should know that some applications might refer to Java 8 as version 1.8.0.

What is Java JDK?

The Java Development Kit (JDK) is the full-featured software development kit for Java developers. It has everything the JRE has, but adds the compiler (javac) and tools (like javadoc and jdb). The JDK allows you to create and compile Java programs.

Is Java free to use?

Yes, Java is free to use under the jdk.java.net license. This means anyone can download it for personal or development use at no cost. Oracle does charge for long term support, but this is optional.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.22 are specified in the following table:

JRE Family Version = JRE Security Baseline (Full Version String)

  • 22 = 22.0.2+9

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 22.0.2) be used after the next critical patch update scheduled for October 15, 2024.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

What's New

Notable Issues Resolved
tools/jpackage
➜ jpackage May Produce an Inaccurate List of Required Packages on Debian Linux Distros (JDK-8295111)
Fixed an issue on Debian Linux distros where jpackage could not always build an accurate list of required packages from shared libraries with symbolic links in their paths, causing installations to fail due to missing shared libraries.

Removed Features and Options
install/install
➜ Remove Obsolete Desktop Integration from Linux Installers (JDK-8322234 (not public))
Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons, /usr/share/mime, and /usr/share/applications subtrees.

Other Notes
security-libs/java.security
➜ Added GlobalSign R46 and E46 Root CA Certificates (JDK-8316138)
The following root certificates have been added to the cacerts truststore:

+ GlobalSign: globalsignr46 - DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
+ GlobalSign: globalsigne46 - DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
infrastructure/build
➜ Native Executables and Libraries on Linux Use RPATH Instead of RUNPATH (JDK-8326891)
Native executables and libraries on Linux have switched to using RPATH instead of RUNPATH in this release.

JDK native executables and libraries use embedded runtime search paths to locate other internal JDK native libraries. On Linux these can be defined as either RPATH or RUNPATH. The main difference is that the dynamic linker considers RPATH before the LD_LIBRARY_PATH environment variable, while RUNPATH is only considered after LD_LIBRARY_PATH.

By making the change to using RPATH, it is no longer possible to replace JDK internal native libraries using LD_LIBRARY_PATH.

install/install
➜ Install DEB and RPM Java Packages in Version Directory (JDK-8325265 (not public))
The installation directory name of the Oracle JDK in RPM and DEB packages has changed from /usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH} to /usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}.

Every update release will be installed in a separate directory on Linux platform.

Installers will create a /usr/java/jdk-${FEATURE}-oracle-${ARCH} link pointing to the installation directory to allow programs to find the latest JDK version in the ${FEATURE} release train.

security-libs/javax.security
➜ Fallback Option For POST-only OCSP Requests (JDK-8328638)
JDK 17 introduced a performance improvement that made OCSP clients unconditionally use GET requests for small requests, while doing POST requests for everything else. This is explicitly allowed and recommended by RFC 5019 and RFC 6960. However, we have seen OCSP responders that, despite RFC requirements, are not working well with GET requests.

This release introduces a new JDK system property to allow clients to fallback to POST-only behavior. This unblocks interactions with those OCSP responders through the use of -Dcom.sun.security.ocsp.useget={false,true}. This amends the original change that introduced GET OCSP requests (JDK-8179503). The default behavior is not changed; the option defaults to true. Set the option to false to disable GET OCSP requests. Any value other than false (case-insensitive) defaults to true.

This option is non-standard, and might go away once problematic OCSP responders get upgraded.