Hi, The fundamental issue is that Oracle does not officially designate OpenJDK 25 as a long term support version with the support commitment. They may deliver patches for Oracle build but not for the OpenJDK upstream.
The JDK updates project[1] is providing the security updates, and it is maintained by a team from multiple companies (Oracle, Red Hat, SAP)[2]. It follows Oracle Critical Patch update schedule. There is no set EOL for the life of JDK 25 updates projects and if it sunsets before the Resolute EOL, we will have to adjust our security release procedure: 1) Ensure that we have access to embargoed code for the current security release, or at least access to the security tracker so that we can easily identify CVE-related patches. 2) Evaluate and apply patches to our fork of JDK 25. 3) Make a security release. [1] https://openjdk.org/projects/jdk-updates/ [2] https://wiki.openjdk.org/spaces/JDKUpdates/pages/170131468/JDK+25u -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2138526 Title: [MIR] openjdk-25 (non-blocking) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-25/+bug/2138526/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
