Java 23 is non LTS. We use java 21 (the most recent LTS) for our internal stack, but for maximum compatibility we support java 8 for this library (and our other open source libraries, including our java client library/SDK).
We run a ton of legacy cruft that's still on Java 8. Extended support is available until at least 2030. It's rock solid for us and migration is not easy unfortunately, even Java 11 is a challenge.
Oracle broke compatibility between Java 8 and Java 9+, so many of the libraries that have a dependency on older functionality are not getting maintained. Java 8 is turning into a dangerous space because even though the JDK is getting patched quarterly, much of the components that work with it are not. It is only going to get worse. SpringBoot, for example, requires either a commercial contract for Java 8/11 support or Java 17+ for the community supported stuff.
> Oracle broke compatibility between Java 8 and Java 9+,
No it didn't. Introduction of modules (Java Platform Module System (JPMS)) would be mostly transparent to majority of users.
> so many of the libraries that have a dependency on older functionality are not getting maintained.
Any example? (I already herad the same argument on bluesky and asked for example and suprisingly didn't get it either)
The biggest issue around that time was switching from javax to jakarta namespace but that's somewhat on the side of the Java versioning.
> Java 8 is turning into a dangerous space because even though the JDK is getting patched quarterly, much of the components that work with it are not.
Again - examples?
If the library is not update then it could happen in any ecosystem - python, c# and whatnot.
> It is only going to get worse. SpringBoot, for example, requires either a commercial contract for Java 8/11 support or Java 17+ for the community supported stuff.
Of for f sake - if you are still stuck on Java 8 (released a decated ago) and didn't update then it's only your fault. Supporting ancient platform cost money so you either put that money to be up to date or you pay companies to maintain compatibility you ancient stock. MS is doing the same with old OSs and virtually any other company requires to pay/pay more to support old stuff... (because it costs money)
I'm coming in as someone who helped get thousands of Java 8 based SpringBoot 2.x apps to Java 17/21 and SpringBoot 3.x, so a non-trivial portion of my last year. The javax -> jakarta namespace was a part of the issue. Turns out, we had a lot of things using jaxb as either a direct or transient dependency. About 10% of the apps were some form of old school Java EE which faced the same issue. None of the porting is hard once you've sat down and done it once - but we had team after team who were doing it the first time. We also got to find out who was using deprecated packages, as release by release from 9+, they started to be deleted. Way too many libs were using Sun's base64 encoder.
The point here is that Java is getting updated and the core JDK is just fine. We are seeing components drop support for Java 1-8, requiring 9+. And yes, that could happen in any ecosystem. It is happening in Java ecosystem today. If you crawl GitHub and look at what is vibrant and what is becoming abandoned, you will see the unmaintained legacy stuff stuck on Java 8. CVEs are a terrible way to say security risk - but it does show trends.
Since about 80% of our Java apps are SpringBoot based, when SpringBoot 2.7.18 being the last 2.x community release that reached EOL in November of last year. That version released with Spring Framework 5.3.31 - Spring Framework is currently 5.3.41 or so for those getting commercial patching. This is the last version that supported Java 8 through 11. Similar issue with MapR. This traps people on specific Java versions, which then traps them to an aging ecosystem of components.
The parent asked - why not target Java 8? That is why. If the parent asked, should I be compatible with Java 21-8, I'd say fine. It is a company's fault if they found themselves on an EOL product. Please, for the love of god... don't enable teams to remain there by making ANYTHING that requires Java 8.
None of this is hard until you have so many that it is.
While javax->jakarta was huge PITA (less motivated by technialities but more by politics though) let me introduce you to https://docs.openrewrite.org/ which should make such upgrades easier :)
Migrating anything at least somehow complicated past Java 8 is PITA. When you are at Java 9, you are half done. Full done if you don't use some libraries that abuse JVM (like lombok). For most of those it would be enough to upgrade to newest versions.
Java 8 -> 11 upgrade was kind of a pain, and so was 11 -> 17. After that though, it's smooth sailing. I think breaking changes for the module system are over.
I would argue differently, it is better to use latest JDK, it always has best support and fixes.
Most maintained libraries keep their code compatible with it, if one doesn't then I would be cautious in using it as it is a big red light, that notifies given maintainer doesn't have enough time, so any fixes might not get there in time (or ever). Think of it like a litmus test.
LTS makes sense if you are paying for it and updating your JDK as soon as there is a release of LTS JDK (so AFAIR usually once every 1-2 months. Which is exactly what you would do with the current JDK.
Because you won't have to schedule full compatibility testing of your
app in order to find out that there were breaking changes in the newest
JDK version that require the user to fix the app. You can just not
update the major version of JRE for a long time. The JRE will still be
updated with security fixes and bugs, but no breaking changes should be
introduced.
Developers can focus on extending functionality instead of maintenance
and porting the app to new JRE. Devops can focus on different things
than adapting the environment to the new requirements that were broken
in new JRE major version. Product managers don't need to create another
spreadsheet columns to mark compatibility issues.
The problem with "most libraries keeping their code compatible with the
newest JRE version" is that most projects use a library that is not
kept up-to-date with the newest JRE version. Often that library is the
library which has no alternatives. Also switching libraries is rarely a
trivial thing to do.
Using bleeding edge software also means that we participate in "beta" testing. Company-oriented human resource management would suggest that the resources the company spends should be about the needs of the company, not some thirdparty product.
Newer JDK usually means new features that makes programmers life easier -> less maintenance in the long run. This is not construction work, this is programming, new means better.
If one doesn't have automated regression testing then that is a red light.
You can do beta testing, with EA, not with GA.
Why? It's a library so the more platform it supports the better. There is nothing inherently wrong with that and if the author wants to put up with the lack of modern features and syntactic sugar then why not?
I made a tool in Java recently where I was expecting relatively untechnical people to wind up using. Decided to check if there was a version of Java already on a Windows 10 tablet I've had but not really used and it had 8 on it so I developed to version to minimise the need to guide people through installing a newer version.
I hadn't used Java since my first year of programming and didn't want to spend too long on it. As it was basically a game modding tool I just wanted a jar that works on a wide variety of devices because that's what I'm used to in that scene as a user.
I didn't even know Jlink was a thing though, thanks for mentioning it! will look into it to see if it's worth adding whenever I return to the project
Not really, we run multiple prod apps on Java 8. Sure, there is migration in the pipeline, but that's about it, its solid as rock and that's all business cares about.
If version 8 is still a relevant target, there's a problem.