Oracle broke compatibility between Java 8 and Java 9+, so many of the libraries that have a dependency on older functionality are not getting maintained. Java 8 is turning into a dangerous space because even though the JDK is getting patched quarterly, much of the components that work with it are not. It is only going to get worse. SpringBoot, for example, requires either a commercial contract for Java 8/11 support or Java 17+ for the community supported stuff.
> Oracle broke compatibility between Java 8 and Java 9+,
No it didn't. Introduction of modules (Java Platform Module System (JPMS)) would be mostly transparent to majority of users.
> so many of the libraries that have a dependency on older functionality are not getting maintained.
Any example? (I already herad the same argument on bluesky and asked for example and suprisingly didn't get it either)
The biggest issue around that time was switching from javax to jakarta namespace but that's somewhat on the side of the Java versioning.
> Java 8 is turning into a dangerous space because even though the JDK is getting patched quarterly, much of the components that work with it are not.
Again - examples?
If the library is not update then it could happen in any ecosystem - python, c# and whatnot.
> It is only going to get worse. SpringBoot, for example, requires either a commercial contract for Java 8/11 support or Java 17+ for the community supported stuff.
Of for f sake - if you are still stuck on Java 8 (released a decated ago) and didn't update then it's only your fault. Supporting ancient platform cost money so you either put that money to be up to date or you pay companies to maintain compatibility you ancient stock. MS is doing the same with old OSs and virtually any other company requires to pay/pay more to support old stuff... (because it costs money)
I'm coming in as someone who helped get thousands of Java 8 based SpringBoot 2.x apps to Java 17/21 and SpringBoot 3.x, so a non-trivial portion of my last year. The javax -> jakarta namespace was a part of the issue. Turns out, we had a lot of things using jaxb as either a direct or transient dependency. About 10% of the apps were some form of old school Java EE which faced the same issue. None of the porting is hard once you've sat down and done it once - but we had team after team who were doing it the first time. We also got to find out who was using deprecated packages, as release by release from 9+, they started to be deleted. Way too many libs were using Sun's base64 encoder.
The point here is that Java is getting updated and the core JDK is just fine. We are seeing components drop support for Java 1-8, requiring 9+. And yes, that could happen in any ecosystem. It is happening in Java ecosystem today. If you crawl GitHub and look at what is vibrant and what is becoming abandoned, you will see the unmaintained legacy stuff stuck on Java 8. CVEs are a terrible way to say security risk - but it does show trends.
Since about 80% of our Java apps are SpringBoot based, when SpringBoot 2.7.18 being the last 2.x community release that reached EOL in November of last year. That version released with Spring Framework 5.3.31 - Spring Framework is currently 5.3.41 or so for those getting commercial patching. This is the last version that supported Java 8 through 11. Similar issue with MapR. This traps people on specific Java versions, which then traps them to an aging ecosystem of components.
The parent asked - why not target Java 8? That is why. If the parent asked, should I be compatible with Java 21-8, I'd say fine. It is a company's fault if they found themselves on an EOL product. Please, for the love of god... don't enable teams to remain there by making ANYTHING that requires Java 8.
None of this is hard until you have so many that it is.
While javax->jakarta was huge PITA (less motivated by technialities but more by politics though) let me introduce you to https://docs.openrewrite.org/ which should make such upgrades easier :)
