nokia mobile hardware and software updating - Updating jdk

We usually update Java when there's a JSS update available.As for the Java Cryptography Extension (JCE), they HAVE to match the version of Java installed or else the JSS will fail to start.

updating jdk-24

We currently rely on archive/ubuntu/java to provide Oracle JDK 8.

There is work underway to bring Open JDK 8, too, but I'm not sure when it'll have 8u40.

(By bundling, I mean we extract a copy of the JRE in our installation directory--we don't install the JRE and configure it as the system default.) The problem is, it's a hassle having to keep that JRE up-to-date because first we have to retest everything to make sure the update didn't break anything (it has broken some of our third-party dependencies in the past).

How seriously, if at all, are we putting our customers at risk if we don't update our SDK/JDK and the runtime/JRE that we bundle with our product every time there's a security update?

When looking at the JCE page on Oracle's Java site ( it doesnt appear that the JCE files are In fact, it appears to still be the same JCE files I installed back in October. also - When you patch the Java JDK on your JSS servers, do you just run the updates from the Java control panel (Win) & Pref Pane (Mac)- or do you actually download and install the full JDK installer again?