Locator

Contact

Locator

Vet Centers

Regional Benefits Offices

Regional Loan Centers

Cemetery Locations

VA Technical Reference Model v 24.7

Java Runtime Environment (JRE) - Oracle

General Information

Technologies must be operated and maintained in accordance with Federal and Department security and privacy policies and guidelines. More information on the proper use of the TRM can be found on the TRM Proper Use Tab/Section.

Website:	Go to site
Description:	The Java Runtime Environment (JRE) - Oracle contains the Java virtual machine, runtime class libraries, and Java application launcher that are necessary to run programs written in the Java programming language. While this program contains everything required to run Java applications on the user`s system, this product is not a development environment and does not contain development utilities such as compilers or debuggers. The Java Platform, Standard Edition Runtime Environment (JRE), is intended for software developers and vendors to redistribute with their applications. As of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond. NOTE: This entry only covers the Oracle professional versions of Java. This entry does NOT cover or include approvals for OpenJDK Java. OpenJDK has its own TRM entry and users should consult that entry for decisions on OpenJDK.
Technology/Standard Usage Requirements:	Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations. Prior to use of this technology, users should check with their supervisor, Information Security Officer (ISO), Facility Chief Information Officer (CIO), or local Office of Information and Technology (OI&T) representative to ensure that all actions are consistent with current VA policies and procedures prior to implementation.
Section 508 Information:	This technology has not been assessed by the Section 508 Office. The Implementer of this technology has the responsibility to ensure the version deployed is 508-compliant. Section 508 compliance may be reviewed by the Section 508 Office and appropriate remedial action required if necessary. For additional information or assistance regarding Section 508, please contact the Section 508 Office at Section508@va.gov.
Decision:	View Decisions

Decision Source:	TRM Mgmt Group
Decision Process:	One-VA TRM v24.5
Decision Date:	05/22/2024 at 16:13:54 UTC
Aliases:	Java Runtime Environment, JRE Oracle, Java Platform, Standard Edition Runtime Environment (JRE)
Introduced By:	Enterprise Program Management Office (EPMO) TRM Team
Vendor Name:	Oracle

Vendor Release Information

The Vendor Release table provides the known releases for the TRM Technology, obtained from the vendor (or from the release source).

Version	Release Date	Vendor End of Life Date	Vendor Desupport Date
4.x	02/06/2002		10/30/2008
5.x	09/30/2004		10/30/2009
6u1-9	05/07/2007
6u10	10/15/2008
6u11-34	12/03/2008
6u35	08/30/2012
6u36-41	02/19/2013
6u43	03/04/2013
6u45	04/16/2013
6u51	06/18/2013
6u52-6u201			09/30/2018
6u211			12/31/2018
7 Support Timeline	01/01/2013		07/31/2022
7u1-17	03/04/2013
7u25	06/18/2013
7u40	09/10/2013
7u45	10/15/2013
7u51-101	01/14/2014
7u201	08/16/2018	01/15/2019	04/16/2019
7u211	01/14/2019	04/16/2019
7u221/222	04/16/2019
7u231/232	07/16/2019	10/16/2019	10/16/2019
7u241/242	10/15/2019	01/15/2020	01/15/2020
7u251/252	01/15/2020	04/15/2020	04/15/2020
7u261/262	04/15/2020	07/15/2020	07/15/2020
7u271/272	07/15/2020	10/15/2020	10/15/2020
7u281/282	10/15/2020	01/15/2021	01/15/2021
7u291/292	01/13/2021	04/15/2021	04/15/2021
7u301/302	04/13/2021	07/15/2021	07/15/2021
7u311/312	07/12/2021	10/15/2021	10/15/2021
8 Support Timeline	03/19/2014	01/31/2019	03/31/2025
8u5	04/16/2014
7u341/342 (EOL)		07/22/2022	07/22/2022
7u351/352 (EOL)		07/22/2022	07/22/2022
7u321/322	10/15/2021	01/15/2022	01/15/2022
7u331/332	01/15/2022	04/15/2022	04/15/2022
8u11	07/16/2014
8u20	08/20/2014
8u25	10/15/2014
8u31	01/21/2015
8u40	03/03/2015
8u45	04/14/2015
8u51	07/14/2015
8u60	08/18/2015
8u65	10/20/2015
8u66	10/20/2015
8u121	01/17/2017
8u71	01/19/2016
8u72	01/19/2016
8u73	02/05/2016
8u74	02/05/2016
8u77	03/31/2016
8u91	04/30/2016
8u92	04/30/2016
8u101	07/19/2016
8u102	07/19/2016
8u121	01/17/2017
8u131	04/01/2017
8u144	08/01/2017
8u151	10/01/2017
8u152
8u161	01/16/2018
8u171	04/17/2018	01/31/2019
8u181	07/17/2018	01/31/2019	01/15/2019
8u191	10/16/2018	01/15/2019	04/16/2019
8u201	01/15/2019	04/16/2019
8u202	01/15/2019	04/16/2019
8u211	04/16/2019	07/15/2019
8u212	04/16/2019	07/15/2019
8u221/222	07/16/2019	10/16/2019	10/16/2019
8u231/232	10/15/2019	01/15/2020	01/15/2020
8u241/242	01/15/2020	04/15/2020	04/15/2020
8u251/252	04/15/2020	07/15/2020	07/15/2020
8u261/262	07/15/2020	10/15/2020	10/15/2020
8u271/272	10/15/2020	01/15/2021	01/15/2021
8u281/282	01/15/2021	04/15/2021	04/15/2021
8u291/292	04/13/2021	07/15/2021	07/15/2021
8u301/302	07/12/2021	10/15/2021	10/15/2021
8u311/312	10/15/2021	01/15/2022	01/15/2022
8u331/332	04/15/2022	07/15/2022	07/15/2022
8u321/322	01/15/2022	04/15/2022	04/15/2022
8u341/342		10/15/2022	10/15/2022
8u351/352		01/15/2023	01/15/2023
8u361/362	01/17/2023	04/15/2023	04/15/2023
8u371/372	04/20/2023	07/15/2023	07/15/2023
8u381/382	07/15/2023	10/15/2023	10/15/2023
8u391/392		01/15/2024	01/15/2024
8u401	01/16/2024
8u410
8u411	04/16/2024
9 Support Timeline	09/01/2017	03/31/2018	03/31/2018
9.x	09/01/2017	03/31/2018	03/31/2018
10 Support Timeline	03/01/2018	09/30/2018	09/30/2018
10.x	03/01/2018	09/30/2018	09/30/2018
19.0.1	10/18/2022
20.x	03/21/2023	09/30/2023	09/30/2023

Current Decision Matrix (05/16/2024)

Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations. Prior to use of this technology, users should check with their supervisor, Information Security Officer (ISO), Facility Chief Information Officer (CIO), or local Office of Information and Technology (OI&T) representative to ensure that all actions are consistent with current VA policies and procedures prior to implementation.

The VA Decision Matrix displays the current and future VA IT position regarding different releases of a TRM entry. These decisions are based upon the best information available as of the most current date. The consumer of this information has the responsibility to consult the organizations responsible for the desktop, testing, and/or production environments to ensure that the target version of the technology will be supported. Any major.minor version that is not listed in the VA Decision Matrix is considered unapproved for use.

Legend:

White	Approved: The technology/standard has been approved for use.
Yellow	Approved w/Constraints: The technology/standard can be used within the specified constraints located below the decision matrix in the footnote[1] and on the General tab.
Gray	Unapproved: This technology or standard can be used only if a POA&M review is conducted and signed by the Authorizing Official Designated Representative (AODR) as designated by the Authorizing Official (AO) or designee and based upon a recommendation from the POA&M Compliance Enforcement, has been granted to the project team or organization that wishes to use the technology.
Orange	Divest: VA has decided to divest itself on the use of the technology/standard. As a result, all projects currently utilizing the technology/standard must plan to eliminate their use of the technology/standard. Additional information on when the entry is projected to become unapproved may be found on the Decision tab for the specific entry.
Black	Prohibited: The technology/standard is not (currently) permitted to be used under any circumstances.
Blue	Planning/Evaluation Constraint:The period of time this technology is currently being evaluated, reviewed, and tested in controlled environments. Use of this technology is strictly controlled and not available for use within the general population. If a customer would like to use this technology, please work with your local or Regional OI&T office and contact the appropriate evaluation office displayed in the notes below the decision matrix. The Local or Regional OI&T office should submit an inquiry to the TRM if they require further assistance or if the evaluating office is not listed in the notes below.

Release/Version Information:

VA decisions for specific versions may include a ‘.x’ wildcard, which denotes a decision that pertains to a range of multiple versions.

For example, a technology approved with a decision for 7.x would cover any version of 7.(Anything) - 7.(Anything). However, a 7.4.x decision would cover any version of 7.4.(Anything), but would not cover any version of 7.5.x or 7.6.x on the TRM.

VA decisions for specific versions may include ‘+’ symbols; which denotes that the decision for the version specified also includes versions greater than what is specified but is not to exceed or affect previous decimal places.

For example, a technology approved with a decision for 12.6.4+ would cover any version that is greater than 12.6.4, but would not exceed the .6 decimal ie: 12.6.401 is ok, 12.6.5 is ok, 12.6.9 is ok, however 12.7.0 or 13.0 is not.

<Past

CY2025

CY2026

CY2027

Future>

Release

4.x

Unapproved

5.x

Unapproved

6u1-9

Unapproved

6u10

Unapproved

6u11-34

Unapproved

6u35

Unapproved

6u43

Unapproved

6u45

Unapproved

6u52-6u201

Unapproved

6u51

Unapproved

6u211

Unapproved

7u1-17

Unapproved

7u25

Unapproved

7u40

Unapproved

7u45

Unapproved

7u51-101

Unapproved

7u201

Unapproved

7u211

Unapproved

7u221/222

Unapproved

7u231/232

Unapproved

7u241/242

Unapproved

7u251/252

Unapproved

7u261/262

Unapproved

7u271/272

Unapproved

7u281/282

Unapproved

7u291/292

Unapproved

7u341/342 (EOL)

Unapproved

7u301/302

Unapproved

7u311/312

Unapproved

7u321/322

Unapproved

7u331/332

Unapproved

8u31

Unapproved

8u74

Unapproved

8u77

Unapproved

8u91

Unapproved

8u92

Unapproved

8u101

Unapproved

8u102

Unapproved

8u121

Unapproved

8u131

Unapproved

8u144

Unapproved

8u151

Unapproved

8u152

Unapproved

8u161

Unapproved

8u171

Unapproved

8u181

Unapproved

8u191

Unapproved

8u201

Unapproved

8u202

Unapproved

8u211

Unapproved

8u212

Unapproved

8u221/222

Unapproved

8u231/232

Unapproved

8u241/242

Unapproved

8u251/252

Unapproved

8u261/262

Unapproved

8u271/272

Unapproved

8u281/282

Unapproved

8u291/292

Unapproved

8u301/302

Unapproved

8u311/312

Unapproved

8u321/322

Unapproved

8u331/332

Unapproved

8u341/342

Unapproved

8u351/352

Unapproved

8u361/362

Unapproved

8u371/372

Unapproved

8u381/382

Unapproved

8u391/392

Unapproved

8u401

Unapproved

8u410

Unapproved

8u411

Approved w/Constraints
[15, 17, 18]

9.x

Unapproved

10.x

Unapproved

19.0.1

Unapproved

20.x

Unapproved

Decision Constraints


[1]	This Technology is currently being evaluated, reviewed, and tested in controlled environments. Use of this technology is strictly controlled and not available for use within the general population.

[2]	Projects must use Oracle JRE version 7u51 corresponding to Java SE 7u51 or greater or Oracle JRE version 6u51 corresponding to Java SE 6u51, and all patches and updates must be applied in accordance with VA Handbook 6500 policy to mitigate known and future security vulnerabilities. A waiver from the AERB is required for the use of Oracle JRE versions implemented by Java SE 6u45 or earlier and Java SE 7u51 or earlier.

[3]	A waiver from the Architecture and Engineering Review Board (AERB) is required for the use of Oracle JRE versions implemented earlier than Java 7u51.

[4]	Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities.

[5]	A technology waiver is required for the use of Oracle JRE versions including and before 7u51-101.

[6]	Per Solution Delivery Client Services, version 8u131 is the current baseline. A technology waiver is required for the use of JRE Oracle 8u144 as it is not ready for production environments.

[7]	Technology must remain patched and operated in accordance with Federal and Department security policies and guidelines in order to mitigate known and future security vulnerabilities.

[8]	Applications, including VA developed applications, must have a valid signed certificate as required by Java 8 and later to avoid the need for a Java certificate exception to be created by ITOPS.

[9]	Users should check with their supervisor, Information Security Office (ISO) or local OIT representative for permission to download and use this software. Downloaded software must always be scanned for viruses prior to installation to prevent adware or malware. Freeware may only be downloaded directly from the primary site that the creator of the software has advertised for public download and user or development community engagement. Users should note, any attempt by the installation process to install any additional, unrelated software is not approved and the user should take the proper steps to decline those installations.

[10]	Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Also note that as of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond. It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own.

[11]	Applications, including VA developed applications, must have a valid signed certificate as required by Java 8 and later to avoid the need for a Java certificate exception to be created by ITOPS. Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Also note that as of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond. It is the system owner`s responsibility to ensure proper licensing is obtained and in place for Java patches that are installed on machines they own

[12]	Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Also note that as of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond. Please note that SDE is starting to test version 8.0.2020.8 for the new version of Windows baselines with an estimated delivery date of May 8, 2019 and 8.0.2120.10 with an estimated delivery date of May 19, 2019.

[13]	Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Also note that as of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond.

[14]	Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition. Also note that as of this writing, Oracle has no plans to release a separate JRE for Java 11 and later and users will be required to install the full Oracle JDK to support Java 11 and beyond.

[15]	This technology has received one or more VA security bulletins that provide specific guidance on vulnerability patching and mitigation. It is the responsibility of VA system owners to ensure that the appropriate mitigations are taken to address all known and future discovered vulnerabilities with this product. See the Reference tab for more information on security bulletins related to this product.

[16]	Due to major security vulnerabilities associated with JRE, only the current supported patch sets, which are released every 3 months, are approved for use and the prior patch set will be divested for one quarter to allow time for transition.

[17]	Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISSO (Information System Security Officer) can provide assistance in reviewing the NIST vulnerabilities.

[18]	The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website.

Note:

At the time of writing, version 8.0.4110.9 (8u411) is the most current version, released 04/16/2024.

A standard configuration of this technology was developed by the DDE team. At the time of writing, the standard version is 8.0.4010.10 (8u401) and version 8.0.4110.9 (8u411) is under testing and development for six weeks from 04/19/2024.

The following reference(s) are associated with this entry:
Type	Name	Source	Description
*NOTE: Vendor provided information is subject to the accuracy of the manufacturer.

Note: This list may not be complete. No component, listed or unlisted, may be used outside of the technology in which it is released. The usage decision for a component is found in the Decision and Decision Constraints.
Name	Description
Base Libraries	These are the classes and interfaces that provide basic features and fundamental functionality for the Java platform.
Deployment Technologies	This module provides rich Internet Applications Development and Distribution.
Integration Libraries	These libraries provide the Java Database Connectivity (JDBC), Remote Method Invocation (RMI), Java Interface Definition Language (IDL), RMI- Internet InterORB Protocol (IIOP), Scripting, and Java Naming and Directory Interface (JNDI) Application Programming Interface (API).
Java Auto Updater	This link provides instruction on how to turn off Java Auto-Update.
Java Virtual Machines (JVM)	The Java virtual machine is an abstract computing machine that has an instruction set and manipulates memory at run time.
Other Base Libraries	These libraries include Input/Output (I/O), Object Serialization, Networking, Security, Internationalization, JavaBeans Component API, Java Management Extensions (JMX), Extensible Markup Language Metadata Interchange (XMI), Java API for XML Processing (JAXP), Extension Mechanism, Endorsed Standards Override Mechanism.
User Interface Libraries	These libraries include Input Method Framework, Accessibility, Print Service, Sound, Drag and Drop Data Transfer, Image I/O, Java 2D Graphics and Imaging, Abstract Windowing Toolkit (AWT), and Swing.


Application Technology Development Tools	Development Frameworks

- The information contained on this page is accurate as of the Decision Date (05/22/2024 at 16:13:54 UTC).

Inside VA

Budget and Performance

Inside the Media Room

National Observances

Special Events

VA Technical Reference Model v 24.7

General Information

Vendor Release Information

Current Decision Matrix (05/16/2024)

Decision Constraints

References

Technology Components

VA Categories View the VA Categorization Framework

Operating Systems Supported by the Technology

Technologies/Standards Relationships

Runtime Dependencies:

Comparable Technologies:

Companion Technologies/Supported Standards:

General Analysis

Adoption Benefits

Adoption Risks

Architectural Benefits

CONNECT

VA HOME

QUICK LIST

RESOURCES

ADMINISTRATION

VA Technical Reference Model v 24.7

General Information

Vendor Release Information

Current Decision Matrix (05/16/2024)

Decision Constraints

References

Technology Components

VA Categories View the VA Categorization Framework

Operating Systems Supported by the Technology

Technologies/Standards Relationships

Runtime Dependencies:

Comparable Technologies:

Companion Technologies/Supported Standards:

General Analysis

Adoption Benefits

Adoption Risks

Architectural Benefits

EMAIL UPDATES