Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Canonical
on 1 July 2025


Java has long been the most popular language for software development in large enterprises, with 90% of Fortune 500 companies using it for backend development, particularly in industries like finance, healthcare, and government. 

Java developers, more than most, are tasked with balancing the implementation of new features against the critical requirements of legacy application security, stability, and performance. The management of distinct Java versions, security updates, and deployment artifacts introduces considerable complexity.

For these reasons we have decided to double down on our investment in the toolchain by providing an even more comprehensive offering that both enterprises and community members can benefit from. Canonical’s OpenJDK support offering is centered around the following core tenets:

  • Industry leading security maintenance with Ubuntu Pro, providing security support to OpenJDK 8 until 2034 and at least 12 years on every other OpenJDK LTS release.
  • Timely access to new Java releases by including the latest OpenJDK release in the subsequent Ubuntu release. This also extends to the LTS releases.
  • Performance optimization for containers, combining the size reduction of Chiseled OpenJRE with novel technologies like CRaC (Coordinated Restore at Checkpoint).
  • Verified correctness testing OpenJDK release against the Technology Compatibility Kit (TCK) using the Eclipse AQAvit by Adoptium testing framework.
  • Broad architecture support including AMD64, ARM64, S390x, RISC-V and ppc64el.

Let’s explore each of these elements in greater detail.

Enhanced security assurance: long term security and stability

An Ubuntu Pro subscription extends a minimum 10-year security support guarantee for all OpenJDK LTS builds, thereby reducing the necessity for frequent application modernization efforts. This means that developers can simultaneously extend the life of their existing legacy applications and prioritize the development of features that directly benefit and enhance the user experience. 

This is especially crucial for legacy workloads running on Java 8, which according to a recent New Relic report still accounts for as much as 33% of production deployments. For workloads running on 24.04 LTS, Ubuntu Pro will extend  security maintenance to at least 2034, 8 years longer than Red Hat and 4 years longer than Azul Zulu.

Supported OpenJDK LTS versions within Ubuntu LTS releases 

OpenJDK LTS VersionGeneral Availability DateUbuntu LTS AvailabilitySupport End Date (via Ubuntu Pro)
8201418.04, 20.04, 22.04, 24.04At least 2034
11201818.04, 20.04, 22.04, 24.04At least 2034
17202118.04, 20.04, 22.04, 24.04At least 2034
21202320.04, 22.04, 24.04At least 2034

Facilitating innovation: timely access to new Java releases

With Ubuntu, long term support does not come at the expense of rapid releases. We aim to enable teams’ experimentation efforts by making new versions of OpenJDK available in Ubuntu right after their release. 

Starting with Ubuntu 24.04 LTS we are planning to align the OpenJDK and Ubuntu releases cadences as follows:

  • New OpenJDK LTS releases land in subsequent Ubuntu LTS releases, ensuring stability for your long-term projects.
  • Non-LTS OpenJDK releases become available in subsequent Ubuntu interim releases, perfect for testing new language features, APIs, and performance improvements as soon as they drop.

This dual approach gives you the flexibility to innovate rapidly while maintaining enterprise-grade stability for critical production deployments.

In addition we are also using innovative technologies like CRaC (Coordinated Restore at Checkpoint) to reduce containerized and traditional Java application startup and warmup times by allowing a running JVM and application state to be checkpointed and later restored. 

Deployment optimization: secure, minimal Chiseled JRE containers

Bloated container images slow down CI/CD pipelines and increase security risks. Ubuntu Chiseled OpenJRE containers offer a radically smaller footprint for the Java runtimes, cutting away all unnecessary packages and slices of dependencies. The smaller size does not compromise throughput, which falls in line with images from alternative OpenJDK distributions.

You can download the images from the following public registries and get additional long term security and support through the Ubuntu Pro subscription:

Chiseled JRE container statistics:

FeatureChiseled JRE 8Chiseled JRE 17Chiseled JRE 21
Compressed Size37/38MB (AMD64/ARM64)44/42MB (AMD64/ARM64)50/51MB (AMD64/ARM64)
Size vs. Temurin~52% Smaller~51% Smaller~56% Smaller
Performance Impact≈0% diff. throughput/ startup≈0% diff. throughput/ startup≈0% diff. throughput/ startup
Security MaintenanceUp to 12 years support via Ubuntu ProUp to 12 years support via Ubuntu ProUp to 12 years support via Ubuntu Pro

Over the coming weeks we will publish a set of detailed benchmarks comparing Chiseled Ubuntu OpenJRE containers to similar products of other major OpenJDK distributions.

Verified correctness and simplified compliance

When building enterprise applications, the last thing you need is wasting time debugging unexpected runtime behaviour. Since joining the Eclipse Foundation’s Adoptium Working Group in 2023 we have worked hard to make sure all our OpenJDK builds of versions 17 and 21 are verified for correctness so that all Ubuntu users can build their latest Java applications on a foundation they can trust.

“Canonical is a strong example of how our members contribute to and benefit from their involvement in the Adoptium Working Group,” said Mike Milinkovich, executive director of the Eclipse Foundation. “They are helping to drive innovation across the open source Java ecosystem and are using the Eclipse AQAvit testing framework to efficiently test and certify their builds with the Java TCK. I’m excited about what we can accomplish together as our collaboration continues to evolve.”

Our OpenJDK builds are rigorously tested against the Technology Compatibility Kit (TCK) using the AQAvit testing framework. This applies to the build for all the following architectures (on Ubuntu 22.04 LTS and 24.04 LTS):

  • AMD64
  • ARM64
  • s390x
  • Ppc64el
  • RISC-V

The same approach applies to cryptographic compliance requirements. Ubuntu Pro provides access to openjdk-11-fips (with FIPS 140-2 certified BouncyCastle). We’re also actively pursuing FIPS 140-3 certification for a dedicated OpenSSL-FIPS Java provider, simplifying compliance for developers in regulated industries and government departments.

Improved cloud native workload performance with GraalVM and CRaC

Java applications have strong runtime performance but suffer from slow startup time due to Java Virtual Machine (JVM) initialization and Just-In-Time (JIT) compilation processes. Over the past few years GraalVM and CRaC  (Coordinated Restore at Checkpoint) emerged as two different solutions to help developers create efficient cloud native applications.

We recognise the importance of these projects for the future of the Java ecosystem and we have decided to make them even easier to adopt and maintain on Ubuntu by packaging all necessary components and making them available either as debs or snaps.

GraalVM is a high-performance polyglot virtual machine that offers significant advantages for Java developers. It enables ahead-of-time (AOT) compilation of Java bytecode into native executables. This AOT compilation eliminates the need for JIT compilation at runtime, leading to substantially faster startup times and reduced memory footprint. We have created a snap to make it easier for developers to access the latest GraalVM features and build smaller, faster applications on 24.04 and future releases.

CRaC, on the other hand, allows a running JVM to be frozen, its state saved to disk, and then restored rapidly at a later point. By pre-warming the application and taking a checkpoint, subsequent startups can be significantly accelerated, often taking just milliseconds. We have packaged and added to the archive both CRaC OpenJDK builds and CRIU (Checkpoint/Restore In Userspace), delivering an effortless developer setup and minimum of 10 years of security maintenance with Ubuntu Pro (starting from Ubuntu 26.04 LTS)

Learn more about Canonical builds of OpenJDK

Related posts


Canonical
1 July 2025

Chiseled Ubuntu containers for OpenJRE 8, 17 and 21

Cloud and server Article

Today we are announcing chiseled containers for OpenJRE 8, 17 and 21 (Open Java Runtime Environment), coming from the OpenJDK project. These images are highly optimized for size and security, containing only the dependencies that are strictly necessary. They are available for both AMD64 and ARM64 architectures and benefit from 12 years of ...


Canonical
30 April 2025

Canonical announces first Ubuntu Desktop image for Qualcomm Dragonwing™ Platform with Ubuntu 24.04

Canonical announcements Article

This public beta enables the full Ubuntu Desktop experience on the Qualcomm Dragonwing™ QCS6490 and QCS5430 processors and complements existing Ubuntu Server support with significant enhancements. Together, these updates provide a powerful development environment for building next-generation AI-driven edge applications. April 30, 2025 – C ...


Canonical
17 April 2025

Canonical Releases Ubuntu 25.04 Plucky Puffin

Canonical announcements Article

The latest interim release of Ubuntu introduces “devpacks” for popular frameworks like Spring, along with performance enhancements across a broad range of hardware. 17 April 2025 Today Canonical announced the release of Ubuntu 25.04, codenamed “Plucky Puffin,” available to download and install from ubuntu.com/download.   Ubuntu 25.04 deli ...