Canonical’s build of OpenJDK for Ubuntu
Canonical certified builds of OpenJDK with up to 12 years of security maintenance
Innovate with Java and run your preferred build of OpenJDK on Ubuntu. Bring stability to your Java environment with up to 12 years of long-term support for all OpenJDK LTS releases, through Ubuntu Pro. Put stability and compliance at the heart of your applications with rigorous TCK validation, minimal runtime containers and FIPS-certified cryptographic modules.
Canonical OpenJDK releases
| OpenJDK release | GA date | Ubuntu LTS version availability | LTS support until |
|---|---|---|---|
| 8 (LTS) | 2014 | 24.04, 22.04, 20.04, 18.04 | At least 2034 |
| 11 (LTS) | 2018 | 24.04, 22.04, 20.04, 18.04 | At least 2034 |
| 17 (LTS) | 2021 | 24.04, 22.04, 20.04, 18.04 | At least 2034 |
| 21 (LTS) | 2023 | 24.04, 22.04, 20.04 | At least 2034 |
Predictable OpenJDK release cadence on Ubuntu
Bring stability and predictability by running Java on Ubuntu. Ubuntu releases follow an established, reliable cadence that offers you both the latest features of Ubuntu, and support for the newest LTS versions of Open JDK.
Here are the details:
- Starting with Ubuntu 24.04, every new Ubuntu LTS release will ship with the latest OpenJDK LTS release.
- Likewise, each new interim Ubuntu release will include features from the latest interim OpenJDK releases. This makes it simple for developers to experiment with the latest versions as soon as possible.
Receive up to 12 years of security patching and maintenance
Extend the security support period for your OpenJDK LTS build to up to 12 years, through Ubuntu Pro – Canonical’s comprehensive subscription for open source security.
Using OpenJDK on Ubuntu gives developers the freedom to focus on making impactful applications that deliver for customers with expanded security maintenance for the latest OpenJDK LTS releases running until 2034.
Secure, minimal containers for OpenJRE
Canonical provides chiseled containers for OpenJRE (Open Java Runtime Environment), coming from the OpenJDK project.
These containers provide a significant reduction in size compared to Apache Temurin, without presenting any throughput or startup performance degradation.
The images are available for both AMD64 and ARM64 architectures, and benefit from up to 12 years of security support with Ubuntu Pro
Chiselled Ubuntu for OpenJRE 8
- 37MB AMD64 compressed image size
- 38MB ARM64 compressed image size
- ~52% smaller than Apache Temurin
- View the GitHub repo ›
Chiselled Ubuntu for OpenJRE 17
- 44MB AMD64 compressed image size
- 42MB ARM64 compressed image size
- ~51% smaller than Apache Temurin
- View the GitHub repo ›
Chiselled Ubuntu for OpenJRE 21
- 50MB AMD64 compressed image size
- 51MB ARM64 compressed image size
- ~56% smaller than Apache Temurin
- View the GitHub repo ›
Improved Java application startup with GraalVM and CRaC
Java apps have strong runtime performance, but experience slow startup times due to JVM initialization and just-in-time compilation.
GraalVM and CRaC are two projects that tackle this challenge – which is why we’re packaging and delivering long term security maintenance to both – ensuring developers can build modern, Java-based microservice architectures.
GraalVM snap
GraalVM is an Oracle project bringing advanced JDK with ahead-of-time Native Image compilation to solve Java's slow startup problem.
We have created a snap to make it easier for developers to access the latest GraalVM features and build smaller, faster applications.
CRaC (Coordinated Restore at Checkpoint)
CRaC is designed to address Java slow startup time by taking a snapshot (checkpoint) of a running, warmed-up JVM instance, including the application state.
We provide CRaC-enabled versions of OpenJDK in the archive, making it easier for developers to adopt the technology and receive up to 12 years of security updates.
Correctness and cryptographic compliance
TCK validation
Canonical OpenJDK 17 and 21 distributions are verified using using the Eclipse AQAvit by Adoptium testing framework on Ubuntu 24.04 on the following architectures:
- AMD64
- ARM64
- s390x
- Ppc64el
- RISC-V
FIPS compliance
With Ubuntu Pro, you can get access to openjdk-11-fips, which bundles FIPS 140-2 certified BouncyCastle with openjdk-11.
Canonical is working on a dedicated OpenSSL-FIPS Java provider, which is undergoing FIPS 140-3 certification process.