Over the years, the folks that develop Openfire have discussed removing Openfire distribution artifacts that include a Java Runtime Environment (JRE). We will likely be taking this step with the upcoming 4.7.0 release. OF-2199 is the Jira issue tracking this and I wanted to give a heads-up here to gauge the community response.
The reasons for doing so are plenty:
- It is not a security best-practice to distribute a JRE as it may give endusers the wrong impression about this portion of the distribution being kept up-to-date for subsequent releases. For example, the update notification process within Openfire only checks if a new version of Openfire is available and not if a new version of the bundled JRE is available.
- We do not make new releases of Openfire just to update the bundled JRE.
- The licensing of Oracle Java makes such bundling problematic. We have been stuck on an older release of Oracle Java 8 for this very reason.
- There is developer overhead to bundle in the JRE and we don’t have any developers currently motivated to handle such work. Somebody may respond here with “just use adoptJDK, etc”, well are you volunteering to do that work?
This is a significant change, so we wanted to get feedback about this.