Hi 

Thanks for the response.

can you explain little more.

what happen if current java is out of support.

Can you please share related documents.

Thanks

It's not a Cisco question. There are no related Cisco documents because it's an Oracle issue (regarding Java support).

Cisco's only statement is to document the compatible Java releases in the ASDM release notes.

https://www.cisco.com/c/en/us/td/docs/security/asdm/7_9/release/notes/rn79.html#id_25472

Java 8 is what's currently compatible.

That’s mean if java not installed/java outdated in my PC den I won’t be able to connect to the ASDM?

In other words I will have to go for java subscription for uninterrupted service.

---

@shiboo_suren wrote:

That’s mean if java not installed/java outdated in my PC den I won’t be able to connect to the ASDM?

In other words I will have to go for java subscription for uninterrupted service.

---

No.

If you get Java 8 today and install it fresh you will see the notice from Oracle during the installation process telling you that the new policy does not apply to Java 8.

Keep the full Java installer on hand and you can install it on as many PCs as you like for as long as you like. ASDM will keep working with that.

I don't know how to explain it any more clearly than that.

Thanks a lot. That is very clear to me. 

What about if you are required to stay up-to-date for security reasons?  

If that's your requirement it's not levied by Cisco.

You would then need to purchase the appropriate Oracle support to achieve compliance (or put in place compensating controls to mitigate the issue).

---

@Peter Clemenko wrote:
Can you supply me with a complete listing of all the applications that use Java SE like CAD, Jabber, Finesse, ASDM, UCCX UCCM etc..... if they use Java SE

---

Cisco has hundreds of software products. I've never seen any such cross reference per se.

You might take a look at some Cisco Security Advisories that reference Java and get an idea from there. For example, this one:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Could I just install Java 8u201 today?  Sure, but next quarter my vulnerability scans will pick this up and I have no upgrade path.  That is, unless I purchase commercial support from Oracle.

I am perplexed that a Java based software is not prebundled with its own JRE, or that it is not compatible with OpenJDK.

For a single named user, Oracle's current published cost is $2.50 per month.

https://www.oracle.com/technetwork/java/javaseproducts/overview/javasesubscriptionfaq-4891443.html

If strict compliance is a requirement in your environment, that would seem a relatively small price to pay. It would also be surprising if Cisco ASDM was the only application for which Java is required in your entire enterprise.

You are correct that ASDM is not the only Java dependent software in our enterprise.  However, most include their own JRE and those that aren't are being replaced with OpenJDK compatible options.  Unfortunately we cannot do the same with Cisco as it doesn't support OpenJDK <insert sadness screams here>.

As you say, the cost per user is a relatively small price - yet another reason I'm perplexed that Cisco does not pre-bundle.

Is this Cisco's official position?   If so, it's an unacceptable one.

It is not advisable to leave old, vulnerable versions of Java installed, especially on Windows.

With Oracle forcing you to buy a license for each machine you need Java on Cisco needs to step up their game and support OpenJDK or provide a version of ASDM that doesn't rely on Java plain and simple.