Thomas Hampel

 13 October 2023
The short answer: No!

Background:
On January 23, 2023, Oracle announced (again) yet another new licensing model for Oracle Java that represents a dramatic price increase for large organizations.
This can lead to interesting discussions since e.g., a 40,000-employee organization could be asked spending USD $2.5M annually just on Oracle Java alone.

What Java version is used by Notes and Domino?
Notes and Domino are providing the Java runtime as part of the product, so customers do NOT need to download or install the Java runtime environment separately.
Since the JVM/JDK is part of the licensed product, it is covered under the product license of HCL or previously the product license of IBM.

With the acquisition of the product by HCL, dependencies to IBM Java were removed and got replaced with OpenJDK effectively in version 11.0.0 of HCL Notes/Domino.
Java updates are provided by HCL (and previously by IBM) typically as part of regular fix packs.

Here is a simplified overview of what Java version is used in the product:

Notes/Domino	Java Version	Java Vendor	JVM	Remarks
14.0.x	17 LTS	IBM Semeru	OpenJ9	Open Edition
12.0.x	8	AdoptOpenJDK, later IBM Semeru	OpenJ9	renamed to Adoptium
11.0.x	8	AdoptOpenJDK, later IBM Semeru	OpenJ9	renamed to Adoptium
10.0.x	8	IBM	IBM J9	see IBM FAQ
9.0.1	8	IBM	IBM J9	see IBM FAQ
9.0.0	6	IBM	IBM J9

a more comprehensive overview of which Java flavour and patchlevel is included in which release of Domino is provided later on in this blog post.

For details, please refer to

• For HCL Notes/Domino version 11 and later: KB0037886 - What is the impact to JVM support in Notes/Domino with Oracle's announcement to charge?
• For IBM Notes/Domino version 9 and 10: IBM FAQ to Oracle’s Java Products Commercial Licensing
• AdoptOpenJDK statement on Oracle's support announcement

Special cases and exceptions?

• MacOS : old versions of the IBM Notes Client before(!) 9.0.1 IF17 did not include any Java runtime. Customers may have manually installed a JVM, e.g. the Oracle runtime.
  Starting with Notes Client 9.0.1 IF17 the product includes the IBM Java runtime. Customers are encouraged to upgrade to a more current version of the HCL Notes Client for MacOS.
• IBMi (=iSeries) : HCL Domino will use the version provided by the platform.
• HCL Client for Application Access (HCAA), formerly known as IBM Client for Application Access (ICAA), does not provide a Java VM, it uses a JVM that you choose to install yourself.
  Only for acessing Domino applications that are running Java code >in< the HCAA client, a JVM needs to be provided.

What about Nomad, Verse, Enterprise Integrator, SAP Connector, etc?
These products are addons to Domino and unless otherwise specified they leverage the JVM provided by Domino.

IBM? OpenJDK? Semeru? Adoptium? Eclipse? - Are you confused as well?
It's not easy to even get a basic understanding of the various project names, forks, branches and takeovers, but I'll try providing a short intro without covering the entire history of Java nor what Java itself is.
In the context of Notes and Domino, this is what you need to know:

• OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition (Java SE), it is a Java Development Kit (JDK)
• OpenJ9 is a java virtual machine (JVM), contributed to the Eclipse project by IBM
• AdoptOpenJDK was a project for producing vendor neutral builds of OpenJDK
• AdoptOpenJDK merged into Eclipse Adoptium, to provide a prebuilt OpenJDK, that release is now named Temurin
  With this move, Adoptium is, according to them, is not allowed to release OpenJ9-based or GraalVM-based runtimes
• IBM comes to the rescue and provides OpenJ9 builds at no charge as the IBM Semeru runtime which includes the OpenJ9 Java VM
• IBM Semeru comes in two flavours:
  a) IBM Semeru Runtime Open Edition, which is open source (GPLv2) licensed and is not TCK (Technology Compatibility Kit) certified
  b) IBM Semeru Runtime Certified Edition, which is Java TCK-certified
• Former "IBM Java" has been moved into IBM Semeru Runtime Certified Edition at Java version 11
• HCL Notes and Domino are using IBM Semeru Open Edition.

For better understanding of the above, here is a chart that explains:

As outlined above, HCL Notes and Domino is embedding IBM Semeru and does not use any Oracle Java.

Table: Java versions is used by Notes and Domino
Source: KB0037886 - What is the impact to JVM support in Notes/Domino with Oracle's announcement to charge?

Notes/Domino Version		Java Runtime Vendor	Java Version
V12	12.0.2 Fix Pack 2	IBM Semeru Runtime Open Edition 8	Semeru jdk8u372-b07
	12.0.2 Fix Pack 1		Semeru jdk8u362-b09
	12.0.2	AdoptOpenJDK 8	OpenJDK jdk8u345-b01
	12.0.1 Fix Pack 1		OpenJDK jdk8u312-b07
	12.0.1		OpenJDK jdk8u302-b08
	12.0.0		OpenJDK jdk8u282-b08
V11	11.0.1 Fix Pack 8		OpenJDK jdk8u372-b07
	11.0.1 Fix Pack 7		OpenJDK jdk8u352-b08
	11.0.1 Fix Pack 6		OpenJDK jdk8u332-b09
	11.0.1 Fix Pack 5		OpenJDK jdk8u312-b07
	11.0.1 Fix Pack 4		OpenJDK jdk8u302-b08
	11.0.1 Fix Pack 3		OpenJDK jdk8u282-b08
	11.0.1 Fix Pack 2		OpenJDK jdk8u265-b01
	11.0.1 Fix Pack 1		OpenJDK jdk8u252-b09 tzdata 2020a
	11.0.1		OpenJDK jdk8u242-b08 tzdata2019c
	11.0.0		OpenJDK jdk8u222-b10
V10	10.0.1 FP8	IBM Java 8	IBM Java 8.0 SR7FP6_tzdata2022a
	10.0.1 FP7		IBM Java 8.0 SR6FP25_tzdata2021a
	10.0.1 FP6		IBM Java 8.0 SR6FP10_tzdata2020a
	10.0.1 FP5		IBM Java 8.0 SR6FP5_tzdata2019c
	10.0.1 FP4		IBM Java 8.0 SR5FP40_tzdata2019c
	10.0.1		IBM Java 8.0 SR5FP21
	10.0.0		IBM Java 8.0 SR5FP16ifix
V9	9.0.1 Fix Pack 10 Interim Fix		IBM Java 8.0 SR6FP25
	9.0.1 Fix Pack 10		IBM Java 8.0 SR5FP21 tzdata2018e
	9.0.1 Fix Pack 9		IBM Java 8.0 SR4FP5
	9.0.1 Fix Pack 8		IBM Java 8.0 SR3FP12
	9.0.1 Fix Pack 7	IBM Java 6	IBM Java 6.0 SF16FP30
	9.0.1 Fix Pack 6		IBM Java 6.0 SF16FP20
	9.0.1 Fix Pack 5		IBM Java 6.0 SF16FP15
	9.0.1 Fix Pack 4		IBM Java 6.0 SR16FP4
	9.0.1 Fix Pack 3		IBM Java 6.0 SR16FP2
	9.0.1 Fix Pack 2		IBM Java 6.0 SR16
	9.0.1 Fix Pack 1		IBM Java 6.0 SR15FP1
	9.0.1		IBM Java 6.0 SR14 + ifix
	9.0.0		IBM Java 6.0 SR12+ ifix

Remarks:
IBM SDK, Java Technology Edition, Version 6 has reached end of life, see https://www.ibm.com/support/pages/java-sdk-downloads-version-60

How to check which Java version is used?
From the program directory of the Notes client or Domino server:

cd jvm/bin
./java -version

Example:
Checking the Java version used by the HCL Notes Client 14.0 (Early Access version) on Windows:

C:\Program Files\HCL\Notes>cd jvm/bin

C:\Program Files\HCL\Notes\jvm\bin>java -version
openjdk 17.0.4.1 2022-08-12
IBM Semeru Runtime Open Edition 17.0.4.1 (build 17.0.4.1+1)
Eclipse OpenJ9 VM 17.0.4.1 (build openj9-0.33.1, JRE 17 Windows 7 amd64-64-Bit
Compressed References 20220812_237 (JIT enabled, AOT enabled)
OpenJ9   - 1d9d16830
OMR      - b58aa2708
JCL      - 1f4d354e654 based on jdk-17.0.4.1+1)

References:

• AdoptOpenJDK statement on Oracle's support announcement
• KB0037886 - What is the impact to JVM support in Notes/Domino with Oracle's announcement to charge?
• IBM FAQ to Oracle’s Java Products Commercial Licensing
• KB0073999 - Interim Fixes & JVM patches for 9.0.1.x versions of IBM Notes/Domino & add-ons
• IBM Semeru Runtime vulnerabilities

Finally:
I hope this brief explanation will help to better understand the usage of Java in our product and provides you with enough of a justification to upgrade to the most current version of HCL Notes and Domino.
so upgrade NOW !

Thomas Hampel

 10 October 2012
Trying to set up a new machine with Domino Designer 8.5.3 and Source Control (SVN) based on this Blog post from Niklas Heidloff unfortunately was not working as expected.
It seems like the Eclipse Update site for GEF which was refernced in his blog post was not available any longer.

> CWPPR0031: The requested provisioning operation(s) completed with partial success.
> Error parsing site stream. [The XML stream is not a valid default "site.xml" file. The root tag is not site.]



A quick search brought me to the an update site hosting the older versions recommended, adding it to the Application Locations fixed this small problem.


Although this is one way to make it work, the most simple way is to make use of a ready-built Update Site from OpenNTF, see this project
Basically you need to download & unzip this file to your loal disk, and point the application installer to this update site.

Happy coding!

Thomas Hampel

 26 June 2012
Installing Eclipse plugins in a Notes client is a simple task. I'm sure users would be even more happy if admins would sign them properly before rolling them out.
Otherwise, meaning when they are not signed, or if signed with an invalid signature, users will see messages like this:


For a quick and dirty solution it would be possible set some preferences in the plugin_customization.ini or in the Notes client so that it will not show these warnings at all.
Unfortunately this will lower the security of the entire environment and therefore is not recommended.

The better method is to sign the plugin properly with a self signed certificate and then create a trust relationship with a Domino root certificate.
So these are the actions that need to be performed:
1.) Extract the Eclipse update site you want to sign to a temporary location on your hard disk
2.) Detach this command file to the same folder location where the file "site.xml" is located
signupdatesite.cmd
3.) Edit the file and customize the settings according to your needs - see remarks within the file.
4.) Run the .cmd file
5.) Save a copy of the .keystore, .cer and sign_.cer files, they can be used to sign new release plugin if required.
6.) Import the new certificate (.cer) into the Domino server
7.) Create a cross-certificate from the internet certificate
8.) Publish the certificate to clients through security policy settings
9.) Create a new NSF based Eclipse update site and import the local update site from the temporary location (see step 1)
10.) Create a widget catalog
11.) Create a new widget using the Toolbar icon "Getting started with Widgets"   and choose "Features and Plugins"


12.) Add the widget created to the widget catalog created in step 10 and don't forget to define a meaningful title and category. (e.g. Autoinstall) if you want the widget to be applied automatically. See next step for details.
13.) In the Domino Directory update the Desktop policy settings to include the newly created Widget catalog


All together it will allow automatically distributing plugins in the Notes client without error messages and without overall lowering security.
Well, one prompt remains....