After a storied career, with the release of this latest update (Java 6 update 211) , Java 6 has reached the end of its product lifetime. Introduced in December 2006, it represents the last vestiges of Sun Microsystems' influence on the Java Platform and the transition Java release that spanned the acquisition of Sun by Oracle. To Oracle's credit, it was publicly updated -- that is to say freely updated and supported -- for six and a half years! When the next planned Java quarterly update arrives in January 2019 (sans Java 6), it will have surpassed 12 years of public and private support.
Our informal surveys indicate that Java 6 may still be used on as much as 10% of some customer's applications. That statement could be construed as both complimentary and concerning at the same time. From a complimentary perspective, it's is a credit to the longevity and stability of the Java platform and in particular Java 6. It is however concerning that if customers are using versions of Java 6 that haven't been updated for a long time, they could be susceptible to literally hundreds of well-known security vulnerabilities. Java is no different (no better, no worse) than any other large and complex software platform. Security vulnerabilities will be uncovered. Go ask the Windows and Linux crowd, for example. And just like with those, guys, when bugs are found they're fixed.
These long release cycles for Java are a thing of the past. In order to drive innovation and enable Java to better compete in the modern application development landscape, the Java community has shifted to a calendar-based six month release model. For more on that, check out the following article.