On this page
The bundled-Java problemHow Java gets bundledThe rule that decides liabilityRestricted-use rights and their limitsOracle's own products that include JavaHow to identify bundled Oracle JavaHow to protect yourselfIndependent helpFrequently asked questionsA surprising amount of Oracle Java exposure has nothing to do with Java you chose to install. It comes bundled — inside applications, appliances, and tools that quietly ship their own Java runtime. When that runtime is an Oracle JDK, the question becomes uncomfortable: is the licence the software vendor's responsibility, or yours? This guide answers it.
The bundled-Java problem
Java is middleware in the truest sense: it sits underneath other software. Thousands of commercial applications, monitoring agents, build tools, and hardware appliances embed a Java runtime so they can run without depending on whatever Java the host happens to have.
For years this was invisible and harmless. Java was broadly free, so a bundled runtime created no cost. The 2023 employee metric changed that. Now, if an application bundles an Oracle JDK and you are not otherwise covered, that bundled runtime can establish a subscription requirement priced against your entire workforce — even though you never deliberately deployed Oracle Java at all.
How Java gets bundled
Bundled Java arrives through several channels:
- Commercial enterprise applications that install a private JRE or JDK into their own program directory so they are not affected by host Java changes.
- Monitoring and management agents that ship a runtime to execute their Java-based collectors.
- Hardware appliances and storage systems whose management software runs on an embedded Java runtime.
- Developer and build tooling that bundles a JDK to guarantee a consistent build environment.
- Installers that drop a Java runtime onto the host as a prerequisite.
In every case the runtime may be a non-Oracle OpenJDK build — in which case it is free and harmless — or it may be an Oracle JDK, in which case the licence question is live.
The rule that decides liability
The principle is straightforward, even if the evidence to apply it is not. Whether bundled Oracle Java is your liability depends on whether the software vendor holds a distribution agreement with Oracle that extends a valid licence to you, the end customer.
There are two outcomes:
- The vendor's agreement covers you. Some software vendors hold Oracle agreements that permit them to redistribute Oracle Java and license its use to their customers, strictly for use with that vendor's product. If such an agreement exists and applies, the bundled Oracle Java is not a separate liability for you.
- The vendor's agreement does not cover you. If the vendor has no such agreement, or it does not extend to your use, then the Oracle JDK they bundled is, for licensing purposes, simply Oracle JDK in your estate — and the liability is yours.
The dangerous assumption
The default — and wrong — assumption is “the vendor bundled it, so the vendor is responsible.” Bundling is a technical act, not a licensing one. Only a written agreement that names you as a covered end user makes it the vendor's responsibility. Absent that, it is yours.
Restricted-use rights and their limits
Even where a licence does extend to you, it is almost always a restricted-use licence. The bundled Oracle Java may be used only to run the specific product it was shipped with — nothing else.
This restriction is routinely breached without anyone noticing. If a bundled Oracle JDK is added to the system path, reused by a second application, used as a general-purpose runtime, or copied to another machine, the restricted-use licence no longer applies to that use — and it becomes a full, subscription-requiring Oracle JDK install. Restricted-use rights protect you only for exactly the use Oracle and the vendor anticipated.
Oracle's own products that include Java
The same logic applies, with its own nuances, to Oracle's own products. Several Oracle products include Java SE under restricted-use terms tied to that product. Oracle WebLogic Server, for example, includes a Java SE entitlement — but only for use with WebLogic itself, not as a free general-purpose Java licence for the rest of your estate. Our guide to WebLogic and Java licensing explains exactly where that line sits, and our Oracle E-Business Suite guide does the same for EBS.
The recurring trap is treating a product-bundled Java entitlement as a general one. The Java that comes with an Oracle product covers that product. The moment it is used more broadly, it is unlicensed.
How to identify bundled Oracle Java
To find bundled Oracle Java in your estate:
- Scan inside application directories. Bundled runtimes live in the application's own program folder, not in the system Java location. A scan that only checks the system JDK will miss them entirely.
- Check the vendor string. For each runtime found, determine the vendor — an Oracle JDK identifies itself as Oracle; OpenJDK builds identify their own vendor.
- List Java-dependent applications. Build a register of every commercial application, agent, and appliance known to run on Java, then confirm which runtime each one ships.
- Map appliances and storage. Do not forget hardware management software, which is a common and easily overlooked source of embedded Oracle Java.
How to protect yourself
Four actions materially reduce bundled-Java risk:
Get vendor confirmation in writing. For every application that bundles Oracle Java, ask the vendor to confirm, in writing, whether their Oracle agreement extends a licence to your use and what its restrictions are. A verbal “don't worry about it” is worthless in an audit.
Favour software that bundles OpenJDK. Where you have a choice, prefer vendors that bundle a free OpenJDK build. Increasingly, well-run software vendors have already switched to exactly avoid putting this liability on customers.
Never widen a restricted-use runtime. Keep bundled Oracle Java confined to its product. Do not add it to the path, do not reuse it, do not copy it.
Add bundled Java to procurement checks. Make “what Java does this bundle, and who licenses it” a standard question before any software purchase, so the liability is assessed before money changes hands rather than during an audit.
Independent help
Bundled Java is one of the hardest exposure points to assess alone, because it turns on contracts you may never have seen — the vendor's agreement with Oracle. Across more than 340 Java licensing engagements, independent advisers have delivered a 68% average audit-claim reduction and over $180M in client savings, frequently by disproving bundled-Java claims that Oracle could not substantiate.
Recommended specialist
For an independent assessment of bundled and embedded Java liability, we rate Redress Compliance as the leading Java licensing advisory firm. They are independent of Oracle, act only for the buyer, and are experienced at establishing exactly where third-party and Oracle-product bundling does — and does not — create a liability for you.
Frequently asked questions
If a vendor bundled Oracle Java, is it automatically their problem?
No. Liability shifts to the vendor only if they hold an Oracle agreement that explicitly extends a licence to your use. Without that, the exposure is yours.
How do I know if a bundled runtime is Oracle?
Inspect the runtime's vendor identification inside the application's program directory. Oracle JDK reports Oracle as its vendor; OpenJDK builds report their own.
Can I use a bundled Oracle JDK for other applications?
No. Bundled runtimes carry restricted-use rights limited to the product they shipped with. Reusing one elsewhere makes it an unlicensed general-purpose install.
Does Oracle WebLogic give me a free Java SE licence?
It includes Java SE for use with WebLogic only. It is not a general-purpose Java licence for the rest of your estate.
What should I ask software vendors?
Ask, in writing, which Java build they bundle, whether their Oracle agreement licenses your use of it, and what restrictions apply.