My personal thoughts about keeping OS and Domino versions up-to-date
Daniel Nashed – 26 September 2025 09:55:39
Specially for Domino admin and mail servers upgrading to a later Domino version should not be complicated (unless you have backup or anti-virus dependencies specially on Windows).
I can understand that updates of application servers might take some time.
But staying on older Domino releases like 12.0.x always comes with a risk. No vendor can back port all add-on component new major versions to older code streams.
A dependencies like Java 11 for Tika 3.x where Domino 12.x still is running on Java 8 can't be simply solved if the vendor of the add-on software does not provide a fix of the add-on component of the code stream needed.
If like in the current case Apache Tika does not provide a patch for an older version (which is already out of support) and the new version depends on a newer Java version, the "upstream tool chain dependency" will hit us.
Running on older releases always comes with risk.HCL has quite a number of code streams in support. Plus offers extended support for older versions -- which gives you the chance to stay on an older version if you really have to.
But I would also see all of us admins being responsible to move to later code streams if possible.
GDPR
GDPR by the way implies that companies do what is feasible to protect customer data. This also means being up-to-date with OS and application releases.
I am not saying you have to be on the latest code stream. But today 14.0 with the latest fixpacks is a best practice form security point of view.
Domino Auto Update
Domino 14.0 introduces the first phase of Auto Update to automatically deploy software to install.
Domino 14.5 introduces true Auto Update functionality for Domino on Windows and Linux.
It has been introduced to allow customers to keep their environments patched to the latest version from security and functionality point of view.
Operating system choice and version
Domino is cross platform since the early days and there is a flexibility of choice also today (Windows/Linux/AIX/OS400).
I would personally like to get Domino on ARM supported -- but that's a different story.
But it is impressive how cross platform the Domino code base is on server side.
IMHO Domino on Linux is the better choice than running on Windows for multiple reasons:
- Security
- Performance
- Resource usage
- Operational costs
- Maintenance (like patching)
- Automation
- Independent from one large operating system vendor
I have spent a lot of time making Domino on Linux easier to deploy manage than on Windows.
Today Domino on Linux is the best choice unless you have special requirements which requires Windows.
For admin and mail servers I would not see any reason to not move to Linux.
Still HCL Domino gives you the flexibility of platform choice and both Windows and Linux are valid platforms.
But if you have Linux available as a platform in your company, running Domino on Linux is really a recommended combination for the reasons stated above.
Domino on Linux will also be the base for the new Domino Workspace Sovereign Cloud offering for exactly those reasons.
HCL does also allow you to run Domino on the Linux Enterprise version of you choice -> https://opensource.hcltechsw.com/domino-linux/
You are not limited to the two main enterprise vendors.
Some of the distributions like Ubuntu offers a free Linux distribution and commercial support if needed.
But also Redhat and SUSE have free options which are based on the same or very similar code bases if you prefer a free Linux distribution and get Linux level support from a local partner.
Ubuntu for example is a very interesting platform for two additional reasons
- In place major release updates (which by the way also work on client/desktop side)
- ZFS support (which would deserve a separate blog post)
---
I am not saying you have to migrate all your environments to Linux. But it would provide a lot of benefits and is even easier to manage today with the tooling the Domino Linux Start Script project offers --> https://nashcom.github.io/domino-startscript/
This includes an installation and run-time menu driven environment which makes it easy to install, manage, operate and update Domino on Linux.
In case you are having a container strategy, the container project is providing an even easier path Domino on Linux --> https://opensource.hcltechsw.com/domino-container/.
Keep your operating system update to the latest version
No matter which platform you choose, HCL always stays up to date with operating system support.
Each new enterprise version will be looked at as soon it is available.
One recent addition was Windows 2025 and Redhat Linux 10.
Support most times happens as soon the next fixpack of a code stream ships.
If you are still on Windows 2016 or earlier, it would be time to move up -- even you are on Windows extended support.
The next enterprise platform updating to a new major version will be SUSE updating to SUSE enterprise 16.0.
I took a quick look into the components and there are no surprises from Kernel nor glibc level.
In contrast to the just releases Debian 13, which comes with a very recent glibc which needs a newer OpenJDK version, which is planned to ship with Domino 14.5.1 next year.
My Conclusion
When it comes to security all components in your stack matter. Different application versions have different OS level version support and add-on requirements like Java.
Staying up to date is important for all components of your stack.
- Comments [1]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}
1Christian Henseler 26.09.2025 11:20:58 My personal thoughts about keeping OS and Domino versions up-to-date
From my technical point of view and as a consultant, it is a big mistake by HCL offering and expanding Extended Support for Notes/Domino 9 - 11.
It takes the pressure from customers to introduce the latest/greatest/most secure Versions of Notes/Domino and it vaporizes a major argument for consultants why to update a version that is running out of support. With this extended support customers are comparing the costs for Extended support with the costs of an Update and in some cases the will stay on older - but insecure - version, because it is simply cheaper.
I understand that one does not need to follow every major release - In my case I did not recommend many of my customers to update from 12.0.2 to 14.0, because I did not see enough benefit in 14.0 (for my customers), but I think supporting 2 major version (currently 12.x and 14.x) should be sufficient.
As we can see with the current Tika security issue, a manufacturer is piling up more and more software debt the more software versions are under support and it takes expontionell efforts to fix security issues in old software, esp. when external libraries, modules are out of support or not developed anymore by the original contributor.