tl;dr: Oracle will maintain the latest release of the OpenJDK codebase. The community (in practice, Red Hat) will backport security fixes from that to the current LTS codebase. AdoptOpenJDK and others will release builds of the current LTS codebase.
And if one is on Linux distribution like Red-Hat, or IBM/HP/Unisys platforms, cloud providers it is only a matter of calling update on the package manager.
