Java Development Kit 歷史版本列表
Java Development Kit(也叫 JDK)是一個非常專業的跨平台的 SDK 平台,由 Oracle 公司定期提供支持。為了提供來自世界各地的 Java SE,Java EE 和 Java ME 平台的開發人員的具體實現。由於其強大的開發支持,該 SDK 包代表了最廣泛和最廣泛使用的 Java SDK 平台,用於創建各種規模的企業項目和開源項目。 Java Development Ki... Java Development Kit 軟體介紹Java Development Kit (32-bit)Java Development Kit (64-bit)
更新時間:2017-07-19
更新細節:
What's new in this version:
IANA DATA 2017b:
- JDK 8u141 contains IANA time zone data version 2017b
CERTIFICATE CHANGES:
- Let's Encrypt certificates added to root CAs. One new root certificate has been added
NEW FEATURES:
security-libs/java.security. Improved algorithm constraints checking:
- With the need to restrict weak algorithms usage in situations where they are most vulnerable, additional features have been added when configuring the jdk.certpath.disabledAlgorithms and jdk.jar.disabledAlgorithms security properties in the java.security file.
- jdk.certpath.disabledAlgorithms: The certpath property has seen the most change. Previously it was limited to two Constraint types; either a full disabling of an algorithm by name or a full disabling of an algorithm by the key size when checking certificates, certificate chains, and certificate signatures. This creates configurations that are absolute and lack flexibility in their usage. Three new Constraints were added to give more flexibility in allowing and rejecting certificates.
- "jdkCA" examines the certificate chain termination with regard to the cacerts file. In the case of "SHA1 jdkCA". SHA1's usage is checked through the certificate chain, but the chain must terminate at a marked trust anchor in the cacerts keystore to be rejected. This is useful for organizations that have their own private CA that trust using SHA1 with their trust anchor, but want to block certificate chains anchored by a public CA from using SHA1.
- "denyAfter" checks if the given date is before the current date or the PKIXParameter date. In the case of "SHA1 denyAfter 2018-01-01", before 2018 a certificate with SHA1 can be used, but after that date, the certificate is rejected. This can be used for a policy across an organization that is phasing out an algorithm with a drop-dead date. For signed JAR files, the date is compared against the TSA timestamp. The date is specified in GMT.
"usage" examines the specified algorithm for a specified usage. This can be used when disabling an algorithm for all usages is not practical. There are three usages that can be specified:
- TLSServer' restricts the algorithm in TLS server certificate chains when server authentication is performed as a client
- TLSClient' restricts the algorithm in TLS client certificate chains when client authentication is performed as a server
- SignedJAR' restricts the algorithms in certificates in signed JAR files. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter
- For example, "SHA1 usage TLSServer TLSClient" would disallow SHA1 certificates for TLSServer and TLSClient operations, but SignedJars would be allowed
- All of these constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA1 certificate chains that terminate at marked trust anchors only for TLSServer operations, the constraint would be "SHA1 jdkCA & usage TLSServer"
- jdk.jar.disabledAlgorithms: One additional constraint was added to this .jar property to restrict JAR manifest algorithms
- "denyAfter" checks algorithm constraints on manifest digest algorithms inside a signed JAR file. The date given in the constraint is compared against the TSA timestamp on the signed JAR file. If there is no timestamp or the timestamp is on or after the specified date, the signed JAR file is treated as unsigned. If the timestamp is before the specified date, the .jar will operate as a signed JAR file. The syntax for restricting SHA1 in JAR files signed after January 1st 2018 is: "SHA1 denyAfter 2018-01-01". The syntax is the same as that for the certpath property, however certificate checking will not be performed by this property
CHANGES:
core-svc/java.lang.management. JMX Diagnostic improvements:
- com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throw IllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail with IllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.
security-libs/javax.net.ssl. Custom HostnameVerifier enables SNI extension:
- Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via the setHostnameVerifier(HostnameVerifier v) method in HttpsURLConnection. The fix ensures the Server Name is now sent in the ClientHello body.
xml/jax-ws. Tighter secure checks on processing WSDL files by wsimport tool:
The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:
- DOCTYPE declaration is disallowed in documents
- External general entities are not included by default
- External parameter entities are not included by default
- External DTDs are completely ignored
To restore the previous behavior:
- Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
- Use the wsimport tool command line option –disableXmlSecurity
- NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU
BUG FIXES:
- JFileChooser with Windows look and feel crashes on win 10
- Race Condition in java.lang.reflect.WeakCache
- java.nio.Bits.unaligned() doesn't return true on ppc
- After updating to Java8u131, the bind to rmiregistry is rejected by registryFilter even though registryFilter is set
- sun.management.LazyCompositeData.isTypeMatched() fail for composite types with items of ArrayType
- SafePointNode::_replaced_nodes breaks with irreducible loops
- NPE when JavaFX loads default stylesheet or font families if CCL is null
- WebEngine.getDocument().getDocumentURI() no longer returns null for loading a String of HTML
- Failed to load RSA private key from pkcs12
- Improved algorithm constraints checking
- Custom HostnameVerifier disables SNI extension
更新時間:2017-04-18
更新細節:
What's new in this version:
CHANGES:
MD5 added to jdk.jar.disabledAlgorithms Security property:
This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
- Applets or Web Start Applications
- Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file.
- The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
- To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.
New system property to control caching for HTTP SPNEGO connection:
- A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
- When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.
With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP SPNEGO connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.
New system property to control caching for HTTP NTLM connection:
- A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change
- On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server
With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP NTLM connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request
New version of VisualVM:
- VisualVM 1.3.9 was released on October 4th, 2016 and has been integrated into 8u131
BUG FIXES:
Correction of IllegalArgumentException from TLS handshake:
- A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves. The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified
DETAILED BUG FIX LIST:
- JDK-7155957: client‑libs: java.awt: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
- JDK-8035568: client‑libs: java.awt: [macosx] Cursor management unification
- JDK-8079595: client‑libs: java.awt: Resizing dialog which is JWindow parent makes JVM crash
- JDK-8169589: client‑libs: java.awt: [macosx] Activating a JDialog puts to back another dialog
- JDK-8147842: client‑libs: javax.swing: IME Composition Window is displayed at incorrect location
- JDK-7167293: core‑libs: java.net: FtpURLConnection connection leak on FileNotFoundException
- JDK-8169465: core‑libs: javax.naming: Deadlock in com.sun.jndi.ldap.pool.Connections
- JDK-8133045: deploy: deployment_toolkit: java.lang.SecurityException: Failed to extract baseline.versions error
- JDK-8028538: deploy: webstart: Fedora Linux issue with jnlp‑servlet.jar demo source code license
- JDK-8170646: deploy: webstart: JNLP fails to get loaded with old javaws when multiple jres (jre9 and jre8u111) installed
- JDK-8075196: docs: guides: CosNaming's implementation doesn't comply with the specification
- JDK-8161147: hotspot: compiler: jvm crashes when ‑XX:+UseCountedLoopSafepoints is enabled
- JDK-8161993: hotspot: gc: G1 crashes if active_processor_count changes during startup
- JDK-8147910: hotspot: runtime: Cache initial active_processor_count
- JDK-8150490: hotspot: runtime: Update OS detection code to recognize Windows Server 2016
- JDK-8170888: hotspot: runtime: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
- JDK-8166208: hotspot: svc: FlightRecorderOptions settings for defaultrecording ignored.
- JDK-8161945: install: install: REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE
- JDK-8172932: install: install: JRE installation fails with 1603 on Windows 10 with enabled Deviceguard
- JDK-8089915: javafx: web: Input of type file doesn't honor "accept" attribute.
- JDK-8090216: javafx: web: HTMLEditor: font bold doesn't work when an indent is set
- JDK-8144263: javafx: web: [WebView, OS X] Webkit rendering artifacts with inertia scrolling
- JDK-8150982: javafx: web: Crash when calling WebEngine.print on background thread
- JDK-8164314: javafx: web: [WebView] Debug build is no longer working after JDK‑8089681
- JDK-8165098: javafx: web: WebEngine.print will attempt to print even if the printer job is complete or has an error
- JDK-8165173: javafx: web: canvas/philip/tests/2d.path.clip.empty.html fails with 8u112
- JDK-8165508: javafx: web: Incorrect Bug ID in comment for JDK-8164076
- JDK-8166231: javafx: web: use @Native annotation in web classes
- JDK-8166677: javafx: web: HTMLEditor freezes after restoring previously maximized window
- JDK-8166775: javafx: web: Audio slider works incorrectly for short files
- JDK-8166999: javafx: web: Update to newer version of WebKit
- JDK-8167098: javafx: web: Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch
- JDK-8167100: javafx: web: Minor source diffs introduced in backports of JDK-8160837 and JDK-8163582
- JDK-8167675: javafx: web: Animated gifs are not working
- JDK-8169204: javafx: web: Need to document JSObject Call and setSlot APIs to use weak references
- JDK-8170585: javafx: web: Fix PlatformContextJava type leaking to GraphicsContext
- JDK-8170938: javafx: web: Memory leak in JavaFX WebView
- JDK-8173783: security‑libs: javax.net.ssl: IllegalArgumentException: jdk.tls.namedGroups
- JDK-6474807: security‑libs: javax.smartcardio: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
- JDK-8168774: tools: javac: Polymorhic signature method check crashes javac
- JDK-8167485: tools: visualvm: Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK
- JDK-8167179: xml: jaxp: Make XSL generated namespace prefixes local to transformation process
更新時間:2017-04-18
更新細節:
What's new in this version:
CHANGES:
MD5 added to jdk.jar.disabledAlgorithms Security property:
This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
- Applets or Web Start Applications
- Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file.
- The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
- To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.
New system property to control caching for HTTP SPNEGO connection:
- A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
- When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.
With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP SPNEGO connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.
New system property to control caching for HTTP NTLM connection:
- A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change
- On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server
With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP NTLM connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request
New version of VisualVM:
- VisualVM 1.3.9 was released on October 4th, 2016 and has been integrated into 8u131
BUG FIXES:
Correction of IllegalArgumentException from TLS handshake:
- A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves. The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified
DETAILED BUG FIX LIST:
- JDK-7155957: client‑libs: java.awt: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8
- JDK-8035568: client‑libs: java.awt: [macosx] Cursor management unification
- JDK-8079595: client‑libs: java.awt: Resizing dialog which is JWindow parent makes JVM crash
- JDK-8169589: client‑libs: java.awt: [macosx] Activating a JDialog puts to back another dialog
- JDK-8147842: client‑libs: javax.swing: IME Composition Window is displayed at incorrect location
- JDK-7167293: core‑libs: java.net: FtpURLConnection connection leak on FileNotFoundException
- JDK-8169465: core‑libs: javax.naming: Deadlock in com.sun.jndi.ldap.pool.Connections
- JDK-8133045: deploy: deployment_toolkit: java.lang.SecurityException: Failed to extract baseline.versions error
- JDK-8028538: deploy: webstart: Fedora Linux issue with jnlp‑servlet.jar demo source code license
- JDK-8170646: deploy: webstart: JNLP fails to get loaded with old javaws when multiple jres (jre9 and jre8u111) installed
- JDK-8075196: docs: guides: CosNaming's implementation doesn't comply with the specification
- JDK-8161147: hotspot: compiler: jvm crashes when ‑XX:+UseCountedLoopSafepoints is enabled
- JDK-8161993: hotspot: gc: G1 crashes if active_processor_count changes during startup
- JDK-8147910: hotspot: runtime: Cache initial active_processor_count
- JDK-8150490: hotspot: runtime: Update OS detection code to recognize Windows Server 2016
- JDK-8170888: hotspot: runtime: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
- JDK-8166208: hotspot: svc: FlightRecorderOptions settings for defaultrecording ignored.
- JDK-8161945: install: install: REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE
- JDK-8172932: install: install: JRE installation fails with 1603 on Windows 10 with enabled Deviceguard
- JDK-8089915: javafx: web: Input of type file doesn't honor "accept" attribute.
- JDK-8090216: javafx: web: HTMLEditor: font bold doesn't work when an indent is set
- JDK-8144263: javafx: web: [WebView, OS X] Webkit rendering artifacts with inertia scrolling
- JDK-8150982: javafx: web: Crash when calling WebEngine.print on background thread
- JDK-8164314: javafx: web: [WebView] Debug build is no longer working after JDK‑8089681
- JDK-8165098: javafx: web: WebEngine.print will attempt to print even if the printer job is complete or has an error
- JDK-8165173: javafx: web: canvas/philip/tests/2d.path.clip.empty.html fails with 8u112
- JDK-8165508: javafx: web: Incorrect Bug ID in comment for JDK-8164076
- JDK-8166231: javafx: web: use @Native annotation in web classes
- JDK-8166677: javafx: web: HTMLEditor freezes after restoring previously maximized window
- JDK-8166775: javafx: web: Audio slider works incorrectly for short files
- JDK-8166999: javafx: web: Update to newer version of WebKit
- JDK-8167098: javafx: web: Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch
- JDK-8167100: javafx: web: Minor source diffs introduced in backports of JDK-8160837 and JDK-8163582
- JDK-8167675: javafx: web: Animated gifs are not working
- JDK-8169204: javafx: web: Need to document JSObject Call and setSlot APIs to use weak references
- JDK-8170585: javafx: web: Fix PlatformContextJava type leaking to GraphicsContext
- JDK-8170938: javafx: web: Memory leak in JavaFX WebView
- JDK-8173783: security‑libs: javax.net.ssl: IllegalArgumentException: jdk.tls.namedGroups
- JDK-6474807: security‑libs: javax.smartcardio: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
- JDK-8168774: tools: javac: Polymorhic signature method check crashes javac
- JDK-8167485: tools: visualvm: Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK
- JDK-8167179: xml: jaxp: Make XSL generated namespace prefixes local to transformation process
更新時間:2017-01-18
更新細節:
What's new in this version:
- Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:
- com.sun.jndi.rmi.object.trustURLCodebase
- com.sun.jndi.cosnaming.object.trustURLCodebase
jarsigner -verbose -verify should print the algorithms used to sign the jar:
- The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.
- Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".
NEW FEATURES:
RMI Better constraint checking:
- RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness
- RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service
- Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security
- JDK-8156802 (not public)
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions:
- New certpath constraint: jdkCA*
- In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.
- Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkC
Changes:
- The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.
- The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.
- If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
- Restrict certificates with DSA keys less than 1024 bits:
- DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
More checks added to DER encoding parsing code:
- More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change.
Additional access restrictions for URLClassLoader.newInstance:
- Class loaders created by the java.net.URLClassLoader.newInstance methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks:
- A new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.
- This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.
- In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.
- If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.
Bug fixes:
Trackpad scrolling of text on OS X 10.12 Sierra is very fast:
- The MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification
- "Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."
- For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead
- This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory
更新時間:2017-01-18
更新細節:
What's new in this version:
- Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:
- com.sun.jndi.rmi.object.trustURLCodebase
- com.sun.jndi.cosnaming.object.trustURLCodebase
jarsigner -verbose -verify should print the algorithms used to sign the jar:
- The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.
- Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".
NEW FEATURES:
RMI Better constraint checking:
- RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness
- RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service
- Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security
- JDK-8156802 (not public)
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions:
- New certpath constraint: jdkCA*
- In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.
- Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkC
Changes:
- The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.
- The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.
- If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
- Restrict certificates with DSA keys less than 1024 bits:
- DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
More checks added to DER encoding parsing code:
- More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change.
Additional access restrictions for URLClassLoader.newInstance:
- Class loaders created by the java.net.URLClassLoader.newInstance methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks:
- A new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.
- This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.
- In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.
- If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.
Bug fixes:
Trackpad scrolling of text on OS X 10.12 Sierra is very fast:
- The MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification
- "Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."
- For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead
- This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory
更新時間:2016-10-18
更新細節:
更新時間:2016-10-18
更新細節:
What's new in this version:
CHANGES:
security-libs/java.security:
- SunPKCS11 Provider no longer offering SecureRandom by default
- SecureRandom.PKCS11 from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg
- Performance improvements have also been made in the java.security.SecureRandom class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes) method.
BUG FIXES:
- client-libs 2d GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
- client-libs 2d Xrender: Class cast exception in 2D code running an AWT regression test
- client-libs 2d java/awt/Window/WindowsLeak/WindowsLeak.java fails
- client-libs 2d Wrong glyph is displayed for a derived font
- client-libs 2d [win10] Some unicode characters do not display any more after upgrading to Windows 10
- client-libs 2d ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
- client-libs 2d CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
- client-libs java.awt java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
- client-libs java.awt:i18n Caps Lock doesn't work as expected when using Pinyin Simplified input method
- client-libs javax.accessibility [macosx] sun.lwawt.macosx.CAccessible leaks
- client-libs javax.accessibility Uninitialised memory in WinAccessBridge.cpp:1128
- client-libs javax.accessibility Jaws reads wrong values from comboboxes when no element is selected
- client-libs javax.swing Selection in JList is drawn with wrong colors in Nimbus L&F
- client-libs javax.swing javax.swing.text.html.parser.Parser parseScript incorrectly optimized
- client-libs javax.swing JComboBox prevents wheel mouse scrolling of JScrollPane
- client-libs javax.swing Personalized Windows Font Size is not taken into account in Java8u102
- client-libs javax.swing JEditorPane.createEditorKitForContentType throws NPE after 6882559
- core-libs java.lang Annotations with lambda expressions has parameter result in wrong behavior.
- core-libs java.lang.invoke MHs.Lookup.findConstructor returns handles for array classes
- core-libs java.nio (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
- core-libs javax.naming LDAP "follow" throws ClassCastException with Java 8
- core-libs javax.naming com.sun.jndi.ldap.SimpleClientId produces wrong hash code
- core-libs javax.naming Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
- core-libs javax.script ReferenceError in 1.8.0_72
- core-libs jdk.nashorn streamline input parameter of Nashorn scripting $EXEC function
- core-libs jdk.nashorn "ant test" fails to complete on Windows when run under cygwin shell
- core-libs jdk.nashorn Negative lookahead in RegEx breaks backreference
- core-libs jdk.nashorn Simplify Nashorn's Context class loader handling
- core-libs jdk.nashorn Nashorn shebang argument handling is broken
- core-libs jdk.nashorn Regression: two tests fail on Windows with "ant test" target
- core-libs jdk.nashorn fix Nashorn shebang argument handling on Mac/Linux
- core-libs jdk.nashorn arguments are handled differently in apply for JS functions and AbstractJSObjects
- core-libs jdk.nashorn Parsing issue with automatic semicolon insertion
- core-libs jdk.nashorn Script stack trace should display function names
- core-libs jdk.nashorn JSON.stringify does not work on ScriptObjectMirror objects
- core-libs jdk.nashorn Callback parameter of any JS builtin implementation should accept any Callable
- core-libs jdk.nashorn TypeError when a java.util.Comparator object is invoked as a function
- core-libs jdk.nashorn AccessControlException is thrown on public Java class access if "script app loader" is set to null
- core-svc Tests in com/sun/jdi fails intermittently with "jdb input stream closed prematurely"
- core-svc debugger com/sun/jdi/OptionTest.java test times out again
- deploy [macosx] Java Control Panel unable to perform tasks requiring admin privileges
- deploy [macos] JVM continuously throw a NullPointerException on new MacOS 10.12
- deploy javafx FXUIToolkit.showFileChooser() fails when jre is below 7u21
- deploy javafx FXUIToolkit.showSandboxSecurityDialog fails when running jre below 7u21
- deploy javafx FXUIToolkit.showMessageDialog() fails when running jre below 7u55
- deploy webstart Add a URL scheme handler to reliably launch .jnlp files - Mac registration part
- deploy webstart Change JavawsLauncher.app to use NSTask or execv
- deploy webstart Desktop shortcut is not updated after JNLP is changed in deployment cache
- deploy webstart Allow always checkbox in security dialog when jnlp location is unknown
- deploy webstart Signed JWS application unexpectedly asks for permission to open a socket
- hotspot compiler Math.pow yields different results upon repeated calls
- hotspot compiler Need to bailout cleanly if creation of stubs fails when codecache is out of space
- hotspot compiler CastII/ConvI2L for a range check is prematurely eliminated
- hotspot compiler PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions
- hotspot compiler Partially initialized string object created by C2's string concat optimization may escape
- hotspot gc G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
- hotspot gc Confusing message in "Current rem set statistics"
- hotspot gc allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
- hotspot gc Long response times with G1 and StringDeduplication
- hotspot gc Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails
- hotspot jvmti Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot jvmti Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot runtime Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
- hotspot runtime vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
- hotspot runtime ConstantPool::release_C_heap_structures not run in some circumstances
- hotspot runtime Convert an assert in ClassLoaderData to a guarantee
- hotspot runtime Zero: Better byte behaviour
- hotspot runtime SIGSEGV: Metadata::mark_on_stack
- infrastructure release_eng 8u112 template file need to be updated
- install install jdk 8u71 fails to install with no error message
- install install ent msi does not have double-click support
- javafx application-lifecycle Passing objects between JavaScript (JavaFX / WebKit) and Java causes a memory leak
- javafx base SortedList wrapping a FilteredList causes AIOOBE
- javafx controls TreeTableView's selectedItems reports include null items.
- javafx controls [TreeTableView] graphic property of TreeItem is still visible after collapsing tree
- javafx controls Enhance CustomColorDialog to have flexibility to hide 'Opacity', 'Use' and 'Save' Button
- javafx graphics Scene content shows too large on Retina display, when a regular screen attached
- javafx graphics Print jobs do not finish when using a page range
- javafx graphics javafx print jobs take 60 times longer than javax.print
- javafx graphics Generated temp files (+JXF...temp) for custom fonts not deleted on exit.
- javafx graphics changes to compile under Visual Studio 14.0
- javafx graphics Crash while running imported/w3c/canvas/2d.gradient.interpolate.overlap2.html
- javafx graphics ContextMenu shown at wrong position on Windows10 with Extended Screen
- javafx graphics Revert fix for JDK-8150181 to push it with the correct commit message
- javafx graphics JavaFX Path drawing appears to leak native memory
- javafx web Javascript Timing Events stop work on system clock changes at past
- javafx web WebView Tooltip position no longer changes in 8u60
- javafx web WebView can't alert from a timer
- javafx web Debug build is not working after new WebKit upgrade
- javafx web NullPointer exception in WebView
- javafx web SQL Server Reporting Services in WebViews shows 401
- javafx web [WebView] Icon font doesn't work if single page application will be loaded from jar
- javafx web Need to document that JavaScript to Java bindings use weak references
- javafx web Update to newer version of WebKit
- javafx web DRT crash at fast/css-generated-content/initial-letter-basic.html
- javafx web Update java-wrappers for WebKit generated classes following WebKit update
- javafx web Linux: Javascript Timing Events stop work on system clock changes at past
- javafx web Linux: libjfxwebkit.so has hard-coded path
- javafx web Char value is set as integer, not as character
- javafx web Add timestamp to WebView Keyboard Event
- javafx web Can't get file size with javascript
- javafx web the JVM for our Swing application crashes, once we login into our application server
- javafx web WebView cannot render CSS background image with SVG data
- javafx web Char value is returned as integer, not as character
- javafx web Test Case Failure in CallBackTest
- javafx web WebView can't alert from a timer
- javafx web jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint (GFlag + Heap verification)
- javafx web Implement overridePreference() for DRT framework
- javafx web [WebView] Unable to tile SVG image using css background property
- javafx web WebEngine doesn't handle html5 color picker
- javafx web Assertion fails with https://html-online.com/editor/
- javafx web [Win] Timer functionality is broken after JDK-8089563
- javafx web [OS X] Compilation Issue in WebPage.cpp
- javafx web Fix compilation warnings in WebCore and JavaScriptCore
- javafx web EOFException in GZIPInputStream.readUByte while browsing
- javafx web [WebView] WebView can't display social network icons on wellsfargo.com
- javafx web General sibling selector is broken for selected input boxes in WebView
- javafx web Website weibo.com cannot be loaded
- javafx web JavaFX browser can get stuck in an infinite loop when calling path.getTotalLength()
- javafx web [Windows] JavaFX crash in WebPage.twkOpen in 8u112 when closing WebView while debugging
- javafx web Loading "https://www.windyty.com" with JavaFX WebView crashes JVM.
- other-libs corba NullPointerException in IIOPInputStream.inputClassFields
- security-libs java.security New fix for memory leak in ProtectionDomain cache
- security-libs java.security SecureRandom.nextBytes() hurts performance with small size requests
- security-libs java.security Print size of DH keysize when errors are encountered
- security-libs java.security Some methods of java.security.Security require more permissions, than necessary
- security-libs javax.crypto Ucrypto config file cannot be read when -Dfile.encoding=UTF-16 is set
- security-libs javax.crypto Improve jurisdiction policy file signing exception
- security-libs javax.crypto:pkcs11 KeyStore.load() throws an IOException with a wrong cause in case of wrong password
- security-libs javax.crypto:pkcs11 LoadKeystore.java test is failing
- security-libs javax.net.ssl Hot lock on BulkCipher.isAvailable
- security-libs javax.net.ssl Make handling of 3rd party providers more stable
- security-libs javax.security The fix for 8050402 was partially committed
- security-libs org.ietf.jgss:krb5 Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
- security-libs org.ietf.jgss:krb5 Semicolon is not recognized as comment starting character (Kerberos)
- tools Native2ascii doesn't close one of the streams it opens
- tools javac Incorrect class file created when passing lambda in inner class constructor
- tools launcher Showing incorrect result while passing specific argument in the Java launcher tools
- xml jaxp Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place
更新時間:2016-10-18
更新細節:
更新時間:2016-10-18
更新細節:
What's new in this version:
CHANGES:
security-libs/java.security:
- SunPKCS11 Provider no longer offering SecureRandom by default
- SecureRandom.PKCS11 from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg
- Performance improvements have also been made in the java.security.SecureRandom class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes) method.
BUG FIXES:
- client-libs 2d GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
- client-libs 2d Xrender: Class cast exception in 2D code running an AWT regression test
- client-libs 2d java/awt/Window/WindowsLeak/WindowsLeak.java fails
- client-libs 2d Wrong glyph is displayed for a derived font
- client-libs 2d [win10] Some unicode characters do not display any more after upgrading to Windows 10
- client-libs 2d ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
- client-libs 2d CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
- client-libs java.awt java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
- client-libs java.awt:i18n Caps Lock doesn't work as expected when using Pinyin Simplified input method
- client-libs javax.accessibility [macosx] sun.lwawt.macosx.CAccessible leaks
- client-libs javax.accessibility Uninitialised memory in WinAccessBridge.cpp:1128
- client-libs javax.accessibility Jaws reads wrong values from comboboxes when no element is selected
- client-libs javax.swing Selection in JList is drawn with wrong colors in Nimbus L&F
- client-libs javax.swing javax.swing.text.html.parser.Parser parseScript incorrectly optimized
- client-libs javax.swing JComboBox prevents wheel mouse scrolling of JScrollPane
- client-libs javax.swing Personalized Windows Font Size is not taken into account in Java8u102
- client-libs javax.swing JEditorPane.createEditorKitForContentType throws NPE after 6882559
- core-libs java.lang Annotations with lambda expressions has parameter result in wrong behavior.
- core-libs java.lang.invoke MHs.Lookup.findConstructor returns handles for array classes
- core-libs java.nio (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
- core-libs javax.naming LDAP "follow" throws ClassCastException with Java 8
- core-libs javax.naming com.sun.jndi.ldap.SimpleClientId produces wrong hash code
- core-libs javax.naming Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
- core-libs javax.script ReferenceError in 1.8.0_72
- core-libs jdk.nashorn streamline input parameter of Nashorn scripting $EXEC function
- core-libs jdk.nashorn "ant test" fails to complete on Windows when run under cygwin shell
- core-libs jdk.nashorn Negative lookahead in RegEx breaks backreference
- core-libs jdk.nashorn Simplify Nashorn's Context class loader handling
- core-libs jdk.nashorn Nashorn shebang argument handling is broken
- core-libs jdk.nashorn Regression: two tests fail on Windows with "ant test" target
- core-libs jdk.nashorn fix Nashorn shebang argument handling on Mac/Linux
- core-libs jdk.nashorn arguments are handled differently in apply for JS functions and AbstractJSObjects
- core-libs jdk.nashorn Parsing issue with automatic semicolon insertion
- core-libs jdk.nashorn Script stack trace should display function names
- core-libs jdk.nashorn JSON.stringify does not work on ScriptObjectMirror objects
- core-libs jdk.nashorn Callback parameter of any JS builtin implementation should accept any Callable
- core-libs jdk.nashorn TypeError when a java.util.Comparator object is invoked as a function
- core-libs jdk.nashorn AccessControlException is thrown on public Java class access if "script app loader" is set to null
- core-svc Tests in com/sun/jdi fails intermittently with "jdb input stream closed prematurely"
- core-svc debugger com/sun/jdi/OptionTest.java test times out again
- deploy [macosx] Java Control Panel unable to perform tasks requiring admin privileges
- deploy [macos] JVM continuously throw a NullPointerException on new MacOS 10.12
- deploy javafx FXUIToolkit.showFileChooser() fails when jre is below 7u21
- deploy javafx FXUIToolkit.showSandboxSecurityDialog fails when running jre below 7u21
- deploy javafx FXUIToolkit.showMessageDialog() fails when running jre below 7u55
- deploy webstart Add a URL scheme handler to reliably launch .jnlp files - Mac registration part
- deploy webstart Change JavawsLauncher.app to use NSTask or execv
- deploy webstart Desktop shortcut is not updated after JNLP is changed in deployment cache
- deploy webstart Allow always checkbox in security dialog when jnlp location is unknown
- deploy webstart Signed JWS application unexpectedly asks for permission to open a socket
- hotspot compiler Math.pow yields different results upon repeated calls
- hotspot compiler Need to bailout cleanly if creation of stubs fails when codecache is out of space
- hotspot compiler CastII/ConvI2L for a range check is prematurely eliminated
- hotspot compiler PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions
- hotspot compiler Partially initialized string object created by C2's string concat optimization may escape
- hotspot gc G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
- hotspot gc Confusing message in "Current rem set statistics"
- hotspot gc allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
- hotspot gc Long response times with G1 and StringDeduplication
- hotspot gc Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails
- hotspot jvmti Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot jvmti Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot runtime Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
- hotspot runtime vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
- hotspot runtime ConstantPool::release_C_heap_structures not run in some circumstances
- hotspot runtime Convert an assert in ClassLoaderData to a guarantee
- hotspot runtime Zero: Better byte behaviour
- hotspot runtime SIGSEGV: Metadata::mark_on_stack
- infrastructure release_eng 8u112 template file need to be updated
- install install jdk 8u71 fails to install with no error message
- install install ent msi does not have double-click support
- javafx application-lifecycle Passing objects between JavaScript (JavaFX / WebKit) and Java causes a memory leak
- javafx base SortedList wrapping a FilteredList causes AIOOBE
- javafx controls TreeTableView's selectedItems reports include null items.
- javafx controls [TreeTableView] graphic property of TreeItem is still visible after collapsing tree
- javafx controls Enhance CustomColorDialog to have flexibility to hide 'Opacity', 'Use' and 'Save' Button
- javafx graphics Scene content shows too large on Retina display, when a regular screen attached
- javafx graphics Print jobs do not finish when using a page range
- javafx graphics javafx print jobs take 60 times longer than javax.print
- javafx graphics Generated temp files (+JXF...temp) for custom fonts not deleted on exit.
- javafx graphics changes to compile under Visual Studio 14.0
- javafx graphics Crash while running imported/w3c/canvas/2d.gradient.interpolate.overlap2.html
- javafx graphics ContextMenu shown at wrong position on Windows10 with Extended Screen
- javafx graphics Revert fix for JDK-8150181 to push it with the correct commit message
- javafx graphics JavaFX Path drawing appears to leak native memory
- javafx web Javascript Timing Events stop work on system clock changes at past
- javafx web WebView Tooltip position no longer changes in 8u60
- javafx web WebView can't alert from a timer
- javafx web Debug build is not working after new WebKit upgrade
- javafx web NullPointer exception in WebView
- javafx web SQL Server Reporting Services in WebViews shows 401
- javafx web [WebView] Icon font doesn't work if single page application will be loaded from jar
- javafx web Need to document that JavaScript to Java bindings use weak references
- javafx web Update to newer version of WebKit
- javafx web DRT crash at fast/css-generated-content/initial-letter-basic.html
- javafx web Update java-wrappers for WebKit generated classes following WebKit update
- javafx web Linux: Javascript Timing Events stop work on system clock changes at past
- javafx web Linux: libjfxwebkit.so has hard-coded path
- javafx web Char value is set as integer, not as character
- javafx web Add timestamp to WebView Keyboard Event
- javafx web Can't get file size with javascript
- javafx web the JVM for our Swing application crashes, once we login into our application server
- javafx web WebView cannot render CSS background image with SVG data
- javafx web Char value is returned as integer, not as character
- javafx web Test Case Failure in CallBackTest
- javafx web WebView can't alert from a timer
- javafx web jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint (GFlag + Heap verification)
- javafx web Implement overridePreference() for DRT framework
- javafx web [WebView] Unable to tile SVG image using css background property
- javafx web WebEngine doesn't handle html5 color picker
- javafx web Assertion fails with https://html-online.com/editor/
- javafx web [Win] Timer functionality is broken after JDK-8089563
- javafx web [OS X] Compilation Issue in WebPage.cpp
- javafx web Fix compilation warnings in WebCore and JavaScriptCore
- javafx web EOFException in GZIPInputStream.readUByte while browsing
- javafx web [WebView] WebView can't display social network icons on wellsfargo.com
- javafx web General sibling selector is broken for selected input boxes in WebView
- javafx web Website weibo.com cannot be loaded
- javafx web JavaFX browser can get stuck in an infinite loop when calling path.getTotalLength()
- javafx web [Windows] JavaFX crash in WebPage.twkOpen in 8u112 when closing WebView while debugging
- javafx web Loading "https://www.windyty.com" with JavaFX WebView crashes JVM.
- other-libs corba NullPointerException in IIOPInputStream.inputClassFields
- security-libs java.security New fix for memory leak in ProtectionDomain cache
- security-libs java.security SecureRandom.nextBytes() hurts performance with small size requests
- security-libs java.security Print size of DH keysize when errors are encountered
- security-libs java.security Some methods of java.security.Security require more permissions, than necessary
- security-libs javax.crypto Ucrypto config file cannot be read when -Dfile.encoding=UTF-16 is set
- security-libs javax.crypto Improve jurisdiction policy file signing exception
- security-libs javax.crypto:pkcs11 KeyStore.load() throws an IOException with a wrong cause in case of wrong password
- security-libs javax.crypto:pkcs11 LoadKeystore.java test is failing
- security-libs javax.net.ssl Hot lock on BulkCipher.isAvailable
- security-libs javax.net.ssl Make handling of 3rd party providers more stable
- security-libs javax.security The fix for 8050402 was partially committed
- security-libs org.ietf.jgss:krb5 Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
- security-libs org.ietf.jgss:krb5 Semicolon is not recognized as comment starting character (Kerberos)
- tools Native2ascii doesn't close one of the streams it opens
- tools javac Incorrect class file created when passing lambda in inner class constructor
- tools launcher Showing incorrect result while passing specific argument in the Java launcher tools
- xml jaxp Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place
更新時間:2016-07-20
更新細節:
What's new in this version:
Enhancements:
- Internal package sun.invoke.anon has been removed
- New property jdk.lang.processReaperUseDefaultStackSize
- Implemented performance improvements for BigInteger.montgomeryMultiply
Changes:
- MSCAPI KeyStore can handle same-named certificates
- Modify requirements on Authority Key Identifier extension field during X509 certificate chain building
- Providing more granular levels for GC verification
- Removed PICL warning message
- Improved exception handling for bad LDAP referral replies
Bug Fixes:
- Fix to resolve "Unable to process PreMasterSecret, may be too big" issue