Java Runtime Environment (64-bit) 歷史版本列表 Page25

最新版本 Java JRE 8 Update 391 (64-bit)

Java Runtime Environment (64-bit) 歷史版本列表

Java 運行時環境 64 位(JRE)允許您玩在線遊戲,與世界各地的人聊天,計算您的抵押貸款興趣,並查看三維圖像,僅舉幾例。這也是企業計算基礎的內聯網應用和其他電子商務解決方案的組成部分。下載 Java 脫機安裝程序安裝程序! Java 運行時環境(JRE)提供庫,Java 虛擬機和其他組件來運行用 Java 編程語言編寫的小程序和應用程序。另外,兩個關鍵的部署技術是 JRE 的一部分:Java... Java Runtime Environment (64-bit) 軟體介紹


TagScanner 6.0.27 查看版本資訊

更新時間:2018-03-06
更新細節:

What's new in this version:

- Updated support for CoverArtArchive base which used by Musicbrainz service
- New function: $in(x,y) returns true, if X contains Y
- Fixed: Unable to clear Album Artist field inside Vorbis in some cases
- Changed: $strpos function now case insensitive
- Updated playback engine

Java JRE 9.0.4 (64-bit) 查看版本資訊

更新時間:2018-01-16
更新細節:

What's new in this version:

NEW FEATURES IN OpenJDK 9:
security-libs/java.security:
- Open source the root certificates in Oracle's Java SE Root CA program
- The OpenJDK 9 binary for Linux x64 contains an empty cacerts keystore. This prevents TLS connections from being established because there are no Trusted Root Certificate Authorities installed. As a workaround for OpenJDK 9 binaries, users had to set the javax.net.ssl.trustStore System Property to use a different keystore.
- "JEP 319: Root Certificates" [1] addresses this problem by populating the cacerts keystore with a set of root certificates issued by the CAs of Oracle's Java SE Root CA Program. As a prerequisite, each CA must sign the Oracle Contributor Agreement (OCA) http://www.oracle.com/technetwork/community/oca-486395.html, or an equivalent agreement, to grant Oracle the right to open-source their certificates.

NEW FEATURES:
- security-libs/javax.net.ssl:
- Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
- The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the supported_groups TLS extension or the named groups in the extension, applications can either customize the supported group names with jdk.tls.namedGroups, or turn off the FFDHE mechanisms by setting the System Property jsse.enableFFDHEExtension to false.

other-libs/corba:
- Add additional IDL stub type checks to org.omg.CORBA.ORBstring_to_object method
- Applications that either explicitly or implicitly call org.omg.CORBA.ORB.string_to_object, and wish to ensure the integrity of the IDL stub type involved in the ORB::string_to_object call flow, should specify additional IDL stub type checking. This is an "opt in" feature and is not enabled by default.

To take advantage of the additional type checking, the list of valid IDL interface class names of IDL stub classes is configured by one of the following:
- Specifying the security property com.sun.CORBA.ORBIorTypeCheckRegistryFilter located in the file conf/security/java.security in Java SE 9 or in jre/lib/security/java.security in Java SE 8 and earlier.
- Specifying the system property com.sun.CORBA.ORBIorTypeCheckRegistryFilter with the list of classes. If the system property is set, its value overrides the corresponding property defined in the java.security configuration.
- If the com.sun.CORBA.ORBIorTypeCheckRegistryFilter property is not set, the type checking is only performed against a set of class names of the IDL interface types corresponding to the built-in IDL stub classes.

Changes:
security-libs/javax.crypto:
- RSA public key validation
- In 9.0.4, the RSA implementation in the SunRsaSign provider will reject any RSA public key that has an exponent that is not in the valid range as defined by PKCS#1 version 2.2. This change will affect JSSE connections as well as applications built on JCE.
- security-libs/javax.crypto
- Provider default key size is updated
- This change updates the JDK providers to use 2048 bits as the default key size for DSA instead of 1024 bits when applications have not explicitly initialized the java.security.KeyPairGenerator and java.security.AlgorithmParameterGenerator objects with a key size.
- If compatibility issues arise, existing applications can set the system property jdk.security.defaultKeySize introduced in JDK-8181048 with the algorithm and its desired default key size.
- security-libs/javax.crypto
- Stricter key generation
- The generateSecret(String) method has been mostly disabled in the javax.crypto.KeyAgreement services of the SUN and SunPKCS11 providers. Invoking this method for these providers will result in a NoSuchAlgorithmException for most algorithm string arguments. The previous behavior of this method can be re-enabled by setting the value of the jdk.crypto.KeyAgreement.legacyKDF system property to true (case insensitive). Re-enabling this method by setting this system property is not recommended.
- security-libs/javax.net.ssl
- Disable exportable cipher suites
- To improve the strength of SSL/TLS connections, exportable cipher suites have been disabled in SSL/TLS connections in the JDK by the jdk.tls.disabledAlgorithms Security Property.
- core-svc/javax.management
- JMX Connections need deserialization filters
- New public attributes, RMIConnectorServer.CREDENTIALS_FILTER_PATTERN and RMIConnectorServer.SERIAL_FILTER_PATTERN have been added to RMIConnectorServer.java. With these new attributes, users can specify the deserialization filter pattern strings to be used while making a RMIServer.newClient() remote call and while sending deserializing parameters over RMI to server respectively.
- The user can also provide a filter pattern string to the default agent via management.properties. As a result, a new attribute is added to management.properties.
- Existing attribute RMIConnectorServer.CREDENTIAL_TYPES is superseded by RMIConnectorServer.CREDENTIALS_FILTER_PATTERN and has been removed.

Bug fixes:
- deploy webstart:JNLP files won't launch from IE11 on Windows 10 Creators Update
- hotspot runtime: s390: Some java boolean checks are not correct
- javafx media: Provide media support for libav version 57
- javafx web: Underscore not visible in HTML combo box options inside webview
- javafx web: Possible crash due to use-after-free
- security-libsjava.security: Open-source the Oracle JDK Root Certificates
- security-libs javax.crypto: A comment in the java.security configuration file incorrectly says that "strong but limited" is the default value
- security-libs javax.net.ssl:Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
- security-libs javax.net.ssl: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
- security-libs javax.net.ssl: Restrict the use of EXPORT cipher suites
- security-libs javax.net.ssl: Increase the number of clones in the CloneableDigest

Java JRE 8 Update 162 (64-bit) 查看版本資訊

更新時間:2018-01-16
更新細節:

Java JRE 8 Update 161 (64-bit) 查看版本資訊

更新時間:2018-01-16
更新細節:

Java JRE 8 Update 152 (64-bit) 查看版本資訊

更新時間:2017-10-18
更新細節:

What's new in this version:

New features:
- security-libs/javax.crypto

New Security property to control crypto policy:
- This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information.
- Note : On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, or 8u111, then you should set the new crypto.policy Security property in the java.security file.

Because the old JCE jurisdiction files are left in <java-home>/lib/security, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
- at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593)
- at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)

Changes:
- hotspot/compiler

BigInteger performance improvements turned on by default:
- The performance improvements described in JDK-8130150 and JDK-8081778 have now been turned on by default.

They can be turned off by using the following command options:
- -XX:-UseMontgomerySquareIntrinsic
- -XX:-UseMontgomeryMultiplyIntrinsic
- -XX:-UseSquareToLenIntrinsic
- -XX:-UseMultiplyToLenIntrinsic

Bug fixes:
- (JBS, component, subcomponent, description)
- JDK-8160893 client‑libs [macosx] JMenuItems in JPopupMenu are not accessible
- JDK-8177315 client‑libs backout changes for 8176516 (backport of 8173791)
- JDK-8039412 client‑libs 2d Stack overflow on Linux using DialogTypeSelection.NATIVE
- JDK-8040635 client‑libs 2d [macosx] Printing a shape filled with a texture doesn't work under Mac OS X
- JDK-8058316 client‑libs 2d lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command
- JDK-8061258 client‑libs 2d [macosx] PrinterJob's native Print Dialog does not reflect specified Copies or Page Ranges
- JDK-8067059 client‑libs 2d PrinterJob.pageDialog() with DialogSelectionType.NATIVE returns a PageFormat when cancelled.
- JDK-8074562 client‑libs 2d CID keyed OpenType fonts are not supported by T2K
- JDK-8089573 client‑libs 2d [macosx] Incorrect char to glyph mapping printing on OSX 10.10
- JDK-8158356 client‑libs 2d SIGSEGV when attempting to rotate BufferedImage using AffineTransform by NaN degrees
- JDK-8160664 client‑libs 2d JVM crashed with font manager on Solaris 12
- JDK-8162488 client‑libs 2d JDK should be updated to use LittleCMS 2.8
- JDK-8162796 client‑libs 2d [macosx] LinearGradientPaint and RadialGradientPaint are not printed on OS X.
- JDK-8167102 client‑libs 2d [macosx] PrintRequestAttributeSet breaks page size set using PageFormat
- JDK-8170552 client‑libs 2d [macosx] Wrong rendering of diacritics on macOS
- JDK-8170913 client‑libs 2d Java "1.8.0_112" on Windows 10 displays different characters for EUDCs from ones created in eudcedit.exe.
- JDK-8170950 client‑libs 2d Text is displayed in bold when fonts are installed into symlinked folder
- JDK-8175025 client‑libs 2d The copyright section in the test/java/awt/font/TextLayout/DiacriticsDrawingTest.java should be updated
- JDK-8176530 client‑libs 2d JDK support for JavaFX modal print dialogs
- JDK-4953367 client‑libs java.awt MAWT: Java should be more careful manipulating NLSPATH, XFILESEARCHPATH env variables
- JDK-6980209 client‑libs java.awt Make tracking SecondaryLoop.enter/exit methods easier
- JDK-8035568 client‑libs java.awt [macosx] Cursor management unification
- JDK-8040322 client‑libs java.awt TextArea.replaceRange() and insert() are broken with setText(null)
- JDK-8050478 client‑libs java.awt [macosx] Cursor not updating correctly after closing a modal dialog
- JDK-8075516 client‑libs java.awt Deleting a file from either the open or save java.awt.FileDialog hangs.
- JDK-8139189 client‑libs java.awt VK_OEM_102 dead key detected as VK_UNDEFINED
- JDK-8140525 client‑libs java.awt AwtFrame::WmShowWindow() may steal focus
- JDK-8156116 client‑libs java.awt [macosx] two JNI locals to delete in AWTWindow.m, CGraphicsEnv.m
- JDK-8156723 client‑libs java.awt JVM crash at sun.java2d.windows.GDIBlitLoops.nativeBlit
- JDK-8160570 client‑libs java.awt [macosx] modal dialog can skip the activation/focus events
- JDK-8160623 client‑libs java.awt [PIT] Exception running java/awt/event/KeyEvent/KeyChar/KeyCharTest.java
- JDK-8160696 client‑libs java.awt IllegalArgumentException: adding a component to a container on a different GraphicsDevice
- JDK-8160941 client‑libs java.awt "text/uri‑list" dataflavor concats the first two strings
- JDK-8163583 client‑libs java.awt [macosx] Press "To Back" button on the Dialog,the Dialog moves behind the Frame
- JDK-8165717 client‑libs java.awt [macosx] Various memory leaks in jdk9
- JDK-8169355 client‑libs java.awt Diacritics input works incorrectly on Windows if Spanish (Latin American) keyboard layout is used
- JDK-8173853 client‑libs java.awt IllegalArgumentException in java.awt.image.ReplicateScaleFilter
- JDK-8173876 client‑libs java.awt [macosx] Fast precise scrolling and DeltaAccumulator fix for macOS Sierra 10.12.2
- JDK-8176490 client‑libs java.awt [macosx] Sometimes NSWindow.isZoomed hangs
- JDK-8136570 client‑libs java.awt:i18n Stop changing user environment variables related to /usr/dt
- JDK-8159696 client‑libs java.beans java.beans.MethodRef#get throws NullPointerException
- JDK-8076249 client‑libs javax.accessibility NPE in AccessBridge while editing JList model
- JDK-8076554 client‑libs javax.accessibility [macosx] Custom Swing text components need to allow standard accessibility
- JDK-8145207 client‑libs javax.accessibility [macosx] JList, VO can't access non‑visible list items
- JDK-8165829 client‑libs javax.accessibility Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent
- JDK-8171808 client‑libs javax.accessibility Performance problems in dialogs with large tables when JAB activated
- JDK-8175915 client‑libs javax.accessibility NullPointerException from JComboBox and JList when Accessibility enabled
- JDK-8168751 client‑libs javax.sound Two "Direct Clip" threads are created to play the same "AudioClip" object, what makes clip sound corrupted
- JDK-7172652 client‑libs javax.swing With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin
- JDK-8152981 client‑libs javax.swing Double icons with JMenuItem setHorizontalTextPosition on Win 10
- JDK-8158325 client‑libs javax.swing Memory leak in com.apple.laf.ScreenMenu: removed JMenuItems are still referenced
- JDK-8161664 client‑libs javax.swing Memory leak in com.apple.laf.AquaProgressBarUI: removed progress bar still referenced
- JDK-8177450 client‑libs javax.swing javax.swing.text.html.parser.Parser parseScript ignores a character after comment end
- JDK-8163518 core‑libs java.io Integer overflow in StringBufferInputStream.read() and CharArrayReader.read/skip()
- JDK-8169556 core‑libs java.io Wrap FileInputStream's native skip and available methods
- JDK-8161039 core‑libs java.lang System.getProperty("os.version") returns incorrect version number on Mac
- JDK-8170153 core‑libs java.lang PPC64/s390x/aarch64: Poor StrictMath performance due to non‑optimized compilation
- JDK-8170873 core‑libs java.lang PPC64/aarch64: Poor StrictMath performance due to non‑optimized compilation
- JDK-8172053 core‑libs java.lang (ppc64) Downport of 8170153 breaks build on linux/ppc64 (big endian)
- JDK-8173654 core‑libs java.lang Regression since 8u60: System.getenv doesn't return env var set in JNI code
- JDK-8174729 core‑libs java.lang:reflect Race Condition in java.lang.reflect.WeakCache
- JDK-6947916 core‑libs java.net JarURLConnection does not handle useCaches correctly
- JDK-8022580 core‑libs java.net sun.net.ftp.impl.FtpClient.nameList(String path) handles "null" incorrectly
- JDK-8035158 core‑libs java.net Remove dependency on sun.misc.RegexpPool and friends
- JDK-8035653 core‑libs java.net InetAddress.getLocalHost crash
- JDK-8071424 core‑libs java.net JCK test api/java_net/Socket/descriptions.html#Bind crashes on Windows
- JDK-8075484 core‑libs java.net SocketInputStream.socketRead0 can hang even with soTimeout set
- JDK-8145732 core‑libs java.net Duplicate entry in http.nonProxyHosts will ignore subsequent entries
- JDK-8159410 core‑libs java.net InetAddress.isReachable returns true for non existing IP addresses
- JDK-8166747 core‑libs java.net Add invalid network / computer name cases to isReachable known failure switch
- JDK-8169865 core‑libs java.net Downport minor fixes in java.net native code from JDK 9 to JDK 8
- JDK-8145981 core‑libs java.nio (fs) LinuxWatchService can reports events against wrong directory
- JDK-8153925 core‑libs java.nio (fs) WatchService hangs on GetOverlappedResult and locks directory (win)
- JDK-8165231 core‑libs java.nio java.nio.Bits.unaligned() doesn't return true on ppc
- JDK-8180949 core‑libs java.rmi Correctly handle exception in TCPChannel.createConnection
- JDK-8054214 core‑libs java.time JapaneseEra.getDisplayName doesn't return names if it's an additional era
- JDK-8164366 core‑libs java.time ZoneOffset.ofHoursMinutesSeconds() does not reject invalid input
- JDK-8173423 core‑libs java.time Wrong display name for supplemental Japanese era
- JDK-8177678 core‑libs java.time Overstatement of universality of Era.getDisplayName() implementation
- JDK-8165243 core‑libs java.util Base64.Encoder.wrap(os).write(byte[],int,int) with incorrect arguments should not produce output
- JDK-8166507 core‑libs java.util.concurrent ConcurrentSkipListSet.clear() can leave the Set in an invalid state
- JDK-8179515 core‑libs java.util.concurrent Class java.util.concurrent.ThreadLocalRandom fails to Initialize when using SecurityManager
- JDK-8169056 core‑libs java.util.regex StringIndexOutOfBoundsException in Pattern.compile with CANON_EQ flag
- JDK-8129361 core‑libs java.util:i18n ISO 4217 amendment 160
- JDK-8145952 core‑libs java.util:i18n Currency update needed for ISO 4217 Amendment #161
- JDK-8164784 core‑libs java.util:i18n Currency update needed for ISO 4217 Amendment #162
- JDK-8174736 core‑libs java.util:i18n [JCP] [Mac]Cannot launch JCP on Mac os with language set to "Chinese, Simplified" while region is not China
- JDK-8174779 core‑libs java.util:i18n Locale issues with Mac 10.12
- JDK-8177776 core‑libs java.util:i18n Create an equivalent test case for JDK9's SupplementalJapaneseEraTest
- JDK-8149521 core‑libs javax.naming automatic discovery of LDAP servers with Kerberos authentication
- JDK-8163945 core‑libs jdk.nashorn Honor Number type hint in toPrimitive on Numbers
- JDK-8166902 core‑libs jdk.nashorn Nested object literal property maps not reset in optimistic recompilation
- JDK-8168373 core‑libs jdk.nashorn "Bad local variable type" in ES6 Nashorn when reassigning a `let` within a `try`
- JDK-8170565 core‑libs jdk.nashorn JSObject call() is passed undefined for the argument 'thiz'
- JDK-8170594 core‑libs jdk.nashorn >>>=0 generates invalid bytecode for BaseNode LHS
- JDK-8170977 core‑libs jdk.nashorn SparseArrayData should not grow its underlying dense array data
- JDK-8171219 core‑libs jdk.nashorn Missing checks in sparse array shift() implementation
- JDK-8171849 core‑libs jdk.nashorn Can't unambiguously select between fixed arity signatures [(java.util.Collection), (java.util.Map)]
- JDK-8176511 core‑libs jdk.nashorn JSObject property access is broken for numeric keys outside the int range
-  JDK-8181191 core‑libs jdk.nashorn getUint32 returning Long
-  JDK-8153711 core‑svc debugger [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
-  JDK-8160024 core‑svc debugger jdb returns invalid argument count if first parameter to Arrays.asList is null
-  JDK-8164843 core‑svc tools UsageTracker should limit records and avoid truncation
-  JDK-8169236 core‑svc tools JRE 8u112 attempts to run ICACLS.EXE on startup in Windows 10 Version 1607, build 14393
-  JDK-8173664 core‑svc tools Typo in https://java.net/downloads/heap‑snapshot/hprof‑binary‑format.html
-  JDK-8174806 deploy packager Packager update App Store runtime rules for libjfxwebkit.dylib
-  JDK-8164410 deploy plugin JRE 6u121 causes applet to fail with: Reset deny session certificate store
-  JDK-8022291 deploy webstart Mac OS: Unexpected JavaLaunchHelper message displaying
-  JDK-8161700 deploy webstart Deadlock in Java Web Start application involving JNLPClassLoader
-  JDK-8161986 deploy webstart Selecting 32/64 bit resources failed if user has installed both jre's
-  JDK-8167306 deploy webstart Side effects of using url schema handler.
-  JDK-8038348 hotspot compiler Instance field load is replaced by wrong data Phi
-  JDK-8043913 hotspot compiler remove legacy code in SPARC's VM_Version::platform_features
-  JDK-8134119 hotspot compiler Use new API to get cache line sizes
-  JDK-8134389 hotspot compiler Crash in HotSpot with jvm.dll+0x42b48 ciObjectFactory::create_new_metadata
-  JDK-8134918 hotspot compiler C2: Type speculation produces mismatched unsafe accesses
-  JDK-8140309 hotspot compiler [REDO] failed: no mismatched stores, except on raw memory: StoreB StoreI
-  JDK-8143897 hotspot compiler Weblogic12medrec assert(handler_address == SharedRuntime::compute_compiled_exc_handler(nm, pc, exception, force_unwind, true)) failed: Must be the same
-  JDK-8152172 hotspot compiler PPC64: Support AES intrinsics
-  JDK-8153134 hotspot compiler Infinite loop in handle_wrong_method in jmod
-  JDK-8153267 hotspot compiler nmethod's exception cache not multi‑thread safe
-  JDK-8154945 hotspot compiler Enable 8130150 and 8081778 intrinsics by default
-  JDK-8155781 hotspot compiler C2: opaque unsafe access triggers an assert
-  JDK-8157181 hotspot compiler Compilers accept modification of final fields outside initializer methods
-  JDK-8157306 hotspot compiler Random infrequent null pointer exceptions in javac
-  JDK-8158639 hotspot compiler C2 compilation fails with SIGSEGV
-  JDK-8162101 hotspot compiler C2: Handle "wide" aliases for unsafe accesses
-  JDK-8162384 hotspot compiler Performance regression: bimorphic inlining may be bypassed by type speculation
-  JDK-8162496 hotspot compiler missing precedence edge for anti_dependence
-  JDK-8164002 hotspot compiler Add a new CPU family (S_family) for SPARC S7 and above processors
-  JDK-8164293 hotspot compiler HotSpot leaking memory in long‑running requests
-  JDK-8164508 hotspot compiler unexpected profiling mismatch in c1 generated code
-  JDK-8165482 hotspot compiler java in ldoms, with cpu‑arch=generic has problems
-  JDK-8173373 hotspot compiler C1: NPE is thrown instead of LinkageError when accessing inaccessible field on NULL receiver
-  JDK-8175887 hotspot compiler C1 value numbering handling of Unsafe.get*Volatile is incorrect
-  JDK-8177095 hotspot compiler Range check dependent CastII/ConvI2L is prematurely eliminated
-  JDK-8140584 hotspot gc nmethod::oops_do_marking_epilogue always runs verification code
-  JDK-8153176 hotspot gc Long pause in ParOldGC, because ParallelTaskTerminator peeks wrong TaskQueueSet
-  JDK-8168914 hotspot gc Crash in ClassLoaderData/JNIHandleBlock::oops_do during concurrent marking
-  JDK-8170409 hotspot gc CMS: Crash in CardTableModRefBSForCTRS::process_chunk_boundaries
-  JDK-8175813 hotspot gc PPC64: "mbind: Invalid argument" when ‑XX:+UseNUMA is used
-  JDK-8180048 hotspot gc Interned string and symbol table leak memory during parallel unlinking
-  JDK-8034249 hotspot jvmti need more workarounds for suspend equivalent condition issue
-  JDK-8081219 hotspot jvmti hs_err improvement: Add event logging for class redefinition to the hs_err file
-  JDK-8162795 hotspot jvmti [REDO] MemberNameTable doesn't purge stale entries
-  JDK-8049717 hotspot runtime expose L1_data_cache_line_size for diagnostic/sanity checks
-  JDK-8087342 hotspot runtime Crash in klassItable::initialize_itable_for_interface when running SelectionResolution InvokeInterfaceICCE.java
-  JDK-8162766 hotspot runtime Unsafe_DefineClass0 accesses raw oops while in _thread_in_native
-  JDK-8163969 hotspot runtime Cyclic interface initialization causes JVM crash
-  JDK-8165153 hotspot runtime Crash in rebuild_cpu_to_node_map
-  JDK-8171155 hotspot runtime Scanning method file for initialized final field updates can fail for non‑existent fields
-  JDK-8171194 hotspot runtime Exception "Duplicate field name&signature in class file" should report the name and signature of the field
-  JDK-8177817 hotspot runtime Remove assertions in 8u that were removed by 8056124 in 9.
-  JDK-8166208 hotspot svc FlightRecorderOptions settings for defaultrecording ignored.
-  JDK-8173941 hotspot svc SA does not work if executable is DSO
-  JDK-8161945 install install REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE
-  JDK-8164096 javafx base ListChangeListener on ReadOnlyListWrapper's getReadOnlyProperty() does not reset change
-  JDK-8139841 javafx controls Axis class does not render ticks marks when tick labels are invisible
-  JDK-8139850 javafx controls CategoryAxis rotates improperly as yAxis
-  JDK-8163486 javafx controls NumberAxis: inaccurate rendering of ticks when tick unit is low
-  JDK-8166847 javafx controls NumberAxis: sticked numbers sometimes
-  JDK-8168895 javafx controls Tick marks position is not animated when toggling forceZeroInRange
-  JDK-8134600 javafx fxml Can't pass ObservableList as argument using FXML
-  JDK-8087565 javafx graphics Scaling problem on OSX Retina
-  JDK-8088205 javafx graphics [Mac] WebView renders icons instead of letters on some sites
-  JDK-8088395 javafx graphics Print dialogs are not blocking/modal w.r.t specified owner windows
-  JDK-8088857 javafx graphics Menu slow to respond after resizing a window multiple times with animation running
-  JDK-8090176 javafx graphics Pisces software renderer shows incomplete border images in particular situation
-  JDK-8148549 javafx graphics Region is not rendered correctly when node cache is enabled
-  JDK-8151744 javafx graphics wrong width/height in texture update
-  JDK-8154148 javafx graphics [Mac] JavaFX crashes on startup when run on Mac in VMWare
-  JDK-8156078 javafx graphics Stage alwaysOnTop property not reset to false if permission is denied
-  JDK-8163526 javafx graphics protect FileChooser return from internal NPE
-  JDK-8169777 javafx graphics MenuBar unoperable after moving Application to second monitor
-  JDK-8173468 javafx graphics Font.loadFont returns null on some Ubuntu 32bits
-  JDK-8174688 javafx graphics JavaFX Applet popup windows are in the wrong location on Mac
-  JDK-8178804 javafx graphics Excessive memory consumption in TriangleMesh/MeshView
-  JDK-8156563 javafx media JavaFX Ensemble8 media sample hang and crash
-  JDK-8159869 javafx media HTTP Live Streaming not working anymore
-  JDK-8091485 javafx samples Ensemble8: Review each sample description, playground, appearance, related docs and links
-  JDK-8134354 javafx samples Ensemble Media samples sliders don't react to clicks
-  JDK-8136918 javafx samples Ensemble uses deprecated flv (vp6) media files hosted on OTN
-  JDK-8136968 javafx samples [Mac] Regression from JDK‑8087709
-  JDK-8142439 javafx samples Ensemble8 media player slider issues
-  JDK-8152858 javafx samples Ensemble Timeline regression
-  JDK-8165373 javafx samples Ensemble8 uses setAccessible to access methods and fields of various classes
-  JDK-8168095 javafx samples Second image in Ensemble8/Image Creation sample does not load
-  JDK-8170421 javafx samples Ensemble8 black flash at startup on b145+
-  JDK-8130675 javafx scenegraph Document that setting scene on stage changes stage size unless explicitly set
-  JDK-8164141 javafx scenegraph [Javadoc] Replace references of Stage with Window in the Window class
-  JDK-8172554 javafx swing [macos] deadlock on JFXPanel startup
-  JDK-8174154 javafx swing NPE in JFXPanel$HostContainer#setEmbeddedStage
-  JDK-8088681 javafx web Underscore not visible in HTML combo box options inside webview
-  JDK-8089915 javafx web Input of type file doesn't honor "accept" attribute.
-  JDK-8090216 javafx web HTMLEditor: font bold doesn't work when an indent is set
-  JDK-8136847 javafx web DRT test fast/canvas/canvas‑fillRect‑shadow.html fails
-  JDK-8144263 javafx web [WebView, OS X] Webkit rendering artifacts with inertia scrolling
-  JDK-8150982 javafx web Crash when calling WebEngine.print on background thread
-  JDK-8158196 javafx web WebView Form Post fails if connection is closed before keepAlive‑Timeout
-  JDK-8162922 javafx web JavaFx WebView canvas doesn't support dash within strokeRec
-  JDK-8164314 javafx web [WebView] Debug build is no longer working after JDK‑8089681
-  JDK-8165098 javafx web WebEngine.print will attempt to print even if the printer job is complete or has an error
-  JDK-8165173 javafx web canvas/philip/tests/2d.path.clip.empty.html fails with 8u112
-  JDK-8166231 javafx web use @Native annotation in web classes
-  JDK-8166677 javafx web HTMLEditor freezes after restoring previously maximized window
-  JDK-8167098 javafx web Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch
-  JDK-8167675 javafx web Animated gifs are not working
-  JDK-8168887 javafx web [WebView] ComboBox and DropDownList ‑ Render fragments of the scrollbar are visible
-  JDK-8169204 javafx web Need to document JSObject Call and setSlot APIs to use weak references
-  JDK-8170938 javafx web Memory leak in JavaFX WebView
-  JDK-8172361 javafx web Update java‑wrappers for WebKit generated classes following WebKit update
-  JDK-8172495 javafx web Ignore __cmake_systeminformation from web module build directory
-  JDK-8174919 javafx web SocketException no longer handled by WebView when processing web pages
-  JDK-8144258 javafx window‑toolkit Ensemble Advanced Media sample hangs after going full screen
-  JDK-8160241 javafx window‑toolkit Maximizing an Window with Screen‑Size hides it
-  JDK-8166106 javafx window‑toolkit JVM crash on resizing JavaFX application with title and icon
-  JDK-8172561 javafx window‑toolkit Copying String with "rn" to Clipboard duplicates "r"
-  JDK-8155211 security‑libs java.security Ucrypto Library leaks native memory
-  JDK-8163896 security‑libs java.security Finalizing one key of a KeyPair invalidates the other key
-  JDK-8164846 security‑libs java.security CertificateException missing cause of underlying exception
-  JDK-8176536 security‑libs java.security Improved algorithm constraints checking
-  JDK-8157561 security‑libs javax.crypto Ship the unlimited policy files in JDK Updates
-  JDK-8165751 security‑libs javax.crypto NPE hit with java.security.debug=provider
-  JDK-8173581 security‑libs javax.crypto performance regression in com/sun/crypto/provider/OutputFeedback.java
-  JDK-8169229 security‑libs javax.net.ssl RSAClientKeyExchange debug info is incorrect
-  JDK-8181205 security‑libs javax.net.ssl JRE fails to load/register security providers when started from UNC pathname
-  JDK-8147772 security‑libs javax.security Update KerberosTicket to describe behavior if it has been destroyed and fix NullPointerExceptions
-  JDK-8163104 security‑libs javax.security Unexpected NPE still possible on some Kerberos ticket calls
-  JDK-8153438 security‑libs javax.smartcardio Avoid repeated "Please insert a smart card" popup windows
-  JDK-8170278 security‑libs org.ietf.jgss:krb5 ticket renewal won't happen with debugging turned on
-  JDK-8176329 tools jdeps to detect MR jar file and output a warning
-  JDK-8180660 tools javac missing LNT entry for finally block
-  JDK-8028363 xml XmlGregorianCalendarImpl.getTimeZone() bug when offset is less than 10 minutes
-  JDK-8169112 xml javax.xml.transform java.lang.VerifyError: (class: GregorSamsa, method: template$dot$0$outline$1 signature: (LGregorSamsa$48;)V) Register 10 contains wrong type
-  JDK-8146086 xml jax‑ws Publishing two webservices on same port fails with "java.net.BindException: Address already in use"
-  JDK-8172297 xml jax‑ws In java 8, the marshalling with JAX‑WS does not escape carriage return
-  JDK-8162598 xml jaxp XSLTC transformer swallows empty namespace declaration which is needed to undeclare default namespace
-  JDK-8146961 xml org.w3c.dom Fix PermGen memory leaks caused by static final Exceptions

Java JRE 8 Update 151 (64-bit) 查看版本資訊

更新時間:2017-10-18
更新細節:

What's new in this version:

New Features:
- security-libs/javax.crypto

New Security property to control crypto policy:
- This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information.

Note:
- On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, 8u111, then you should set the new crypto.policy Security property in the java.security file.
- Because the old JCE jurisdiction files are left in <java-home>/lib/security, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers! at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593) at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)

Changes:
- security-libs/java.security
- Refactor existing providers to refer to the same constants for default values for key length

Two important changes have been made for this issue:
- 1. A new system property has been introduced that allows users to configure the default key size used by the JDK provider implementations of KeyPairGenerator and AlgorithmParameterGenerator. This property is named "jdk.security.defaultKeySize" and the value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". In addition, white space is ignored.
- By default, this property will not have a value, and JDK providers will use their own default values. Entries containing an unrecognized algorithm name will be ignored. If the specified default key size is not a parseable decimal integer, that entry will be ignored as well.
- 2. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator. Applications which cast the SUN provider's DSA KeyPairGenerator object to a java.security.interfaces.DSAKeyPairGenerator can set the system property "jdk.security.legacyDSAKeyPairGenerator". If the value of this property is "true", the SUN provider will return a DSA KeyPairGenerator object which implements the java.security.interfaces.DSAKeyPairGenerator interface. This legacy implementation will use the same default value as specified by the javadoc in the interface.
- By default, this property will not have a value, and the SUN provider will return a DSA KeyPairGenerator object which does not implement the forementioned interface and thus can determine its own provider-specific default value as stated in the java.security.KeyPairGenerator class or by the "jdk.security.defaultKeySize" system property if set.
- core-libs/java.util:collections

Collections use serialization filter to limit array sizes:
- Deserialization of certain collection instances will cause arrays to be allocated. The ObjectInputFilter.checkInput() method is now called prior to allocation of these arrays. Deserializing instances of ArrayDeque, ArrayList, IdentityHashMap, PriorityQueue, java.util.concurrent.CopyOnWriteArrayList, and the immutable collections (as returned by List.of, Set.of, and Map.of) will call checkInput() with a FilterInfo instance whose style="font-family: Courier New;">serialClass() method returns Object[].class. Deserializing instances of HashMap, HashSet, Hashtable, and Properties will call checkInput() with a FilterInfo instance whose serialClass() method returns Map.Entry[].class. In both cases, the FilterInfo.arrayLength() method will return the actual length of the array to be allocated. The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.
- security-libs/java.security

keytool now prints warnings when reading or generating certificates/certificate requests/CRLs using weak algorithms:
- With one exception, keytool will always print a warning if the certificate, certificate request, or CRL it is parsing, verifying, or generating is using a weak algorithm or key. When a certificate is from an existing TrustedCertificateEntry, either in the keystore directly operated on or in the cacerts keystore when the -trustcacerts option is specified for the -importcert command, keytool will not print a warning if it is signed with a weak signature algorithm. For example, suppose the file cert contains a CA certificate signed with a weak signature algorithm, keytool -printcert -file cert and keytool -importcert -file cert -alias ca -keystore ks will print out a warning, but after the last command imports it into the keystore, keytool -list -alias ca -keystore ks will not show a warning anymore.
- Precisely, an algorithm or a key is weak if it matches the value of the jdk.certpath.disabledAlgorithms security property defined in the conf/security/java.security file
- security-libs/java.security

New defaults for DSA keys in jarsigner and keytool:
- For DSA keys, the default signature algorithm for keytool and jarsigner has changed from SHA1withDSA to SHA256withDSA and the default key size for keytool has changed from 1024 bits to 2048 bits.
- Users wishing to revert to the previous behavior can use the -sigalg option of keytool and jarsigner and specify SHA1withDSA and the -keysize option of keytool and specify 1024.
- There are a few potential compatibility risks associated with this change:
- If you have a script that uses the default key size of keytool to generate a DSA keypair but then subsequently specifies a specific signature algorithm, ex:
- keytool -genkeypair -keyalg DSA -keystore keystore -alias mykey ...
- keytool -certreq -sigalg SHA1withDSA -keystore keystore -alias mykey ...
- it will fail with one of the following exceptions, because the new 2048-bit keysize default is too strong for SHA1withDSA:
- keytool error: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
- keytool error: java.security.InvalidKeyException: DSA key must be at most 1024 bits
- The workaround is to remove the -sigalg option and use the stronger SHA256withDSA default or, at your own risk, use the -keysize option of keytool to specify a smaller key size (1024).
- If you use jarsigner to sign JARs with the new defaults, previous versions (than this release) of JDK 6 and 7 do not support the stronger defaults and will not be able to verify the JAR. jarsigner -verify on an earlier release of JDK 6 or 7 will output the following error:
- jar is unsigned. (signatures missing or not parsable)

If you add -J-Djava.security.debug=jar to the jarsigner command line, the cause will be output:
- jar: processEntry caught: java.security.NoSuchAlgorithmException: SHA256withDSA Signature not available
- If compatibility with earlier releases is important, you can, at your own risk, use the -sigalg option of jarsigner and specify the weaker SHA1withDSA algorithm.
- If you use a PKCS11 keystore, the SunPKCS11 provider does not support the SHA256withDSA algorithm. jarsigner and some keytool commands may fail with the following exception if PKCS11 is specified with the -storetype option, ex:
- keytool error: java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
- A similar error may occur if you are using NSS with the SunPKCS11 provider. The workaround is to use the -sigalg option of keytool and specify SHA1withDSA.
- security-libs/java.security

Add warnings to keytool when using JKS and JCEKS:
- When keytool is operating on a JKS or JCEKS keystore, a warning may be shown that the keystore uses a proprietary format and migrating to PKCS12 is recommended. The keytool's -importkeystore command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.
- security-libs/java.security

keytool now prints out information of a certificate's public key:
- Keytool now prints out the key algorithm and key size of a certificate's public key, in the form of "Subject Public Key Algorithm: <size>-bit RSA key", where <size> is the key size in bits (ex: 2048).

Bug fixes:
- (JBS, component, subcomponent, description)
- JDK-8179084 hotspot gc HotSpot VM fails to start when AggressiveHeap is set
- JDK-8089283 javafx web Padding property of the select tag is incorrect in WebView
- JDK-8132675 javafx web VBox.setVgrow and HBox.setHgrow corrupt following controls when window resized
- JDK-8138652 javafx web [macosx] New WebView Native Code uses private Apple APIs
- JDK-8165909 javafx web JavaScript to Java String conversion is not correct
- JDK-8170450 javafx web Crash while loading wordpress.com in HiDPI / Retina display
- JDK-8172495 javafx web Ignore __cmake_systeminformation from web module build directory
- JDK-8172836 javafx web WebView Debug build is broken
- JDK-8176729 javafx web com.sun.webkit.dom.NodeImpl#SelfDisposer is not called
- JDK-8178319 javafx web Build sqlite3 from source
- JDK-8178360 javafx web Build and integrate ICU from source
- JDK-8178440 javafx web Build libxml2 and libxslt from source
- JDK-8179673 javafx web JVM Crash in WebPage.setBackgroundColor() during webpage navigation (Non Public API)
- JDK-8180825 javafx web Javafx WebView fails to render pdf.js
- JDK-8183292 javafx web Update to 604.1 version of WebKit
- JDK-8184448 javafx web Crash while loading gif images with more frames
- JDK-8185132 javafx web window.requestAnimationFrame API is not working
- JDK-8172847 javafx window‑toolkit [macos] If you hit the escape key repeatedly to close the subwindow, the process crashes
- JDK-8029659 security‑libs java.security Keytool, print key algorithm of certificate or key entry
- JDK-8154015 security‑libs java.security Apply algorithm constraints to timestamped code
- JDK-8171319 security‑libs java.security keytool should print out warnings when reading or generating cert/cert req using weak algorithms
- JDK-8177569 security‑libs java.security keytool should not warn if signature algorithm used in cacerts is weak
- JDK-8157561 security‑libs javax.crypto Ship the unlimited policy files in JDK Updates
- JDK-8167485 tools visualvm Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK

Java JRE 9.0.1 (64-bit) 查看版本資訊

更新時間:2017-10-18
更新細節:

What's new in this version:

Changes:
- security-libs/java.security

Refactor existing providers to refer to the same constants for default values for key length:
Two important changes have been made for this issue:
- 1. A new system property has been introduced that allows users to configure the default key size used by the JDK provider implementations of KeyPairGenerator and AlgorithmParameterGenerator. This property is named "jdk.security.defaultKeySize" and the value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". In addition, white space is ignored.
- By default, this property will not have a value, and JDK providers will use their own default values. Entries containing an unrecognized algorithm name will be ignored. If the specified default key size is not a parseable decimal integer, that entry will be ignored as well.
- 2. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator. Applications which cast the SUN provider's DSA KeyPairGenerator object to a java.security.interfaces.DSAKeyPairGenerator can set the system property "jdk.security.legacyDSAKeyPairGenerator". If the value of this property is "true", the SUN provider will return a DSA KeyPairGenerator object which implements the java.security.interfaces.DSAKeyPairGenerator interface. This legacy implementation will use the same default value as specified by the javadoc in the interface.
- By default, this property will not have a value, and the SUN provider will return a DSA KeyPairGenerator object which does not implement the forementioned interface and thus can determine its own provider-specific default value as stated in the java.security.KeyPairGenerator class or by the "jdk.security.defaultKeySize" system property if set.
- core-libs/java.util:collections

Collections use serialization filter to limit array sizes:
- Deserialization of certain collection instances will cause arrays to be allocated. The ObjectInputFilter.checkInput() method is now called prior to allocation of these arrays. Deserializing instances of ArrayDeque, ArrayList, IdentityHashMap, PriorityQueue, java.util.concurrent.CopyOnWriteArrayList, and the immutable collections (as returned by List.of, Set.of, and Map.of) will call checkInput() with a FilterInfo instance whose serialClass() method returns Object[].class. Deserializing instances of HashMap, HashSet, Hashtable, and Properties will call checkInput() with a FilterInfo instance whose serialClass() method returns Map.Entry[].class. In both cases, the FilterInfo.arrayLength() method will return the actual length of the array to be allocated. The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.
- security-libs/java.security

Add warnings to keytool when using JKS and JCEKS:
- When keytool is operating on a JKS or JCEKS keystore, a warning may be shown that the keystore uses a proprietary format and migrating to PKCS12 is recommended. The keytool's -importkeystore command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.

Bug fixes:
- (JBS, component, subcomponent, description)
- JDK-8183297 infrastructure Allow duplicate bugid for changeset in jdk9 update forest
- JDK-8187993 infrastructure [CPU17_04] Need to update securitypack.jar with baseline.versions file having jdk9 entry
- JDK-8187043 javafx graphics JavaFX fails to launch on some Windows platforms due to missing VS2017 libraries
- JDK-8089283 javafx web Padding property of the select tag is incorrect in WebView
- JDK-8176729 javafx web com.sun.webkit.dom.NodeImpl#SelfDisposer is not called
- JDK-8178319 javafx web Build sqlite3 from source
- JDK-8178360 javafx web Build and integrate ICU from source
- JDK-8178440 javafx web Build libxml2 and libxslt from source
- JDK-8179673 javafx web JVM Crash in WebPage.setBackgroundColor() during webpage navigation (Non Public API)
- JDK-8183292 javafx web Update to 604.1 version of WebKit
- JDK-8184448 javafx web Crash while loading gif images with more frames
- JDK-8185132 javafx web window.requestAnimationFrame API is not working

Java JRE 9 (64-bit) 查看版本資訊

更新時間:2017-09-22
更新細節:

What's new in this version:

KEY CHANGES:
Java Platform Module System:
Introduces a new kind of Java programing component, the module, which is a named, self-describing collection of code and data. This module system:
- Introduces a new optional phase, link time, which is in-between compile time and run time, during which a set of modules can be assembled and optimized into a custom runtime image; see the jlink tool in Java Platform, Standard Edition Tools Reference
- Adds options to the tools javac, jlink, and java where you can specify module paths, which locate definitions of modules
- Introduces the modular JAR file, which is a JAR file with a module-info.class file in its root directory
- Introduces the JMOD format, which is a packaging format similar to JAR except it can include native code and configuration files; see the jmod tool

The JDK itself has been divided into a set of modules. This change enables you to combine the JDK's modules into a variety of configurations, including:
- Configurations corresponding to the JRE and the JDK
- Configurations roughly equivalent in content to each of the Compact Profiles defined in Java SE 8
- Custom configurations that contain only a specified set of modules and their required modules
- Restructures the JDK and JRE runtime images to accommodate modules and improve performance, security, and maintainability
- Defines a new URI scheme for naming modules, classes, and resources stored in a runtime image without revealing the internal structure or format of the image
- Removes the endorsed-standards override mechanism and the extension mechanism
- Removes rt.jar and tools.jar from the Java runtime image
- Makes most of the JDK's internal APIs inaccessible by default but leaves a few critical, widely used internal APIs accessible until supported replacements exist for all or most of their functionality

JEP 223: New Version-String Scheme:
- Provides a simplified version-string format that helps to clearly distinguish major, minor, security, and patch update releases.

Installer Enhancements for Microsoft Windows:

Enable or Disable Web Deployment with Installer's UI:
- Provides the option to enable or disable web deployment in the Welcome page of the installer. To enable web deployment, in the Welcome page, select Custom Setup , click Install, and select the Enable Java content in the Browser check box.

WHAT'S NEW FOR TOOLS:

JEP 222: jshell: The Java Shell (Read-Eval-Print Loop):
- Adds Read-Eval-Print Loop (REPL) functionality to the Java platform.

JEP 228: Add More Diagnostic Commands:
- Defines additional diagnostic commands to improve the ability to diagnose issues with Hotspot and the JDK.

JEP 231: Remove Launch-Time JRE Version Selection:
- Removes the ability to request a version of the JRE that is not the JRE being launched at launch time. Modern applications are typically deployed through Java Web Start (with a JNLP file), native OS packaging systems, or active installers. These technologies have their own methods to manage the JREs needed by finding or downloading and updating the required JRE as needed. This makes launch-time JRE version selection obsolete.

JEP 238: Multi-Release JAR Files:
- Extends the JAR file format to enable multiple, Java release-specific versions of class files to coexist in a single archive. A multirelease JAR (MRJAR) contains additional, versioned directories for classes and resources specific to particular Java platform releases. Specify versioned directories with the jar tool's --release option.

JEP 240: Remove the JVM TI hprof Agent:
- Removes the hprof agent from the JDK. The hprof agent was written as demonstration code for the JVM Tool Interface and not intended to be a production tool. The useful features of the hprof agent have been superseded by better alternatives.

JEP 241: Remove the jhat Tool:
- Removes the jhat tool from the JDK. The jhat tool was an experimental and unsupported tool added in JDK 6. It is out of date; superior heap visualizers and analyzers have been available for many years.

JEP 245: Validate JVM Command-Line Flag Arguments:
- Validates arguments to all numerical JVM command-line flags to avoid failures and instead displays an appropriate error message if they are found to be invalid. Range and optional constraint checks have been implemented for arguments that require a user-specified numerical value.

JEP 247: Compile for Older Platform Versions:
- Enhances javac so that it can compile Java programs to run on selected earlier versions of the platform. When using the -source or -target options, the compiled program might accidentally use APIs that are not supported on the given target platform. The --release option will prevent accidental use of APIs.

JEP 282: jlink: The Java Linker:
- Assembles and optimizes a set of modules and their dependencies into a custom runtime image as defined in JEP 220. The jlink tool defines a plug-in mechanism for transformation and optimization during the assembly process, and for the generation of alternative image formats. It can create a custom runtime optimized for a single program. JEP 261 defines link time as an optional phase between the phases of compile time and run time. Link time requires a linking tool that assembles and optimizes a set of modules and their transitive dependencies to create a runtime image or executable

WHAT'S NEW FOR SECURITY:

JEP 219: Datagram Transport Layer Security (DTLS):
- Enables Java Secure Socket Extension (JSSE) API and the SunJSSE security provider to support DTLS Version 1.0 and DTLS Version 1.2 protocols

JEP 244: TLS Application-Layer Protocol Negotiation Extension:
- Enables the client and server in a Transport Layer Security (TLS) connection to negotiate the application protocol to be used. With Application-Layer Protocol Negotiation (ALPN), the client sends the list of supported application protocols as part of the TLS ClientHello message. The server chooses a protocol and returns the selected protocol as part of the TLS ServerHello message. The application protocol negotiation can be accomplished within the TLS handshake, without adding network round-trips

JEP 249: OCSP Stapling for TLS:
- Enables the server in a TLS connection to check for a revoked X.509 certificate revocation. The server does this during TLS handshaking by contacting an Online Certificate Status Protocol (OCSP) responder for the certificate in question. It then attaches or "staples" the revocation information to the certificate that it returns to the client so that the client can take appropriate action. Enables the client to request OCSP stapling from a TLS server. The client checks stapled responses from servers that support the feature.

JEP 246: Leverage CPU Instructions for GHASH and RSA:
- Improves performance ranging from 34x to 150x for AES/GCM/NoPadding using GHASH HotSpot intrinsics. GHASH intrinsics are accelerated by the PCLMULQDQ instruction on Intel x64 CPU and the xmul/xmulhi instructions on SPARC. Improves performance up to 50% for BigInteger squareToLen and BigInteger mulAdd methods using RSA HotSpot intrinsics. RSA intrinsics apply to the java.math.BigInteger class on Intel x64. A new security property jdk.security.provider.preferred is introduced to configure providers that offer significant performance gains for specific algorithms.

JEP 273: DRBG-Based SecureRandom Implementations:
- Provides the functionality of Deterministic Random Bit Generator (DRBG) mechanisms as specified in NIST SP 800-90Ar1 in the SecureRandom API
- The DRBG mechanisms use modern algorithms as strong as SHA-512 and AES-256. Each of these mechanisms can be configured with different security strengths and features to match user requirements

JEP 288: Disable SHA-1 Certificates:
- Improves the security configuration of the JDK by providing a more flexible mechanism to disable X.509 certificate chains with SHA-1-based signatures.
- Disables SHA-1 in TLS Server certificate chains anchored by roots included by default in the JDK; local or enterprise certificate authorities (CAs) are not affected. The jdk.certpath.disabledAlgorithms security property is enhanced with several new constraints that allow greater control over the types of certificates that can be disabled.

JEP 229: Create PKCS12 Keystores by Default:
- Modifies the default keystore type from JKS to PKCS12. PKCS#12 is an extensible, standard, and widely supported format for storing cryptographic keys. PKCS12 keystores improve confidentiality by storing private keys, trusted public key certificates, and secret keys. This feature also opens opportunities for interoperability with other systems such as Mozilla, Microsoft's Internet Explorer, and OpenSSL that support PKCS12. The SunJSSE provider supplies a complete implementation of the PKCS12 java.security.KeyStore format for reading and writing PKCS12 files. See Key Management in Java Platform, Standard Edition Security Developer's Guide. The keytool key and certificate management utility can create PKCS12 keystores.

JEP 287: SHA-3 Hash Algorithms:
- Supports SHA-3 cryptographic hash functions as specified in NIST FIPS 202.
- The following additional standard algorithms are supported by the java.security.MessageDigest API: SHA3-224, SHA3-256, SHA3-384, and SHA3-512

The following providers support SHA-3 algorithm enhancements:
- SUN provider: SHA3-224, SHA3-256, SHA3-384, and SHA3-512
- OracleUcrypto provider: SHA-3 digests supported by Solaris 12.0

WHAT'S NEW FOR DEPLOYMENT:

Deprecate the Java Plug-in:
- Deprecates the Java Plug-in and associated applet technologies in Oracle's JDK 9 builds. While still available in JDK 9, these technologies will be considered for removal from the Oracle JDK and JRE in a future release. Applets and JavaFX applications embedded in a web page require the Java Plug-in to run. Consider rewriting these types of applications as Java Web Start or self-contained applications.

Enhanced Java Control Panel:
- Improves the grouping and presentation of options within the Java Control Panel. Information is easier to locate, a search field is available, and modal dialog boxes are no longer used. Note that the location of some options has changed from previous versions of the Java Control Panel

JEP 275: Modular Java Application Packaging:
- Integrates features from Project Jigsaw into the Java Packager, including module awareness and custom runtime creation. Leverages the jlink tool to create smaller packages. Creates applications that use the JDK 9 runtime only. Cannot be used to package applications with an earlier release of the JRE.

JEP 289: Deprecate the Applet API:
- Deprecates the Applet API, which is becoming less useful as web browser vendors remove support for Java browser plug-ins. While still available in JDK 9, the Applet class will be considered for removal in a future release. Consider rewriting applets as Java Web Start or self-contained applications

WHAT'S NEW FOR THE JAVA LANGUAGE:

JEP 213: Milling Project Coin. Identifies a few small changes:
- Allow @SafeVargs on private instance methods
- Allow effectively final variables to be used as resources in the try-with-resources statement
- Allow the diamond with anonymous classes if the argument type of the inferred type is denotable
- Complete the removal, begun in Java SE 8, of the underscore from the set of legal identifier names
- Add support for private interface methods

WHAT'S NEW FOR JAVADOC:

JEP 221: Simplified Doclet API:
- Replaces the old Doclet API with a new simplified API that leverages other standard, existing APIs. The standard doclet has been rewritten to use the new Doclet API.

JEP 224: HTML5 Javadoc:
- Supports generating HTML5 output. To get fully compliant HTML5 output, ensure that any HTML content provided in documentation comments are compliant with HTML5.

JEP 225: Javadoc Search:
- Provides a search box to the generated API documentation. Use this search box to find program elements, tagged words, and phrases within the documentation.

JEP 261: Module System:
- Supports documentation comments in module declarations. Includes new command-line options to configure the set of modules to be documented and generates a new summary page for any modules being documented.

WHAT'S NEW FOR THE JVM:

JEP 165: Compiler Control:
- Provides a way to control JVM compilation through compiler directive options. The level of control is runtime-manageable and method-specific. Compiler Control supersedes, and is backward compatible, with CompileCommand.

JEP 197: Segmented Code Cache:
- Divides the code cache into distinct segments, each of which contains compiled code of a particular type, to improve performance and enable future extensions.

JEP 276: Dynamic Linking of Language-Defined Object Models:
- Dynamically links high-level object operations at run time, such as read a property, write a property, and invoke a function, to the appropriate target method handles. It links these operations to target method handles based on the actual types of the values passed. These object operations are expressed as invokedynamic sites.
- While java.lang.invoke provides a low-level API for dynamic linking of invokedynamic call sites, it doesn't provide a way to express higher level operations on objects nor methods that implement them.
- With the package jdk.dynalink, you can implement programming languages whose expressions contain dynamic types (types that cannot be determined statically) and whose operations on these dynamic types are expressed as invokedynamic call sites (because the language's object model or type system doesn't closely match that of the JVM).

WHAT'S NEW FOR JVM TUNING:
Improve G1 Usability, Determinism, and Performance:
- Enhances the Garbage-First (G1) garbage collector to automatically determine several important memory-reclamation settings. Previously these settings had to be set manually to obtain optimal results. In addition, fixes issues with the usability, determinism, and performance of the G1 garbage collector.

JEP 158: Unified JVM Logging:
- Introduces a common logging system for all components of the JVM
- JEP 214: Remove GC Combinations Deprecated in JDK 8"
- Removes garbage collector (GC) combinations that were deprecated in JDK 8
- This means that the following GC combinations no longer exist: DefNew + CMS ParNew + SerialOld, Incremental CMS

The "foreground" mode for Concurrent Mark Sweep (CMS) has also been removed. The following command-line flags have been removed:
- -Xincgc
- -XX:+CMSIncrementalMode
- -XX:+UseCMSCompactAtFullCollection
- -XX:+CMSFullGCsBeforeCompaction
- -XX:+UseCMSCollectionPassing
- The command line flag -XX:+UseParNewGC no longer has an effect. ParNew can only be used with CMS and CMS requires ParNew. Thus, the -XX:+UseParNewGC flag has been deprecated and will likely be removed in a future release.

JEP 248: Make G1 the Default Garbage Collector:
- Makes Garbage-First (G1) the default garbage collector (GC) on 32- and 64-bit server configurations. Using a low-pause collector such as G1 provides a better overall experience, for most users, than a throughput-oriented collector such as the Parallel GC, which was previously the default.

JEP 271: Unified GC Logging:
- Reimplements Garbage Collection (GC) logging using the unified JVM logging framework introduced in JEP 158. GC logging is re-implemented in a manner consistent with the current GC logging format; however, some differences exist between the new and old formats.

JEP 291: Deprecate the Concurrent Mark Sweep (CMS) Garbage Collector:
- Deprecates the Concurrent Mark Sweep (CMS) garbage collector. A warning message is issued when it is requested on the command line, using the -XX:+UseConcMarkSweepGC option. The Garbage-First (G1) garbage collector is intended to be a replacement for most uses of CMS

WHAT'S NEW FOR CORE LIBRARIES:

JEP 102: Process API Updates:
- Improves the API for controlling and managing operating system processes.
- The ProcessHandle class provides the process's native process ID, arguments, command, start time, accumulated CPU time, user, parent process, and descendants. The class can also monitor processes' liveness and destroy processes. With the ProcessHandle.onExit method, the asynchronous mechanisms of the CompletableFuture class can perform an action when the process exits.

JEP 193: Variable Handles:
- Defines a standard means to invoke the equivalents of java.util.concurrent.atomic and sun.misc.Unsafe operations upon object fields and array elements.
- Defines a standard set of fence operations, which consist of VarHandle static methods that enable fine-grained control of memory ordering. This is an alternative to sun.misc.Unsafe, which provides a nonstandard set of fence operations.
- Defines a standard reachability fence operation to ensure that a referenced object remains strongly reachable.

JEP 254: Compact Strings:
- Adopts a more space-efficient internal representation for strings. Previously, the String class stored characters in a char array, using two bytes (16 bits) for each character. The new internal representation of the String class is a byte array plus an encoding-flag field.
- This is purely an implementation change, with no changes to existing public interfaces.

JEP 264: Platform Logging API and Service:
- Defines a minimal logging API that platform classes can use to log messages, together with a service interface for consumers of those messages. A library or application can provide an implementation of this service to route platform log messages to the logging framework of its choice. If no implementation is provided, then a default implementation based on the java.util.logging API is used.

JEP 266: More Concurrency Updates:
- Adds further concurrency updates to those introduced in JDK 8 in JEP 155: Concurrency Updates, including an interoperable publish-subscribe framework and enhancements to the CompletableFuture API.

JEP 268: XML Catalogs:
- Adds a standard XML Catalog API that supports the Organization for the Advancement of Structured Information Standards (OASIS) XML Catalogs version 1.1 standard. The API defines catalog and catalog-resolver abstractions that can be used as an intrinsic or external resolver with the JAXP processors that accept resolvers.
- Existing libraries or applications that use the internal catalog API will need to migrate to the new API to take advantage of the new features.

JEP 269: Convenience Factory Methods for Collections:
- Makes it easier to create instances of collections and maps with small numbers of elements. New static factory methods on the List, Set, and Map interfaces make it simpler to create immutable instances of those collections.

JEP 274: Enhanced Method Handles:
Enhances the MethodHandle, MethodHandles, and MethodHandles.Lookup classes of the java.lang.invoke package to ease common use cases and enable better compiler optimizations. Additions include:
- In the MethodHandles class in the java.lang.invoke package, provide new MethodHandle combinators for loops and try/finally blocks.
- Enhance the MethodHandle and MethodHandles classes with new MethodHandle combinators for argument handling.
- Implement new lookups for interface methods and, optionally, super constructors in the MethodHandles.Lookup class.

JEP 277: Enhanced Deprecation:
Revamps the @Deprecated annotation to provide better information about the status and intended disposition of an API in the specification. Two new elements have been added:
- Deprecated(forRemoval=true) indicates that the API will be removed in a future release of the Java SE platform
- Deprecated(since="version") contains the Java SE version string that indicates when the API element was deprecated, for those deprecated in Java SE 9 and beyond

JEP 285: Spin-Wait Hints:
- Defines an API that enables Java code to hint that a spin loop is executing. A spin loop repeatedly checks to see if a condition is true, such as when a lock can be acquired, after which some computation can be safely performed followed by the release of the lock. This API is purely a hint, and carries no semantic behavior requirements. See the method Thread.onSpinWait

JEP 290: Filter Incoming Serialization Data:
- Allows incoming streams of object-serialization data to be filtered to improve both security and robustness. Object-serialization clients can validate their input more easily, and exported Remote Method Invocation (RMI) objects can validate invocation arguments more easily as well
- Serialization clients implement a filter interface that is set on an ObjectInputStream. For RMI, the object is exported through a RemoteServerRef that sets the filter on the MarshalInputStream to validate the invocation arguments as they are unmarshalled

JEP 259: Stack-Walking API:
- Provides a stack-walking API that allows easy filtering and lazy access to the information in stack traces
- The API supports both short walks that stop at a frame that matches given criteria, and long walks that traverse the entire stack. Stopping at a frame that matches a given criteria avoids the cost of examining all the frames if the caller is interested only in the top frames on the stack. The API enables access to Class objects when the stack walker is configured to do so. See the class java.lang.Stackwalker

JEP 255: Merge Selected Xerces 2.11.0 Updates into JAXP:
Updates the JDK to support the 2.11.0 version of the Xerces parser. There is no change to the public JAXP API
The changes are in the following categories of Xerces 2.11.0: Datatypes, DOM L3 Serializer, XPointer, Catalog Resolver, and XML Schema Validation (including bug fixes, but not the XML Schema 1.1 development code)

WHAT'S NEW FOR NASHORN:
JEP 236: Parser API for Nashorn:
- Enables applications, in particular IDEs and server-side frameworks, to parse and analyze ECMAScript code
- Parse ECMAScript code from a string, URL, or file with methods from the Parser class. These methods return an instance of CompilationUnitTree, which represents ECMAScript code as an abstract syntax tree
- The package jdk.nashorn.api.tree contains the Nashorn parser API

JEP 292: Implement Selected ECMAScript 6 Features in Nashorn: Implements many new features introduced in the 6th edition of ECMA-262, also known as ECMAScript 6, or ES6 for short. Implemented features include the following:
- Template strings
- let, const, and block scope
- Iterators and for..of loops
- Map, Set, WeakMap, and WeakSet
- Symbols
- Binary and octal literals

WHAT'S NEW FOR CLIENT TECHNOLOGIES:
JEP 251: Multi-Resolution Images:
- Enables a set of images with different resolutions to be encapsulated into a single multiresolution image. This could be useful for applications to adapt to display devices whose resolutions may vary from approximately 96dpi to 300dpi during run time
- The interface java.awt.image.MultiResolutionImage encapsulates a set of images with different resolutions into a single multiresolution image, which enables applications to easily manipulate and display images with resolution variants

JEP 253: Prepare JavaFX UI Controls and CSS APIs for Modularization:
- Provides public APIs for JavaFX UI controls and CSS functionality that were previously available only through internal packages but are now inaccessible due to modularization
- The new package javafx.scene.control.skin consists of a set of classes that provides a default implementation for the skin (or the look) of each UI control
- The new class CssParser is a CSS parser that returns a Stylesheet object, which gives you more control over the CSS styling of your application. It’s part of the CSS API (the javafx.css package). The CSS API includes new support classes, including a set of standard converters used by the parser; see the javafx.css.converter package

JEP 256: BeanInfo Annotations:
- Replaces the @beaninfo Javadoc tag with the annotation types JavaBean, BeanProperty, and SwingContainer
- These annotation types set the corresponding feature attributes during BeanInfo generation at runtime. Thus, you can more easily specify these attributes directly in Bean classes instead of creating a separate BeanInfo class for every Bean class. It also enables the removal of automatically generated classes, which makes it easier to modularize the client library

JEP 262: TIFF Image I/O:
- Adds Tag Image File Format (TIFF) reading and writing as standard to the package javax.imageio. The new package javax.imageio.plugins.tiff provides classes that simplify the optional manipulation of TIFF metadata

JEP 263: HiDPI Graphics on Windows and Linux:
- Automatically scales and sizes AWT and Swing components for High Dots Per Inch (HiDPI) displays on Windows and Linux. Prior to this release, on Windows and Linux, Java applications were sized and rendered based on pixels, even on HiDPI displays that can have pixel densities two to three times as high as traditional displays. This led to GUI components and windows that were too small to read or use

JEP 272: Platform-Specific Desktop Features:
Adds additional methods to the class java.awt.Desktop that enable you to interact with the desktop, including the following:
- Show custom About and Preferences windows
- Handle requests to open or print a list of files
- Handle requests to open a URL
- Open the native help viewer application
- Set the default menu bar
- Enable or disable the application to be suddenly terminated
- These new methods replace the functionality of the internal APIs contained in the OS X package com.apple.eawt, which are not accessible by default in JDK 9. Note that the package com.apple.eio is no longer accessible

WHAT'S NEW FOR INTERNATIONALIZATION:

JEP 267: Unicode 8.0:
- Supports Unicode 8.0. JDK 8 supported Unicode 6.2
- The Unicode 6.3, 7.0 and 8.0 standards combined introduced 10,555 characters, 29 scripts, and 42 blocks, all of which are supported in JDK 9

JEP 252: CLDR Locale Data Enabled by Default:
- Uses the Common Locale Data Repository's (CLDR) XML-based locale data, first added in JDK 8, as the default locale data in JDK 9. In previous releases, the default was JRE
- To enable behavior compatible with JDK 8, set the system property java.locale.providers to a value with COMPAT ahead of CLDR

JEP 226: UTF-8 Properties Files:
- Loads properties files in UTF-8 encoding. In previous releases, ISO-8859-1 encoding was used when loading property resource bundles. UTF-8 is a much more convenient way to represent non-Latin characters
- Most existing properties files should not be affected

Java JRE 8 Update 144 (64-bit) 查看版本資訊

更新時間:2017-07-27
更新細節:

What's new in this version:

IANA Data 2017b:
- JDK 8u144 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software

Security Baselines:
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u144 are specified in the following table:
- JRE Family Version    JRE Security Baseline (Full Version String)
- 8 1.8.0_141-b15
- 7 1.7.0_151-b15
- 6 1.6.0_161-b13

JRE Expiration Date:
- The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u144) will expire with the release of the next critical patch update scheduled for October 17, 2017.
- For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u144) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Bug Fixes
- security-libs/javax.net.ssl
- java.util.zip.ZipFile.getEntry() now always returns the ZipEntry instance with a / ended entry name for directory entry
- The java.util.zip.ZipEntry API doc specifies "A directory entry is defined to be one whose name ends with a /". However, in previous JDK releases, java.util.zip.ZipFile.getEntry(String entryName) may return a ZipEntry instance with an entry name that does not end with / for an existing zip directory entry when the passed in argument entryName does not end with a /, and when there is a matching zip directory entry with name entryName + / in the zip file
- With this release, the name of the ZipEntry instance returned from java.util.zip.ZipFile.getEntry() always ends with / for any zip directory entry
- To revert to the previous behavior, set the system property jdk.util.zip.ensureTrailingSlash to "false"
- This change was made in order to fix a regression introduced in JDK 8u141 when verifying signed JARs that has caused some WebStart applications to fail to load
- This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u144 Bug Fixes page

Java JRE 8 Update 141 (64-bit) 查看版本資訊

更新時間:2017-07-19
更新細節:

What's new in this version:

IANA DATA 2017b:
- JDK 8u141 contains IANA time zone data version 2017b

CERTIFICATE CHANGES:
- Let's Encrypt certificates added to root CAs. One new root certificate has been added

NEW FEATURES:
security-libs/java.security. Improved algorithm constraints checking:
- With the need to restrict weak algorithms usage in situations where they are most vulnerable, additional features have been added when configuring the jdk.certpath.disabledAlgorithms and jdk.jar.disabledAlgorithms security properties in the java.security file.
- jdk.certpath.disabledAlgorithms: The certpath property has seen the most change. Previously it was limited to two Constraint types; either a full disabling of an algorithm by name or a full disabling of an algorithm by the key size when checking certificates, certificate chains, and certificate signatures. This creates configurations that are absolute and lack flexibility in their usage. Three new Constraints were added to give more flexibility in allowing and rejecting certificates.
- "jdkCA" examines the certificate chain termination with regard to the cacerts file. In the case of "SHA1 jdkCA". SHA1's usage is checked through the certificate chain, but the chain must terminate at a marked trust anchor in the cacerts keystore to be rejected. This is useful for organizations that have their own private CA that trust using SHA1 with their trust anchor, but want to block certificate chains anchored by a public CA from using SHA1.
- "denyAfter" checks if the given date is before the current date or the PKIXParameter date. In the case of "SHA1 denyAfter 2018-01-01", before 2018 a certificate with SHA1 can be used, but after that date, the certificate is rejected. This can be used for a policy across an organization that is phasing out an algorithm with a drop-dead date. For signed JAR files, the date is compared against the TSA timestamp. The date is specified in GMT.

"usage" examines the specified algorithm for a specified usage. This can be used when disabling an algorithm for all usages is not practical. There are three usages that can be specified:
- TLSServer' restricts the algorithm in TLS server certificate chains when server authentication is performed as a client
- TLSClient' restricts the algorithm in TLS client certificate chains when client authentication is performed as a server
- SignedJAR' restricts the algorithms in certificates in signed JAR files. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter
- For example, "SHA1 usage TLSServer TLSClient" would disallow SHA1 certificates for TLSServer and TLSClient operations, but SignedJars would be allowed
- All of these constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA1 certificate chains that terminate at marked trust anchors only for TLSServer operations, the constraint would be "SHA1 jdkCA & usage TLSServer"
- jdk.jar.disabledAlgorithms: One additional constraint was added to this .jar property to restrict JAR manifest algorithms
- "denyAfter" checks algorithm constraints on manifest digest algorithms inside a signed JAR file. The date given in the constraint is compared against the TSA timestamp on the signed JAR file. If there is no timestamp or the timestamp is on or after the specified date, the signed JAR file is treated as unsigned. If the timestamp is before the specified date, the .jar will operate as a signed JAR file. The syntax for restricting SHA1 in JAR files signed after January 1st 2018 is: "SHA1 denyAfter 2018-01-01". The syntax is the same as that for the certpath property, however certificate checking will not be performed by this property

CHANGES:
core-svc/java.lang.management. JMX Diagnostic improvements:
- com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throw IllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail with IllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.

security-libs/javax.net.ssl. Custom HostnameVerifier enables SNI extension:
- Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via the setHostnameVerifier(HostnameVerifier v) method in HttpsURLConnection. The fix ensures the Server Name is now sent in the ClientHello body.

xml/jax-ws. Tighter secure checks on processing WSDL files by wsimport tool:

The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:
- DOCTYPE declaration is disallowed in documents
- External general entities are not included by default
- External parameter entities are not included by default
- External DTDs are completely ignored

To restore the previous behavior:
- Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
- Use the wsimport tool command line option –disableXmlSecurity
- NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU

BUG FIXES:
- JFileChooser with Windows look and feel crashes on win 10
- Race Condition in java.lang.reflect.WeakCache
- java.nio.Bits.unaligned() doesn't return true on ppc
- After updating to Java8u131, the bind to rmiregistry is rejected by registryFilter even though registryFilter is set
- sun.management.LazyCompositeData.isTypeMatched() fail for composite types with items of ArrayType
- SafePointNode::_replaced_nodes breaks with irreducible loops
- NPE when JavaFX loads default stylesheet or font families if CCL is null
- WebEngine.getDocument().getDocumentURI() no longer returns null for loading a String of HTML
- Failed to load RSA private key from pkcs12
- Improved algorithm constraints checking
- Custom HostnameVerifier disables SNI extension