Java Runtime Environment (64-bit) 歷史版本列表 Page26

更新時間：2017-04-18
更新細節：

What's new in this version:

CHANGES:
MD5 added to jdk.jar.disabledAlgorithms Security property:
This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
- Applets or Web Start Applications
- Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file.
- The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
- To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.

New system property to control caching for HTTP SPNEGO connection:
- A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
- When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP SPNEGO connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.

New system property to control caching for HTTP NTLM connection:
- A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
- On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:
- Performance of HTTP NTLM connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
- Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.

New version of VisualVM:
- VisualVM 1.3.9 was released on October 4th, 2016 and has been integrated into 8u131

BUG FIXES:
Correction of IllegalArgumentException from TLS handshake:
- A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves. The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified

更新時間：2017-01-18
更新細節：

更新時間：2016-10-18
更新細節：

What's new in this version:

CHANGES:

security-libs/java.security:
- SunPKCS11 Provider no longer offering SecureRandom by default
- SecureRandom.PKCS11 from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg
- Performance improvements have also been made in the java.security.SecureRandom class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes) method.

BUG FIXES:
- client-libs 2d GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
- client-libs 2d Xrender: Class cast exception in 2D code running an AWT regression test
- client-libs 2d java/awt/Window/WindowsLeak/WindowsLeak.java fails
- client-libs 2d Wrong glyph is displayed for a derived font
- client-libs 2d [win10] Some unicode characters do not display any more after upgrading to Windows 10
- client-libs 2d ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
- client-libs 2d CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
- client-libs java.awt java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
- client-libs java.awt:i18n Caps Lock doesn't work as expected when using Pinyin Simplified input method
- client-libs javax.accessibility [macosx] sun.lwawt.macosx.CAccessible leaks
- client-libs javax.accessibility Uninitialised memory in WinAccessBridge.cpp:1128
- client-libs javax.accessibility Jaws reads wrong values from comboboxes when no element is selected
- client-libs javax.swing Selection in JList is drawn with wrong colors in Nimbus L&F
- client-libs javax.swing javax.swing.text.html.parser.Parser parseScript incorrectly optimized
- client-libs javax.swing JComboBox prevents wheel mouse scrolling of JScrollPane
- client-libs javax.swing Personalized Windows Font Size is not taken into account in Java8u102
- client-libs javax.swing JEditorPane.createEditorKitForContentType throws NPE after 6882559
- core-libs java.lang Annotations with lambda expressions has parameter result in wrong behavior.
- core-libs java.lang.invoke MHs.Lookup.findConstructor returns handles for array classes
- core-libs java.nio (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
- core-libs javax.naming LDAP "follow" throws ClassCastException with Java 8
- core-libs javax.naming com.sun.jndi.ldap.SimpleClientId produces wrong hash code
- core-libs javax.naming Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
- core-libs javax.script ReferenceError in 1.8.0_72
- core-libs jdk.nashorn streamline input parameter of Nashorn scripting $EXEC function
- core-libs jdk.nashorn "ant test" fails to complete on Windows when run under cygwin shell
- core-libs jdk.nashorn Negative lookahead in RegEx breaks backreference
- core-libs jdk.nashorn Simplify Nashorn's Context class loader handling
- core-libs jdk.nashorn Nashorn shebang argument handling is broken
- core-libs jdk.nashorn Regression: two tests fail on Windows with "ant test" target
- core-libs jdk.nashorn fix Nashorn shebang argument handling on Mac/Linux
- core-libs jdk.nashorn arguments are handled differently in apply for JS functions and AbstractJSObjects
- core-libs jdk.nashorn Parsing issue with automatic semicolon insertion
- core-libs jdk.nashorn Script stack trace should display function names
- core-libs jdk.nashorn JSON.stringify does not work on ScriptObjectMirror objects
- core-libs jdk.nashorn Callback parameter of any JS builtin implementation should accept any Callable
- core-libs jdk.nashorn TypeError when a java.util.Comparator object is invoked as a function
- core-libs jdk.nashorn AccessControlException is thrown on public Java class access if "script app loader" is set to null
- core-svc Tests in com/sun/jdi fails intermittently with "jdb input stream closed prematurely"
- core-svc debugger com/sun/jdi/OptionTest.java test times out again
- deploy [macosx] Java Control Panel unable to perform tasks requiring admin privileges
- deploy [macos] JVM continuously throw a NullPointerException on new MacOS 10.12
- deploy javafx FXUIToolkit.showFileChooser() fails when jre is below 7u21
- deploy javafx FXUIToolkit.showSandboxSecurityDialog fails when running jre below 7u21
- deploy javafx FXUIToolkit.showMessageDialog() fails when running jre below 7u55
- deploy webstart Add a URL scheme handler to reliably launch .jnlp files - Mac registration part
- deploy webstart Change JavawsLauncher.app to use NSTask or execv
- deploy webstart Desktop shortcut is not updated after JNLP is changed in deployment cache
- deploy webstart Allow always checkbox in security dialog when jnlp location is unknown
- deploy webstart Signed JWS application unexpectedly asks for permission to open a socket
- hotspot compiler Math.pow yields different results upon repeated calls
- hotspot compiler Need to bailout cleanly if creation of stubs fails when codecache is out of space
- hotspot compiler CastII/ConvI2L for a range check is prematurely eliminated
- hotspot compiler PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions
- hotspot compiler Partially initialized string object created by C2's string concat optimization may escape
- hotspot gc G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
- hotspot gc Confusing message in "Current rem set statistics"
- hotspot gc allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
- hotspot gc Long response times with G1 and StringDeduplication
- hotspot gc Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails
- hotspot jvmti Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot jvmti Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
- hotspot runtime Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
- hotspot runtime vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
- hotspot runtime ConstantPool::release_C_heap_structures not run in some circumstances
- hotspot runtime Convert an assert in ClassLoaderData to a guarantee
- hotspot runtime Zero: Better byte behaviour
- hotspot runtime SIGSEGV: Metadata::mark_on_stack
- infrastructure release_eng 8u112 template file need to be updated
- install install jdk 8u71 fails to install with no error message
- install install ent msi does not have double-click support
- javafx application-lifecycle Passing objects between JavaScript (JavaFX / WebKit) and Java causes a memory leak
- javafx base SortedList wrapping a FilteredList causes AIOOBE
- javafx controls TreeTableView's selectedItems reports include null items.
- javafx controls [TreeTableView] graphic property of TreeItem is still visible after collapsing tree
- javafx controls Enhance CustomColorDialog to have flexibility to hide 'Opacity', 'Use' and 'Save' Button
- javafx graphics Scene content shows too large on Retina display, when a regular screen attached
- javafx graphics Print jobs do not finish when using a page range
- javafx graphics javafx print jobs take 60 times longer than javax.print
- javafx graphics Generated temp files (+JXF...temp) for custom fonts not deleted on exit.
- javafx graphics changes to compile under Visual Studio 14.0
- javafx graphics Crash while running imported/w3c/canvas/2d.gradient.interpolate.overlap2.html
- javafx graphics ContextMenu shown at wrong position on Windows10 with Extended Screen
- javafx graphics Revert fix for JDK-8150181 to push it with the correct commit message
- javafx graphics JavaFX Path drawing appears to leak native memory
- javafx web Javascript Timing Events stop work on system clock changes at past
- javafx web WebView Tooltip position no longer changes in 8u60
- javafx web WebView can't alert from a timer
- javafx web Debug build is not working after new WebKit upgrade
- javafx web NullPointer exception in WebView
- javafx web SQL Server Reporting Services in WebViews shows 401
- javafx web [WebView] Icon font doesn't work if single page application will be loaded from jar
- javafx web Need to document that JavaScript to Java bindings use weak references
- javafx web Update to newer version of WebKit
- javafx web DRT crash at fast/css-generated-content/initial-letter-basic.html
- javafx web Update java-wrappers for WebKit generated classes following WebKit update
- javafx web Linux: Javascript Timing Events stop work on system clock changes at past
- javafx web Linux: libjfxwebkit.so has hard-coded path
- javafx web Char value is set as integer, not as character
- javafx web Add timestamp to WebView Keyboard Event
- javafx web Can't get file size with javascript
- javafx web the JVM for our Swing application crashes, once we login into our application server
- javafx web WebView cannot render CSS background image with SVG data
- javafx web Char value is returned as integer, not as character
- javafx web Test Case Failure in CallBackTest
- javafx web WebView can't alert from a timer
- javafx web jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint (GFlag + Heap verification)
- javafx web Implement overridePreference() for DRT framework
- javafx web [WebView] Unable to tile SVG image using css background property
- javafx web WebEngine doesn't handle html5 color picker
- javafx web Assertion fails with https://html-online.com/editor/
- javafx web [Win] Timer functionality is broken after JDK-8089563
- javafx web [OS X] Compilation Issue in WebPage.cpp
- javafx web Fix compilation warnings in WebCore and JavaScriptCore
- javafx web EOFException in GZIPInputStream.readUByte while browsing
- javafx web [WebView] WebView can't display social network icons on wellsfargo.com
- javafx web General sibling selector is broken for selected input boxes in WebView
- javafx web Website weibo.com cannot be loaded
- javafx web JavaFX browser can get stuck in an infinite loop when calling path.getTotalLength()
- javafx web [Windows] JavaFX crash in WebPage.twkOpen in 8u112 when closing WebView while debugging
- javafx web Loading "https://www.windyty.com" with JavaFX WebView crashes JVM.
- other-libs corba NullPointerException in IIOPInputStream.inputClassFields
- security-libs java.security New fix for memory leak in ProtectionDomain cache
- security-libs java.security SecureRandom.nextBytes() hurts performance with small size requests
- security-libs java.security Print size of DH keysize when errors are encountered
- security-libs java.security Some methods of java.security.Security require more permissions, than necessary
- security-libs javax.crypto Ucrypto config file cannot be read when -Dfile.encoding=UTF-16 is set
- security-libs javax.crypto Improve jurisdiction policy file signing exception
- security-libs javax.crypto:pkcs11 KeyStore.load() throws an IOException with a wrong cause in case of wrong password
- security-libs javax.crypto:pkcs11 LoadKeystore.java test is failing
- security-libs javax.net.ssl Hot lock on BulkCipher.isAvailable
- security-libs javax.net.ssl Make handling of 3rd party providers more stable
- security-libs javax.security The fix for 8050402 was partially committed
- security-libs org.ietf.jgss:krb5 Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
- security-libs org.ietf.jgss:krb5 Semicolon is not recognized as comment starting character (Kerberos)
- tools Native2ascii doesn't close one of the streams it opens
- tools javac Incorrect class file created when passing lambda in inner class constructor
- tools launcher Showing incorrect result while passing specific argument in the Java launcher tools
- xml jaxp Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place

更新時間：2016-10-18
更新細節：

更新時間：2016-07-29
更新細節：

更新時間：2016-07-20
更新細節：

What's new in this version:

Enhancements:
- Internal package sun.invoke.anon has been removed
- New property jdk.lang.processReaperUseDefaultStackSize
- Implemented performance improvements for BigInteger.montgomeryMultiply

Changes:
- MSCAPI KeyStore can handle same-named certificates
- Modify requirements on Authority Key Identifier extension field during X509 certificate chain building
- Providing more granular levels for GC verification
- Removed PICL warning message
- Improved exception handling for bad LDAP referral replies

Bug Fixes:
- Fix to resolve "Unable to process PreMasterSecret, may be too big" issue

更新時間：2016-04-19
更新細節：

What's new in this version:

Notable bug fixes included in this release:
- SHA224 removed from the default support list if SunMSCAPI enabled
- SunJSSE allows SHA224 as an available signature and hash algorithm for TLS 1.2 connections. However, the current implementation of SunMSCAPI does not yet support SHA224. This can cause problems if SHA224 and SunMSCAPI private keys are used at the same time.
- To mitigate the problem, we remove SHA224 from the default support list if SunMSCAPI is enabled.
- New JVM Options added: ExitOnOutOfMemory and CrashOnOutOfMemory

Two new JVM flags have been added:
- ExitOnOutOfMemory - When you enable this option, the JVM exits on the first occurrence of an out-of-memory error. It can be used if you prefer restarting an instance of the JVM rather than handling out of memory errors.
- CrashOnOutOfMemoryError - If this option is enabled, when an out-of-memory error occurs, the JVM crashes and produces text and binary crash files (if core files are enabled).

更新時間：2016-03-23
更新細節：

What's new in this version:

IANA Data 2016a:
- JDK 8u77 contains IANA time zone data version 2016a.

Security Baselines:
- The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u77 is 1.8.0_77.

JRE Expiration Date:
- This JRE (version 8u77) will expire with the release of the next critical patch update scheduled for April 19, 2016.

Notes:
- This Security Alert (8u77) is based off the earlier 8u74 PSU release. All users of earlier JDK 8 releases should update to this release.

Bug Fixes:
- This Security Alert addresses CVE-2016-0636, a vulnerability affecting Java SE running in web browsers on desktops. This vulnerability is not applicable to Java deployments, typically in servers or standalone desktop applications, that load and run only trusted code. It also does not affect Oracle server-based software. This vulnerability may be remotely exploitable without authentication (i.e., may be exploited over a network without the need for a username and password). To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
- Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

更新時間：2016-02-06
更新細節：

更新時間：2016-01-20
更新細節：