Java Runtime Environment (64-bit) 歷史版本列表
更新時間:2023-03-15
更新細節:
What's new in this version:
Fixed:
- docker: Add missing fuse3 dependency
- build: Update release docs to be more careful with the tag
- build: Set Github release to draft while uploading binaries
更新時間:2023-03-14
更新細節:
What's new in this version:
New Features:
- accounting: Make checkers show what they are doing
- authorize: Add support for custom templates
- build
- Update to go1.20
- Add winget releaser workflow
- Add dependabot
- doc updatesCraig-Wood, Ole Frost, Peter Brunner, piyushgarg, Ryan Caezar Itang, Simmon Li, ToBeFree)
- filter: Emit INFO message when can't work out directory filters
- fs
- Added multiple ca certificate support.
- Add --max-delete-size a delete size threshold
- fspath: Allow the symbols @ and + in remote names
- lib/terminal: Enable windows console virtual terminal sequences processing
- move: If --check-first and --order-by are set then delete with perfect ordering
- serve http: Support --auth-proxy
Fixed:
- accounting
- Avoid negative ETA values for very slow speeds
- Limit length of ETA string
- Show human readable elapsed time when longer than a day
- all: Apply codeql fixes
- build
- Fix condition for manual workflow run
- Fix building for ARMv5 and ARMv6
- selfupdate: Consider ARM version
- install.sh: fix ARMv6 download
- version: Report ARM version
- deletefile: Return error code 4 if file does not exist
- docker: Fix volume plugin does not remount volume on docker restart
- fs: Fix race conditions in --max-delete and --max-delete-size
- lib/oauthutil: Handle fatal errors better
- mount2: Fix --allow-non-empty
- operations: Fix concurrency: use --checkers unless transferring files
- serve ftp: Fix timestamps older than 1 year in listings
- sync: Fix concurrency: use --checkers unless transferring files
- tree
- Fix nil pointer exception on stat failure
- Fix colored output on windows
- Fix display of files with illegal Windows file system names
Mount:
- Fix creating and renaming files on case insensitive backends
- Do not treat ? prefixed paths as network share paths on windows
- Fix check for empty mount point on Linux
- Fix --allow-non-empty
- Avoid incorrect or premature overlap check on windows
- Update to fuse3 after bazil.org/fuse update
VFS:
- Make uploaded files retain modtime with non-modtime backends
- Fix incorrect modtime on fs which don't support setting modtime
- Fix rename of directory containing files to be uploaded
Local:
- Fix %!w() in "failed to read directory" error
- Fix exclusion of dangling symlinks with -L/--copy-links
Crypt:
- Obey --ignore-checksum
- Fix for unencrypted directory names on case insensitive remotes
Azure Blob:
- Remove workarounds for SDK bugs after v0.6.1 update
B2:
- Fix uploading files bigger than 1TiB
Drive:
- Note that --drive-acknowledge-abuse needs SA Manager permission
- Make --drive-stop-on-upload-limit to respond to storageQuotaExceeded
FTP:
- Retry 426 errors
- Retry errors when initiating downloads
- Revert to upstream github.com/jlaffaye/ftp now fix is merged
Google Cloud Storage:
- Add --gcs-env-auth to pick up IAM credentials from env/instance
Mega:
- Add --mega-use-https flag
Onedrive:
- Default onedrive personal to QuickXorHash as Microsoft is removing SHA1
- Add --onedrive-hash-type to change the hash in use
- Improve speed of QuickXorHash
Oracle Object Storage:
- Speed up operations by using S3 pacer and setting minsleep to 10ms
- Expose the storage_tier option in config
- Bring your own encryption keys
S3:
- Check multipart upload ETag when --s3-no-head is in use
- Add --s3-sts-endpoint to specify STS endpoint
- Fix incorrect tier support for StorJ and IDrive when pointing at a file
- Fix AWS STS failing if --s3-endpoint is set
- Make purge remove directory markers too
Seafile:
- Renew library password
SFTP:
- Fix uploads being 65% slower than they should be with crypt
Smb:
- Allow SPN
- Check smb connection is closed
Storj:
- Implement rclone link
- Implement rclone purge
- Update satellite urls and labels
WebDAV:
- Fix interop with davrods server
更新時間:2023-03-14
更新細節:
What's new in this version:
New Features:
- accounting: Make checkers show what they are doing
- authorize: Add support for custom templates
- build
- Update to go1.20
- Add winget releaser workflow
- Add dependabot
- doc updatesCraig-Wood, Ole Frost, Peter Brunner, piyushgarg, Ryan Caezar Itang, Simmon Li, ToBeFree)
- filter: Emit INFO message when can't work out directory filters
- fs
- Added multiple ca certificate support.
- Add --max-delete-size a delete size threshold
- fspath: Allow the symbols @ and + in remote names
- lib/terminal: Enable windows console virtual terminal sequences processing
- move: If --check-first and --order-by are set then delete with perfect ordering
- serve http: Support --auth-proxy
Fixed:
- accounting
- Avoid negative ETA values for very slow speeds
- Limit length of ETA string
- Show human readable elapsed time when longer than a day
- all: Apply codeql fixes
- build
- Fix condition for manual workflow run
- Fix building for ARMv5 and ARMv6
- selfupdate: Consider ARM version
- install.sh: fix ARMv6 download
- version: Report ARM version
- deletefile: Return error code 4 if file does not exist
- docker: Fix volume plugin does not remount volume on docker restart
- fs: Fix race conditions in --max-delete and --max-delete-size
- lib/oauthutil: Handle fatal errors better
- mount2: Fix --allow-non-empty
- operations: Fix concurrency: use --checkers unless transferring files
- serve ftp: Fix timestamps older than 1 year in listings
- sync: Fix concurrency: use --checkers unless transferring files
- tree
- Fix nil pointer exception on stat failure
- Fix colored output on windows
- Fix display of files with illegal Windows file system names
Mount:
- Fix creating and renaming files on case insensitive backends
- Do not treat ? prefixed paths as network share paths on windows
- Fix check for empty mount point on Linux
- Fix --allow-non-empty
- Avoid incorrect or premature overlap check on windows
- Update to fuse3 after bazil.org/fuse update
VFS:
- Make uploaded files retain modtime with non-modtime backends
- Fix incorrect modtime on fs which don't support setting modtime
- Fix rename of directory containing files to be uploaded
Local:
- Fix %!w() in "failed to read directory" error
- Fix exclusion of dangling symlinks with -L/--copy-links
Crypt:
- Obey --ignore-checksum
- Fix for unencrypted directory names on case insensitive remotes
Azure Blob:
- Remove workarounds for SDK bugs after v0.6.1 update
B2:
- Fix uploading files bigger than 1TiB
Drive:
- Note that --drive-acknowledge-abuse needs SA Manager permission
- Make --drive-stop-on-upload-limit to respond to storageQuotaExceeded
FTP:
- Retry 426 errors
- Retry errors when initiating downloads
- Revert to upstream github.com/jlaffaye/ftp now fix is merged
Google Cloud Storage:
- Add --gcs-env-auth to pick up IAM credentials from env/instance
Mega:
- Add --mega-use-https flag
Onedrive:
- Default onedrive personal to QuickXorHash as Microsoft is removing SHA1
- Add --onedrive-hash-type to change the hash in use
- Improve speed of QuickXorHash
Oracle Object Storage:
- Speed up operations by using S3 pacer and setting minsleep to 10ms
- Expose the storage_tier option in config
- Bring your own encryption keys
S3:
- Check multipart upload ETag when --s3-no-head is in use
- Add --s3-sts-endpoint to specify STS endpoint
- Fix incorrect tier support for StorJ and IDrive when pointing at a file
- Fix AWS STS failing if --s3-endpoint is set
- Make purge remove directory markers too
Seafile:
- Renew library password
SFTP:
- Fix uploads being 65% slower than they should be with crypt
Smb:
- Allow SPN
- Check smb connection is closed
Storj:
- Implement rclone link
- Implement rclone purge
- Update satellite urls and labels
WebDAV:
- Fix interop with davrods server
更新時間:2023-03-07
更新細節:
What's new in this version:
- Added software support for Sonos Era 100 and Sonos Era 300
- You can now add Sonos Radio stations to Favorites
- You can find all of the Sonos Radio stations you’ve added to Favorites under Browse > Sonos Radio > Favorites
- Bug fixes and performance enhancements
更新時間:2023-01-20
更新細節:
What's new in this version:
IANA TZ Data 2022d, 2022e, 2022f:
- JDK 8u361 contains IANA time zone data 2022d, 2022e, 2022f
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- Move links to 'backward'
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- Zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- In C code, use some C23 features if available
- Remove no-longer-needed workaround for Qt bug 53071
New Features:
- Security-libs/java.security
- Support for RSASSA-PSS in OCSP Response (JDK-8274471)
- An OCSP response signed with the RSASSA-PSS algorithm is now supported
Other Notes:
- Javafx/fxml
- FXML JavaScript Engine Disabled by Default (JDK-8294779 (not public))
- The “JavaScript script engine” for FXML is now disabled by default. Any .fxml file that has a "javascript" Processing Instruction (PI) will no longer load by default, and an exception will be thrown.
- It can be enabled by setting the system property: -Djavafx.allowjs=true
- Core-libs/java.lang
- Incorrect Handling of Quoted Arguments in ProcessBuilder (JDK-8282008)
- ProcessBuilder on Windows is restored to address a regression caused by JDK-8250568. Previously, an argument to ProcessBuilder that started with a double-quote and ended with a backslash followed by a double-quote was passed to a command incorrectly and may cause the command to fail. For example the argument "C:Program Files", would be seen by the command with extra double-quotes. This update restores the long standing behavior that does not treat the backslash before the final double-quote specially.
- Core-libs/java.net
- Make HttpURLConnection Default Keep Alive Timeout Configurable (JDK-8278067)
- Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server and http.keepAlive.time.proxy respectively. More information about them can be found in Networking Properties.
- Tools/visualvm
- VisualVM tool no longer bundled (JDK-8294184)
Fixed:
- X11 default visual support for IM status window on VNC
- Check ZALLOC return values in awt coding
- Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
- Last column cell in the JTable row is read as empty cell
- RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
- RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
- ISO 4217 Amendment 173 Update
- Jdb does not include jdk.* in the default class filter
- Jcmd started by "root" must be allowed to access all VM processes
- Document jdk.xml.xpathExprGrpLimit, jdk.xml.xpathExprOpLimit, and jdk.xml.xpathTotalOpLimit in the JAXP Security Guide
- JDK 8 man page incorrectly states -XX:ThreadStackSize=size sets the thread stack size (in bytes).
- C2 compiler triggers SIGSEGV after transformation in ConvI2LNode::Ideal
- C1: assert(is_virtual()) failed: type check
- [AOT] assert(false) failed: DEBUG MESSAGE: InterpreterMacroAssembler::call_VM_base: last_sp != NULL
- IGV: enhance default filters
- NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type")
- Jni crashes on accessing it from process exit hook
- Cgroups v2: Container awareness
- Add diagnostic command VM.info to get hs_err print-out
- [cgroups v2] Soft memory limit incorrectly using memory.high
- [cgroups v2] Memory and swap limits reported incorrectly
- AArch64: Regression: JVM crashes if manually offline a core
- Do not use CPU Shares to compute active processor count
- Jstat prints debug message when debugging is disabled
- Generating prelink cache breaks JAVA 'jinfo' utility normal behaviour
- [Win] [Accessibility, Dialogs] Alert Dialog content is not fully read by Screen Reader
- [Accessibility] [Win] [Narrator] Exceptions with TextArea & TextField when deleted last char
- Wrong position of focus of screen reader on Windows with screen scale > 1
- [Accessibility] [Win] [Narrator] Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField
- Update JPEG Image Decoding Software to 9e
- Loading new Media from resources can sometimes fail when loading from FXML
- Update ICU4C to 71.1
- Improve "keytool -printcert -jarfile" output
- Sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
更新時間:2022-12-24
更新細節:
What's new in this version:
Fixed:
docs:
- Show only significant parts of version number in version introduced label
- Fix unescaped HTML
- lib/http: Shutdown all servers on exit to remove unix socket
- rc: Fix --rc-addr flag (which is an alternate for --url)
- serve restic
- Don't serve via http if serving via --stdio
- Fix immediate exit when not using stdio
- serve webdav
- Fix --baseurl handling after lib/http refactor
- Fix running duplicate Serve call
Azure Blob:
- Fix "409 Public access is not permitted on this storage account"
S3:
- storj: Update endpoints
更新時間:2022-10-18
更新細節:
What's new in this version:
New Features:
- Security-libs/java.security
- Upgrade the Default PKCS12 MAC Algorithm
- The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
- The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.
- For compatibility, use the keystore.pkcs12.legacy system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
- Hotspot/runtime
- Os::set_native_thread_name() cleanups
- On platforms that support the concept of a thread name on their native threads, the java.lang.Thread.setName() method will also set that native thread name. However, this will only occur when called by the current thread, and only for threads started through the java.lang.Thread class (not for native threads that have attached via JNI). The presence of a native thread name can be useful for debugging and monitoring purposes. Some platforms may limit the native thread name to a length much shorter than that used by the java.lang.Thread, which may result in some threads having the same native name.
Other Notes:
- Enable Java Access Bridge Check Box Option in Control Panel Is Not Available with JDK 11 Installer
- The Java Access Bridge checkbox in the Windows Control Panel is not available in JDK11. This registration was part of the public JRE installation.
However, Java Access Bridge can still be enabled and disabled by following these steps:
- Copy %JAVAHOME%binwindowsaccessbridge-64.dll to %WINDOWSHOME%SYSTEM32. A reboot might be required after this step.
- Run %JAVAHOME%binjabswitch /enable and %JAVAHOME%binjabswitch /disable
- Note: %WINDOWSHOME% is the directory where Microsoft Windows is installed (for example, C:WINDOWS) %JAVAHOME% is the directory where your JDK is installed (for example, C:Program FilesJavajdk-11)
- Security-libs/java.security
- Disabled SHA-1 Signed JARs
- JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.
To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
- Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.
- This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.
For example:
- Signed by "CN="Signer""
- Digest algorithm: SHA-1 (disabled)
- Signature algorithm: SHA1withRSA (disabled), 2048-bit key
- WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
- Jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
- JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.
- Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.
- Security-libs/org.ietf.jgss:krb5
- Deprecate 3DES and RC4 in Kerberos
- The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.
- Core-libs/java.lang
- Phantom references are automatically cleared as soft and weak references
- This enhancement changes phantom references to be automatically cleared by the garbage collector as soft and weak references.
- An object becomes phantom reachable after it has been finalized. This change may cause the phantom reachable objects to be GC'ed earlier - previously the referent is kept alive until PhantomReference objects are GC'ed or cleared by the application. This potential behavioral change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap.
- Core-libs/java.lang
- Java.lang.ref.Reference.enqueue method clears the reference object before enqueuing
- Java.lang.ref.Reference.enqueue method clears the reference object before it is added to the registered queue. When the enqueue method is called, the reference object is cleared and get() method will return null in JDK 9.
- Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the clear method to avoid memory leak because its referent is no longer referenced. In other words the get method is expected not to be called in common cases once the enqueuemethod is called. In the case when the get method from an enqueued reference object and existing code attempts to access members of the referent, NullPointerException may be thrown. Such code will need to be updated.
- Core-libs/java.lang
- Java.lang.ref.Reference Does Not Support Cloning
- Java.lang.ref.Reference::clone method always throws CloneNotSupportedException. Reference objects cannot be meaningfully cloned. To create a new Reference object, call the constructor to create a Reference object with the same referent and reference queue instead.
- Core-libs/java.time
- Update Timezone Data to 2022c
- This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone data. All time zone IDs remain the same but the merged time zones will point to a shared zone data.
- As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
更新時間:2022-07-20
更新細節:
What's new in this version:
New Features:
Core-libs/java.net:
HTTPS Channel Binding Support for Java GSS/Kerberos:
- Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
- Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully as below:
- Jdk.https.negotiate.cbt (default: "never")
- This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos or the Negotiate authentication scheme using Kerberos are employed over HTTPS with HttpsURLConnection. There are three possible settings:
- "never". This is also the default value if the property is not set. In this case, CBTs are never sent.
- "always". CBTs are sent for all Kerberos authentication attempts over HTTPS.
- "domain:" Each domain in the list specifies destination host or hosts for which a CBT is sent. Domains can be single hosts like foo, or foo.com, or literal IP addresses as specified in RFC 2732, or wildcards like *.foo.com which matches all hosts under foo.com and its sub-domains. CBTs are not sent to any destinations that don't match one of the list entries
- The channel binding tokens generated are of the type "tls-server-end-point" as defined in RFC 5929
Security-libs/javax.net.ssl:
Enable TLSv1.3 by Default on JDK 8u for Client Roles:
- The TLSv1.3 implementation is available in JDK 8u from 8u261 and enabled by default for server roles but disabled by default for client roles. From this release onwards, TLSv1.3 is now also enabled by default for client roles. You can find more details in the Additional Information section of the Oracle JRE and JDK Cryptographic Roadmap.
Other Notes:
JDK Bundle Extensions Truncated When Downloading Using Firefox 102:
- On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like ".exe", ".rpm", ".deb". If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
- Manually add a file extension to the file name after download.
- Use a different browser
Core-libs/java.io:serialization:
Vector Should Throw ClassNotFoundException for a Missing Class of an Element:
- Java.util.Vector is updated to correctly report ClassNotFoundException that occurs during deserialization using java.io.ObjectInputStream.GetField.get(name, object) when the class of an element of the Vector is not found. Without this fix, a StreamCorruptedException is thrown that does not provide information about the missing class.
Core-libs/java.util.jar:
Default JDK Compressor Will Be Closed when IOException Is Encountered:
- DeflaterOutputStream.close() and GZIPOutputStream.finish() methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry() method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.
更新時間:2022-05-25
更新細節:
更新時間:2022-05-03
更新細節: