Скачать java 8 update 121


Java SE Runtime Environment 8.0 Update 121 скачать через торрент

core-libs/javax.namingImproved protection for JNDI remote class loadingRemote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:

com.sun.jndi.rmi.object.trustURLCodebasecom.sun.jndi.cosnaming.object.trustURLCodebase

JDK-8158997 (not public)

security-libs/java.securityjarsigner -verbose -verify should print the algorithms used to sign the jarThe jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example:

- Signed by "CN=weak_signer"Digest algorithm: MD2 (weak) Signature algorithm: MD2withRSA (weak), 512-bit key (weak)Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key

See JDK-8163304

New Features

core-libs/java.io:serializationSerialization Filter ConfigurationSerialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled.See JDK-8155760

core-libs/java.rmiRMI Better constraint checkingRMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.JDK-8156802 (not public)

security-libsAdd mechanism to allow non-default root CAs to not be subject to algorithm restrictions

*New certpath constraint: jdkCA*In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCASee JDK-8140422

Changes

security-libs/javax.xml.cryptoIncrease the minimum key length to 1024 for XML SignaturesThe secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.

The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.

If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."JDK-8140353 (not public)

docs/release_notesRestrict certificates with DSA keys less than 1024 bits.DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").JDK-8139565 (not public)

security-libsMore checks added to DER encoding parsing codeMore checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change.JDK-8168714 (not public)

core-libs/java.netAdditional access restrictions for URLClassLoader.newInstanceClass loaders created by the java.net.URLClassLoader.newInstance methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.JDK-8151934 (not public)

core-libs/java.util.loggingA new configurable property in logging.properties java.util.logging.FileHandler.maxLocksA new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.

This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.

In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.

If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.See JDK-8153955

Bug Fixes

The following are some of the notable bug fixes included in this release:

client-libs/javax.swingTrackpad scrolling of text on OS X 10.12 Sierra is very fastThe MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):

"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."

For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead.See JDK-8166591

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u121 Bug Fixes page.

Known Issues

deploy/packagerjavapackager and fx:deploy bundle the whole JDK instead of JREThere is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime option. For example: -Bruntime=JavaAppletPlugin.plugin sets where the JavaAppletPlugin.plugin for the desired JRE to bundle is located in the current directory.See JDK-8166835

install/installJava Installation will fail for non-admin users with UAC offThe Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds<number>.tmp, in the %TEMP% directory.JDK-8161460 (not public)

piratbit.ru

Java (Джава, Ява) 8 Update 151 скачать бесплатно на русском языке

Java представляет собой среду в которой функционируют программные продукты (игры, веб-сайты, приложения и т.д.), написанные на одноименном языке программирования. Она гарантирует высокую производительность и защищенность своих приложений и позволяет использовать их без установки на любом компьютере с соответствующей виртуальной машиной.

Распространенность Джава обескураживает, она эксплуатируется в миллиардах девайсов (компьютерах, принтерах, роутерах, мобильных телефонах, электронных читалках, банкоматах, системах безопасности и прочих гаджетах). Поэтому можно смело сказать, что именно она дает существенный толчок для развития информационных технологий.

Платформа Ява активно развивается это подтверждается регулярными обновлениями, стоит отметить, что сами разработчики всегда рекомендуют использовать самую свежую версию этого программного обеспечения. Именно с ним вы избежите различных ошибок и добьетесь максимальной совместимости продуктов, а также их безопасности и высокой надежности.

Выше шла речь о виртуальной машине, она носит название Java Runtime Environment и именно она организует возможность исполнения апплетов и приложений, а также корректное отображение web-сайтов, причем все это функционирует без необходимости установки каких-либо средств разработки. Виртуальная машина умеет производить автоматическое обновление (которое при желании можно отключить) и поставляется вместе с библиотекой классов.

Отсутствие на вашем компьютере упомянутой виртуальной машины или наличие ее старой версии может привести к неправильной работе некоторых сайтов, а именно неполной загрузке контента, ошибочной обработке форм, невозможности скачать файл, а также к затруднению запуска связанных с ней программ, служб и различных сервисов. Следует подчеркнуть, что при установке ВМ в браузер интегрируется плагин, он то и отвечает за правильную работу интернет-сайтов и онлайн игр.

]]>]]>

JRE умеет управлять памятью, обеспечивать доступ к удаленным базам данных, запускать несколько копий приложений, отправлять запросы и получать ответы от серверов, работать с сетевыми программами. К тому же совершенно неважно в какой операционной системе вы работаете, если она совместима с виртуальной машиной, то выполнение любого продукта будет произведено одинаково успешно хоть на Macintosh, хоть на Linux, хоть на Microsoft Windows.

Геймеры тоже не понаслышке знают об этом ПО, ведь некоторые сетевые игры попросту без него не запустятся. Это справедливо и для старых версий, ведь если их не обновить, то ваша операционная система может быть подвержена атаке. Данный софт поддерживает OpenGL и DirectX технологии для работы с двухмерной и трехмерной графикой, что делает игровой процесс значительно лучше. Кроме того, он практические не нагружает систему «шустро» функционируя.

Математические расчеты, общение с собеседниками в чатах, воспроизведение 3d-моделей - это лишь малая часть колоссальных возможностей рассматриваемой программы и для этого не нужен отдельный интерфейс, все перечисленные действия можно осуществлять прямо в вашем любимом браузере, без необходимости установки кучи разных приложений.

Для корректной работы Java-связанных продуктов вам просто необходимо скачать Java Runtime Environment на ПК. Программа выпускается для 32-х и 64-х битных операционных систем, поэтому в зависимости от разрядность вашей ОС нужно выбирать соответствующую версию. Обратите внимание, если у вас уже установлено это ПО, то перед инсталляцией новой версии следует деинсталлировать старую, это можно сделать в разделе «Удаление или изменение программы» Windows.

Распространяется Бесплатно
Разработчик Oracle
Операционная система Windows 2K / XP / Vista / 7 / 8 / 8.1 / 10
Язык Русский
Размер 67,2 Mb

Скачать бесплатно Java (Джава, Ява) 8 Update 151 для Windows:

Версия x86 | Версия x64

www.besplatnoprogrammy.ru

Java 8 Update 121 version 8.0.1210.13 by Oracle Corporation

A way to uninstall Java 8 Update 121 from your computer

Java 8 Update 121 is a Windows application. Read more about how to remove it from your computer. The Windows version was created by Oracle Corporation. Go over here for more info on Oracle Corporation. You can get more details related to Java 8 Update 121 at http://java.com. Java 8 Update 121 is normally installed in the C:\Program Files (x86)\Java\jre1.8.0_121 directory, but this location can vary a lot depending on the user's choice while installing the application. MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180121F0} is the full command line if you want to uninstall Java 8 Update 121. java.exe is the programs's main file and it takes approximately 186.56 KB (191040 bytes) on disk.

The following executables are contained in Java 8 Update 121. They occupy 1.20 MB (1255744 bytes) on disk.

  • jabswitch.exe (30.06 KB)
  • java-rmi.exe (15.56 KB)
  • java.exe (186.56 KB)
  • javacpl.exe (68.56 KB)
  • javaw.exe (187.06 KB)
  • javaws.exe (262.56 KB)
  • jjs.exe (15.56 KB)
  • jp2launcher.exe (81.06 KB)
  • keytool.exe (15.56 KB)
  • kinit.exe (15.56 KB)
  • klist.exe (15.56 KB)
  • ktab.exe (15.56 KB)
  • orbd.exe (16.06 KB)
  • pack200.exe (15.56 KB)
  • policytool.exe (15.56 KB)
  • rmid.exe (15.56 KB)
  • rmiregistry.exe (15.56 KB)
  • servertool.exe (15.56 KB)
  • ssvagent.exe (51.56 KB)
  • tnameserv.exe (16.06 KB)
  • unpack200.exe (155.56 KB)
...click to view all...

This web page is about Java 8 Update 121 version 8.0.1210.13 alone. You can find below info on other application versions of Java 8 Update 121:

If planning to uninstall Java 8 Update 121 you should check if the following data is left behind on your PC.Registry that is not removed:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110120F
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110130F
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110140F
  • HKEY_LOCAL_MACHINE\Software\JavaSoft\Java Update
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}
Additional registry values that you should clean:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110120F\ProductName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110130F\ProductName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2238110140F\ProductName

A way to erase Java 8 Update 121 with the help of Advanced Uninstaller PRO

Java 8 Update 121 is an application marketed by the software company Oracle Corporation. Frequently, computer users decide to erase this program. This can be hard because performing this manually requires some skill related to removing Windows programs manually. The best QUICK solution to erase Java 8 Update 121 is to use Advanced Uninstaller PRO. Take the following steps on how to do this:

1. If you don't have Advanced Uninstaller PRO already installed on your system, add it. This is good because Advanced Uninstaller PRO is one of the best uninstaller and general utility to optimize your system.

DOWNLOAD NOW

  • navigate to http://www.advanceduninstaller.com/download/
  • download the program by clicking on the DOWNLOAD NOW button
  • set up Advanced Uninstaller PRO
2. Start Advanced Uninstaller PRO. It's recommended to take your time to get familiar with Advanced Uninstaller PRO's interface and wealth of tools available. Advanced Uninstaller PRO is a powerful package of tools.

3. Press the General Tools button

4. Press the Uninstall Programs button

5. A list of the programs existing on your computer will be shown to you

6. Navigate the list of programs until you find Java 8 Update 121 or simply activate the Search feature and type in "Java 8 Update 121". The Java 8 Update 121 app will be found very quickly. Notice that after you select Java 8 Update 121 in the list of apps, some information about the program is available to you:

  • Star rating (in the left lower corner). The star rating tells you the opinion other people have about Java 8 Update 121, from "Highly recommended" to "Very dangerous".
  • Reviews by other people - Press the Read reviews button.
  • Technical information about the app you wish to remove, by clicking on the Properties button.
For instance you can see that for Java 8 Update 121:
  • The software company is: http://java.com
  • The uninstall string is: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180121F0}
7. Click the Uninstall button. A confirmation page will come up. Confirm the uninstall by clicking the Uninstall button. Advanced Uninstaller PRO will then uninstall Java 8 Update 121.

8. After removing Java 8 Update 121, Advanced Uninstaller PRO will offer to run an additional cleanup. Click Next to perform the cleanup. All the items that belong Java 8 Update 121 which have been left behind will be found and you will be asked if you want to delete them. By removing Java 8 Update 121 with Advanced Uninstaller PRO, you are assured that no registry items, files or folders are left behind on your disk.

Your PC will remain clean, speedy and ready to run without errors or problems.

DOWNLOAD NOW

Geographical user distribution

Users that installed Java 8 Update 121:

Indonesia90%
Egypt10%
  • Windows 7 (6.1)
  • Windows 8.1 (6.3)
  • 10.0
  • Windows XP (5.1)
  • Windows Vista (6.0)
  • Windows 8 (6.2)
  • Windows Server 2003 (5.2)
  • Windows NT 4 (4.10)

Software Application

Disclaimer

The text above is not a recommendation to remove Java 8 Update 121 by Oracle Corporation from your computer, we are not saying that Java 8 Update 121 by Oracle Corporation is not a good application for your PC. This page only contains detailed instructions on how to remove Java 8 Update 121 in case you want to. The information above contains registry and disk entries that our application Advanced Uninstaller PRO stumbled upon and classified as "leftovers" on other users' PCs.

Last update on: 2017-01-17 19:16:26.500

www.advanceduninstaller.com

Java™ SE Development Kit 8, Update 121 Release Notes

January 17, 2017

Java™ SE Development Kit 8, Update 121 (JDK 8u121)

The full version string for this update release is 1.8.0_121-b13 (where "b" means "build"). The version number is 8u121.

IANA Data 2016i

JDK 8u121 contains IANA time zone data version 2016i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u121 are specified in the following table:

JRE Family Version JRE Security Baseline(Full Version String)
8 1.8.0_121-b13
7 1.7.0_131-b12
6 1.6.0_141-b12

 

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u121) will expire with the release of the next critical patch update scheduled for April 18, 2017.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u121) on May 18, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Notes

core-libs/javax.namingImproved protection for JNDI remote class loadingRemote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:

com.sun.jndi.rmi.object.trustURLCodebase com.sun.jndi.cosnaming.object.trustURLCodebase JDK-8158997 (not public)

security-libs/java.securityjarsigner -verbose -verify should print the algorithms used to sign the jarThe jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example:

- Signed by "CN=weak_signer" Digest algorithm: MD2 (weak) Signature algorithm: MD2withRSA (weak), 512-bit key (weak) Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key See JDK-8163304

New Features

security-libs/javax.xml.cryptoAdded security property to configure XML Signature secure validation modeA new security property named jdk.xml.dsig.secureValidationPolicy has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the java.security configuration file is:

jdk.xml.dsig.secureValidationPolicy=\ disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\ maxTransforms 5,\ maxReferences 30,\ disallowReferenceUriSchemes file http https,\ noDuplicateIds,\ noRetrievalMethodLoops Please refer to the definition of the property in the java.security file for more information. See JDK-8151893

 

core-libs/java.io:serializationSerialization Filter ConfigurationSerialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled. See JDK-8155760

core-libs/java.rmiRMI Better constraint checkingRMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.JDK-8156802 (not public)

security-libsAdd mechanism to allow non-default root CAs to not be subject to algorithm restrictions*New certpath constraint: jdkCA*In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCASee JDK-8140422

Changes

security-libs/javax.net.sslMake 3DES as a legacy algorithm in the JSSE providerFor SSL/TLS/DTLS protocols, the security strength of 3DES cipher suites is not sufficient for persistent connections. By adding 3DES_EDE_CBC to the jdk.tls.legacyAlgorithms security property by default in JDK, 3DES cipher suites will not be negotiated unless there are no other candidates during the establishing of SSL/TLS/DTLS connections.

At their own risk, applications can update this restriction in the security property (jdk.tls.legacyAlgorithms) if 3DES cipher suites are really preferred. JDK-8165071 (not public)

security-libs/javax.net.sslImprove the default strength of EC in JDKTo improve the default strength of EC cryptography, EC keys less than 224 bits have been deactivated in certification path processing (via the jdk.certpath.disabledAlgorithms Security Property) and SSL/TLS connections (via the jdk.tls.disabledAlgorithms Security Property) in JDK. Applications can update this restriction in the Security Properties and permit smaller key sizes if really needed (for example, "EC keySize < 192"). EC curves less than 256 bits are removed from the SSL/TLS implementation in JDK. The new System Property, jdk.tls.namedGroups, defines a list of enabled named curves for EC cipher suites in order of preference. If an application needs to customize the default enabled EC curves or the curves preference, please update the System Property accordingly. For example:

 

jdk.tls.namedGroups="secp256r1, secp384r1, secp521r1"

 

Note that the default enabled or customized EC curves follow the algorithm constraints. For example, the customized EC curves cannot re-activate the disabled EC keys defined by the Java Security Properties.See JDK-8148516

tools/javadoc(tool)New --allow-script-in-comments option for javadocThe javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments is specified.

With the --allow-script-in-comments option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.JDK-8138725 (not public)

security-libs/javax.xml.cryptoIncrease the minimum key length to 1024 for XML SignaturesThe secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.

The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.

If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."JDK-8140353 (not public)

docs/release_notesRestrict certificates with DSA keys less than 1024 bits.DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the jdk.certpath.disabledAlgorithms security property. Applications can update this restriction in the security property (jdk.certpath.disabledAlgorithms) and permit smaller key sizes if really needed (for example, "DSA keySize < 768"). JDK-8139565 (not public)

security-libsMore checks added to DER encoding parsing codeMore checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change. JDK-8168714 (not public)

core-libs/java.netAdditional access restrictions for URLClassLoader.newInstanceClass loaders created by the java.net.URLClassLoader.newInstance methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.JDK-8151934 (not public)

 

Bug Fixes

The following are some of the notable bug fixes included in this release:

client-libs/javax.swingTrackpad scrolling of text on OS X 10.12 Sierra is very fastThe MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):

"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."

For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead. See JDK-8166591

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u121 Bug Fixes page.

Known Issues

security-libs/javax.net.sslIllegalArgumentException from TLS handshakeA recent issue from the JDK-8148516 fix can cause issue for some TLS servers. The problem originates from an *IllegalArgumentException* thrown by the TLS handshaker code:

java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curvesThe issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.See JDK-8173783

deploy/packagerjavapackager and fx:deploy bundle the whole JDK instead of JREThere is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime option. For example: -Bruntime=JavaAppletPlugin.plugin sets where the JavaAppletPlugin.plugin for the desired JRE to bundle is located in the current directory. See JDK-8166835

install/installJava Installation will fail for non-admin users with UAC offThe Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds<number>.tmp, in the %TEMP% directory. JDK-8161460 (not public)

www.oracle.com


Смотрите также