Thema: Java Runtime Environment ...

[SiLæncer]

Changelog

Enhancements:

Internal package sun.invoke.anon has been removed
New property jdk.lang.processReaperUseDefaultStackSize
Implemented performance improvements for BigInteger.montgomeryMultiply

Changes:

MSCAPI KeyStore can handle same-named certificates
Modify requirements on Authority Key Identifier extension field during X509 certificate chain building
Providing more granular levels for GC verification
Removed PICL warning message
Improved exception handling for bad LDAP referral replies

Bug Fixes:

Fix to resolve "Unable to process PreMasterSecret, may be too big" issue

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Whats new: >>

Changes:

security-libs/java.security
SunPKCS11 Provider no longer offering SecureRandom by default
SecureRandom.PKCS11 from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg
Performance improvements have also been made in the java.security.SecureRandom class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes) method.

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Release Notes : http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

CHANGES:

MD5 added to jdk.jar.disabledAlgorithms Security property:

This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:

Applets or Web Start Applications

Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file.
The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.

New system property to control caching for HTTP SPNEGO connection:

A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:

Performance of HTTP SPNEGO connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.

New system property to control caching for HTTP NTLM connection:

A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:

Performance of HTTP NTLM connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.

New version of VisualVM:

VisualVM 1.3.9 was released on October 4th, 2016 and has been integrated into 8u131.

BUG FIXES:

Correction of IllegalArgumentException from TLS handshake:

A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves. The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

IANA DATA 2017b:

JDK 8u141 contains IANA time zone data version 2017b.

CERTIFICATE CHANGES:

Let's Encrypt certificates added to root CAs. One new root certificate has been added.

NEW FEATURES:

security-libs/java.security. Improved algorithm constraints checking:

With the need to restrict weak algorithms usage in situations where they are most vulnerable, additional features have been added when configuring the jdk.certpath.disabledAlgorithms and jdk.jar.disabledAlgorithms security properties in the java.security file.
jdk.certpath.disabledAlgorithms: The certpath property has seen the most change. Previously it was limited to two Constraint types; either a full disabling of an algorithm by name or a full disabling of an algorithm by the key size when checking certificates, certificate chains, and certificate signatures. This creates configurations that are absolute and lack flexibility in their usage. Three new Constraints were added to give more flexibility in allowing and rejecting certificates.
"jdkCA" examines the certificate chain termination with regard to the cacerts file. In the case of "SHA1 jdkCA". SHA1's usage is checked through the certificate chain, but the chain must terminate at a marked trust anchor in the cacerts keystore to be rejected. This is useful for organizations that have their own private CA that trust using SHA1 with their trust anchor, but want to block certificate chains anchored by a public CA from using SHA1.
"denyAfter" checks if the given date is before the current date or the PKIXParameter date. In the case of "SHA1 denyAfter 2018-01-01", before 2018 a certificate with SHA1 can be used, but after that date, the certificate is rejected. This can be used for a policy across an organization that is phasing out an algorithm with a drop-dead date. For signed JAR files, the date is compared against the TSA timestamp. The date is specified in GMT.

"usage" examines the specified algorithm for a specified usage. This can be used when disabling an algorithm for all usages is not practical. There are three usages that can be specified:

TLSServer' restricts the algorithm in TLS server certificate chains when server authentication is performed as a client.
TLSClient' restricts the algorithm in TLS client certificate chains when client authentication is performed as a server.
SignedJAR' restricts the algorithms in certificates in signed JAR files. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter.
For example, "SHA1 usage TLSServer TLSClient" would disallow SHA1 certificates for TLSServer and TLSClient operations, but SignedJars would be allowed
All of these constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA1 certificate chains that terminate at marked trust anchors only for TLSServer operations, the constraint would be "SHA1 jdkCA & usage TLSServer".
jdk.jar.disabledAlgorithms: One additional constraint was added to this .jar property to restrict JAR manifest algorithms.
"denyAfter" checks algorithm constraints on manifest digest algorithms inside a signed JAR file. The date given in the constraint is compared against the TSA timestamp on the signed JAR file. If there is no timestamp or the timestamp is on or after the specified date, the signed JAR file is treated as unsigned. If the timestamp is before the specified date, the .jar will operate as a signed JAR file. The syntax for restricting SHA1 in JAR files signed after January 1st 2018 is: "SHA1 denyAfter 2018-01-01". The syntax is the same as that for the certpath property, however certificate checking will not be performed by this property.

CHANGES:

core-svc/java.lang.management. JMX Diagnostic improvements:

com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throw IllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail with IllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.

security-libs/javax.net.ssl. Custom HostnameVerifier enables SNI extension:

Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via the setHostnameVerifier(HostnameVerifier v) method in HttpsURLConnection. The fix ensures the Server Name is now sent in the ClientHello body.
xml/jax-ws. Tighter secure checks on processing WSDL files by wsimport tool:
The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:
DOCTYPE declaration is disallowed in documents
External general entities are not included by default
External parameter entities are not included by default
External DTDs are completely ignored

To restore the previous behavior:

Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
Use the wsimport tool command line option –disableXmlSecurity
NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU

BUG FIXES:

JFileChooser with Windows look and feel crashes on win 10
Race Condition in java.lang.reflect.WeakCache
java.nio.Bits.unaligned() doesn't return true on ppc
After updating to Java8u131, the bind to rmiregistry is rejected by registryFilter even though registryFilter is set
sun.management.LazyCompositeData.isTypeMatched() fail for composite types with items of ArrayType
SafePointNode::_replaced_nodes breaks with irreducible loops
NPE when JavaFX loads default stylesheet or font families if CCL is null
WebEngine.getDocument().getDocumentURI() no longer returns null for loading a String of HTML
Failed to load RSA private key from pkcs12
Improved algorithm constraints checking
Custom HostnameVerifier disables SNI extension

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

IANA Data 2017b:
JDK 8u144 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines:
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u144 are specified in the following table:
JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_141-b15
7 1.7.0_151-b15
6 1.6.0_161-b13
JRE Expiration Date:
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u144) will expire with the release of the next critical patch update scheduled for October 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u144) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Bug Fixes
security-libs/javax.net.ssl
java.util.zip.ZipFile.getEntry() now always returns the ZipEntry instance with a / ended entry name for directory entry
The java.util.zip.ZipEntry API doc specifies "A directory entry is defined to be one whose name ends with a /". However, in previous JDK releases, java.util.zip.ZipFile.getEntry(String entryName) may return a ZipEntry instance with an entry name that does not end with / for an existing zip directory entry when the passed in argument entryName does not end with a /, and when there is a matching zip directory entry with name entryName + / in the zip file.
With this release, the name of the ZipEntry instance returned from java.util.zip.ZipFile.getEntry() always ends with / for any zip directory entry.
To revert to the previous behavior, set the system property jdk.util.zip.ensureTrailingSlash to "false".
This change was made in order to fix a regression introduced in JDK 8u141 when verifying signed JARs that has caused some WebStart applications to fail to load.
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u144 Bug Fixes page.

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

KEY CHANGES:

Java Platform Module System:

Introduces a new kind of Java programing component, the module, which is a named, self-describing collection of code and data. This module system:

Introduces a new optional phase, link time, which is in-between compile time and run time, during which a set of modules can be assembled and optimized into a custom runtime image; see the jlink tool in Java Platform, Standard Edition Tools Reference.
Adds options to the tools javac, jlink, and java where you can specify module paths, which locate definitions of modules.
Introduces the modular JAR file, which is a JAR file with a module-info.class file in its root directory.
Introduces the JMOD format, which is a packaging format similar to JAR except it can include native code and configuration files; see the jmod tool.

The JDK itself has been divided into a set of modules. This change:

Enables you to combine the JDK's modules into a variety of configurations, including:

Configurations corresponding to the JRE and the JDK.
Configurations roughly equivalent in content to each of the Compact Profiles defined in Java SE 8.
Custom configurations that contain only a specified set of modules and their required modules.
Restructures the JDK and JRE runtime images to accommodate modules and improve performance, security, and maintainability.
Defines a new URI scheme for naming modules, classes, and resources stored in a runtime image without revealing the internal structure or format of the image.
Removes the endorsed-standards override mechanism and the extension mechanism.
Removes rt.jar and tools.jar from the Java runtime image.
Makes most of the JDK's internal APIs inaccessible by default but leaves a few critical, widely used internal APIs accessible until supported replacements exist for all or most of their functionality.

JEP 223: New Version-String Scheme:

Provides a simplified version-string format that helps to clearly distinguish major, minor, security, and patch update releases.

Installer Enhancements for Microsoft Windows:

Enable or Disable Web Deployment with Installer's UI:

Provides the option to enable or disable web deployment in the Welcome page of the installer. To enable web deployment, in the Welcome page, select Custom Setup , click Install, and select the Enable Java content in the Browser check box.

WHAT'S NEW FOR TOOLS:

JEP 222: jshell: The Java Shell (Read-Eval-Print Loop):

Adds Read-Eval-Print Loop (REPL) functionality to the Java platform.

JEP 228: Add More Diagnostic Commands:

Defines additional diagnostic commands to improve the ability to diagnose issues with Hotspot and the JDK.

JEP 231: Remove Launch-Time JRE Version Selection:

Removes the ability to request a version of the JRE that is not the JRE being launched at launch time. Modern applications are typically deployed through Java Web Start (with a JNLP file), native OS packaging systems, or active installers. These technologies have their own methods to manage the JREs needed by finding or downloading and updating the required JRE as needed. This makes launch-time JRE version selection obsolete.

JEP 238: Multi-Release JAR Files:

Extends the JAR file format to enable multiple, Java release-specific versions of class files to coexist in a single archive. A multirelease JAR (MRJAR) contains additional, versioned directories for classes and resources specific to particular Java platform releases. Specify versioned directories with the jar tool's --release option.

JEP 240: Remove the JVM TI hprof Agent:

Removes the hprof agent from the JDK. The hprof agent was written as demonstration code for the JVM Tool Interface and not intended to be a production tool. The useful features of the hprof agent have been superseded by better alternatives.

JEP 241: Remove the jhat Tool:

Removes the jhat tool from the JDK. The jhat tool was an experimental and unsupported tool added in JDK 6. It is out of date; superior heap visualizers and analyzers have been available for many years.

JEP 245: Validate JVM Command-Line Flag Arguments:

Validates arguments to all numerical JVM command-line flags to avoid failures and instead displays an appropriate error message if they are found to be invalid. Range and optional constraint checks have been implemented for arguments that require a user-specified numerical value.

JEP 247: Compile for Older Platform Versions:

Enhances javac so that it can compile Java programs to run on selected earlier versions of the platform. When using the -source or -target options, the compiled program might accidentally use APIs that are not supported on the given target platform. The --release option will prevent accidental use of APIs.

JEP 282: jlink: The Java Linker:

Assembles and optimizes a set of modules and their dependencies into a custom runtime image as defined in JEP 220. The jlink tool defines a plug-in mechanism for transformation and optimization during the assembly process, and for the generation of alternative image formats. It can create a custom runtime optimized for a single program. JEP 261 defines link time as an optional phase between the phases of compile time and run time. Link time requires a linking tool that assembles and optimizes a set of modules and their transitive dependencies to create a runtime image or executable

WHAT'S NEW FOR SECURITY:

JEP 219: Datagram Transport Layer Security (DTLS):

Enables Java Secure Socket Extension (JSSE) API and the SunJSSE security provider to support DTLS Version 1.0 and DTLS Version 1.2 protocols.

JEP 244: TLS Application-Layer Protocol Negotiation Extension:

Enables the client and server in a Transport Layer Security (TLS) connection to negotiate the application protocol to be used. With Application-Layer Protocol Negotiation (ALPN), the client sends the list of supported application protocols as part of the TLS ClientHello message. The server chooses a protocol and returns the selected protocol as part of the TLS ServerHello message. The application protocol negotiation can be accomplished within the TLS handshake, without adding network round-trips.

JEP 249: OCSP Stapling for TLS:

Enables the server in a TLS connection to check for a revoked X.509 certificate revocation. The server does this during TLS handshaking by contacting an Online Certificate Status Protocol (OCSP) responder for the certificate in question. It then attaches or "staples" the revocation information to the certificate that it returns to the client so that the client can take appropriate action. Enables the client to request OCSP stapling from a TLS server. The client checks stapled responses from servers that support the feature.

JEP 246: Leverage CPU Instructions for GHASH and RSA:

Improves performance ranging from 34x to 150x for AES/GCM/NoPadding using GHASH HotSpot intrinsics. GHASH intrinsics are accelerated by the PCLMULQDQ instruction on Intel x64 CPU and the xmul/xmulhi instructions on SPARC. Improves performance up to 50% for BigInteger squareToLen and BigInteger mulAdd methods using RSA HotSpot intrinsics. RSA intrinsics apply to the java.math.BigInteger class on Intel x64. A new security property jdk.security.provider.preferred is introduced to configure providers that offer significant performance gains for specific algorithms.

JEP 273: DRBG-Based SecureRandom Implementations:

Provides the functionality of Deterministic Random Bit Generator (DRBG) mechanisms as specified in NIST SP 800-90Ar1 in the SecureRandom API.
The DRBG mechanisms use modern algorithms as strong as SHA-512 and AES-256. Each of these mechanisms can be configured with different security strengths and features to match user requirements.

JEP 288: Disable SHA-1 Certificates:

Improves the security configuration of the JDK by providing a more flexible mechanism to disable X.509 certificate chains with SHA-1-based signatures.
Disables SHA-1 in TLS Server certificate chains anchored by roots included by default in the JDK; local or enterprise certificate authorities (CAs) are not affected. The jdk.certpath.disabledAlgorithms security property is enhanced with several new constraints that allow greater control over the types of certificates that can be disabled.

JEP 229: Create PKCS12 Keystores by Default:

Modifies the default keystore type from JKS to PKCS12. PKCS#12 is an extensible, standard, and widely supported format for storing cryptographic keys. PKCS12 keystores improve confidentiality by storing private keys, trusted public key certificates, and secret keys. This feature also opens opportunities for interoperability with other systems such as Mozilla, Microsoft's Internet Explorer, and OpenSSL that support PKCS12. The SunJSSE provider supplies a complete implementation of the PKCS12 java.security.KeyStore format for reading and writing PKCS12 files. See Key Management in Java Platform, Standard Edition Security Developer's Guide. The keytool key and certificate management utility can create PKCS12 keystores.

JEP 287: SHA-3 Hash Algorithms:

Supports SHA-3 cryptographic hash functions as specified in NIST FIPS 202.
The following additional standard algorithms are supported by the java.security.MessageDigest API: SHA3-224, SHA3-256, SHA3-384, and SHA3-512.

The following providers support SHA-3 algorithm enhancements:

SUN provider: SHA3-224, SHA3-256, SHA3-384, and SHA3-512
OracleUcrypto provider: SHA-3 digests supported by Solaris 12.0

WHAT'S NEW FOR DEPLOYMENT:

Deprecate the Java Plug-in:

Deprecates the Java Plug-in and associated applet technologies in Oracle's JDK 9 builds. While still available in JDK 9, these technologies will be considered for removal from the Oracle JDK and JRE in a future release. Applets and JavaFX applications embedded in a web page require the Java Plug-in to run. Consider rewriting these types of applications as Java Web Start or self-contained applications.

Enhanced Java Control Panel:

Improves the grouping and presentation of options within the Java Control Panel. Information is easier to locate, a search field is available, and modal dialog boxes are no longer used. Note that the location of some options has changed from previous versions of the Java Control Panel

JEP 275: Modular Java Application Packaging:

Integrates features from Project Jigsaw into the Java Packager, including module awareness and custom runtime creation. Leverages the jlink tool to create smaller packages. Creates applications that use the JDK 9 runtime only. Cannot be used to package applications with an earlier release of the JRE.

JEP 289: Deprecate the Applet API:

Deprecates the Applet API, which is becoming less useful as web browser vendors remove support for Java browser plug-ins. While still available in JDK 9, the Applet class will be considered for removal in a future release. Consider rewriting applets as Java Web Start or self-contained applications.

WHAT'S NEW FOR THE JAVA LANGUAGE:

JEP 213: Milling Project Coin. Identifies a few small changes:

Allow @SafeVargs on private instance methods.
Allow effectively final variables to be used as resources in the try-with-resources statement.
Allow the diamond with anonymous classes if the argument type of the inferred type is denotable.
Complete the removal, begun in Java SE 8, of the underscore from the set of legal identifier names.
Add support for private interface methods.

WHAT'S NEW FOR JAVADOC:

JEP 221: Simplified Doclet API:

Replaces the old Doclet API with a new simplified API that leverages other standard, existing APIs. The standard doclet has been rewritten to use the new Doclet API.

JEP 224: HTML5 Javadoc:

Supports generating HTML5 output. To get fully compliant HTML5 output, ensure that any HTML content provided in documentation comments are compliant with HTML5.

JEP 225: Javadoc Search:

Provides a search box to the generated API documentation. Use this search box to find program elements, tagged words, and phrases within the documentation.

JEP 261: Module System:

Supports documentation comments in module declarations. Includes new command-line options to configure the set of modules to be documented and generates a new summary page for any modules being documented.

WHAT'S NEW FOR THE JVM:

JEP 165: Compiler Control:

Provides a way to control JVM compilation through compiler directive options. The level of control is runtime-manageable and method-specific. Compiler Control supersedes, and is backward compatible, with CompileCommand.

JEP 197: Segmented Code Cache:

Divides the code cache into distinct segments, each of which contains compiled code of a particular type, to improve performance and enable future extensions.

JEP 276: Dynamic Linking of Language-Defined Object Models:

Dynamically links high-level object operations at run time, such as read a property, write a property, and invoke a function, to the appropriate target method handles. It links these operations to target method handles based on the actual types of the values passed. These object operations are expressed as invokedynamic sites.
While java.lang.invoke provides a low-level API for dynamic linking of invokedynamic call sites, it doesn't provide a way to express higher level operations on objects nor methods that implement them.
With the package jdk.dynalink, you can implement programming languages whose expressions contain dynamic types (types that cannot be determined statically) and whose operations on these dynamic types are expressed as invokedynamic call sites (because the language's object model or type system doesn't closely match that of the JVM).

WHAT'S NEW FOR JVM TUNING:

Improve G1 Usability, Determinism, and Performance:

Enhances the Garbage-First (G1) garbage collector to automatically determine several important memory-reclamation settings. Previously these settings had to be set manually to obtain optimal results. In addition, fixes issues with the usability, determinism, and performance of the G1 garbage collector.

JEP 158: Unified JVM Logging:

Introduces a common logging system for all components of the JVM.
JEP 214: Remove GC Combinations Deprecated in JDK 8"
Removes garbage collector (GC) combinations that were deprecated in JDK 8.
This means that the following GC combinations no longer exist: DefNew + CMS ParNew + SerialOld, Incremental CMS.

The "foreground" mode for Concurrent Mark Sweep (CMS) has also been removed. The following command-line flags have been removed:

-Xincgc
-XX:+CMSIncrementalMode
-XX:+UseCMSCompactAtFullCollection
-XX:+CMSFullGCsBeforeCompaction
-XX:+UseCMSCollectionPassing
The command line flag -XX:+UseParNewGC no longer has an effect. ParNew can only be used with CMS and CMS requires ParNew. Thus, the -XX:+UseParNewGC flag has been deprecated and will likely be removed in a future release.

JEP 248: Make G1 the Default Garbage Collector:

Makes Garbage-First (G1) the default garbage collector (GC) on 32- and 64-bit server configurations. Using a low-pause collector such as G1 provides a better overall experience, for most users, than a throughput-oriented collector such as the Parallel GC, which was previously the default.

JEP 271: Unified GC Logging:

Reimplements Garbage Collection (GC) logging using the unified JVM logging framework introduced in JEP 158. GC logging is re-implemented in a manner consistent with the current GC logging format; however, some differences exist between the new and old formats.

JEP 291: Deprecate the Concurrent Mark Sweep (CMS) Garbage Collector:

Deprecates the Concurrent Mark Sweep (CMS) garbage collector. A warning message is issued when it is requested on the command line, using the -XX:+UseConcMarkSweepGC option. The Garbage-First (G1) garbage collector is intended to be a replacement for most uses of CMS

WHAT'S NEW FOR CORE LIBRARIES:

JEP 102: Process API Updates:

Improves the API for controlling and managing operating system processes.
The ProcessHandle class provides the process's native process ID, arguments, command, start time, accumulated CPU time, user, parent process, and descendants. The class can also monitor processes' liveness and destroy processes. With the ProcessHandle.onExit method, the asynchronous mechanisms of the CompletableFuture class can perform an action when the process exits.

JEP 193: Variable Handles:

Defines a standard means to invoke the equivalents of java.util.concurrent.atomic and sun.misc.Unsafe operations upon object fields and array elements.
Defines a standard set of fence operations, which consist of VarHandle static methods that enable fine-grained control of memory ordering. This is an alternative to sun.misc.Unsafe, which provides a nonstandard set of fence operations.
Defines a standard reachability fence operation to ensure that a referenced object remains strongly reachable.

JEP 254: Compact Strings:

Adopts a more space-efficient internal representation for strings. Previously, the String class stored characters in a char array, using two bytes (16 bits) for each character. The new internal representation of the String class is a byte array plus an encoding-flag field.
This is purely an implementation change, with no changes to existing public interfaces.

JEP 264: Platform Logging API and Service:

Defines a minimal logging API that platform classes can use to log messages, together with a service interface for consumers of those messages. A library or application can provide an implementation of this service to route platform log messages to the logging framework of its choice. If no implementation is provided, then a default implementation based on the java.util.logging API is used.

JEP 266: More Concurrency Updates:

Adds further concurrency updates to those introduced in JDK 8 in JEP 155: Concurrency Updates, including an interoperable publish-subscribe framework and enhancements to the CompletableFuture API.

JEP 268: XML Catalogs:

Adds a standard XML Catalog API that supports the Organization for the Advancement of Structured Information Standards (OASIS) XML Catalogs version 1.1 standard. The API defines catalog and catalog-resolver abstractions that can be used as an intrinsic or external resolver with the JAXP processors that accept resolvers.
Existing libraries or applications that use the internal catalog API will need to migrate to the new API to take advantage of the new features.

JEP 269: Convenience Factory Methods for Collections:

Makes it easier to create instances of collections and maps with small numbers of elements. New static factory methods on the List, Set, and Map interfaces make it simpler to create immutable instances of those collections.
JEP 274: Enhanced Method Handles:

Enhances the MethodHandle, MethodHandles, and MethodHandles.Lookup classes of the java.lang.invoke package to ease common use cases and enable better compiler optimizations. Additions include:

In the MethodHandles class in the java.lang.invoke package, provide new MethodHandle combinators for loops and try/finally blocks.
Enhance the MethodHandle and MethodHandles classes with new MethodHandle combinators for argument handling.
Implement new lookups for interface methods and, optionally, super constructors in the MethodHandles.Lookup class.

JEP 277: Enhanced Deprecation:

Revamps the @Deprecated annotation to provide better information about the status and intended disposition of an API in the specification. Two new elements have been added:

Deprecated(forRemoval=true) indicates that the API will be removed in a future release of the Java SE platform.
Deprecated(since="version") contains the Java SE version string that indicates when the API element was deprecated, for those deprecated in Java SE 9 and beyond.

JEP 285: Spin-Wait Hints:

Defines an API that enables Java code to hint that a spin loop is executing. A spin loop repeatedly checks to see if a condition is true, such as when a lock can be acquired, after which some computation can be safely performed followed by the release of the lock. This API is purely a hint, and carries no semantic behavior requirements. See the method Thread.onSpinWait

JEP 290: Filter Incoming Serialization Data:

Allows incoming streams of object-serialization data to be filtered to improve both security and robustness. Object-serialization clients can validate their input more easily, and exported Remote Method Invocation (RMI) objects can validate invocation arguments more easily as well
Serialization clients implement a filter interface that is set on an ObjectInputStream. For RMI, the object is exported through a RemoteServerRef that sets the filter on the MarshalInputStream to validate the invocation arguments as they are unmarshalled

JEP 259: Stack-Walking API:

Provides a stack-walking API that allows easy filtering and lazy access to the information in stack traces
The API supports both short walks that stop at a frame that matches given criteria, and long walks that traverse the entire stack. Stopping at a frame that matches a given criteria avoids the cost of examining all the frames if the caller is interested only in the top frames on the stack. The API enables access to Class objects when the stack walker is configured to do so. See the class java.lang.Stackwalker

JEP 255: Merge Selected Xerces 2.11.0 Updates into JAXP:

Updates the JDK to support the 2.11.0 version of the Xerces parser. There is no change to the public JAXP API
The changes are in the following categories of Xerces 2.11.0: Datatypes, DOM L3 Serializer, XPointer, Catalog Resolver, and XML Schema Validation (including bug fixes, but not the XML Schema 1.1 development code)

WHAT'S NEW FOR NASHORN:

JEP 236: Parser API for Nashorn:

Enables applications, in particular IDEs and server-side frameworks, to parse and analyze ECMAScript code.
Parse ECMAScript code from a string, URL, or file with methods from the Parser class. These methods return an instance of CompilationUnitTree, which represents ECMAScript code as an abstract syntax tree.
The package jdk.nashorn.api.tree contains the Nashorn parser API.

JEP 292: Implement Selected ECMAScript 6 Features in Nashorn: Implements many new features introduced in the 6th edition of ECMA-262, also known as ECMAScript 6, or ES6 for short. Implemented features include the following:

Template strings
let, const, and block scope
Iterators and for..of loops
Map, Set, WeakMap, and WeakSet
Symbols
Binary and octal literals

WHAT'S NEW FOR CLIENT TECHNOLOGIES:

JEP 251: Multi-Resolution Images:

Enables a set of images with different resolutions to be encapsulated into a single multiresolution image. This could be useful for applications to adapt to display devices whose resolutions may vary from approximately 96dpi to 300dpi during run time
The interface java.awt.image.MultiResolutionImage encapsulates a set of images with different resolutions into a single multiresolution image, which enables applications to easily manipulate and display images with resolution variants

JEP 253: Prepare JavaFX UI Controls and CSS APIs for Modularization:

Provides public APIs for JavaFX UI controls and CSS functionality that were previously available only through internal packages but are now inaccessible due to modularization.
The new package javafx.scene.control.skin consists of a set of classes that provides a default implementation for the skin (or the look) of each UI control.
The new class CssParser is a CSS parser that returns a Stylesheet object, which gives you more control over the CSS styling of your application. It’s part of the CSS API (the javafx.css package). The CSS API includes new support classes, including a set of standard converters used by the parser; see the javafx.css.converter package.

JEP 256: BeanInfo Annotations:

Replaces the @beaninfo Javadoc tag with the annotation types JavaBean, BeanProperty, and SwingContainer.
These annotation types set the corresponding feature attributes during BeanInfo generation at runtime. Thus, you can more easily specify these attributes directly in Bean classes instead of creating a separate BeanInfo class for every Bean class. It also enables the removal of automatically generated classes, which makes it easier to modularize the client library.

JEP 262: TIFF Image I/O:

Adds Tag Image File Format (TIFF) reading and writing as standard to the package javax.imageio. The new package javax.imageio.plugins.tiff provides classes that simplify the optional manipulation of TIFF metadata.

JEP 263: HiDPI Graphics on Windows and Linux:

Automatically scales and sizes AWT and Swing components for High Dots Per Inch (HiDPI) displays on Windows and Linux. Prior to this release, on Windows and Linux, Java applications were sized and rendered based on pixels, even on HiDPI displays that can have pixel densities two to three times as high as traditional displays. This led to GUI components and windows that were too small to read or use.

JEP 272: Platform-Specific Desktop Features:

Adds additional methods to the class java.awt.Desktop that enable you to interact with the desktop, including the following:

Show custom About and Preferences windows.
Handle requests to open or print a list of files.
Handle requests to open a URL.
Open the native help viewer application.
Set the default menu bar.
Enable or disable the application to be suddenly terminated.
These new methods replace the functionality of the internal APIs contained in the OS X package com.apple.eawt, which are not accessible by default in JDK 9. Note that the package com.apple.eio is no longer accessible.

WHAT'S NEW FOR INTERNATIONALIZATION:

JEP 267: Unicode 8.0:

Supports Unicode 8.0. JDK 8 supported Unicode 6.2.
The Unicode 6.3, 7.0 and 8.0 standards combined introduced 10,555 characters, 29 scripts, and 42 blocks, all of which are supported in JDK 9.
JEP 252: CLDR Locale Data Enabled by Default:
Uses the Common Locale Data Repository's (CLDR) XML-based locale data, first added in JDK 8, as the default locale data in JDK 9. In previous releases, the default was JRE.
To enable behavior compatible with JDK 8, set the system property java.locale.providers to a value with COMPAT ahead of CLDR.

JEP 226: UTF-8 Properties Files:

Loads properties files in UTF-8 encoding. In previous releases, ISO-8859-1 encoding was used when loading property resource bundles. UTF-8 is a much more convenient way to represent non-Latin characters.
Most existing properties files should not be affected.

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

Changes:

security-libs/java.security

Refactor existing providers to refer to the same constants for default values for key length:

Two important changes have been made for this issue:

1. A new system property has been introduced that allows users to configure the default key size used by the JDK provider implementations of KeyPairGenerator and AlgorithmParameterGenerator. This property is named "jdk.security.defaultKeySize" and the value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". In addition, white space is ignored.
By default, this property will not have a value, and JDK providers will use their own default values. Entries containing an unrecognized algorithm name will be ignored. If the specified default key size is not a parseable decimal integer, that entry will be ignored as well.
2. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator. Applications which cast the SUN provider's DSA KeyPairGenerator object to a java.security.interfaces.DSAKeyPairGenerator can set the system property "jdk.security.legacyDSAKeyPairGenerator". If the value of this property is "true", the SUN provider will return a DSA KeyPairGenerator object which implements the java.security.interfaces.DSAKeyPairGenerator interface. This legacy implementation will use the same default value as specified by the javadoc in the interface.
By default, this property will not have a value, and the SUN provider will return a DSA KeyPairGenerator object which does not implement the forementioned interface and thus can determine its own provider-specific default value as stated in the java.security.KeyPairGenerator class or by the "jdk.security.defaultKeySize" system property if set.
core-libs/java.util:collections

Collections use serialization filter to limit array sizes:

Deserialization of certain collection instances will cause arrays to be allocated. The ObjectInputFilter.checkInput() method is now called prior to allocation of these arrays. Deserializing instances of ArrayDeque, ArrayList, IdentityHashMap, PriorityQueue, java.util.concurrent.CopyOnWriteArrayList, and the immutable collections (as returned by List.of, Set.of, and Map.of) will call checkInput() with a FilterInfo instance whose serialClass() method returns Object[].class. Deserializing instances of HashMap, HashSet, Hashtable, and Properties will call checkInput() with a FilterInfo instance whose serialClass() method returns Map.Entry[].class. In both cases, the FilterInfo.arrayLength() method will return the actual length of the array to be allocated. The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.

security-libs/java.security

Add warnings to keytool when using JKS and JCEKS:

When keytool is operating on a JKS or JCEKS keystore, a warning may be shown that the keystore uses a proprietary format and migrating to PKCS12 is recommended. The keytool's -importkeystore command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.

Bug fixes:

(JBS, component, subcomponent, description)
1 JDK-8183297 infrastructure Allow duplicate bugid for changeset in jdk9 update forest
2 JDK-8187993 infrastructure [CPU17_04] Need to update securitypack.jar with baseline.versions file having jdk9 entry
3 JDK-8187043 javafx graphics JavaFX fails to launch on some Windows platforms due to missing VS2017 libraries
4 JDK-8089283 javafx web Padding property of the select tag is incorrect in WebView
5 JDK-8176729 javafx web com.sun.webkit.dom.NodeImpl#SelfDisposer is not called
6 JDK-8178319 javafx web Build sqlite3 from source
7 JDK-8178360 javafx web Build and integrate ICU from source
8 JDK-8178440 javafx web Build libxml2 and libxslt from source
9 JDK-8179673 javafx web JVM Crash in WebPage.setBackgroundColor() during webpage navigation (Non Public API)
10 JDK-8183292 javafx web Update to 604.1 version of WebKit
11 JDK-8184448 javafx web Crash while loading gif images with more frames
12 JDK-8185132 javafx web window.requestAnimationFrame API is not working

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

security-libs/java.security:

Open source the root certificates in Oracle's Java SE Root CA program
The OpenJDK 9 binary for Linux x64 contains an empty cacerts keystore. This prevents TLS connections from being established because there are no Trusted Root Certificate Authorities installed. As a workaround for OpenJDK 9 binaries, users had to set the javax.net.ssl.trustStore System Property to use a different keystore.
"JEP 319: Root Certificates" [1] addresses this problem by populating the cacerts keystore with a set of root certificates issued by the CAs of Oracle's Java SE Root CA Program. As a prerequisite, each CA must sign the Oracle Contributor Agreement (OCA) http://www.oracle.com/technetwork/community/oca-486395.html, or an equivalent agreement, to grant Oracle the right to open-source their certificates.

NEW FEATURES:

security-libs/javax.net.ssl:

Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the supported_groups TLS extension or the named groups in the extension, applications can either customize the supported group names with jdk.tls.namedGroups, or turn off the FFDHE mechanisms by setting the System Property jsse.enableFFDHEExtension to false.

other-libs/corba:

Add additional IDL stub type checks to org.omg.CORBA.ORBstring_to_object method
Applications that either explicitly or implicitly call org.omg.CORBA.ORB.string_to_object, and wish to ensure the integrity of the IDL stub type involved in the ORB::string_to_object call flow, should specify additional IDL stub type checking. This is an "opt in" feature and is not enabled by default.

To take advantage of the additional type checking, the list of valid IDL interface class names of IDL stub classes is configured by one of the following:

Specifying the security property com.sun.CORBA.ORBIorTypeCheckRegistryFilter located in the file conf/security/java.security in Java SE 9 or in jre/lib/security/java.security in Java SE 8 and earlier.
Specifying the system property com.sun.CORBA.ORBIorTypeCheckRegistryFilter with the list of classes. If the system property is set, its value overrides the corresponding property defined in the java.security configuration.
If the com.sun.CORBA.ORBIorTypeCheckRegistryFilter property is not set, the type checking is only performed against a set of class names of the IDL interface types corresponding to the built-in IDL stub classes.

CHANGES:

security-libs/javax.crypto:

RSA public key validation
In 9.0.4, the RSA implementation in the SunRsaSign provider will reject any RSA public key that has an exponent that is not in the valid range as defined by PKCS#1 version 2.2. This change will affect JSSE connections as well as applications built on JCE.
security-libs/javax.crypto
Provider default key size is updated
This change updates the JDK providers to use 2048 bits as the default key size for DSA instead of 1024 bits when applications have not explicitly initialized the java.security.KeyPairGenerator and java.security.AlgorithmParameterGenerator objects with a key size.
If compatibility issues arise, existing applications can set the system property jdk.security.defaultKeySize introduced in JDK-8181048 with the algorithm and its desired default key size.
security-libs/javax.crypto
Stricter key generation
The generateSecret(String) method has been mostly disabled in the javax.crypto.KeyAgreement services of the SUN and SunPKCS11 providers. Invoking this method for these providers will result in a NoSuchAlgorithmException for most algorithm string arguments. The previous behavior of this method can be re-enabled by setting the value of the jdk.crypto.KeyAgreement.legacyKDF system property to true (case insensitive). Re-enabling this method by setting this system property is not recommended.
security-libs/javax.net.ssl
Disable exportable cipher suites
To improve the strength of SSL/TLS connections, exportable cipher suites have been disabled in SSL/TLS connections in the JDK by the jdk.tls.disabledAlgorithms Security Property.
core-svc/javax.management
JMX Connections need deserialization filters
New public attributes, RMIConnectorServer.CREDENTIALS_FILTER_PATTERN and RMIConnectorServer.SERIAL_FILTER_PATTERN have been added to RMIConnectorServer.java. With these new attributes, users can specify the deserialization filter pattern strings to be used while making a RMIServer.newClient() remote call and while sending deserializing parameters over RMI to server respectively.
The user can also provide a filter pattern string to the default agent via management.properties. As a result, a new attribute is added to management.properties.
Existing attribute RMIConnectorServer.CREDENTIAL_TYPES is superseded by RMIConnectorServer.CREDENTIALS_FILTER_PATTERN and has been removed.

BUG FIXES:

JDK-8185661 deploy webstart:JNLP files won't launch from IE11 on Windows 10 Creators Update
JDK-8190285 hotspot runtime: s390: Some java boolean checks are not correct
JDK-8181922 javafx media: Provide media support for libav version 57
JDK-8088681 javafx web: Underscore not visible in HTML combo box options inside webview
JDK-8185970 javafx web: Possible crash due to use-after-free
JDK-8189131 security-libsjava.security: Open-source the Oracle JDK Root Certificates
JDK-8186093 security-libs javax.crypto: A comment in the java.security configuration file incorrectly says that "strong but limited" is the default value
JDK-8140436 security-libs javax.net.ssl:Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
JDK-8148421 security-libs javax.net.ssl: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
JDK-8163237 security-libs javax.net.ssl: Restrict the use of EXPORT cipher suites
JDK-8193683 security-libs javax.net.ssl: Increase the number of clones in the CloneableDigest

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Whats new:>>

Bug Fixes:

This release contains fixes for security vulnerabilities.

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Java 10 ist wie geplant ein halbes Jahr nach Java 9, erschienen. Die neue Version implementiert insgesamt zwölf Neuerungen.

Seit Java 9, das am 21. September 2017 nach sehr langer Entwicklungszeit freigegeben wurde, gilt im OpenJDK-Projekt ein halbjährlicher Veröffentlichungszyklus. Bis Java 9 erschienen neue Java-Versionen, wenn sie fertig waren, wenn also der geplante Funktionsumfang implementiert und ausreichend getestet war. Dadurch war für die Anwender kaum planbar, wann eine neue Version erscheint. Schon Java 8 war ein halbes Jahr verschoben worden, Java 9 wurde gar mehrfach verschoben und stellte in dieser Hinsicht quasi einen Rekord dar.

Auf Initiative von Mark Reinhold wurde dieser Ablauf geändert. Um Java weiter wettbewerbsfähig zu halten, erscheinen neue Versionen nun alle sechs Monate. Da halbjährliche Veröffentlichungszyklen für einige Anwender, die Stabilität bevorzugen, zu rasch kämen, sollen alle drei Jahre Versionen mit langfristiger Unterstützung erscheinen, die erste möglicherweise im September.

Java 10 war als erste Version mit dem verkürzten Veröffentlichungszyklus für den 21. März geplant und ist jetzt genau zum angepeilten Termin erschienen. Mark Reinhold zeigte sich mit dem Verlauf der Entwicklung zufrieden. In Anbetracht der erheblichen Umstellung sei alles ziemlich reibungslos verlaufen. Seit der Herausgabe des ersten Veröffentlichungskandidaten wurden keine schwerwiegenden Fehler gefunden.

Java 10 gilt daher jetzt als produktiv nutzbar und enthält insgesamt zwölf Neuerungen gegenüber Java 9. Die Neuerungen sind Typinferenz für lokale Variablen, Konsolidierung der JDK-Quellen in ein einzelnes Repositorium, Definierte Schnittstelle zum Garbage-Collector, Parallelisierung der gelegentlich nötigen vollständigen Garbage Collection, gemeinsames Nutzen von Daten mehrerer Anwendungen, Thread-lokale Handshakes, Entfernung des Programms javah, da der Java-Compiler seine Funktion übernehmen kann, Unicode-Erweiterungen, Allokation von Speicher auf Speichergeräten wie beispielsweise NV-DIMMs, der experimentelle Java-basierte JIT-Compiler Graal, Root-Zertifikate einiger wichtiger CAs und Zeitbasierte Versionsnummern, wobei es sich tatsächlich nicht um zeitbasierte Versionsnummern, sondern lediglich um eine kleine Anpassung handelt.

Binärpakete stehen auf jdk.java.net zum Download bereit. Dabei gibt es das komplette, 190 MB schwere JDK in der OpenJDK-Version unter der GPL mit Classpath-Ausnahme, sowie zwei von Oracle produzierte Versionen unter einer proprietären Lizenz, zum einen das 80 bis 100 MB große JRE und zum anderen das mit 200 bis 340 MB noch deutlich umfangreichere Oracle-JDK.

Quelle : www.pro-linux.de

[SiLæncer]

Release Notes: http://www.oracle.com/technetwork/java/javase/8u172-relnotes-4308893.html

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Changelog

Changes:

core-libs/java.lang.invoke:

➜ filterArguments runs multiple filters in the wrong order:

The specification of the method java.lang.invoke.MethodHandles.filterArguments was clarified to state more clearly that filter arguments are invoked in left to right order. The implementation of this method was also fixed to ensure it conformed to the specification. Prior to the fix the implementation incorrectly invoked filters in right to left order. For the majority of usages it is expected such a change in behavior will not be observable. Only in the minority of cases where two or more filters have side-effects that affect their results will such behavior be observable.

core-libs/javax.naming:

➜ Improve LDAP support:

Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS ) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.
Define this system property (or set it to true) to disable endpoint identification algorithms.

core-libs/java.io:serialization:

➜ Better stack walking:

New access checks have been added during the object creation phase of deserialization. This should not affect ordinary uses of deserialization. However, reflective frameworks that make use of JDK-internal APIs may be impacted. The new checks can be disabled if necessary by setting the system property jdk.disableSerialConstructorChecks to the value "true". This must be done by adding the argument -Djdk.disableSerialConstructorChecks=true to the Java command line.

Bug fixes:

hotspot/gc:

➜ JVM Crash during G1 GC:

A klass that has been considered unreachable by the concurrent marking of G1, can be looked up in the ClassLoaderData/SystemDictionary, and its _java_mirror or _class_loader fields can be stored in a root or any other reachable object making it alive again. Whenever a klass is resurrected in this manner, the SATB part of G1 needs to be notified about this, otherwise, the concurrent marking remark phase will erroneously unload that klass.
In this particular crash, while G1 was doing concurrent marking and had prepared its list of unreachable classes, JVMTI on a Java thread could traverse classes in the CLD and store thread-local JNIHandles for the java_mirror of the loaded classes. G1 did not have knowledge of these thread-local JNIHandles, and in the remark phase, it unloaded classes per its prior knowledge of unreachable classes. When these JNIHandles were later scanned, it lead to a crash.
This fix for JDK-8187577 informs G1's SATB that a klass has been resurrected and should not be unloaded.

[close]

Download : http://www.oracle.com/technetwork/java/javase/downloads/index.html

[SiLæncer]

Release Notes: https://www.oracle.com/technetwork/java/javase/documentation/8u-relnotes-2225394.html

Download : https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

[SiLæncer]

Release Notes: https://www.oracle.com/technetwork/java/javase/8u202-relnotes-5209339.html

Download : https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html