JDK Builds from Oracle
aThe feature has been disabled since JDK 18, meaning the META-INF/INDEX.LIST entry in a JAR file is ignored at run-time. During the development phase, new builds including enhancements and bug fixes were released approximately weekly. Beta versions were released in February and June 2006, leading up to a final release that occurred on December 11, 2006.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u281) on February 19, 2021. It is not recommended to use this JDK (version 20.0.1) after the next critical patch update release, scheduled for July 18, 2023. This section describes the APIs, features, and options that were removed in Java SE 21 and JDK 21. The APIs described
here are those that are provided with the Oracle JDK.
Java 17 updates
If a connection is downgraded from
encrypted to clear, then only the mechanisms that are explicitly permitted are allowed. These applications should be rebuilt and shipped with modern C++ runtime dependencies that use a later instance of Visual Studio. Applications should not depend on DLLs included with the JDK/JRE that are not documented in the product java se 7 tutorials as offering support for the specification or other functionality in Java SE. Moving to Visual Studio 2017 for JDK 7 and JDK 8 requires changing the runtime library that the JDK/JRE depends on. Before this change, JDK/JRE implementations used and shipped the Microsoft Visual C++ 2010 SP1 Redistributable Package (x86/x64) that included MSVCR100.dll [a][b].
Please note that fixes from prior BPR (7u9 b32) are included in this version. Please note that fixes from prior BPR (7u10 https://remotemode.net/ b31) are included in this version. Please note that fixes from prior BPR (7u15 b33) are included in this version.
Java 19 updates
Support has been added for the SHA224withDSA and SHA256withDSA signature algorithms and for DSA keys with sizes up to 2048 bits. For a more complete list of the bug fixes included in this release, see the JDK 7u141 Bug Fixes page. The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator.
The polling based WatchService has been changed to ignore these modifiers when registering files to be watched. Agents are programs that run in the JVM process and make use of powerful JVM TI or java.lang.instrument APIs. These APIs are designed to support tooling such as profilers and debuggers. Agents are started via a command line option, for example -agentlib or -javaagent, or they can be started into a running VM using the JDK specific com.sun.tools.attach API or the jcmd command. There is no warning for agents that are loaded at startup via command line options.
Java 12 updates
Enhance the JDK security providers to support 3072-bit DiffieHellman and DSA parameters generation, pre-computed DiffieHellman parameters up to 8192 bits and pre-computed DSA parameters up to 3072 bits. The default pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, and javax.crypto.spec.SecretKeySpec but rejects all the others. Define this system property (or set it to true) to disable endpoint identification algorithms. To improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default. Note also that these system properties are currently supported by the JDK Reference Implementation. TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire.
Subsequent JDK 17 updates will be licensed under the Java SE OTN License (OTN) and production use beyond the limited free grants of the OTN license will require a fee. Only developers and Enterprise administrators should download these releases. The JDK includes tools useful for developing and testing programs written in the Java programming language and running on the JavaTM platform.
Java 21 and Java 17 available now
This JRE (version 7u121) will expire with the release of the next critical patch update scheduled for January 17, 2017. This JRE (version 7u131) will expire with the release of the next critical patch update scheduled for April 18, 2017. This JRE (version 7u141) will expire with the release of the next critical patch update scheduled for July 18, 2017. This JRE (version 7u151) will expire with the release of the next critical patch update scheduled for October 17, 2017. This JRE (version 7u161) will expire with the release of the next critical patch update scheduled for January 16, 2018. This JRE (version 7u171) will expire with the release of the next critical patch update scheduled for April 17, 2018.
To relieve this, a new security property, jdk.disabled.namedCurves, is implemented that can list the named curves common to all of the disabledAlgorithms properties. To use the new property in the disabledAlgorithms properties, precede the full property name with the keyword include. Users can still add individual named curves to disabledAlgorithms properties separate from this new property. No other properties can be included in the disabledAlgorithms properties. Com.sun.nio.file.SensitivityWatchEventModifier has been deprecated and is marked for removal in a future release. The constants in this enum were used with the polling based WatchService implementation on macOS to set the interval when polling files for changes.
Java 20 updates
A new system property, "jdk.tls.ephemeralDHKeySize", is defined to customize the ephemeral DH key sizes. This can be set to "legacy" if the older JDK behavior (DH keysize of 768 bits) is desired. The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u241) on February 14, 2020.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u141) on August 18, 2017. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u151) on November 17, 2017. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u161) on February 16, 2018.
Java 16 updates
If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information. An algorithm or a key is weak if it matches the value of the jdk.certpath.disabledAlgorithms security property defined in the conf/security/java.security file. The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure cryptographic algorithm restrictions. Previously, the Policy files in the JDK placed limits on various algorithms.
- The previous behavior of this method can be re-enabled by setting the value of the jdk.crypto.KeyAgreement.legacyKDF system property to true (case insensitive).
- For example, the JDK may have historically assigned a name such as “eth0” for an Ethernet interface and “lo” for the loopback.
- In contrast, some implementations were created to offer some benefits over the standard implementation, often the result of some area of academic or corporate-sponsored research.
- This change extends the previous MD5-based certificate restriction ("jdk.certpath.disabledAlgorithms") to also include handshake messages in TLS version 1.2.
- This JRE (version 7u261) will expire with the release of the next critical patch update scheduled for July 14, 2020.
- In JDK 17 and older, the JDK would attempt to locate the charset, even though it was never supported or documented to change the value of this system property in these releases.
