Java Update Available: что это такое и зачем нужно?
Каждому второму пользователю персональных компьютеров приходилась слышать слово “Java”. Это язык программирования и платформа для вычислений, без которой, на данный момент, не будут работать большинство программ, приложений и веб-сайтов. Чтобы пользователи получали обновления Java вовремя, разработчиками была создана специальная программа – Java Update Available, о которой и пойдет разговор в этой статье.
О программе
Java Update Available – утилита, которая уведомляет пользователя о возможности обновиться до последней версии Java. Программа находится в трее и периодически напоминает о своем существовании. Обновляться до новой версии можно, так как это поможет приложениям, которые используют упомянутую технологию, повысить производительность, стабильность и безопасность.
-
Нажмите дважды на значок в трее, затем нажмите Update.
Начнется закачка дистрибутива и установка необходимых компонентов.
Дождитесь окончания установки и нажмите “Close”.
Совет! Перед установкой новых версий удаляйте старые. В этом может помочь утилита удаления Java. В Яндекс.Браузере и Google Chrome она не работает, поэтому воспользуйтесь альтернативными браузерами.
Отключение
В параметрах программы вы можете отключить проверку обновления, а также поддержку Java.
Проверки обновлений
В поисковой строке Windows 10 введите “Java” и выберите “Chek For Updates”:
- В Java Control Panel перейдите на вкладку “Update”.
- Снимите галку с “Chek for Updates Automatically” и в всплывающем меню нажмите “Do Not Chek”.
Поддержки технологии в браузере
Чтобы отключить поддержку в браузере, зайдите в Control Panel:
- Откройте вкладку “Security”.
- Уберите галку с “Enable Java content in this browser” и нажмите “Apply”.
Совет! Ознакомьтесь со списком полезных утилит для пользователя Windows 10.
Удаление
Чтобы удалить программу из системы Windows 10:
- Зайдите в проводник и нажмите “Удалить или изменить программу”.
- Выберите нужное приложение и нажмите “Удалить”.
- Лучшие аналоги Word – платные, бесплатные и онлайн-платформы
- Автоматическое обновление драйверов. Самые удобные программы
- SAP – программа для бухгалтеров. Как работает?
Что такое java 8 update
The following sections summarize changes made in all Java SE 8u381 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
Changes in Java SE 8u381 b33
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-6176679 | client-libs | java.awt | Application freezes when copying an animated gif image to the system clipboard |
JDK-8286481 | client-libs | java.awt | Exception printed to stdout on Windows when storing transparent image in clipboard |
JDK-8314188 (not public) | install | install | [macOS] Installation complete confirmation message not displayed |
Changes in Java SE 8u381 b32
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8306899 (not public) | install | install | JRE 8u371 MSI unable to install side-by-side JREs |
JDK-8311244 (not public) | hotspot | gc | frequent crashes at g1CollectedHeap.cpp:5923 after updating to JDK8u371 |
Changes in Java SE 8u381 b31
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8284542 | jfx | accessibility | Missing attribute for toggle state of CheckBox in CheckBoxTreeItem |
JDK-8309557 (not public) | install | Update the JRE 8 Description in RPM packages |
Java™ SE Development Kit 8, Update 381 (JDK 8u381)
The full version string for this update release is 8u381-b09 (where «b» means «build»). The version number is 8u381.
IANA TZ Data 2023c
JDK 8u381 contains IANA time zone data 2023c which contains the following changes since the previous update.
- Egypt now uses DST again, from April through October.
- This year Morocco springs forward April 23, not April 30.
- Palestine delays the start of DST this year.
- Much of Greenland still uses DST from 2024 on.
- America/Yellowknife now links to America/Edmonton.
- tzselect can now use current time to help infer timezone.
- The code now defaults to C99 or later.
- Fix use of C23 attributes.
- This release’s code and data are identical to 2023a.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u381 are specified in the following table:
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u381) be used after the next critical patch update scheduled for October 17, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u381) on 2023-11-17. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
New Features
core-libs/java.lang
➜ Allow Additional Characters for GB18030-2022 Support (JDK-8301400)
The China National Standard body (CESI) has recently published GB18030-2022. This is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The purpose of this enhancement is to incorporate 35 code points ( U+9FCD — U+9FEF ) from Unicode 11.0 into Java SE 8 to allow implementations to comply with their Implementation Level 1 requirements.
core-libs/java.nio.charsets
➜ Support for GB18030-2022 (JDK-8307229)
The China National Standard body (CESI) has recently published GB18030-2022, which is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The Charset implementation for this new standard has now replaced the prior 2000 standard. However, this new standard has some incompatible changes from the prior implementation. For those who need to use the old mappings, a new system property, jdk.charset.GB18030 , is introduced. By setting its value to 2000 , the previous JDK releases’ mappings for the GB18030 Charset are used, which are based on the 2000 standard.
core-libs/java.lang
➜ Allow Additional Characters for GB18030-2022 (Level 2) Support (JDK-8305681)
The China National Standard body (CESI) has recently published GB18030-2022. This is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The purpose of this enhancement is to incorporate 108 code points from CJK Unified Ideographs Extension E block from Unicode 11.0 into Java SE 8 to allow implementations to comply with their Implementation Level 2 requirements.
security-libs/javax.crypto
➜ JDK Now Accepts RSA Keys in PKCS#1 Format (JDK-8023980)
RSA private and public keys in PKCS#1 format can now be accepted by JDK providers, such as the RSA KeyFactory.impl from the SunRsaSign provider. The RSA private or public key object should have the PKCS#1 format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA private key and public key.
Known Issues
➜ Problem Upgrading JDK on Windows if System User Is Using Shared Files (JDK-8310932 (not public))
Installing into the same, shared jdk-(family) directory is the default behavior for the JDK starting with the July 2023 CPU. It could lead to FilesInUse issues if JDK files are locked by the «System User». We recommend shutting down any apps using the JDK as the «System User» before upgrading.
➜ JVM Crashes with Internal Error (g1CollectedHeap.cpp:5923) after Upgrading to JDK 8u371 or JDK 8u381 (JDK-8311244 (not public))
There is the possibility of an application crash with the following error:
# Internal Error (g1CollectedHeap.cpp:5923), pid=xxxxx, tid=xxxxxx # guarantee(!dcqs.completed_buffers_exist_dirty()) failed: must be
This affects JDK 8u371 and JDK 8u381 runtimes using G1 GC on all supported platforms.
The failure is now corrected in the JDK 8u381 b32 Bundle Patch Release available via My Oracle Support.
➜ No Default Java after 8u371 32-bit Upgrade (JDK-8306784 (not public))
Upgrading from an 8u361 (or earlier) 32-bit JRE to an 8u371 (or later) 32-bit JRE when an 8u371 (or later) 64-bit JRE is already installed will cause the java.exe command to not be found. For example:
- Install 32-bit 8u361
- Install 64-bit 8u371 (or later)
- Install 32-bit 8u371 (or later)
java.exe will now not work from all places. It will only work directly from the bin directory.
java.exe will not work unless you specify the full path to the bin directory of your JRE.
There are 2 workarounds:
- Workaround 1: uninstall and reinstall the latest version of 64-bit 8u371 (or later)
- Workaround 2: specify the full path to java.exe in the \bin directory of the JRE, for example: C:\Program Files\Java\jre-1.8\bin\java.exe
Other Notes
hotspot/runtime
➜ Cgroup v2 Support and Improvements in 8u381 (JDK-8307634)
JDK 8u381 includes several enhancements and fixes to improve the cgroup v1 and v2 support for containers. The improvements include accurately detecting the resource limits of containers, correctly reporting the collected container metrics, printing additional container information, and improving application stability in containerized environments.
Some of the notable stability enhancements are:
JDK-8292083: Java applications may experience out-of-memory errors and run the risk of being killed by the OOM killer when running in a containerized environment where the container is configured with a higher memory limit than the available physical memory on the host system. JDK 8u381 addresses this stability issue. In the previous release, this situation can be avoided by using either -XX:-UseContainerSupport , or -XX:MaxRAM= , or by setting a memory limit for your container that is lower than the physical memory.
JDK-8286030: This release addresses an issue where Java applications may encounter a fatal error when the same /tmp directory is shared across multiple containers. In earlier releases, this crash can be avoided by mounting /tmp to different locations for different containers. Alternatively, the ‘-XX:-UsePerfData’ JVM option can be used to prevent JVMs running within different containers from writing performance data to the shared /tmp folder and thus avoid this issue.
install/install
➜ Starting in 8u371, the New RPM Package Obsoletes Older JDK 8 Packages and Disallows Downgrades (JDK-8307400)
Added an «Obsoletes» tag to JDK 8 RPM packages to allow automatic upgrades from older JDK 8 RPM packages.
- jdk-1.8 package obsoletes jdk1.8 package.
- jre-1.8 package obsoletes jre1.8 package.
- jdk-1.8-headful package obsoletes jdk1.8 package.
- jre-1.8-headful package obsoletes jre1.8 package.
No «Obsoletes» tag was added to the jdk-1.8-headless package to prevent upgrading from the full to headless JDK.
The changes allow automatic upgrades for JDK 8 RPM packages starting from the 8u151 update when jdk1.8 and jre1.8 package names were first introduced. Older JDK 8 updates will not be eligible for automatic upgrades to 8u381 and newer updates.
Due to the limitations of «Obsoletes» tag downgrades from 8u381 to older versions are not supported.
install/install
➜ Missing /usr/java/default Symlink on Linux Restored (JDK-8306690)
A regression where the /usr/java/default symlink is not created by RPM installers on Linux platforms has been fixed. Installers will create the /usr/java/default symlink if it doesn’t exist, targeting the /usr/java/latest symlink.
install/install
➜ Installation of JDK RPM Corrupts Alternatives (JDK-8308244)
The JDK RPM installer will remove incorrectly constructed entries of «java» and «javac» groups registered by older Oracle JDK RPM installers from the alternatives before registering new «java» and «javac» entries.
An incorrectly constructed entry of the «java» group contains commands that are supposed to belong to the «javac» group.
An incorrectly constructed entry of the «javac» group contains commands that are supposed to belong to the «java» group.
All incorrectly constructed entries belonging to Oracle JDK RPM packages will be removed from the alternatives to avoid corruption of the alternatives internal data.
The removal has a potential side effect for users who have installed multiple JDK versions that are not updated to the latest release. Commands from a removed «java» or «javac» group are now unavailable for system Java switch, which potentially changes the current system Java without a warning. For example, if there is an out-of-date JDK RPM from an 11+ release, say 11.0.17, with an incorrectly constructed single «java» group installed and 8u381 RPM with this patch is installed, it will remove an entry from the «java» group belonging to the 11.0.17 RPM and thus will switch the current system Java from 11.0.17 to 8u381. The side effect will only happen when you install a lower JDK family with the fix, such as 8u381, and there is an out-of-date JDK from a higher family, such as 11.0.17, installed on the system. In that case, 8u381 will replace the older 11.0.17 as the latest. The remedy for the user is to install the latest JDK 11.
security-libs/java.security
➜ Added TWCA Root CA Certificate (JDK-8305975)
The following root certificate has been added to the cacerts truststore:
+ TWCA + twcaglobalrootca DN: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
security-libs/java.security
➜ Added 4 GTS Root CA Certificates (JDK-8307134)
The following root certificates have been added to the cacerts truststore:
+ Google Trust Services LLC + gtsrootcar1 DN: CN=GTS Root R1, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootcar2 DN: CN=GTS Root R2, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootecccar3 DN: CN=GTS Root R3, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootecccar4 DN: CN=GTS Root R4, O=Google Trust Services LLC, C=US
security-libs/java.security
➜ Added Microsoft Corporation’s 2 TLS Root CA Certificates (JDK-8304760)
The following root certificates have been added to the cacerts truststore:
+ Microsoft Corporation + microsoftecc2017 DN: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US + Microsoft Corporation + microsoftrsa2017 DN: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
core-libs/java.lang
➜ System Property java.specification.maintenance.version Set to 5 (JDK-8303028)
This JDK implements Maintenance Release 5 of the Java SE 8 specification (JSR 337). This is indicated by the system property java.specification.maintenance.version having the value of «5» .
hotspot/runtime
➜ ASLR Support for CDS Archive (JDK-8294323 (not public))
Starting with the July 2023 CPU, on operating systems where ASLR (Address Space Layout Randomization) is enabled, the CDS archive will be placed at a random address picked by the operating system.
This change may have a minor performance impact: (a) Start-up time may increase because the JVM needs to patch pointers inside the CDS archive; (b) Memory usage may increase because the memory used by the CDS archive is no longer shareable across processes. We expect the impact to be small because such increases should be only a small fraction of the overall application usage.
In the unlikely event that you must disable ASLR for CDS, you can use the JVM flags -XX:+UnlockDiagnosticVMOptions -XX:ArchiveRelocationMode=0 . The usage of such flags is not recommended.
security-libs/java.security
➜ Throw Error If Default java.security File Fails to Load (JDK-8155246)
A behavioral change has been made when the default conf/security/java.security security configuration file fails to load. In such a scenario, the JDK will now throw an InternalError .
Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded.
security-libs/java.security
➜ New System Property to Control the Maximum Size of Signature Files (JDK-8300596 (not public))
A new system property, jdk.jar.maxSignatureFileSize , has been added to allow applications to control the maximum size of signature files in a signed JAR. The value of the system property is the desired size in bytes. The default value is 8000000 bytes.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u381 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8304636 | client-libs/java.awt | java/awt/Mouse/EnterExitEvents/DragWindowTest.java fails with Compilation Error on JDK 8u |
2 | JDK-8189604 | client-libs/java.awt | possible hang in sun.awt.shell.Win32ShellFolder2$KnownFolderDefinition:: |
3 | JDK-8159956 | client-libs/java.awt | EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins |
4 | JDK-8302151 | client-libs/javax.imageio | BMPImageReader throws an exception reading BMP images |
5 | JDK-8003399 | client-libs/javax.swing | JFileChooser gives wrong path to selected file when saving to Libraries folder on Windows 7 |
6 | JDK-8017487 | client-libs/javax.swing | filechooser in Windows-Libraries folder: columns are mixed up |
7 | JDK-8284756 | core-libs | [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem |
8 | JDK-8212528 | core-libs | Wrong cgroup subsystem being used for some CPU Container Metrics |
9 | JDK-8275735 | core-libs | [linux] Remove deprecated Metrics api (kernel memory limit) |
10 | JDK-8305681 | core-libs/java.lang | Allow additional characters for GB18030-2022 (Level 2) support |
11 | JDK-8241786 | core-libs/java.net | Improve heuristic to determine default network interface on macOS |
12 | JDK-8211382 | core-libs/java.nio.charsets | ISO2022JP and GB18030 NIO converter issues |
13 | JDK-8301119 | core-libs/java.nio.charsets | Support for GB18030-2022 |
14 | JDK-8172347 | core-libs/java.rmi | Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry |
15 | JDK-8212970 | core-libs/java.time | TZ database in «vanguard» format support |
16 | JDK-8305400 | core-libs/java.util:i18n | ISO 4217 Amendment 175 Update |
17 | JDK-8254001 | core-svc | [Metrics] Enhance parsing of cgroup interface files for version detection |
18 | JDK-8293540 | core-svc | [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts |
19 | JDK-8292541 | core-svc/java.lang.management | [Metrics] Reported memory limit may exceed physical machine memory |
20 | JDK-8301282 | docs/guides | JMX simple and delegation security samples don’t work because of missing access control entries |
21 | JDK-8293821 | docs/guides | JDK LTS backports for Doc Tasks for JEP C206/C208: Modernize Oracle JDK Linux RPMs and installers on Windows and macOS |
22 | JDK-8233023 | hotspot/compiler | assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory |
23 | JDK-8210389 | hotspot/compiler | C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc |
24 | JDK-8217230 | hotspot/compiler | assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() |
25 | JDK-8062258 | hotspot/compiler | compiler/debug/TraceIterativeGVN.java segfaults in trace_PhaseIterGVN |
26 | JDK-8281297 | hotspot/gc | TestStressG1Humongous fails with guarantee(is_range_uncommitted) |
27 | JDK-8167196 | hotspot/gc | WhiteBox methods should throw an exception if used with inappropriate collector. |
28 | JDK-8264593 | hotspot/runtime | debug.cpp utilities should be available in product builds. |
29 | JDK-8281274 | hotspot/runtime | deal with ActiveProcessorCount in os::Linux::print_container_info |
30 | JDK-8266490 | hotspot/runtime | Extend the OSContainer API to support the pids controller of cgroups |
31 | JDK-8273526 | hotspot/runtime | Extend the OSContainer API pids controller with pids.current |
32 | JDK-8231610 | hotspot/runtime | Relocate the CDS archive if it cannot be mapped to the requested address |
33 | JDK-8287741 | hotspot/runtime | Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete |
34 | JDK-8287107 | hotspot/runtime | CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller |
35 | JDK-8286030 | hotspot/runtime | Avoid JVM crash when containers share the same /tmp dir |
36 | JDK-8287011 | hotspot/runtime | Improve container information |
37 | JDK-8293472 | hotspot/runtime | Incorrect container resource limit detection if manual cgroup fs mounts present |
38 | JDK-8292083 | hotspot/runtime | Detected container memory limit may exceed physical machine memory |
39 | JDK-8272124 | hotspot/runtime | Cgroup v1 initialization causes NullPointerException when cgroup path contains colon |
40 | JDK-8281517 | install/install | Improve the error message shown when a user tries to install the aarch64 bundle on an intel mac |
41 | JDK-8284662 | javafx/accessibility | [Win][Accessibility][ListCell] Screen reader fails to read ListView/ComboBox item count if > 100 |
42 | JDK-8251862 | javafx/graphics | Wrong position of Popup windows at the intersection of 2 screens |
43 | JDK-8301009 | javafx/web | Update libxml2 to 2.10.3 |
44 | JDK-8306115 | javafx/web | Update libxml2 to 2.10.4 |
45 | JDK-8304441 | javafx/window-toolkit | [macos] Crash when putting invalid unicode char on clipboard |
46 | JDK-8296654 | javafx/window-toolkit | [macos] Crash when launching JavaFX app with JDK that targets SDK 13 |
47 | JDK-8292297 | security-libs/java.security | Fix up loading of override java.security properties file |
48 | JDK-8173181 | security-libs/java.security | Empty string alias in KeyStore throws StringIndexOutOfBoundsException for getEntry() |
49 | JDK-8293858 | security-libs/java.security | Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG |
50 | JDK-8294906 | security-libs/javax.crypto:pkcs11 | Memory leak in PKCS11 NSS TLS server |
51 | JDK-8274205 | security-libs/org.ietf.jgss:krb5 | Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC |
52 | JDK-8301269 | xml/jaxp | Update Commons BCEL to Version 6.7.0 |
Что такое java 8 update
The following sections summarize changes made in all Java SE 8u351 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
Changes in Java SE 8u351 b34
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8294307 | core-libs | java.util:i18n | ISO 4217 Amendment 173 Update |
JDK-8296239 | core-libs | java.util:i18n | ISO 4217 Amendment 174 Update |
JDK-8295173 | core-libs | java.time | (tz) Update Timezone Data to 2022e |
JDK-8296108 | core-libs | java.time | (tz) Update Timezone Data to 2022f |
Changes in Java SE 8u351 b33
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8278027 | security-libs | javax.crypto | X509Key.decode exception while using JSafeJCE FIPS provider |
Changes in Java SE 8u351 b32
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8224671 | hotspot | compiler | AArch64: mauve System.arraycopy test failure |
JDK-8292695 | hotspot | runtime | SIGQUIT and jcmd attaching mechanism does not work with signal chaining library |
JDK-8202014 | hotspot | runtime | Possible to receive signal before signal semaphore created |
Changes in Java SE 8u351 b31
Bug Fixes
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8291973 | install | install | Java RPMs Are Built with Older RPM and Thus Do Not Contain Some Necessary Hash |
JDK-8294357 | core-libs | java.time | (tz) Update Timezone Data to 2022d |
JDK-8293795 | javafx | accessibility | Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField |
Java™ SE Development Kit 8, Update 351 (JDK 8u351)
October 18, 2022
The full version string for this update release is 8u351-b10 (where «b» means «build»). The version number is 8u351.
IANA TZ Data 2022b, 2022c
- Chile’s DST is delayed by a week in September 2022.
- Iran no longer observes DST after 2022.
- Rename Europe/Kiev to Europe/Kyiv.
- New zic -R option
- Vanguard form now uses %z.
- Finish moving duplicate-since-1970 zones to ‘backzone’.
- New build option PACKRATLIST.
- New tailored_tarballs target, replacing rearguard_tarballs.
- Work around awk bug in FreeBSD, macOS, etc.
- Improve tzselect on intercontinental Zones.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u351 are specified in the following table:
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u351) be used after the next critical patch update scheduled for January 17, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u351) on 2023-02-17. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
New Features
security-libs/java.security
➜ Upgrade the Default PKCS12 MAC Algorithm (JDK-8267880)
The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A ‘java.security.NoSuchAlgorithmException’ exception will be thrown in such circumstances.
For compatibility, use the keystore.pkcs12.legacy system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
hotspot/runtime
➜ os::set_native_thread_name() cleanups (JDK-7102541)
On platforms that support the concept of a thread name on their native threads, the java.lang.Thread.setName() method will also set that native thread name. However, this will only occur when called by the current thread, and only for threads started through the java.lang.Thread class (not for native threads that have attached via JNI). The presence of a native thread name can be useful for debugging and monitoring purposes. Some platforms may limit the native thread name to a length much shorter than that used by the java.lang.Thread , which may result in some threads having the same native name.
Other Notes
install/install
➜ Enable Java Access Bridge Check Box Option in Control Panel Is Not Available with JDK 11 Installer (JDK-8208637)
The Java Access Bridge checkbox in the Windows Control Panel is not available in JDK11. This registration was part of the public JRE installation.
However, Java Access Bridge can still be enabled and disabled by following these steps:
- Copy %JAVAHOME%\bin\windowsaccessbridge-64.dll to %WINDOWSHOME%\SYSTEM32 . A reboot might be required after this step.
- Run %JAVAHOME%\bin\jabswitch /enable and %JAVAHOME%\bin\jabswitch /disable .
Note: %WINDOWSHOME% is the directory where Microsoft Windows is installed (for example, C:\WINDOWS ) %JAVAHOME% is the directory where your JDK is installed (for example, C:\Program Files\Java\jdk-11 )
security-libs/java.security
➜ Disabled SHA-1 Signed JARs (JDK-8269039)
JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.
To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
- Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.
This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of «SHA1» or «SHA-1» and «disabled» and a warning that the JAR will be treated as unsigned in the output.
- Signed by "CN="Signer"" Digest algorithm: SHA-1 (disabled) Signature algorithm: SHA1withRSA (disabled), 2048-bit key WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.
Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.
security-libs/org.ietf.jgss:krb5
➜ Deprecate 3DES and RC4 in Kerberos (JDK-8139348)
The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5 ) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes , default_tgs_enctypes , or permitted_enctypes settings.
core-libs/java.lang
➜ Phantom references are automatically cleared as soft and weak references (JDK-8071507)
This enhancement changes phantom references to be automatically cleared by the garbage collector as soft and weak references.
An object becomes phantom reachable after it has been finalized. This change may cause the phantom reachable objects to be GC'ed earlier - previously the referent is kept alive until PhantomReference objects are GC'ed or cleared by the application. This potential behavioral change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap.
core-libs/java.lang
➜ java.lang.ref.Reference.enqueue method clears the reference object before enqueuing (JDK-8175797)
java.lang.ref.Reference.enqueue method clears the reference object before it is added to the registered queue. When the enqueue method is called, the reference object is cleared and get() method will return null in JDK 9.
Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the clear method to avoid memory leak because its referent is no longer referenced. In other words the get method is expected not to be called in common cases once the enqueue method is called. In the case when the get method from an enqueued reference object and existing code attempts to access members of the referent, NullPointerException may be thrown. Such code will need to be updated.
core-libs/java.lang
➜ java.lang.ref.Reference Does Not Support Cloning (JDK-8201793)
java.lang.ref.Reference::clone method always throws CloneNotSupportedException . Reference objects cannot be meaningfully cloned. To create a new Reference object, call the constructor to create a Reference object with the same referent and reference queue instead.
core-libs/java.time
➜ Update Timezone Data to 2022c (JDK-8294042)
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone data. All time zone IDs remain the same but the merged time zones will point to a shared zone data.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b.
core-libs/java.lang
➜ System Property java.specification.maintenance.version Set to 4 (JDK-8290849)
This JDK implements Maintenance Release 4 of the Java SE 8 specification (JSR 337). Implementing this maintenance release is indicated by the new system property java.specification.maintenance.version having the value of "4" .
core-libs/java.net
➜ New System Property to Limit the Number of Open Connections to com.sun.net.httpserver.HttpServer (JDK-8286918 (not public))
A new system property named jdk.httpserver.maxConnections has been introduced to allow users to configure the com.sun.net.httpserver.HttpServer to limit the maximum number of open connections to the server at any given time. This system property takes an integer value and can be configured to be a positive integer. If the property is absent, set to 0, or a negative value, the server will not limit the number of open connections. By default, this system property is not set.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u351 release:
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8260616 | client-libs | Removing remaining JNF dependencies in the java.desktop module | |
2 | JDK-8270216 | client-libs | java.awt | [macOS] Update named used for Java run loop mode |
3 | JDK-8272602 | client-libs | java.awt | [macOS] not all KEY_PRESSED events sent when control modifier is used |
4 | JDK-8261352 | client-libs | javax.accessibility | Create implementation for component peer for all the components who should be ignored in a11y interactions |
5 | JDK-8263420 | client-libs | javax.accessibility | Incorrect function name in NSAccessibilityStaticText native peer implementation |
6 | JDK-8261198 | client-libs | javax.accessibility | [macOS] Incorrect JNI parameters in number conversion in A11Y code |
7 | JDK-8262981 | client-libs | javax.accessibility | Create implementation for NSAccessibilitySlider protocol |
8 | JDK-8287740 | client-libs | javax.accessibility | NSAccessibilityShowMenuAction not working for text editors |
9 | JDK-8275071 | client-libs | javax.accessibility | [macos] A11y cursor gets stuck when combobox is closed |
10 | JDK-8274383 | client-libs | javax.accessibility | JNI call of getAccessibleSelection on a wrong thread |
11 | JDK-8267387 | client-libs | javax.accessibility | Create implementation for NSAccessibilityOutline protocol |
12 | JDK-8267388 | client-libs | javax.accessibility | Create implementation for NSAccessibilityTable protocol |
13 | JDK-8262031 | client-libs | javax.accessibility | Create implementation for NSAccessibilityNavigableStaticText protocol |
14 | JDK-8275809 | client-libs | javax.accessibility | crash in [CommonComponentAccessibility getCAccessible:withEnv:] |
15 | JDK-8273678 | client-libs | javax.accessibility | TableAccessibility and TableRowAccessibility miss autorelease |
16 | JDK-8271071 | client-libs | javax.accessibility | accessibility of a table on macOS lacks cell navigation |
17 | JDK-8267066 | client-libs | javax.accessibility | New NSAccessibility peers should return they roles and subroles directly |
18 | JDK-8275720 | client-libs | javax.accessibility | CommonComponentAccessibility.createWithParent isWrapped causes mem leak |
19 | JDK-8267385 | client-libs | javax.accessibility | Create NSAccessibilityElement implementation for JavaComponentAccessibility |
20 | JDK-8275819 | client-libs | javax.accessibility | [TableRowAccessibility accessibilityChildren] method is ineffective |
21 | JDK-8284690 | client-libs | javax.accessibility | [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox |
22 | JDK-8286266 | client-libs | javax.accessibility | [macos] Voice over moving JTable column to be the first column JVM crashes |
23 | JDK-8284014 | client-libs | javax.accessibility | Menu items with submenus in JPopupMenu are not spoken on macOS |
24 | JDK-8283383 | client-libs | javax.accessibility | [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name |
25 | JDK-8278609 | client-libs | javax.accessibility | [macos] accessibility frame is misplaced on a secondary monitor on macOS |
26 | JDK-8274735 | client-libs | javax.imageio | javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image |
27 | JDK-8256109 | client-libs | javax.swing | Create implementation for NSAccessibilityButton protocol |
28 | JDK-8256108 | client-libs | javax.swing | Create implementation for NSAccessibilityElement protocol peer |
29 | JDK-8256126 | client-libs | javax.swing | Create implementation for NSAccessibilityImage protocol peer |
30 | JDK-8256110 | client-libs | javax.swing | Create implementation for NSAccessibilityStepper protocol |
31 | JDK-8256111 | client-libs | javax.swing | Create implementation for NSAccessibilityStaticText protocol |
32 | JDK-8261350 | client-libs | javax.swing | Create implementation for NSAccessibilityCheckBox protocol peer |
33 | JDK-8261351 | client-libs | javax.swing | Create implementation for NSAccessibilityRadioButton protocol |
34 | JDK-8264299 | client-libs | javax.swing | Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles |
35 | JDK-8264300 | client-libs | javax.swing | Create implementation for NSAccessibilityScrollBar protocol peer |
36 | JDK-8264290 | client-libs | javax.swing | Create implementation for NSAccessibilityComponentGroup protocol peer |
37 | JDK-8264304 | client-libs | javax.swing | Create implementation for NSAccessibilityToolbar protocol peer |
38 | JDK-8264302 | client-libs | javax.swing | Create implementation for Accessibility native peer for Splitpane java role |
39 | JDK-8264305 | client-libs | javax.swing | Create implementation for native accessibility peer for Statusbar java role |
40 | JDK-8264287 | client-libs | javax.swing | Create implementation for NSAccessibilityComboBox protocol peer |
41 | JDK-8264303 | client-libs | javax.swing | Create implementation for NSAccessibilityTabGroup protocol peer |
42 | JDK-8264297 | client-libs | javax.swing | Create implementation for NSAccessibilityProgressIndicator protocol peer |
43 | JDK-8264294 | client-libs | javax.swing | Create implementation for NSAccessibilityMenuBar protocol peer |
44 | JDK-8264298 | client-libs | javax.swing | Create implementation for NSAccessibilityRow protocol peer |
45 | JDK-8264286 | client-libs | javax.swing | Create implementation for NSAccessibilityColumn protocol peer |
46 | JDK-8264291 | client-libs | javax.swing | Create implementation for NSAccessibilityCell protocol peer |
47 | JDK-8264292 | client-libs | javax.swing | Create implementation for NSAccessibilityList protocol peer |
48 | JDK-8264293 | client-libs | javax.swing | Create implementation for NSAccessibilityMenu protocol peer |
49 | JDK-8264295 | client-libs | javax.swing | Create implementation for NSAccessibilityMenuItem protocol peer |
50 | JDK-8264296 | client-libs | javax.swing | Create implementation for NSAccessibilityPopUpButton protocol peer |
51 | JDK-8257620 | core-libs | Do not use objc_msgSend_stret to get macOS version | |
52 | JDK-8071507 | core-libs | java.lang | (ref) Clear phantom reference as soft and weak references do |
53 | JDK-8287132 | core-libs | java.lang | Retire Runtime.runFinalizersOnExit so that it always throws UOE |
54 | JDK-8178832 | core-libs | java.lang | (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored |
55 | JDK-8175797 | core-libs | java.lang | (ref) Reference::enqueue method should clear the reference object before enqueuing |
56 | JDK-8193780 | core-libs | java.lang | (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property |
57 | JDK-8285497 | core-libs | java.lang | Add system property for Java SE specification maintenance version |
58 | JDK-8201793 | core-libs | java.lang | (ref) Reference object should not support cloning |
59 | JDK-8287917 | core-libs | java.lang:class_loading | System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier |
60 | JDK-8288769 | core-libs | java.util.jar | Revert unintentional change to deflate.c |
61 | JDK-8283277 | core-libs | java.util:i18n | ISO 4217 Amendment 171 Update |
62 | JDK-8289549 | core-libs | java.util:i18n | ISO 4217 Amendment 172 Update |
63 | JDK-8277368 | core-libs | javax.script | Metaspace OOM thrown due to the leak of Nashorn ScriptEngine |
64 | JDK-6447817 | docs | Add additional Service Attributes to Standard Algorithm Names guide | |
65 | JDK-8291414 | docs | guides | Fix the incorrect wording about delayed provider selection in the PKCS11 documentation |
66 | JDK-8261071 | hotspot | compiler | AArch64: Refactor interpreter native wrappers |
67 | JDK-8234930 | hotspot | compiler | Use MAP_JIT when allocating pages for code cache on macOS |
68 | JDK-8253015 | hotspot | compiler | Aarch64: Move linux code out from generic CPU feature detection |
69 | JDK-8188066 | hotspot | gc | (ref) Examine the reachability of JNI WeakGlobalRef and interaction with phantom refs |
70 | JDK-8143847 | hotspot | gc | Remove REF_CLEANER reference category |
71 | JDK-8285621 | hotspot | jfr | Xcheck:jni warnings during JFR initialization |
72 | JDK-6885993 | hotspot | runtime | Named Thread: introduce print() and print_on(outputStream* st) methods |
73 | JDK-7102541 | hotspot | runtime | RFE: os::set_native_thread_name() cleanups |
74 | JDK-8261075 | hotspot | runtime | Create stubRoutines.inline.hpp with SafeFetch implementation |
75 | JDK-8151322 | hotspot | runtime | Implement os::set_native_thread_name() on Solaris |
76 | JDK-8061999 | hotspot | runtime | Enhance VM option parsing to allow options to be specified in a file |
77 | JDK-8078521 | hotspot | svc | AARCH64: Add AArch64 SA support |
78 | JDK-8289587 | javafx | web | IllegalArgumentException: Color.rgb's red parameter (-16776961) expects color values 0-255 |
79 | JDK-8088420 | javafx | web | JavaFX WebView memory leak via EventListener |
80 | JDK-8285881 | javafx | web | Update WebKit to 614.1 |
81 | JDK-8292609 | javafx | web | Cherry-pick WebKit 614.1 stabilization fixes |
82 | JDK-8268427 | security-libs | java.security | Improve AlgorithmConstraints:checkAlgorithm performance |
83 | JDK-8186143 | security-libs | java.security | keytool -ext option doesn't accept wildcards for DNS subject alternative names |
84 | JDK-8267880 | security-libs | java.security | Upgrade the default PKCS12 MAC algorithm |
85 | JDK-8263404 | security-libs | java.security | RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec |
86 | JDK-8269039 | security-libs | java.security | Disable SHA-1 Signed JARs |
87 | JDK-8275887 | security-libs | java.security | jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled |
88 | JDK-8270317 | security-libs | javax.net.ssl | Large Allocation in CipherSuite |
89 | JDK-8284694 | security-libs | javax.net.ssl | Avoid evaluating SSLAlgorithmConstraints twice |
90 | JDK-8286211 | security-libs | javax.smartcardio | Update PCSC-Lite for Suse Linux to 1.9.5 |
91 | JDK-8285398 | security-libs | jdk.security | Cache the results of constraint checks |
92 | JDK-8074835 | security-libs | org.ietf.jgss | Resolve disabled warnings for libj2gss |
93 | JDK-8074836 | security-libs | org.ietf.jgss:krb5 | Resolve disabled warnings for libosxkrb5 |
94 | JDK-8139348 | security-libs | org.ietf.jgss:krb5 | Deprecate 3DES and RC4 in Kerberos |
95 | JDK-8289486 | xml | jaxp | Improve XSLT XPath operators count efficiency |
Software Installation Guide
Back to list
Software Name | Java 8 Update 341 (8.0.3410.10) (JRE) |
Version | 8.0.3410.10 |
Platform | Windows |
Vendor | Java |
Architecture | 32-bit |
Download Path | AutoDL |
Silent Installation Switch | jre-8u341-windows_i586.exe /s REBOOT=Suppress AUTO_UPDATE=0 |
Silent Uninstallation Switch | -- |
Disclaimer: This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.