The full version string for this update release is 1.7.0_131-b12 (where “b” means “build”). The full version string for this update release is 1.7.0_141-b11 (where “b” means “build”). Any TLS server certificate chain containing a SHA-1 certificate (end-entity or intermediate CA) and anchored by a root CA certificate included by default in Oracle’s JDK is now blocked by default. TLS Server certificate chains that are anchored by enterprise or private CAs are not affected. Third-party implementations of these APIs are directly responsible for enforcing their own restrictions. The full version string for this update release is 1.7.0_151-b15 (where “b” means “build”).
Please note that fixes from prior BPR (7u221 b35) are included in this version. This option allows control of which implementation of ECC is in use. This change removes obsolete NIST EC curves from the default Named Groups used during TLS negotiation.
Java 15 updates
The full version string for this update release is 1.7.0_121-b15 (where “b” means “build”). Support has been added for the SHA224withDSA and SHA256withDSA signature algorithms and for DSA keys with sizes up to 2048 bits. Previously, only DSA keys with sizes up to 1024 bits were supported.
Apache Harmony has since been retired, and Google has switched its Harmony components with equivalent ones from OpenJDK. Prior to the release of OpenJDK, while Sun’s implementation was still proprietary, the GNU Classpath project was created to provide https://remotemode.net/ a free and open-source implementation of the Java platform. Visual J++ and the Microsoft Java Virtual Machine were created as incompatible implementations. After the Sun v. Microsoft lawsuit, Microsoft abandoned it and began work on the .NET platform.
Release Notes for JDK 7 and JDK 7 Update Releases
Note that bug fixes are cumulative, that is, bug fixes in previous update versions are included in subsequent update versions. The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. At their own risk, applications can update this restriction in the security property (jdk.tls.legacyAlgorithms) if 3DES cipher suites are really preferred. If any algorithm or key used is considered weak, as specified in the Security property jdk.jar.disabledAlgorithms, it will be labeled with “(weak)”. The generateSecret(String) method has been mostly disabled in the javax.crypto.KeyAgreement services of the SunJCE and SunPKCS11 providers.
- The JDK for Linux on ARM is not covered by this security alert and therefore 7u6 remains as the latest JDK version available for Linux on ARM.
- A security property named jdk.sasl.disabledMechanisms has been added that can be used to disable SASL mechanisms.
- Version “5.0” is the product version, while “1.5.0” is the developer version.
- This will restore the previous behavior of this KeyAgreement service.
- This upgrade introduced an issue in which XML signatures using Base64 encoding appended
to the encoded output.
- When the system property, jdk.security.useLegacyECC, is explicitly set to “true” (the value is case-insensitive) the JDK uses the old, native implementation of ECC.
Since January 2018 (8u161, 7u171) unlimited Java Cryptography Extension (JCE) Jurisdiction Policy files have been bundled with the JDK and enabled by default (see JDK Cryptographic Roadmap). Please note that fixes from the previous BPR (7u281 b33) are included in this version. Oracle recommends that the JDK is updated with each Critical java 7 certifications Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family. Please note that fixes from the previous BPR are included in this version. Please note that fixes from the previous BPR (7u291 b32) are included in this version.