Java.com

Download Help

Printable Version

Java 8 Release Highlights


This article applies to:
  • Java version(s): 8.0

This page highlights changes impacting end users for each Java release. More information about changes can be found in the release notes for each release.
» Java release dates


Java 8 Update 60 (8u60)

Release Highlights
  • IANA Data 2015e
    JDK 8u60 contains IANA time zone data version 2015e. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: dns_lookup_realm should be false by default
    The dns_lookup_realm setting in Kerberos' krb5.conf file is by default false. See 8080637.
  • Bug Fix: Disable RC4 cipher suites
    RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. You can also use the -Djava.security.properties command line option to override the jdk.tls.disabledAlgorithms security property. For example:
    java -Djava.security.properties=my.java.security ...
    where my.java.security is a file containing the property without RC4:
    jdk.tls.disabledAlgorithms=SSLv3
    Even with this option set from commandline, the RC4 based ciphersuites need to be re-added to the enabled ciphersuite list by using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods. See 8076221.
  • Bug Fix: Support keystore type detection for JKS and PKCS12 keystores
    Keystore Compatibility Mode: To aid interoperability, the Java keystore type JKS now supports keystore compatibility mode by default. This mode enables JKS keystores to access both JKS and PKCS12 file formats. To disable keystore compatibility mode set the Security property keystore.type.compat to the string value false. See 8062552.
  • Bug Fix: Deprecate Unsafe monitor methods in JDK 8u release
    The methods monitorEnter, monitorExit and tryMonitorEnter on sun.misc.Unsafe are marked as deprecated in JDK 8u60 and will be removed in a future release. These methods are not used within the JDK itself and are very rarely used outside of the JDK. See 8069302.
  • Bug Fix: Extract JFR recording from the core file using SA
    DumpJFR is a Serviceability Agent based tool that can be used to extract Java Flight Recorder(JFR) data from the core files and live Hotspot processes. DumpJFR can be used in one of the following methods:
    • Attach DumpJFR to a live process:

      java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <pid>

    • Attach DumpJFR to a core file:

      java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <java> <core>

    DumpJFR tool dumps the JFR data to a file called recording.jfr in the current working folder. See 8065301 (not public).
  • Bug Fix: Local variables named 'enum' lead to spurious compiler crashes
    The javac parser is incorrectly parsing local variables with name 'enum'; this results in spurious failures when a program containing such local variables is compiled with a 'source' flag corresponding to a release in which the enum construct is not available (such as '-source 1.4'). See 8069181.
Java Development Kit for ARM Release 8u60

This release includes Java Development Kit for ARM Release 8u60 (JDK 8u60 for ARM). For ARM device support information, see JDK for ARM Downloads page. For system requirements, installation instructions and troubleshooting tips, see Installation Instructions page.

Limitation: Native Memory Tracking support is limited in JDK for ARM. The java command line option XX:NativeMemoryTracking=detail is not supported for ARM targets (an error message is displayed to user). Instead, use the following option:
XX:NativeMemoryTracking=summary

Documentation Updates due to Nashorn Enhancements
JDK 8u60 includes new enhancements to Nashorn. As a result the following documentation changes should be read in conjunction with the current Nashorn documentation:
  • Addition: In the previous section, we mentioned that every JavaScript object when exposed to Java APIs implements the java.util.Map interface. This is true even for JavaScript arrays. However, this behavior is often not desired or expected when the Java code expects JSON-parsed objects. Java libraries that manipulate JSON-parsed objects usually expect arrays to expose the java.util.List interface instead. If you need to expose your JavaScript objects so that arrays are exposed as lists and not maps, you can use the Java.asJSONCompatible(obj) function, where obj is the root of your JSON object tree.
  • Correction: The caution mentioned at the end of Mapping Data Types section, is no longer applicable. Nashorn ensures that internal JavaScript strings are converted to java.lang.String when exposed externally.
  • Correction: The statement in the section Mapping Data Types, that mentions "For example, arrays must be explicitly converted,..." is not correct. Arrays are automatically converted to Java array types, such as java.util.List, java.util.Collection, java.util.Queue and java.util.Deque and so on.
Changes in Deployment Rule Set v1.2
JDK 8u60 implements Deployment Rule Set (DRS) 1.2, which includes the following changes:
  • Add "checksum" element as sub element of "id" which can allow unsigned jars to be identified by the SHA-256 checksum of the uncompressed form of a jar:
    • The "checksum" element will match only unsigned jars, and the given hash will be compared only against the uncompressed form of the jar.
    • The "checksum" element (similar to "certificate" element) has two arguments "hash" and "algorithm", however, unlike "certificate" element, the only supported value for "algorithm" is "SHA-256". Any other value provided will be ignored.
  • Allow "message" element to apply to all rule types, where previously it only applied to a block rule:
    • In a run rule, a message sub element will cause a message dialog to be displayed where without a run rule, the default behavior would be to show certificate or unsigned dialog. The message will be displayed in the message dialog.
    • In a default rule, the message will only be displayed if the default action is to block. In such a case the message will be included in the block dialog.
  • Echo "customer" blocks in the Java Console, trace files, and Java Usage Tracker records.
    • Previous to DRS 1.2, "customer" elements could be included (with any sub-elements) in the ruleset.xml file. This element and all its sub elements are ignored. In DRS 1.2, the elements are still functionally ignored. However:
      • When parsing the ruleset.xml file, all "customer" blocks will be echoed to the Java Console and deployment trace file (if Console and Tracing are enabled).
      • When using a rule, all "customer" records included within that rule will be added to the Java Usage Tracker (JUT) record (if JUT is enabled).
As a result of the above changes, the DTD for DRS 1.2 is as follows:
<!ELEMENT ruleset (rule*)>
<!ATTRIBUTE ruleset href CDATA #IMPLIED>
<!ATTRIBUTE ruleset version CDATA #REQUIRED>

<!ELEMENT rule (id, action)>

<!ELEMENT id (certificate?) (checksum?) >
<!ATTRIBUTE id title CDATA #IMPLIED>
<!ATTRIBUTE id location CDATA #IMPLIED>

<!ELEMENT certificate EMPTY>
<!ATTLIST certificate algorithm CDATA #IMPLIED>
<!ATTLIST certificate hash CDATA #REQUIRED>

<!ELEMENT checksum EMPTY>
<!ATTLIST checksum algorithm CDATA #IMPLIED>
<!ATTLIST checksum hash CDATA #REQUIRED>
 
<!ELEMENT action (message?)>
<!ATTRIBUTE permission (run | block | default) #REQUIRED>
<!ATTRIBUTE version CDATA #IMPLIED>
<!ATTRIBUTE force (true|false) "false">

<!ELEMENT message (#PCDATA)>
<!ATTLIST message locale CDATA #IMPLIED>

Java Expiration Date

The expiration date for 8u60 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u60) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

For a list of bug fixes included in this release, see JDK 8u60 Bug Fixes page.

» 8u60 Release notes


Java 8 Update 51 (8u51)

Release Highlights
  • IANA Data 2015d
    JDK 8u51 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Add new Comodo roots to root CAs
    Four new root certificates have been added for Commodo:
    1. COMODO ECC Certification Authority
      alias: comodoeccca
      DN: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    2. COMODO RSA Certification Authority
      alias: comodorsaca
      DN: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    3. USERTrust ECC Certification Authority
      alias: usertrusteccca
      DN: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    4. USERTrust RSA Certification Authority
      alias: usertrustrsaca
      DN: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    See JDK-8077997 (not public).
  • Bug Fix: Add new GlobalSign roots to root CAs
    Two root certificates have been added for GlobalSign:
    1. GlobalSign ECC Root CA - R4
      alias: globalsigneccrootcar4
      DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
    2. GlobalSign ECC Root CA - R5
      alias: globalsigneccrootcar5
      DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
    See JDK-8077995 (not public).
  • Bug Fix: Add Actalis to root CAs
    Added one new root certificate:
    Actalis Authentication Root CA
    alias: actalisauthenticationrootca
    DN: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT

    See JDK-8077903 (not public).
  • Bug Fix: Add new Entrust ECC root
    Added one new root certificate:
    Entrust Root Certification Authority - EC1
    alias: entrustrootcaec1
    DN: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

    See JDK-8073286 (not public).
  • Bug Fix: Remove old Valicert Class 1 and 2 Policy roots
    Removed two root certificates with 1024-bit keys:
    1. ValiCert Class 1 Policy Validation Authority
      alias: secomvalicertclass1ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    2. ValiCert Class 2 Policy Validation Authority
      alias: valicertclass2ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    See JDK-8077886 (not public).
  • Bug Fix: Remove old Thawte roots
    Removed two root certificates with 1024-bit keys:
    1. Thawte Server CA
      alias: thawteserverca
      DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    2. Thawte Personal Freemail CA
      alias: thawtepersonalfreemailca
      DN: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
    See JDK-8074423 (not public).
  • Bug Fix: Remove more old Verisign, Equifax, and Thawte roots
    Removed five root certificates with 1024-bit keys:
    1. Verisign Class 3 Public Primary Certification Authority - G2
      alias: verisignclass3g2ca
      DN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
    2. Thawte Premium Server CA
      alias: thawtepremiumserverca
      DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    3. Equifax Secure Certificate Authority
      alias: equifaxsecureca
      DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
    4. Equifax Secure eBusiness CA-1
      alias: equifaxsecureebusinessca1
      DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
    5. Equifax Secure Global eBusiness CA-1,
      alias: equifaxsecureglobalebusinessca1
      DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
    See JDK-8076202 (not public).
  • Bug Fix: Remove TrustCenter CA roots from cacerts
    Removed three root certificates:
    1. TC TrustCenter Universal CA I
      alias: trustcenteruniversalcai
      DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
    2. TC TrustCenter Class 2 CA II
      alias: trustcenterclass2caii
      DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
    3. TC TrustCenter Class 4 CA II
      alias: trustcenterclass4caii
      DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
    See JDK-8072958 (not public).
  • Bug Fix: Deprecate RC4 in SunJSSE provider
    RC4 is now considered as a weak cipher. Servers should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list. See JDK-8074006 (not public).
  • Bug Fix: Prohibit RC4 cipher suites
    RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public).
  • Bug Fix: Improved certification checking
    With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK. If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks. See JDK-8067695 (not public).
Java Expiration Date

The expiration date for 8u51 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u51 Bug Fixes page.

» 8u51 Release notes


Java 8 Update 45 (8u45)

Release Highlights
  • IANA Data 2015a
    JDK 8u45 contains IANA time zone data version 2015a. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Improve jar file handling. Starting with JDK 8u45 release, the jar tool no longer allows the leading slash "/" and ".." (dot-dot) path component in zip entry file name when creating new and/or extracting from zip and jar file. If needed, the new command line option "-P" should be used explicitly to preserve the dot-dot and/or absolute path component. See 8064601 (not public).
  • Bug Fix: jnlp app with nested "resource" section fails with NPE on load in jre8u40. A jnlp application, with nested tags within a or tag, can throw a NPE. The issue is now fixed. The tag should be used only if the is actually used. See 8072631 (not public).
Java Expiration Date

The expiration date for 8u45 is July 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u45) on August 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u45 Bug Fixes page.

» 8u45 Release notes


Java 8 Update 40 (8u40)

Release Highlights
  • IANA Data 2014j
    JDK 8u40 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Default and static interface methods in JDI, JDWP and JDB. Since JDK 8 it is possible to have directly executable static and default methods in interfaces. These methods are not executable via JDWP or JDI and therefore can not be properly debugged. See JDK 8 Compatibility Guide for more details. See 8042123.
  • Bug Fix: Java Access Bridge can be enabled from Control panel for 32 bit jres. Previously the "Enable Java Access Bridge" check box got removed from the Java Control Panel with 64 bit jre uninstall even when 32 bit JRE was still present on the system. Starting with JDK 8u40 release, the "Enable Java Access Bridge" checkbox is retained, at Control Panel -> Ease of Access -> Ease of Access Center -> Use the computer without a display, if a 32 bit jre is present. So, a user can enable Java Access bridge via control panel for See 8030124.
  • Bug Fix: Modernizing the JavaFX Media Stack on Mac OS X. An AVFoundation based player platform is added to JavaFX media. The old QTKit based platform is now removable for Mac App Store compatibility. See 8043697 (not public)
  • Bug Fix: Missing DOM APIs. In JDK 8u40 release, the old plugin DOM APIs were inadvertently removed. If an applet requires the use of com.sun.java.browser.dom.DOMService to communicate with the browser, then users may need to update their applet to use netscape.javascript.JSObject or continue using JDK 8 Update 31. This issue has been resolved in build 26 and new 8u40 installers have been posted. If you are experiencing this problem please download and run the updated JDK 8u40 installers. See 8074564.
  • Bug Fix: Mac 10.10: Application run with splash screen has focus issues. Applications started through webstart or standalone applications, which use splash screen, cannot get keyboard focus. Workaround: Launch javaws using the -Xnosplash option. This issue has been resolved in build 27 and a new 8u40 installer has been posted. If you are experiencing this problem, download and run the updated JDK 8u40 installer. See 8074668.
  • Java Packager Tool Enhancements
    JDK 8u40 release contains the following enhancements to the Java Packager:
  • Deprecated APIs
    The endorsed-standards override mechanism and the extension mechanism are deprecated and may be removed in a future release. There are no runtime changes. Existing applications using the 'endorsed-standards override' or 'extension' mechanisms are recommended to migrate away from using these mechanisms. To help identify any existing uses of these mechanisms, the -XX:+CheckEndorsedAndExtDirs command-line option is available. It will fail if any of the following conditions is true:
    • -Djava.endorsed.dirs or -Djava.ext.dirs system property is set to alter the default location; or
    • ${java.home}/lib/endorsed directory exists; or
    • ${java.home}/lib/ext contains any JAR files excluding the ones that JDK ships or
    • any platform-specific system-wide extension directory contains any JAR files.
    The -XX:+CheckEndorsedAndExtDirs command-line option is supported in JDK 8u40 and later releases.
  • JJS Tool Page Differences
    The Japanese version of the jjs help page is different from the English version. Some of the unsupported options have been removed from the English version of the jjs tool page. The Japanese version of document will be updated in future. See 8062100 (not public). For other jjs tool page changes, see Tools Enhancements in JDK 8.
  • Change in default values for G1HeapWastePercent and G1MixedGCLiveThresholdPercent
    The default value for G1HeapWastePercent was changed from 10 to 5 to reduce the need for full GCs. For the same reason the default value for G1MixedGCLiveThresholdPercent was changed from 65 to 85.
  • New Java class-access Filtering Interface
    The jdk.nashorn.api.scripting.ClassFilter interface enables you to restrict access to specified Java classes from scripts run by a Nashorn script engine. See Restricting Script Access to Specified Java Classes in the Nashorn User's Guide and 8043717 (not public) for more information.
  • Issues with Third party's JCE providers
    The fix for JDK-8023069 (in JDK 8u20) updated both the SunJSSE and and SunJCE providers, including some internal interfaces. Some third party JCE providers (such as RSA JSAFE) are using some sun.* internal interfaces, and therefore will not work with the updated SunJSSE provider. Such providers will need to be updated in order for them to work with the updated SunJSSE provider. If you have been impacted by this issue, please contact your JCE vendor for an update. See 8058731.
  • Re-enabled encryptions in Solaris Crypto Framework
    If you are using Solaris 10, a change was made to re-enable operations with MD5, SHA1, and SHA2 through the Solaris Crypto Framework. If you experience a CloneNotSupportedException or PKCS11 error CKR_SAVED_STATE_INVALID message with JDK 8u40, you should verify and apply the below patches or newer version of them:
    • 150531-02 on sparc
    • 150636-01 on x86
  • Troubleshooting Guide Updates for NMT
    The Native Memory Tracking (NMT) is a Java Hotspot VM feature that tracks internal memory usage for a HotSpot JVM. Native Memory Tracking can be used to monitor VM internal memory allocations and diagnose VM memory leaks. VM enhancements page is updated with NMT features. See Java Virtual Machine Enhancements in Java SE 8. Troubleshooting Guide is updated with NMT features. See Native Memory Tracking.
  • Multiple JRE Launcher feature deprecated
    The Launch-Time JRE Version Selection or the Multiple JRE Launcher feature is deprecated in JDK 8u40. Applications that require specific Java versions deployed using this feature must switch to alternate deployment solutions such as Java WebStart.
  • JavaFX Enhancements
    Starting with JDK 8u40 release, JavaFX controls are enhanced to support assistive technologies, meaning that JavaFX controls are now accessible. In addition, a public API is provided to allow developers to write their own accessible controls. Accessibility support is provided on Windows and Mac OS X platforms and includes:
    • Support for reading JavaFX controls by a screen reader
    • JavaFX controls are traversable using the keyboard
    • Support for a special high-contrast mode that makes controls more visible to users.
    See 8043344 (not public).

    JDK 8u40 release includes new JavaFX UI controls; a spinner control, formatted-text support, and a standard set of alert dialogs. See 8043350 (not public).
Commercial Features
  • Application Class Data Sharing (AppCDS)
    Application Class Data Sharing (AppCDS) extends CDS to enable you to place classes from the standard extensions directories and the application class path in the shared archive. This is a commercial feature and is no longer considered experimental (contrary to what is specified in the java tool documentation). See the -XX:+UseAppCDS option in the java launcher tool page.
  • Cooperative Memory Management
    Starting with JDK 8u40, the notion of "memory pressure" has been added to the JDK. Memory pressure is a property that represents the total memory usage (RAM) on the system. The higher the memory pressure, the closer the system is to running out of memory. As a reaction to increased memory pressure, the JDK will try to reduce its memory usage. This is mainly done by reducing the Java heap size. The actions the JDK will take to reduce memory usage may lead to reduced performance. This is an intentional choice. The pressure level is provided by the application through a JMX MXBean using a scale from 0 (no pressure) to 10 (almost out of memory). To enable this feature, the jdk.management.cmm.SystemResourcePressureMXBean should be registered. The memory pressure is then set using the "MemoryPressure" attribute.
    A new command line flag -XX:MemoryRestriction that takes one of the arguments 'none', 'low', 'medium', or 'high', is also available. This flag will set the initial pressure in the JDK and will work also in cases where the MXBean is not registered. Cooperative Memory Management requires the G1 GC (-XX:+UseG1GC). This feature is not compatible with the flag -XX:+ExplicitGCInvokesConcurrent.
  • New commercial flags
    Two new VM options are now available for commercial license holders:
    • -XX:+ResourceManagement
    • -XX:ResourceManagementSampleInterval=value (milliseconds)
    For more information, see Java Launcher documentation.
  • New MSI Installer Documentation:
    The Microsoft Windows Installer (MSI) Enterprise JRE Installer Guide is available. The MSI Enterprise JRE Installer requires a commercial license for use in production. Learn more about commercial features and how to enable them.
Java Expiration Date

The expiration date for 8u40 is April 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u40) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

For a list of bug fixes included in this release, see JDK 8u40 Bug Fixes page.

» 8u40 Release notes


Java 8 Update 31 (8u31)

Release Highlights
  • IANA Data 2014j
    JDK 8u31 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
  • SSLv3 is disabled by default
    Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not normally available. Please see the jdk.tls.disabledAlgorithms property in \lib\security\java.security file. If SSLv3 is absolutely required, the protocol can be reactivated by removing 'SSLv3' from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this security property before JSSE is initialized.
  • Changes to Java Control Panel
    Starting with JDK 8u31 release, SSLv3 protocol is removed from Java Control Panel Advanced options. If the user needs to use SSLv3 for applications, re-enable it manually as follows:
    • Enable SSLv3 protocol on JRE level: as described in the previous section.
    • Enable SSLv3 protocol on deploy level: edit the deployment.properties file and add the following:

      deployment.security.SSLv3=true
Java Expiration Date

The expiration date for 8u31 is April 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u31) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u31 Bug Fixes page.

» 8u31 Release notes


Java 8 Update 25 (8u25)

Release Highlights
  • IANA Data 2014c
    JDK 8u25 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Decrease the preference mode of RC4 in the enabled cipher suite list
    This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider. See 8043200 (not public).
  • Bug Fix: JRE 8u20 crashes while using Japanese IM on Windows
    The VM crashes while using Swing controls when some Japanese or Chinese characters are input on Windows platform. The issue is now fixed. See 8058858 (not public).
Instructions to disable SSL v3.0 in Oracle JDK and JRE

Oracle recommends that users and developers disable use of the SSLv3 protocol.
» How can Java users confirm they are not affected by the SSL V3.0 'Poodle' vulnerability?

Java Expiration Date

The expiration date for 8u25 is January 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u25) on February 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u25 Bug Fixes page.

» 8u25 Release notes


Java 8 Update 20 (8u20)

Release Highlights
  • New flags added to Java Management API
    The flags MinHeapFreeRatio and MaxHeapFreeRatio have been made manageable. This means they can be changed at runtime using the management API in Java. Support for these flags have also been added to the ParallelGC as part of the adaptive size policy.
  • Java Installer Changes
    • A new Microsoft Windows Installer (MSI) Enterprise JRE Installer which enables user to install the JRE across the enterprise, is available. See Downloading the Installer section in JRE Installation for Microsoft Windows for more information. The MSI Enterprise JRE Installer is only available as part of Java SE Advanced or Java SE Suite. For information about these commercial products, see Java SE Advanced and Java SE Suite.
    • The Java Uninstall Tool is integrated with the installer to provide an option to remove older versions of Java from the system. The change is applicable to 32 bit and 64 bit Windows platforms. See Uninstalling the JRE.
  • Java Control Panel Changes
    • The Update tab in the Java Control Panel now enables the users to automatically update 64-bit JREs (in addition to 32-bit versions) that are installed on their system.
    • The Medium security level has been removed. Now only High and Very High levels are available. Applets that do not conform with the latest security practices can still be authorized to run by including the sites that host them to the Exception Site List. The exception site list provides users with the option of allowing the same applets that would have been allowed by selecting the Medium option but on a site-by-site basis therefore minimizing the risk of the using more permissive settings.
  • Java Compiler updated
    The javac compiler has been updated to implement definite assignment analysis for blank final field access using "this". See JDK 8 Compatibility Guide for more details.
  • Change in minimum required Java Version for Java Plugin and Java Webstart
    The minimum version of Java required for Java Plugin and Java Webstart is now Java 5. Applets that do not run in Java 5 or later must be ported to a later version of Java to continue to function. Applets written for earlier versions but able to run in at least Java 5 will continue to work.
  • Change in UsageTracker output formatting
    UsageTracker output formatting has been changed to use quoting, to avoid confusion in the log. This may require changes to the way such information is read. The feature can be configured to behave as in previous versions, although the new format is recommended. See Java Usage Tracker documentation.
  • Changes to Java Packaging Tools
    • javafxpackager has been renamed to javapackager
    • The "-B" option has been added to the javapackager deploy command to enable you to pass arguments to the bundlers that are used to create self-contained applications. See javapackager (Windows)/(Unix) documentation for information
    • The helper parameter argument has been added to JavaFX Ant Task Reference. It enables you to specify an argument (in the element) for the bundler that is used to create self-contained applications.
Java Expiration Date

The expiration date for 8u20 is October 14, 2014. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u20) on November 14, 2014. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

For a list of bug fixes included in this release, see JDK 8u20 Bug Fixes page.

» 8u20 Release notes


Java 8 Update 11 (8u11)

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u11 Bug Fixes page.

» 8u11 Release notes


Java 8 Update 5 (8u5)

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u5 Bug Fixes page.

» 8u5 Release notes


Java 8 Release

» JDK and JRE 8 Release notes


You might also be interested in:





Find expert help on Java installation and setup

Select Language | About Java | Support | Developers
Privacy | Terms of Use | Trademarks | Disclaimer

Oracle