8u45 Update Release Notes



Java™ SE Development Kit 8, Update 45 (JDK 8u45)

The full version string for this update release is 1.8.0_45-b14 (where "b" means "build") except for Windows, where the version string is 1.8.0_45-b15. The version number is 8u45.

IANA Data 2015a

JDK 8u45 contains IANA time zone data version 2015a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u45 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
8 1.8.0_45
7 1.7.0_79
6 1.6.0_95
5.0 1.5.0_85

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u45) will expire with the release of the next critical patch update scheduled for July 14, 2015.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u45) on August 14, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Blacklist Entries

A new blacklist entry is included in this release.

For more details on the entry, see the related Cisco Security Advisory.

Bug Fixes


This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u45 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

Area: tools/jar
Synopsis: Improve jar file handling

Starting with JDK 8u45 release, the jar tool no longer allows the leading slash "/" and ".." (dot-dot) path component in zip entry file name when creating new and/or extracting from zip and jar file. If needed, the new command line option "-P" should be used explicitly to preserve the dot-dot and/or absolute path component.

See 8064601 (not public).

Area: deploy/webstart
Synopsis: jnlp app with nested "resource" section fails with NPE on load in jre8u40

A jnlp application, with nested <resources> tags within a <java> or <j2se> tag, can throw an NPE. The issue is now fixed. The <resources> tag should be used only if the <java> is actually used.

See 8072631 (not public).

Known Issues


Area: core-libs/jdk.nashorn
Synopsis: Finally blocks inlined incorrectly.

Nashorn has known issues where it incorrectly compiles try/finally constructs. For more information on this issue and a workaround, see Try/finally compilation issues wiki page.

See 8067139.