We’re sorry. We could not find a match for your search.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try "application" instead of "software."
  • Start a new search.
Cloud Account Sign in to Cloud
Oracle Account

JDK 7u321 Update Release Notes

JDK 7 Update Release Notes

Java™ SE Development Kit 7, Update 321 (JDK 7u321)

October 19, 2021

The full version string for this update release is 7u321-b08 (where "b" means "build"). The version number is 7u321.

IANA TZ Data 2021a

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baseline for the Java Runtime Environment (JRE) at the time of the release of JDK 7u321 is specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
7 7u321-b08

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 7u321) be used after the next critical patch update scheduled for January 18, 2022.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u321) on 2022-02-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

Removed Features and Options

security-libs/java.security
 Removed IdenTrust Root Certificate

The following root certificate from IdenTrust has been removed from the cacerts keystore:

+ alias name "identrustdstx3 [jdk]"

  Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.

Other Notes

core-libs/java.lang
 Release Doesn't Correctly Recognize Windows 11

This release doesn't correctly identify Windows 11. The property os.name is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

security-libs/javax.net.ssl
 Updated the Default Enabled Cipher Suites Preference

The default priority order of the cipher suites for TLS 1.0 to TLS 1.2 has been adjusted. Some of the intermediate suites have been lowered in priority as follows:

  • Cipher suites that do not preserve forward secrecy have been moved lower in priority than those that do support forward secrecy.
  • Cipher suites that use SHA-1 have been moved lower in priority.
  • The CBC suites will continue to be preferred over the GCM suites.

security-libs/javax.xml.crypto
Updated XML Signature Implementation to Apache Santuario 2.1.3
The XML Signature implementation in the java.xml.crypto module has been updated to version 2.1.3 of Apache Santuario. New features include:

  • Added support for embedding elliptic curve public keys in the KeyValue element

See JDK-8219013

security-libs/javax.xml.crypto
 Updated xmldsig Implementation to Apache Santuario 2.1.1

The XMLDSig provider implementation in the java.xml.crypto module has been updated to version 2.1.1 of Apache Santuario. New features include:

  • Support for the SHA-224 and SHA-3 DigestMethod algorithms specified in RFC 6931.
  • Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.

See JDK-8177334

security-libs/javax.xml.crypto
 Oracle Specific JDK Update of System Property to Fall Back to Legacy Base64 Encoding Format

Oracle JDK 8u231 has upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue in which XML signatures using Base64 encoding appended &#xd or &#13 to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.

Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without &#xd or &#13.

Therefore an Oracle specific JDK 8 Update of a new system property com.sun.org.apache.xml.internal.security.lineFeedOnly has been made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

  1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
  2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")

This new system property is disabled by default. It has no effect on default behavior or when the com.sun.org.apache.xml.internal.security.ignoreLineBreaks property is set.

Later JDK family versions will only support the recommended property: com.sun.org.apache.xml.internal.security.ignoreLineBreaks

core-libs/java.net
 Modified HttpURLConnection Behavior When a Suitable Proxy Is Not Found

The behavior of HttpURLConnection when using ProxySelector has been modified in this JDK release. HttpURLConnection used to fall back to a direct connection attempt if the configured proxy(s) failed to make a connection. Beginning with this release, the default behavior has been changed to no longer use a direct connection when the first proxy connection attempt fails.

A new system property, sun.net.http.fallbackToDirect, can be set to a value of "true" should an application need to fall back to the old behavior (fall back to a direct connection when the first proxy connection attempt fails).

core-libs/javax.naming
 System Property to Control Reconstruction of Reference Address Objects by JDK's Built-in JNDI LDAP Implementation

The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData and javaReferenceAddress LDAP attributes.

To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed.

JDK-8267712 (not public)

hotspot/runtime
 Release Doesn't Correctly Recognize Windows Server

This release doesn't correctly identify Windows Server. The property os.name is set to Windows 2019 on Windows Server 2022. In HotSpot error logs, the OS is identified as Windows 10.0 for Windows Server releases 2016, 2019, and 2022; however, the HotSpot error log does show the Build number. Windows Server 2016 has Build 14393 or above, Windows Server 2019 has Build 17763 or above, and Windows Server 2022 has Build 20348 or above.

Bug Fixes

This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 7u321 Bug Fixes page.