JDK 7u371 Update Release Notes
Java™ SE Development Kit 7, Update 371 (JDK 7u371) - Restricted
January 17, 2023
The full version string for this update release is 7u371-b07 (where "b" means "build"). The version number is 7u371.
As of July 2022, Java 7 has ended its service life. Oracle provides this restricted binary with and for the sole purpose of running some Oracle products. Please contact Oracle Support for more information.
IANA TZ Data 2022d, 2022e, 2022f
- Palestine transitions are now Saturdays at 02:00.
- Simplify three Ukraine zones into one.
- Jordan and Syria switch from +02/+03 with DST to year-round +03.
- Mexico will no longer observe DST except near the US border.
- Chihuahua moves to year-round -06 on 2022-10-30.
- Fiji no longer observes DST.
- Move links to 'backward'.
- In vanguard form, GMT is now a Zone and Etc/GMT a link.
- zic now supports links to links, and vanguard form uses this.
- Simplify four Ontario zones.
- Fix a Y2438 bug when reading TZif data.
- Enable 64-bit time_t on 32-bit glibc platforms.
- Omit large-file support when no longer needed.
- In C code, use some C23 features if available.
- Remove no-longer-needed workaround for Qt bug 53071.
Security Baselines
The security baseline for the Java Runtime Environment (JRE) at the time of the release of JDK 7u371 is specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 7 | 7u371-b07 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 7u371) be used after the next critical patch update scheduled for April 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u371) on 2023-05-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Other Notes
Headless AWT mode is enabled by default always and it cannot be disabled. The JDK behaves as if the application was started with the -Djava.awt.headless=true JVM option. If the application calls a Java™ Platform, SE API which depends on a display, keyboard, or mouse, then HeadlessException will be thrown in accordance with that Java SE specification for headless AWT mode.
This version of the JDK no longer includes a copy of Java VisualVM. VisualVM is now available as a separate download from https://visualvm.github.io.
The readObject method of _DynAnyFactoryStub has been amended, such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format, only. As DynAnyFactory is a locally or ORB constrained type, it is not useful that serialized data should contain corbaname or corbaloc URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to a DynAnyFactory IOR, as such, using a corbaname to reference an instance of DynAnyFactory is not meaningful.
A system property is introduced, org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck, which when set to true, will revert the _DynAnyFactoryStub::readObject to its current behavior and bypass the additional IOR checks.
Bug Fixes
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update (CPU) Jan 2023 for Oracle Java SE (Doc ID 2917310.1).