JDK 7u381 Update Release Notes
Java™ SE Development Kit 7, Update 381 (JDK 7u381) - Restricted
April 18, 2023
The full version string for this update release is 7u381-b08 (where "b" means "build"). The version number is 7u381.
As of July 2022, Java 7 has ended its service life. Oracle provides this restricted binary with and for the sole purpose of running some Oracle products. Please contact Oracle Support for more information.
IANA TZ Data 2022g
JDK 7u381 contains IANA time zone data 2022g which contains the following changes since the previous update.
- The northern edge of Chihuahua changes to US timekeeping.
- Much of Greenland stops changing clocks after March 2023.
- Fix some pre-1996 timestamps in northern Canada.
- C89 is now deprecated; please use C99 or later.
- Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.
- In C code, use more C23 features if available.
- C23 timegm now supported by default.
- Fixes for unlikely integer overflows.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baseline for the Java Runtime at the time of the release of JDK 7u381 is specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 7 | 7u381-b08 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 20.0.1) after the next critical patch update release, scheduled for July 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u381) on 2023-08-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Other Notes
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignaca
DN: CN=Certigna, O=Dhimyotis, C=FR
SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.
After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms security property, the SSLSocket.getEnabledProtocols(), SSLServerSocket.getEnabledProtocols(), SSLEngine.getEnabledProtocols() and SSLParameters.getProtocols() APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols or jdk.tls.server.protocols system properties or with the SSLSocket.setEnabledProtocols(), SSLServerSocket.setEnabledProtocols() and SSLEngine.setEnabledProtocols() APIs.
As part of ongoing maintenance, the JDK for Windows is built using the Microsoft Visual Studio 2022 toolchain starting with this release.
If you have issues with a Java application and if you have native or JNI libraries that are compiled with a different release of the compiler, then you must consider compatibility issues between the runtimes. Specifically, your environment is supported only if you follow the Microsoft guidelines when dealing with multiple runtimes.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update (CPU) Apr 2023 for Oracle Java SE (Doc ID 2935948.1).
For a more complete list of the bug fixes included in this release, see the JDK 7u381 Bug Fixes page.