July 26, 2017
The full version string for this update release is 1.8.0_144-b01 (where "b" means "build"). The version number is 8u144.
JDK 8u144 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u144 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_141-b15 |
7 | 1.7.0_151-b15 |
6 | 1.6.0_161-b13 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u144) will expire with the release of the next critical patch update scheduled for October 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u144) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/java.util.jar
java.util.zip.ZipFile.getEntry() now always returns the ZipEntry instance with a / ended entry name for directory entry
The java.util.zip.ZipEntry
API doc specifies "A directory entry is defined to be one whose name ends with a /"
. However, in previous JDK releases, java.util.zip.ZipFile.getEntry(String entryName)
may return a ZipEntry
instance with an entry name that does not end with /
for an existing zip directory entry when
entryName
does not end with a /, andentryName
+ /
in the zip file.With this release, the name of the ZipEntry
instance returned from java.util.zip.ZipFile.getEntry()
always ends with /
for any zip directory entry.
To revert to the previous behavior, set the system property jdk.util.zip.ensureTrailingSlash
to "false".
This change was made in order to fix a regression introduced in JDK 8u141 when verifying signed JARs that has caused some WebStart applications to fail to load.
See JDK-8184993
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u144 Bug Fixes page.