JDK 8u171 Release Notes

Java™ SE Development Kit 8, Update 171 (JDK 8u171)

April 17, 2018

The full version string for this update release is 1.8.0_171-b11 (where "b" means "build"). The version number is 8u171.

IANA Data 2018c

JDK 8u171 contains IANA time zone data version 2018c. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u171 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_171-b11
7 1.7.0_181-b09
6 1.6.0_191-b09

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u171) will expire with the release of the next critical patch update scheduled for July 17, 2018.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u171) on August 17, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.



CipherOutputStream Usage

The specification of javax.crypto.CipherOutputStream has been clarified to indicate that this class catches BadPaddingException and other exceptions thrown by failed integrity checks during decryption. These exceptions are not re-thrown, so the client is not informed that integrity checks have failed. Because of this behavior, this class may not be suitable for use with decryption in an authenticated mode of operation (for example, GCM) if the application requires explicit notification when authentication fails. These applications can use the Cipher API directly as an alternative to using this class.

JDK-8182362 (not public)

Known Issues


 Enhanced KeyStore Mechanisms

Two files, jre/bin/javaw.exe and jre/bin/jabswitch.exe, were not included in 8u171. As a workaround, users who need those files can download the non-server JRE and copy those files from it into their server JRE image.

See JDK-8203544

New Features


Enhanced KeyStore Mechanisms

A new security property named jceks.key.serialFilter has been introduced. If this filter is configured, the JCEKS KeyStore uses it during the deserialization of the encrypted Key object stored inside a SecretKeyEntry. If it is not configured or if the filter result is UNDECIDED (for example, none of the patterns match), then the filter configured by jdk.serialFilter is consulted.

If the system property jceks.key.serialFilter is also supplied, it supersedes the security property value defined here.

The filter pattern uses the same format as jdk.serialFilter. The default pattern allows java.lang.Enum,,$Type, and javax.crypto.spec.SecretKeySpec but rejects all the others.

Customers storing a SecretKey that does not serialize to the above types must modify the filter to make the key extractable.

JDK-8189997 (not public)


System Property to Disable JRE Last Usage Tracking

A new system property jdk.disableLastUsageTracking has been introduced to disable JRE last usage tracking for a running VM. This property can be set in the command line by using either -Djdk.disableLastUsageTracking=true or -Djdk.disableLastUsageTracking. With this system property set, JRE last usage tracking will be disabled regardless of the property value set in

JDK-8192039 (not public)



 Additional TeliaSonera Root Certificate 

"TeliaSonera Root CA v1" has been added to the cacerts keystore.

JDK-8190851 (not public)


XML Signatures Signed with EC Keys Less Than 224 Bits Disabled 

The secure validation mode of the XML Signature implementation has been enhanced to restrict EC keys less than 224 bits by default. The secure validation mode is enabled either by setting the property to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

JDK-8186032 (not public)


3DES Cipher Suites Disabled 

To improve the strength of SSL/TLS connections, 3DES cipher suites have been disabled in SSL/TLS connections in the JDK via the jdk.tls.disabledAlgorithms Security Property.

JDK-8175075 (not public)


System Property Controls java.util.logging.FileHandler's MAX_LOCKS Limit

A new JDK implementation specific system property jdk.internal.FileHandlerLogging.maxLocks has been introduced to control the java.util.logging.FileHandler MAX_LOCKS limit. The default value of the current MAX_LOCKS (100) is retained if this new system property is not set or an invalid value is provided to the property. Valid values for this property are integers ranging from 1 to Integer.MAX_VALUE-1.

See JDK-8153955


Change to Internal Java Package Names in RPM Installers 

On the Linux platform, the names of JRE and JDK packages provided by Java RPM installers have been changed. Names of JRE and JDK packages follow `jre ` and `jdk ` patterns respectively instead of the jre and jdk previously used. For example, the new names of JRE and JDK packages are jre1.8 and jdk1.8 respectively.

On Linux platform, the names of installation directories of Java products have also been changed. The installation directories of products from the 8u171 release are as follows:

  • /usr/java/jre1.8.0_171-i586 for 32bit JRE
  • /usr/java/jdk1.8.0_171-i586 for 32bit JDK
  • /usr/java/jre1.8.0_171-amd64 for 64bit JRE
  • /usr/java/jdk1.8.0_171-amd64 for 64bit JDK

See JDK-8191608

Bug Fixes

The following are some of the notable bug fixes included in this release:


Server-side HTTP-tunneled RMI Connections Disabled

This release disables server side HTTP-tunneled RMI connections by default. The previous behavior can be re-enabled after due consideration of any impact by setting the runtime property sun.rmi.server.disableIncomingHttp to false. Note that this should not be confused with the sun.rmi.server.disableHttp property, which disables HTTP-tunneling on the client side and is false by default.

JDK-8193833 (not public)


Bug Fix List

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8179665 client-libs javax.swing [Windows] java.awt.IllegalComponentStateException: component must be showing on the screen to determine its location
2 JDK-8054213 core-libs java.lang:reflect Class name repeated in output of Type.toString()
3 JDK-8189789 core-libs java.util.jar tomcat gzip-compressed response bodies appear to be broken in update 151
4 JDK-8153955 core-libs java.util.logging increase java.util.logging.FileHandler MAX_LOCKS limit
5 JDK-8195748 deploy webstart When in <application-desc> is present "progress-class" attribute javaws cannot start
6 JDK-8185036 docs guides Typo in one of the content link of "Location-Independent Access to Resources" doc
7 JDK-8177914 docs guides Links to in Java SE docs will be broken when is shut down
8 JDK-8066866 docs guides Supported Encodings page for Java SE 8 is out of date
9 JDK-8195813 infrastructure build Change links in created pages from http to https
10 JDK-8198838 infrastructure release_eng 8u171-b08 and 8u172-b08 Need SECURE_ID Promoted
11 JDK-8191608 install   Java RPMs should allow for side-by-side installation of JDK and JRE, 32 and 64 bit, and only one update for each major version
12 JDK-8193522 install install meta-index in 1.8.0_152 does not include jfxrt.jar entries
13 JDK-8189350 javafx web Crash due to ASSERT(url == m_string) fail while loading URL
14 JDK-8187568 javafx web JavaFX crash in
15 JDK-8089124 javafx web HTML5: Number input allows non-numeric input
16 JDK-8187671 javafx web [WebView] Drag and Drop of text or html results in an image
17 JDK-8157686 javafx web JavaFX WebView fails to track URL changes for PJAX websites
18 JDK-8185940 javafx web Web native compiled files not removed during gradle clean
19 JDK-8186148 javafx web Few extension to MIME type mappings are missing
20 JDK-8183928 javafx web [Linux] Remove Warnings [-Wunused-parameter]
21 JDK-8196374 javafx web windows x86 webview-icu isAlphaNumericString crash
22 JDK-8196677 javafx web Cherry pick GTK WebKit 2.18.6 changes
23 JDK-8187483 javafx web Update to 605.1 version of WebKit
24 JDK-8189420 javafx web Crash in :web:test in debug build
25 JDK-8089264 javafx web DRT test fast/events/before-unload-returnValue.html times out
26 JDK-8194265 javafx web Webengine (webkit) crash when reading files using FileReader
27 JDK-8194935 javafx web Cherry pick GTK WebKit 2.18.5 changes
28 JDK-8193798 javafx web Cherry pick GTK WebKit 2.18.4 changes
29 JDK-8197463 javafx web Update libxml2 to version 2.9.7
30 JDK-8150530 security-libs javax.crypto Improve javax.crypto.BadPaddingException messages
31 JDK-8196952 security-libs javax.crypto Bad primeCertainty value setting in DSAParameterGenerator
32 JDK-8186441 xml jax-ws Change of behavior in the getMessage () method of the SOAPMessageContextImpl class