JDK 8u201 Release Notes
Java™ SE Development Kit 8, Update 201 (JDK 8u201)
January 15, 2019
The full version string for this update release is 1.8.0_201-b09 (where "b" means "build"). The version number is 8u201.
IANA Data 2018g
JDK 8u201 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u201 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 8 | 1.8.0_201-b09 |
| 7 | 1.7.0_211-b07 |
| 6 | 1.6.0_221 |
JRE Expiration Date
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u201) will expire with the release of the next critical patch update scheduled for April 16, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u201) on May 16, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Issues Fixed
This change limits the use of transparent HTTP authentication on Microsoft Windows for the NTLM scheme. In that scheme, the security credentials based on the currently logged in user's name and password are obtained directly from the operating system, without prompting the user.
A new networking system property, jdk.http.ntlm.transparentAuth, has been added with the following possible values:
- "disabled" means transparent authentication is not used and the user application is always prompted for NTLM credentials. This is the default and preferred setting. NTLM authentication is still usable in this mode through the
java.net.Authenticatorclass. - "trustedHosts" means transparent authentication is only used for hosts identified as trusted in the Windows networking configuration.
- "allHosts" means transparent authentication is always used.
Any other value, or no value, is treated the same as "disabled". Care should be taken before enabling this mechanism.
See JDK-8209094
Changes
security-libs/javax.net.ssl
TLS anon and NULL Cipher Suites are Disabled
The TLS anon (anonymous) and NULL cipher suites have been added to the jdk.tls.disabledAlgorithms security property and are now disabled by default.
See JDK-8211883
security-libs/java.security
jarsigner Prints When a timestamp Will Expire
The jarsigner tool now shows more information about the lifetime of a timestamped JAR. New warning and error messages are displayed when a timestamp has expired or is expiring within one year.
See JDK-8191438
hotspot/runtime
Linux Native Code Checks
Additional safeguards to protect against buffer overruns in native code have been enabled on Linux. If a buffer overrun is encountered the system will write the message “stack smashing detected” and the program will exit. Issues of this type should be reported to your vendor.
JDK-8196902 (not public)
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
| # | BugId | Component | Subcomponent | Summary |
|---|---|---|---|---|
| 1 | JDK-8201818 | client-libs | 2d | [macosx] Printing attributes break page size set via "java.awt.print.Book" object |
| 2 | JDK-8141491 | core-libs | java.nio | Unaligned memory access in Bits.c |
| 3 | JDK-8171049 | core-libs | java.time | Era.getDisplayName doesn't work with non-IsoChronology |
| 4 | JDK-8205330 | core-libs | javax.naming | InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection |
| 5 | JDK-8157913 | deploy | packager | Launcher can not find path to libpackager.so |
| 6 | JDK-8213011 | deploy | plugin | Running application under 1.8u172 via a DRS rules with the 1.8u192 plugin fail with java.lang.NoSuchMethodError |
| 7 | JDK-8212457 | deploy | webstart | JWS: Application does not launch on when jnlp.delete.jnlp.file is enabled |
| 8 | JDK-8212793 | deploy | webstart | Fix for JDK-8189783 fails |
| 9 | JDK-8147555 | docs | Document that % and " characters are not supported in keys and values of a property for Java Web Start | |
| 10 | JDK-8161741 | docs | guides | Typo within section "22.2.3 File Names" |
| 11 | JDK-8189182 | install | install | JDK8 RPM postinstall scriptlet assumes /usr/share/man/man1 exists |
| 12 | JDK-8203884 | javafx | graphics | Update libjpeg to version 9c |
| 13 | JDK-8214035 | javafx | graphics | Unable to render cmyk jpeg image |
| 14 | JDK-8212158 | javafx | other | FX: Update copyright year in docs, readme files to 2019 |
| 15 | JDK-8209652 | javafx | samples | Ensemble: Update version of Lucene to 7.4.0 |
| 16 | JDK-8213837 | javafx | samples | FX samples cannot load media from download.java.net over http |
| 17 | JDK-8211304 | javafx | window-toolkit | [macOS] Crash on focus loss from dialog on macOS 10.14 Mojave |
| 18 | JDK-8027781 | security-libs | java.security | New jarsigner timestamp warning is grammatically incorrect |
| 19 | JDK-8209129 | security-libs | javax.crypto | Further improvements to cipher buffer management |
| 20 | JDK-8208583 | security-libs | javax.crypto | Better management of internal KeyStore buffers |
| 21 | JDK-8207775 | security-libs | javax.crypto | Better management of CipherCore buffers |
| 22 | JDK-8209862 | security-libs | javax.crypto | CipherCore performance improvement |
| 23 | JDK-8211883 | security-libs | javax.net.ssl | Disable anon and NULL cipher suites |