java

JDK 8u5 Release Notes

Java SE 8u5 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u5 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.

To determine the version of your JDK software, use the following command:

java -version

Changes in Java SE 8u5 b31

Bug Fixes

BugId Component Subcomponent Summary
8028192
(Confidential)
security-libs java.net.ssl PKCS11 is not working correctly.
8038202
(Confidential)
deploy plugin Inconsistent behavior on systems using Deployment Rule Set

Java™ SE Development Kit 8, Update 5 (JDK 8u5)

The full version string for this update release is 1.8.0_5-b13 (where "b" means "build"). The version number is 8u5.

Highlights

This update release contains enhancements and changes including the following:

Olson Data 2013i

JDK 8u5 contains Olson time zone data version 2013i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u5 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_5
7 1.7.0_55
6 1.6.0_75
5.0 1.5.0_65

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u5) will expire with the release of the next critical patch update scheduled for July 15, 2014.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u5) on August 15, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

New Features and Changes

The frequency of some security dialogs has been reduced on systems that run the same RIA multiple times.

See 8029649.

Using "*" in Caller-Allowable-Codebase Attribute.

If a stand-alone asterisk (*) is specified as the value for the Caller-Allowable-Codebase attribute, then calls from JavaScript code to RIA will show a security warning, and users have the choice to allow the call or block the call.

For more information, see JAR File Manifest Attributes for Security documentation.

See 8033707.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

The following are some of the notable bug fixes in this release:

Area: deploy/plugin
Synopsis: java plugin compatibility with windows 8.1 / IE 11 enhanced protected mode

Starting in this release Java Plug-in is compatible with Windows Enhanced Protected Mode (EPM) on Windows 8.1 and IE 11. You should no longer see any warning related to EPM when trying to run an applet in Internet Explorer (IE). There is a special case for 64-bit Windows - EPM requires both 32-bit and 64-bit Plug-in installed. Please make sure you have both 32-bit and 64-bit JRE installed, otherwise there will be a warning from IE, but Java Plug-in will still run under EPM.

See JDK-8024903 (not public).

Area: other-libs/corba
Synopsis: Enhanced CORBA initializations

The system property org.omg.CORBA.ORBSingletonClass is used to configure the system-wide/singleton ORB. The handling of this system property has changed to require that the system wide/singleton ORB be visible to the system class loader. This is a change from previous releases where the singleton ORB was located using the thread context class loader of the first thread to call the no-argument ORB.init method. The implication of this change is that the system-wide/singleton ORB needs to be deployed on the class path or in the extension directory.

Applications that bundle their own ORB and only configure the property org.omg.CORBA.ORBClass should not be impacted by this change. The per-application ORB will be located via the thread context class loader of the thread calling the 2-argument ORB.init method as before.

See 8025005 (not public).

Area: xml/jaxp
Synopsis: Custom entities mapping files are no longer loaded with full permission

Legacy code may use the JDK internal API SerializerFactory to create a Serializer. In the process, a custom entity mapping file may be specified through the format parameter. The custom file was then loaded with full permission. As of this release, files that complies with java.util.ResourceBundle format, that is, with a ".properties" extension, will continue to be loaded with full permission. However, any other custom mapping files will require specific file access permission when the program is running with a SecurityManager.

The workaround to any issues caused by lack of permission to using an arbitrary file as the entity mapping file is, either changing the file to a resource bundle, or granting file read permission.

See 8029282 (not public).

 

Bug Fix List

BugId Component Subcomponent Summary
JDK-6571600 client-libs java.awt JNI use results in UnsatisfiedLinkError looking for libmawt.so
JDK-8030822 core-libs java.time (tz) Support tzdata2013i
JDK-8036568 core-libs java.util:collections Serial incompatibility in java.util.TreeMap.NavigableSubMap
JDK-8028691 deploy plugin loading browser proxy via config script should not trigger JAR download
JDK-8029649 deploy plugin Reduce dialog frequency when app is run multiple times
JDK-8033705 deploy plugin Array out of bounds exception in PluginMain.performSSVValidation
JDK-8033779 deploy plugin JRE 7u51 Plugin Failing to Run Older JRE Version < 1.6.0
JDK-8028577 deploy webstart [regression] Unsigned warning dialog is shown twice for applet with extension launched thru javaws
JDK-8029922 deploy webstart 32-bit only Java Web Start apps fail to run on 32- and 64-bit JRE configs
JDK-8031579 deploy webstart Spurious Missing Manifest Permissions Attribute Warning When Launching versioned Java Web Start app
JDK-8035283 hotspot compiler Second phase of branch shortening doesn't account for loop alignment

Known Issues

Area: Install
Synopsis: Patching of JDK8 SUNWj8* Packages is not Supported on Solaris:

In order to update SunWj8* Solaris pkgs consecutively for JDK 8 family releases, JDK 8u5 must be installed as a base package. For example, SUNWj8* pkgs cannot be patched for JDK 8 to JDK 8u5 updates. Full packages must be downloaded and installed.

The following packages cannot be patched directly from the JDK8 release:

SUNWj8cfg, SUNWj8dev, SUNWj8dmo, SUNWj8jmp, SUNWj8man, SUNWj8rt

Patching support of the above packages will resume in JDK 8u5 and later releases of Java.