Java Runtime Environment (32-bit) 歷史舊版本 Page1

更新時間：2018-10-17
更新細節：

更新時間：2018-10-17
更新細節：

更新時間：2018-07-18
更新細節：

更新時間：2018-04-17
更新細節：

更新時間：2018-04-17
更新細節：

更新時間：2018-01-16
更新細節：

更新時間：2018-01-16
更新細節：

更新時間：2017-10-18
更新細節：

What's new in this version:

New features:
- security-libs/javax.crypto

New Security property to control crypto policy:
- This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information.
- Note : On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, or 8u111, then you should set the new crypto.policy Security property in the java.security file.

Because the old JCE jurisdiction files are left in <java-home>/lib/security, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
- at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593)
- at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)

Changes:
- hotspot/compiler

BigInteger performance improvements turned on by default:
- The performance improvements described in JDK-8130150 and JDK-8081778 have now been turned on by default.

They can be turned off by using the following command options:
- -XX:-UseMontgomerySquareIntrinsic
- -XX:-UseMontgomeryMultiplyIntrinsic
- -XX:-UseSquareToLenIntrinsic
- -XX:-UseMultiplyToLenIntrinsic

Bug fixes:
- (JBS, component, subcomponent, description)
- JDK-8160893 client‑libs [macosx] JMenuItems in JPopupMenu are not accessible
- JDK-8177315 client‑libs backout changes for 8176516 (backport of 8173791)
- JDK-8039412 client‑libs 2d Stack overflow on Linux using DialogTypeSelection.NATIVE
- JDK-8040635 client‑libs 2d [macosx] Printing a shape filled with a texture doesn't work under Mac OS X
- JDK-8058316 client‑libs 2d lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command
- JDK-8061258 client‑libs 2d [macosx] PrinterJob's native Print Dialog does not reflect specified Copies or Page Ranges
- JDK-8067059 client‑libs 2d PrinterJob.pageDialog() with DialogSelectionType.NATIVE returns a PageFormat when cancelled.
- JDK-8074562 client‑libs 2d CID keyed OpenType fonts are not supported by T2K
- JDK-8089573 client‑libs 2d [macosx] Incorrect char to glyph mapping printing on OSX 10.10
- JDK-8158356 client‑libs 2d SIGSEGV when attempting to rotate BufferedImage using AffineTransform by NaN degrees
- JDK-8160664 client‑libs 2d JVM crashed with font manager on Solaris 12
- JDK-8162488 client‑libs 2d JDK should be updated to use LittleCMS 2.8
- JDK-8162796 client‑libs 2d [macosx] LinearGradientPaint and RadialGradientPaint are not printed on OS X.
- JDK-8167102 client‑libs 2d [macosx] PrintRequestAttributeSet breaks page size set using PageFormat
- JDK-8170552 client‑libs 2d [macosx] Wrong rendering of diacritics on macOS
- JDK-8170913 client‑libs 2d Java "1.8.0_112" on Windows 10 displays different characters for EUDCs from ones created in eudcedit.exe.
- JDK-8170950 client‑libs 2d Text is displayed in bold when fonts are installed into symlinked folder
- JDK-8175025 client‑libs 2d The copyright section in the test/java/awt/font/TextLayout/DiacriticsDrawingTest.java should be updated
- JDK-8176530 client‑libs 2d JDK support for JavaFX modal print dialogs
- JDK-4953367 client‑libs java.awt MAWT: Java should be more careful manipulating NLSPATH, XFILESEARCHPATH env variables
- JDK-6980209 client‑libs java.awt Make tracking SecondaryLoop.enter/exit methods easier
- JDK-8035568 client‑libs java.awt [macosx] Cursor management unification
- JDK-8040322 client‑libs java.awt TextArea.replaceRange() and insert() are broken with setText(null)
- JDK-8050478 client‑libs java.awt [macosx] Cursor not updating correctly after closing a modal dialog
- JDK-8075516 client‑libs java.awt Deleting a file from either the open or save java.awt.FileDialog hangs.
- JDK-8139189 client‑libs java.awt VK_OEM_102 dead key detected as VK_UNDEFINED
- JDK-8140525 client‑libs java.awt AwtFrame::WmShowWindow() may steal focus
- JDK-8156116 client‑libs java.awt [macosx] two JNI locals to delete in AWTWindow.m, CGraphicsEnv.m
- JDK-8156723 client‑libs java.awt JVM crash at sun.java2d.windows.GDIBlitLoops.nativeBlit
- JDK-8160570 client‑libs java.awt [macosx] modal dialog can skip the activation/focus events
- JDK-8160623 client‑libs java.awt [PIT] Exception running java/awt/event/KeyEvent/KeyChar/KeyCharTest.java
- JDK-8160696 client‑libs java.awt IllegalArgumentException: adding a component to a container on a different GraphicsDevice
- JDK-8160941 client‑libs java.awt "text/uri‑list" dataflavor concats the first two strings
- JDK-8163583 client‑libs java.awt [macosx] Press "To Back" button on the Dialog,the Dialog moves behind the Frame
- JDK-8165717 client‑libs java.awt [macosx] Various memory leaks in jdk9
- JDK-8169355 client‑libs java.awt Diacritics input works incorrectly on Windows if Spanish (Latin American) keyboard layout is used
- JDK-8173853 client‑libs java.awt IllegalArgumentException in java.awt.image.ReplicateScaleFilter
- JDK-8173876 client‑libs java.awt [macosx] Fast precise scrolling and DeltaAccumulator fix for macOS Sierra 10.12.2
- JDK-8176490 client‑libs java.awt [macosx] Sometimes NSWindow.isZoomed hangs
- JDK-8136570 client‑libs java.awt:i18n Stop changing user environment variables related to /usr/dt
- JDK-8159696 client‑libs java.beans java.beans.MethodRef#get throws NullPointerException
- JDK-8076249 client‑libs javax.accessibility NPE in AccessBridge while editing JList model
- JDK-8076554 client‑libs javax.accessibility [macosx] Custom Swing text components need to allow standard accessibility
- JDK-8145207 client‑libs javax.accessibility [macosx] JList, VO can't access non‑visible list items
- JDK-8165829 client‑libs javax.accessibility Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent
- JDK-8171808 client‑libs javax.accessibility Performance problems in dialogs with large tables when JAB activated
- JDK-8175915 client‑libs javax.accessibility NullPointerException from JComboBox and JList when Accessibility enabled
- JDK-8168751 client‑libs javax.sound Two "Direct Clip" threads are created to play the same "AudioClip" object, what makes clip sound corrupted
- JDK-7172652 client‑libs javax.swing With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin
- JDK-8152981 client‑libs javax.swing Double icons with JMenuItem setHorizontalTextPosition on Win 10
- JDK-8158325 client‑libs javax.swing Memory leak in com.apple.laf.ScreenMenu: removed JMenuItems are still referenced
- JDK-8161664 client‑libs javax.swing Memory leak in com.apple.laf.AquaProgressBarUI: removed progress bar still referenced
- JDK-8177450 client‑libs javax.swing javax.swing.text.html.parser.Parser parseScript ignores a character after comment end
- JDK-8163518 core‑libs java.io Integer overflow in StringBufferInputStream.read() and CharArrayReader.read/skip()
- JDK-8169556 core‑libs java.io Wrap FileInputStream's native skip and available methods
- JDK-8161039 core‑libs java.lang System.getProperty("os.version") returns incorrect version number on Mac
- JDK-8170153 core‑libs java.lang PPC64/s390x/aarch64: Poor StrictMath performance due to non‑optimized compilation
- JDK-8170873 core‑libs java.lang PPC64/aarch64: Poor StrictMath performance due to non‑optimized compilation
- JDK-8172053 core‑libs java.lang (ppc64) Downport of 8170153 breaks build on linux/ppc64 (big endian)
- JDK-8173654 core‑libs java.lang Regression since 8u60: System.getenv doesn't return env var set in JNI code
- JDK-8174729 core‑libs java.lang:reflect Race Condition in java.lang.reflect.WeakCache
- JDK-6947916 core‑libs java.net JarURLConnection does not handle useCaches correctly
- JDK-8022580 core‑libs java.net sun.net.ftp.impl.FtpClient.nameList(String path) handles "null" incorrectly
- JDK-8035158 core‑libs java.net Remove dependency on sun.misc.RegexpPool and friends
- JDK-8035653 core‑libs java.net InetAddress.getLocalHost crash
- JDK-8071424 core‑libs java.net JCK test api/java_net/Socket/descriptions.html#Bind crashes on Windows
- JDK-8075484 core‑libs java.net SocketInputStream.socketRead0 can hang even with soTimeout set
- JDK-8145732 core‑libs java.net Duplicate entry in http.nonProxyHosts will ignore subsequent entries
- JDK-8159410 core‑libs java.net InetAddress.isReachable returns true for non existing IP addresses
- JDK-8166747 core‑libs java.net Add invalid network / computer name cases to isReachable known failure switch
- JDK-8169865 core‑libs java.net Downport minor fixes in java.net native code from JDK 9 to JDK 8
- JDK-8145981 core‑libs java.nio (fs) LinuxWatchService can reports events against wrong directory
- JDK-8153925 core‑libs java.nio (fs) WatchService hangs on GetOverlappedResult and locks directory (win)
- JDK-8165231 core‑libs java.nio java.nio.Bits.unaligned() doesn't return true on ppc
- JDK-8180949 core‑libs java.rmi Correctly handle exception in TCPChannel.createConnection
- JDK-8054214 core‑libs java.time JapaneseEra.getDisplayName doesn't return names if it's an additional era
- JDK-8164366 core‑libs java.time ZoneOffset.ofHoursMinutesSeconds() does not reject invalid input
- JDK-8173423 core‑libs java.time Wrong display name for supplemental Japanese era
- JDK-8177678 core‑libs java.time Overstatement of universality of Era.getDisplayName() implementation
- JDK-8165243 core‑libs java.util Base64.Encoder.wrap(os).write(byte[],int,int) with incorrect arguments should not produce output
- JDK-8166507 core‑libs java.util.concurrent ConcurrentSkipListSet.clear() can leave the Set in an invalid state
- JDK-8179515 core‑libs java.util.concurrent Class java.util.concurrent.ThreadLocalRandom fails to Initialize when using SecurityManager
- JDK-8169056 core‑libs java.util.regex StringIndexOutOfBoundsException in Pattern.compile with CANON_EQ flag
- JDK-8129361 core‑libs java.util:i18n ISO 4217 amendment 160
- JDK-8145952 core‑libs java.util:i18n Currency update needed for ISO 4217 Amendment #161
- JDK-8164784 core‑libs java.util:i18n Currency update needed for ISO 4217 Amendment #162
- JDK-8174736 core‑libs java.util:i18n [JCP] [Mac]Cannot launch JCP on Mac os with language set to "Chinese, Simplified" while region is not China
- JDK-8174779 core‑libs java.util:i18n Locale issues with Mac 10.12
- JDK-8177776 core‑libs java.util:i18n Create an equivalent test case for JDK9's SupplementalJapaneseEraTest
- JDK-8149521 core‑libs javax.naming automatic discovery of LDAP servers with Kerberos authentication
- JDK-8163945 core‑libs jdk.nashorn Honor Number type hint in toPrimitive on Numbers
- JDK-8166902 core‑libs jdk.nashorn Nested object literal property maps not reset in optimistic recompilation
- JDK-8168373 core‑libs jdk.nashorn "Bad local variable type" in ES6 Nashorn when reassigning a `let` within a `try`
- JDK-8170565 core‑libs jdk.nashorn JSObject call() is passed undefined for the argument 'thiz'
- JDK-8170594 core‑libs jdk.nashorn >>>=0 generates invalid bytecode for BaseNode LHS
- JDK-8170977 core‑libs jdk.nashorn SparseArrayData should not grow its underlying dense array data
- JDK-8171219 core‑libs jdk.nashorn Missing checks in sparse array shift() implementation
- JDK-8171849 core‑libs jdk.nashorn Can't unambiguously select between fixed arity signatures [(java.util.Collection), (java.util.Map)]
- JDK-8176511 core‑libs jdk.nashorn JSObject property access is broken for numeric keys outside the int range
-  JDK-8181191 core‑libs jdk.nashorn getUint32 returning Long
-  JDK-8153711 core‑svc debugger [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command
-  JDK-8160024 core‑svc debugger jdb returns invalid argument count if first parameter to Arrays.asList is null
-  JDK-8164843 core‑svc tools UsageTracker should limit records and avoid truncation
-  JDK-8169236 core‑svc tools JRE 8u112 attempts to run ICACLS.EXE on startup in Windows 10 Version 1607, build 14393
-  JDK-8173664 core‑svc tools Typo in https://java.net/downloads/heap‑snapshot/hprof‑binary‑format.html
-  JDK-8174806 deploy packager Packager update App Store runtime rules for libjfxwebkit.dylib
-  JDK-8164410 deploy plugin JRE 6u121 causes applet to fail with: Reset deny session certificate store
-  JDK-8022291 deploy webstart Mac OS: Unexpected JavaLaunchHelper message displaying
-  JDK-8161700 deploy webstart Deadlock in Java Web Start application involving JNLPClassLoader
-  JDK-8161986 deploy webstart Selecting 32/64 bit resources failed if user has installed both jre's
-  JDK-8167306 deploy webstart Side effects of using url schema handler.
-  JDK-8038348 hotspot compiler Instance field load is replaced by wrong data Phi
-  JDK-8043913 hotspot compiler remove legacy code in SPARC's VM_Version::platform_features
-  JDK-8134119 hotspot compiler Use new API to get cache line sizes
-  JDK-8134389 hotspot compiler Crash in HotSpot with jvm.dll+0x42b48 ciObjectFactory::create_new_metadata
-  JDK-8134918 hotspot compiler C2: Type speculation produces mismatched unsafe accesses
-  JDK-8140309 hotspot compiler [REDO] failed: no mismatched stores, except on raw memory: StoreB StoreI
-  JDK-8143897 hotspot compiler Weblogic12medrec assert(handler_address == SharedRuntime::compute_compiled_exc_handler(nm, pc, exception, force_unwind, true)) failed: Must be the same
-  JDK-8152172 hotspot compiler PPC64: Support AES intrinsics
-  JDK-8153134 hotspot compiler Infinite loop in handle_wrong_method in jmod
-  JDK-8153267 hotspot compiler nmethod's exception cache not multi‑thread safe
-  JDK-8154945 hotspot compiler Enable 8130150 and 8081778 intrinsics by default
-  JDK-8155781 hotspot compiler C2: opaque unsafe access triggers an assert
-  JDK-8157181 hotspot compiler Compilers accept modification of final fields outside initializer methods
-  JDK-8157306 hotspot compiler Random infrequent null pointer exceptions in javac
-  JDK-8158639 hotspot compiler C2 compilation fails with SIGSEGV
-  JDK-8162101 hotspot compiler C2: Handle "wide" aliases for unsafe accesses
-  JDK-8162384 hotspot compiler Performance regression: bimorphic inlining may be bypassed by type speculation
-  JDK-8162496 hotspot compiler missing precedence edge for anti_dependence
-  JDK-8164002 hotspot compiler Add a new CPU family (S_family) for SPARC S7 and above processors
-  JDK-8164293 hotspot compiler HotSpot leaking memory in long‑running requests
-  JDK-8164508 hotspot compiler unexpected profiling mismatch in c1 generated code
-  JDK-8165482 hotspot compiler java in ldoms, with cpu‑arch=generic has problems
-  JDK-8173373 hotspot compiler C1: NPE is thrown instead of LinkageError when accessing inaccessible field on NULL receiver
-  JDK-8175887 hotspot compiler C1 value numbering handling of Unsafe.get*Volatile is incorrect
-  JDK-8177095 hotspot compiler Range check dependent CastII/ConvI2L is prematurely eliminated
-  JDK-8140584 hotspot gc nmethod::oops_do_marking_epilogue always runs verification code
-  JDK-8153176 hotspot gc Long pause in ParOldGC, because ParallelTaskTerminator peeks wrong TaskQueueSet
-  JDK-8168914 hotspot gc Crash in ClassLoaderData/JNIHandleBlock::oops_do during concurrent marking
-  JDK-8170409 hotspot gc CMS: Crash in CardTableModRefBSForCTRS::process_chunk_boundaries
-  JDK-8175813 hotspot gc PPC64: "mbind: Invalid argument" when ‑XX:+UseNUMA is used
-  JDK-8180048 hotspot gc Interned string and symbol table leak memory during parallel unlinking
-  JDK-8034249 hotspot jvmti need more workarounds for suspend equivalent condition issue
-  JDK-8081219 hotspot jvmti hs_err improvement: Add event logging for class redefinition to the hs_err file
-  JDK-8162795 hotspot jvmti [REDO] MemberNameTable doesn't purge stale entries
-  JDK-8049717 hotspot runtime expose L1_data_cache_line_size for diagnostic/sanity checks
-  JDK-8087342 hotspot runtime Crash in klassItable::initialize_itable_for_interface when running SelectionResolution InvokeInterfaceICCE.java
-  JDK-8162766 hotspot runtime Unsafe_DefineClass0 accesses raw oops while in _thread_in_native
-  JDK-8163969 hotspot runtime Cyclic interface initialization causes JVM crash
-  JDK-8165153 hotspot runtime Crash in rebuild_cpu_to_node_map
-  JDK-8171155 hotspot runtime Scanning method file for initialized final field updates can fail for non‑existent fields
-  JDK-8171194 hotspot runtime Exception "Duplicate field name&signature in class file" should report the name and signature of the field
-  JDK-8177817 hotspot runtime Remove assertions in 8u that were removed by 8056124 in 9.
-  JDK-8166208 hotspot svc FlightRecorderOptions settings for defaultrecording ignored.
-  JDK-8173941 hotspot svc SA does not work if executable is DSO
-  JDK-8161945 install install REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE
-  JDK-8164096 javafx base ListChangeListener on ReadOnlyListWrapper's getReadOnlyProperty() does not reset change
-  JDK-8139841 javafx controls Axis class does not render ticks marks when tick labels are invisible
-  JDK-8139850 javafx controls CategoryAxis rotates improperly as yAxis
-  JDK-8163486 javafx controls NumberAxis: inaccurate rendering of ticks when tick unit is low
-  JDK-8166847 javafx controls NumberAxis: sticked numbers sometimes
-  JDK-8168895 javafx controls Tick marks position is not animated when toggling forceZeroInRange
-  JDK-8134600 javafx fxml Can't pass ObservableList as argument using FXML
-  JDK-8087565 javafx graphics Scaling problem on OSX Retina
-  JDK-8088205 javafx graphics [Mac] WebView renders icons instead of letters on some sites
-  JDK-8088395 javafx graphics Print dialogs are not blocking/modal w.r.t specified owner windows
-  JDK-8088857 javafx graphics Menu slow to respond after resizing a window multiple times with animation running
-  JDK-8090176 javafx graphics Pisces software renderer shows incomplete border images in particular situation
-  JDK-8148549 javafx graphics Region is not rendered correctly when node cache is enabled
-  JDK-8151744 javafx graphics wrong width/height in texture update
-  JDK-8154148 javafx graphics [Mac] JavaFX crashes on startup when run on Mac in VMWare
-  JDK-8156078 javafx graphics Stage alwaysOnTop property not reset to false if permission is denied
-  JDK-8163526 javafx graphics protect FileChooser return from internal NPE
-  JDK-8169777 javafx graphics MenuBar unoperable after moving Application to second monitor
-  JDK-8173468 javafx graphics Font.loadFont returns null on some Ubuntu 32bits
-  JDK-8174688 javafx graphics JavaFX Applet popup windows are in the wrong location on Mac
-  JDK-8178804 javafx graphics Excessive memory consumption in TriangleMesh/MeshView
-  JDK-8156563 javafx media JavaFX Ensemble8 media sample hang and crash
-  JDK-8159869 javafx media HTTP Live Streaming not working anymore
-  JDK-8091485 javafx samples Ensemble8: Review each sample description, playground, appearance, related docs and links
-  JDK-8134354 javafx samples Ensemble Media samples sliders don't react to clicks
-  JDK-8136918 javafx samples Ensemble uses deprecated flv (vp6) media files hosted on OTN
-  JDK-8136968 javafx samples [Mac] Regression from JDK‑8087709
-  JDK-8142439 javafx samples Ensemble8 media player slider issues
-  JDK-8152858 javafx samples Ensemble Timeline regression
-  JDK-8165373 javafx samples Ensemble8 uses setAccessible to access methods and fields of various classes
-  JDK-8168095 javafx samples Second image in Ensemble8/Image Creation sample does not load
-  JDK-8170421 javafx samples Ensemble8 black flash at startup on b145+
-  JDK-8130675 javafx scenegraph Document that setting scene on stage changes stage size unless explicitly set
-  JDK-8164141 javafx scenegraph [Javadoc] Replace references of Stage with Window in the Window class
-  JDK-8172554 javafx swing [macos] deadlock on JFXPanel startup
-  JDK-8174154 javafx swing NPE in JFXPanel$HostContainer#setEmbeddedStage
-  JDK-8088681 javafx web Underscore not visible in HTML combo box options inside webview
-  JDK-8089915 javafx web Input of type file doesn't honor "accept" attribute.
-  JDK-8090216 javafx web HTMLEditor: font bold doesn't work when an indent is set
-  JDK-8136847 javafx web DRT test fast/canvas/canvas‑fillRect‑shadow.html fails
-  JDK-8144263 javafx web [WebView, OS X] Webkit rendering artifacts with inertia scrolling
-  JDK-8150982 javafx web Crash when calling WebEngine.print on background thread
-  JDK-8158196 javafx web WebView Form Post fails if connection is closed before keepAlive‑Timeout
-  JDK-8162922 javafx web JavaFx WebView canvas doesn't support dash within strokeRec
-  JDK-8164314 javafx web [WebView] Debug build is no longer working after JDK‑8089681
-  JDK-8165098 javafx web WebEngine.print will attempt to print even if the printer job is complete or has an error
-  JDK-8165173 javafx web canvas/philip/tests/2d.path.clip.empty.html fails with 8u112
-  JDK-8166231 javafx web use @Native annotation in web classes
-  JDK-8166677 javafx web HTMLEditor freezes after restoring previously maximized window
-  JDK-8167098 javafx web Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch
-  JDK-8167675 javafx web Animated gifs are not working
-  JDK-8168887 javafx web [WebView] ComboBox and DropDownList ‑ Render fragments of the scrollbar are visible
-  JDK-8169204 javafx web Need to document JSObject Call and setSlot APIs to use weak references
-  JDK-8170938 javafx web Memory leak in JavaFX WebView
-  JDK-8172361 javafx web Update java‑wrappers for WebKit generated classes following WebKit update
-  JDK-8172495 javafx web Ignore __cmake_systeminformation from web module build directory
-  JDK-8174919 javafx web SocketException no longer handled by WebView when processing web pages
-  JDK-8144258 javafx window‑toolkit Ensemble Advanced Media sample hangs after going full screen
-  JDK-8160241 javafx window‑toolkit Maximizing an Window with Screen‑Size hides it
-  JDK-8166106 javafx window‑toolkit JVM crash on resizing JavaFX application with title and icon
-  JDK-8172561 javafx window‑toolkit Copying String with "rn" to Clipboard duplicates "r"
-  JDK-8155211 security‑libs java.security Ucrypto Library leaks native memory
-  JDK-8163896 security‑libs java.security Finalizing one key of a KeyPair invalidates the other key
-  JDK-8164846 security‑libs java.security CertificateException missing cause of underlying exception
-  JDK-8176536 security‑libs java.security Improved algorithm constraints checking
-  JDK-8157561 security‑libs javax.crypto Ship the unlimited policy files in JDK Updates
-  JDK-8165751 security‑libs javax.crypto NPE hit with java.security.debug=provider
-  JDK-8173581 security‑libs javax.crypto performance regression in com/sun/crypto/provider/OutputFeedback.java
-  JDK-8169229 security‑libs javax.net.ssl RSAClientKeyExchange debug info is incorrect
-  JDK-8181205 security‑libs javax.net.ssl JRE fails to load/register security providers when started from UNC pathname
-  JDK-8147772 security‑libs javax.security Update KerberosTicket to describe behavior if it has been destroyed and fix NullPointerExceptions
-  JDK-8163104 security‑libs javax.security Unexpected NPE still possible on some Kerberos ticket calls
-  JDK-8153438 security‑libs javax.smartcardio Avoid repeated "Please insert a smart card" popup windows
-  JDK-8170278 security‑libs org.ietf.jgss:krb5 ticket renewal won't happen with debugging turned on
-  JDK-8176329 tools jdeps to detect MR jar file and output a warning
-  JDK-8180660 tools javac missing LNT entry for finally block
-  JDK-8028363 xml XmlGregorianCalendarImpl.getTimeZone() bug when offset is less than 10 minutes
-  JDK-8169112 xml javax.xml.transform java.lang.VerifyError: (class: GregorSamsa, method: template$dot$0$outline$1 signature: (LGregorSamsa$48;)V) Register 10 contains wrong type
-  JDK-8146086 xml jax‑ws Publishing two webservices on same port fails with "java.net.BindException: Address already in use"
-  JDK-8172297 xml jax‑ws In java 8, the marshalling with JAX‑WS does not escape carriage return
-  JDK-8162598 xml jaxp XSLTC transformer swallows empty namespace declaration which is needed to undeclare default namespace
-  JDK-8146961 xml org.w3c.dom Fix PermGen memory leaks caused by static final Exceptions

更新時間：2017-10-18
更新細節：

What's new in this version:

New Features:
- security-libs/javax.crypto

New Security property to control crypto policy:
- This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information.

Note:
- On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, 8u111, then you should set the new crypto.policy Security property in the java.security file.
- Because the old JCE jurisdiction files are left in <java-home>/lib/security, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers! at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593) at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)

Changes:
- security-libs/java.security
- Refactor existing providers to refer to the same constants for default values for key length

Two important changes have been made for this issue:
- 1. A new system property has been introduced that allows users to configure the default key size used by the JDK provider implementations of KeyPairGenerator and AlgorithmParameterGenerator. This property is named "jdk.security.defaultKeySize" and the value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". In addition, white space is ignored.
- By default, this property will not have a value, and JDK providers will use their own default values. Entries containing an unrecognized algorithm name will be ignored. If the specified default key size is not a parseable decimal integer, that entry will be ignored as well.
- 2. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator. Applications which cast the SUN provider's DSA KeyPairGenerator object to a java.security.interfaces.DSAKeyPairGenerator can set the system property "jdk.security.legacyDSAKeyPairGenerator". If the value of this property is "true", the SUN provider will return a DSA KeyPairGenerator object which implements the java.security.interfaces.DSAKeyPairGenerator interface. This legacy implementation will use the same default value as specified by the javadoc in the interface.
- By default, this property will not have a value, and the SUN provider will return a DSA KeyPairGenerator object which does not implement the forementioned interface and thus can determine its own provider-specific default value as stated in the java.security.KeyPairGenerator class or by the "jdk.security.defaultKeySize" system property if set.
- core-libs/java.util:collections

Collections use serialization filter to limit array sizes:
- Deserialization of certain collection instances will cause arrays to be allocated. The ObjectInputFilter.checkInput() method is now called prior to allocation of these arrays. Deserializing instances of ArrayDeque, ArrayList, IdentityHashMap, PriorityQueue, java.util.concurrent.CopyOnWriteArrayList, and the immutable collections (as returned by List.of, Set.of, and Map.of) will call checkInput() with a FilterInfo instance whose style="font-family: Courier New;">serialClass() method returns Object[].class. Deserializing instances of HashMap, HashSet, Hashtable, and Properties will call checkInput() with a FilterInfo instance whose serialClass() method returns Map.Entry[].class. In both cases, the FilterInfo.arrayLength() method will return the actual length of the array to be allocated. The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.
- security-libs/java.security

keytool now prints warnings when reading or generating certificates/certificate requests/CRLs using weak algorithms:
- With one exception, keytool will always print a warning if the certificate, certificate request, or CRL it is parsing, verifying, or generating is using a weak algorithm or key. When a certificate is from an existing TrustedCertificateEntry, either in the keystore directly operated on or in the cacerts keystore when the -trustcacerts option is specified for the -importcert command, keytool will not print a warning if it is signed with a weak signature algorithm. For example, suppose the file cert contains a CA certificate signed with a weak signature algorithm, keytool -printcert -file cert and keytool -importcert -file cert -alias ca -keystore ks will print out a warning, but after the last command imports it into the keystore, keytool -list -alias ca -keystore ks will not show a warning anymore.
- Precisely, an algorithm or a key is weak if it matches the value of the jdk.certpath.disabledAlgorithms security property defined in the conf/security/java.security file
- security-libs/java.security

New defaults for DSA keys in jarsigner and keytool:
- For DSA keys, the default signature algorithm for keytool and jarsigner has changed from SHA1withDSA to SHA256withDSA and the default key size for keytool has changed from 1024 bits to 2048 bits.
- Users wishing to revert to the previous behavior can use the -sigalg option of keytool and jarsigner and specify SHA1withDSA and the -keysize option of keytool and specify 1024.
- There are a few potential compatibility risks associated with this change:
- If you have a script that uses the default key size of keytool to generate a DSA keypair but then subsequently specifies a specific signature algorithm, ex:
- keytool -genkeypair -keyalg DSA -keystore keystore -alias mykey ...
- keytool -certreq -sigalg SHA1withDSA -keystore keystore -alias mykey ...
- it will fail with one of the following exceptions, because the new 2048-bit keysize default is too strong for SHA1withDSA:
- keytool error: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
- keytool error: java.security.InvalidKeyException: DSA key must be at most 1024 bits
- The workaround is to remove the -sigalg option and use the stronger SHA256withDSA default or, at your own risk, use the -keysize option of keytool to specify a smaller key size (1024).
- If you use jarsigner to sign JARs with the new defaults, previous versions (than this release) of JDK 6 and 7 do not support the stronger defaults and will not be able to verify the JAR. jarsigner -verify on an earlier release of JDK 6 or 7 will output the following error:
- jar is unsigned. (signatures missing or not parsable)

If you add -J-Djava.security.debug=jar to the jarsigner command line, the cause will be output:
- jar: processEntry caught: java.security.NoSuchAlgorithmException: SHA256withDSA Signature not available
- If compatibility with earlier releases is important, you can, at your own risk, use the -sigalg option of jarsigner and specify the weaker SHA1withDSA algorithm.
- If you use a PKCS11 keystore, the SunPKCS11 provider does not support the SHA256withDSA algorithm. jarsigner and some keytool commands may fail with the following exception if PKCS11 is specified with the -storetype option, ex:
- keytool error: java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
- A similar error may occur if you are using NSS with the SunPKCS11 provider. The workaround is to use the -sigalg option of keytool and specify SHA1withDSA.
- security-libs/java.security

Add warnings to keytool when using JKS and JCEKS:
- When keytool is operating on a JKS or JCEKS keystore, a warning may be shown that the keystore uses a proprietary format and migrating to PKCS12 is recommended. The keytool's -importkeystore command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.
- security-libs/java.security

keytool now prints out information of a certificate's public key:
- Keytool now prints out the key algorithm and key size of a certificate's public key, in the form of "Subject Public Key Algorithm: <size>-bit RSA key", where <size> is the key size in bits (ex: 2048).

Bug fixes:
- (JBS, component, subcomponent, description)
- JDK-8179084 hotspot gc HotSpot VM fails to start when AggressiveHeap is set
- JDK-8089283 javafx web Padding property of the select tag is incorrect in WebView
- JDK-8132675 javafx web VBox.setVgrow and HBox.setHgrow corrupt following controls when window resized
- JDK-8138652 javafx web [macosx] New WebView Native Code uses private Apple APIs
- JDK-8165909 javafx web JavaScript to Java String conversion is not correct
- JDK-8170450 javafx web Crash while loading wordpress.com in HiDPI / Retina display
- JDK-8172495 javafx web Ignore __cmake_systeminformation from web module build directory
- JDK-8172836 javafx web WebView Debug build is broken
- JDK-8176729 javafx web com.sun.webkit.dom.NodeImpl#SelfDisposer is not called
- JDK-8178319 javafx web Build sqlite3 from source
- JDK-8178360 javafx web Build and integrate ICU from source
- JDK-8178440 javafx web Build libxml2 and libxslt from source
- JDK-8179673 javafx web JVM Crash in WebPage.setBackgroundColor() during webpage navigation (Non Public API)
- JDK-8180825 javafx web Javafx WebView fails to render pdf.js
- JDK-8183292 javafx web Update to 604.1 version of WebKit
- JDK-8184448 javafx web Crash while loading gif images with more frames
- JDK-8185132 javafx web window.requestAnimationFrame API is not working
- JDK-8172847 javafx window‑toolkit [macos] If you hit the escape key repeatedly to close the subwindow, the process crashes
- JDK-8029659 security‑libs java.security Keytool, print key algorithm of certificate or key entry
- JDK-8154015 security‑libs java.security Apply algorithm constraints to timestamped code
- JDK-8171319 security‑libs java.security keytool should print out warnings when reading or generating cert/cert req using weak algorithms
- JDK-8177569 security‑libs java.security keytool should not warn if signature algorithm used in cacerts is weak
- JDK-8157561 security‑libs javax.crypto Ship the unlimited policy files in JDK Updates
- JDK-8167485 tools visualvm Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK

更新時間：2017-07-27
更新細節：

What's new in this version:

IANA Data 2017b:
- JDK 8u144 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software

Security Baselines:
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u144 are specified in the following table:
- JRE Family Version    JRE Security Baseline (Full Version String)
- 8 1.8.0_141-b15
- 7 1.7.0_151-b15
- 6 1.6.0_161-b13

JRE Expiration Date:
- The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u144) will expire with the release of the next critical patch update scheduled for October 17, 2017.
- For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u144) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Bug Fixes
- security-libs/javax.net.ssl
- java.util.zip.ZipFile.getEntry() now always returns the ZipEntry instance with a / ended entry name for directory entry
- The java.util.zip.ZipEntry API doc specifies "A directory entry is defined to be one whose name ends with a /". However, in previous JDK releases, java.util.zip.ZipFile.getEntry(String entryName) may return a ZipEntry instance with an entry name that does not end with / for an existing zip directory entry when the passed in argument entryName does not end with a /, and when there is a matching zip directory entry with name entryName + / in the zip file
- With this release, the name of the ZipEntry instance returned from java.util.zip.ZipFile.getEntry() always ends with / for any zip directory entry
- To revert to the previous behavior, set the system property jdk.util.zip.ensureTrailingSlash to "false"
- This change was made in order to fix a regression introduced in JDK 8u141 when verifying signed JARs that has caused some WebStart applications to fail to load
- This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u144 Bug Fixes page