It’s also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing. Installing this update will ensure that your Java applications continue to run as safely and efficiently as always.
The JRE is the Java Runtime Environment, it covers most end-users needs. Contains everything required to run Java applications on your system. It is a package of everything necessary to run a compiled Java program, including the Java Virtual Machine (JVM), the Java Class Library, the java command, and other infrastructure. However, it cannot be used to create new programs.
The JDK is the Java Development Kit, the full-featured SDK for Java. It has everything the JRE has, but also the compiler (javac) and tools (like javadoc and jdb). It is capable of creating and compiling programs.
Usually, if you only care about running Java programs on computer you will only install the JRE. It’s all you need. On the other hand, if you are planning to do some Java programming, you need to install the JDK instead.
Sometimes, even if you are not planning to do any Java development on a computer, you still need the JDK installed. For example, if you are deploying a web application with JSP, you are technically just running Java programs inside the application server. Why would you need the JDK then? Because the application server will convert JSP into Java servlets and needs to use the JDK to compile the servlets.
Allow SASL Mechanisms to Be Restricted
- A security property named jdk.sasl.disabledMechanisms has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the mechanisms argument of Sasl.createSaslClient or the mechanism argument of Sasl.createSaslServer. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box.
SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
- The SunPKCS11 provider has been updated with support for PKCS#11 v2.40. This version adds support for more algorithms such as the AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message digests, and RSASSA-PSS signatures when the corresponding PKCS11 mechanisms are supported by the underlying PKCS11 library.
New Checks on Trust Anchor Certificates
- New checks have been added to ensure that trust anchors are CA certificates and contain proper extensions. Trust anchors are used to validate certificate chains used in TLS and signed code. Trust anchor certificates must include a Basic Constraints extension with the cA field set to true. Also, if they include a Key Usage extension, the keyCertSign bit must be set.
- A new system property named jdk.security.allowNonCaAnchor has been introduced to restore the previous behavior, if necessary. If the property is set to the empty String or “true” (case-insensitive), trust anchor certificates can be used if they do not have proper CA extensions.
- The default value of this property, if not set, is “false”.
- Note that the property does not apply to X.509 v1 certificates (since they don’t support extensions).
- This property is currently used by the JDK implementation. It is not guaranteed to be supported by other Java SE implementations.
Exact Match Required for Trusted TLS Server Certificate
- A TLS server certificate must be an exact match of a trusted certificate on the client in order for it to be trusted when establishing a TLS connection.
Added LuxTrust Global Root 2 Certificate
The following root certificate has been added to the cacerts truststore:
DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU
Support for OpenType CFF Fonts
- Previously, Oracle JDK 8 did not include OpenType CFF fonts (.otf fonts) into the standard logical fonts (such as “Dialog” and “SansSerif”). This resulted in missing glyphs when rendering text. In the most extreme cases where only CFF fonts were installed on the system, a Java exception could be thrown.
- Several Linux distributions were affected by this issue because they rely on CFF fonts to support some languages, which is common for CJK (Chinese, Japanese, and Korean) languages.
- Oracle JDK 8 now uses these CFF fonts, and this issue has been resolved.
Better Serial Filter Handling
- The jdk.serialFilter system property can only be set on the command line. If the filter has not been set on the command line, it can be set can be set with java.io.ObjectInputFilter.Config.setSerialFilter. Setting the jdk.serialFilter with java.lang.System.setProperty has no effect.
If you are looking for previous Java versions here are the links to download: