Java Runtime Environment 8

Java Runtime Environment 8 Update 361

Changes in Java SE 8u361 b31​

Bug Fixes​

BugIdCategorySubcategorySummary
JDK-8205959core-libsjava.netDo not restart close if errno is EINTR
JDK-8280890security-libsjava.securityCannot use '-Djava.system.class.loader' with class loader in signed JAR
JDK-8299628 (Confidential)javafxgraphicsBMP top-down images fail to load after JDK-8289336
JDK-8297804core-libsjava.time(tz) Update Timezone Data to 2022g

Java™ SE Development Kit 8, Update 361 (JDK 8u361)​

January 17, 2023
The full version string for this update release is 8u361-b09 (where "b" means "build"). The version number is 8u361.

IANA TZ Data 2022d, 2022e, 2022f​

JDK 8u361 contains IANA time zone data 2022d, 2022e, 2022f.
  • Palestine transitions are now Saturdays at 02:00.
  • Simplify three Ukraine zones into one.
  • Jordan and Syria switch from +02/+03 with DST to year-round +03.
  • Mexico will no longer observe DST except near the US border.
  • Chihuahua moves to year-round -06 on 2022-10-30.
  • Fiji no longer observes DST.
  • Move links to 'backward'.
  • In vanguard form, GMT is now a Zone and Etc/GMT a link.
  • zic now supports links to links, and vanguard form uses this.
  • Simplify four Ontario zones.
  • Fix a Y2438 bug when reading TZif data.
  • Enable 64-bit time_t on 32-bit glibc platforms.
  • Omit large-file support when no longer needed.
  • In C code, use some C23 features if available.
  • Remove no-longer-needed workaround for Qt bug 53071.
For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u361 are specified in the following table:

JRE Family VersionJRE Security Baseline (Full Version String)
88u361-b09

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u361) be used after the next critical patch update scheduled for April 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u361) on 2023-05-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features​

security-libs/java.security
Support for RSASSA-PSS in OCSP Response (JDK-8274471)

An OCSP response signed with the RSASSA-PSS algorithm is now supported.


Other Notes​


javafx/fxml
FXML JavaScript Engine Disabled by Default (JDK-8294779 (not public))

The “JavaScript script engine” for FXML is now disabled by default. Any .fxml file that has a "javascript" Processing Instruction (PI) will no longer load by default, and an exception will be thrown.
It can be enabled by setting the system property: -Djavafx.allowjs=true

core-libs/java.lang
Incorrect Handling of Quoted Arguments in ProcessBuilder (JDK-8282008)

ProcessBuilder on Windows is restored to address a regression caused by JDK-8250568. Previously, an argument to ProcessBuilder that started with a double-quote and ended with a backslash followed by a double-quote was passed to a command incorrectly and may cause the command to fail. For example the argument "C:\\Program Files\", would be seen by the command with extra double-quotes. This update restores the long standing behavior that does not treat the backslash before the final double-quote specially.

core-libs/java.net
Make HttpURLConnection Default Keep Alive Timeout Configurable (JDK-8278067)

Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server and http.keepAlive.time.proxy respectively. More information about them can be found in Networking Properties.

tools/visualvm
VisualVM tool no longer bundled (JDK-8294184)

This version of the JDK no longer includes a copy of Java VisualVM. VisualVM is now available as a separate download from https://visualvm.github.io.
other-libs/corba
CORBA _DynAnyFactoryStub readObject Accepts Only Stringified ior in IOR: URI format (JDK-8285021 (not public))

The readObject method of _DynAnyFactoryStub has been amended, such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format, only. As DynAnyFactory is a locally or ORB constrained type, it is not useful that serialized data should contain corbaname or corbaloc URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to a DynAnyFactory IOR, as such, using a corbaname to reference an instance of DynAnyFactory is not meaningful.
A system property is introduced, org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck, which when set to true, will revert the _DynAnyFactoryStub::readObject to its current behavior and bypass the additional IOR checks.

Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u361 release:
#BugIdComponentSummary
1JDK-8240756client-libs/2d[macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
2JDK-8212677client-libs/java.awtX11 default visual support for IM status window on VNC
3JDK-8231445client-libs/java.awtcheck ZALLOC return values in awt coding
4JDK-8284033client-libs/java.awtLeak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
5JDK-8277497client-libs/javax.accessibilityLast column cell in the JTable row is read as empty cell
6JDK-8280950core-libs/java.utilRandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
7JDK-8281183core-libs/java.utilRandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
8JDK-8294307core-libs/java.util:i18nISO 4217 Amendment 173 Update
9JDK-8215571core-svc/debuggerjdb does not include jdk.* in the default class filter
10JDK-8197387core-svc/toolsjcmd started by "root" must be allowed to access all VM processes
11JDK-8294294docs/guidesDocument jdk.xml.xpathExprGrpLimit, jdk.xml.xpathExprOpLimit, and jdk.xml.xpathTotalOpLimit in the JAXP Security Guide
12JDK-8145458docs/hotspotJDK 8 man page incorrectly states -XX:ThreadStackSize=size sets the thread stack size (in bytes).
13JDK-8217359hotspot/compilerC2 compiler triggers SIGSEGV after transformation in ConvI2LNode::Ideal
14JDK-8255058hotspot/compilerC1: assert(is_virtual()) failed: type check
15JDK-8253816hotspot/compilerSupport macOS W^X
16JDK-8253795hotspot/compilerImplementation of JEP 391: macOS/AArch64 Port
17JDK-8168712hotspot/compiler[AOT] assert(false) failed: DEBUG MESSAGE: InterpreterMacroAssembler::call_VM_base: last_sp != NULL
18JDK-8261336hotspot/compilerIGV: enhance default filters
19JDK-8253817hotspot/runtimeSupport macOS Aarch64 ABI in Interpreter
20JDK-8200109hotspot/runtimeNMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type")
21JDK-8238676hotspot/runtimejni crashes on accessing it from process exit hook
22JDK-8230305hotspot/runtimeCgroups v2: Container awareness
23JDK-8027429hotspot/runtimeAdd diagnostic command VM.info to get hs_err print-out
24JDK-8253714hotspot/runtime[cgroups v2] Soft memory limit incorrectly using memory.high
25JDK-8253727hotspot/runtime[cgroups v2] Memory and swap limits reported incorrectly
26JDK-8255716hotspot/runtimeAArch64: Regression: JVM crashes if manually offline a core
27JDK-8281181hotspot/runtimeDo not use CPU Shares to compute active processor count
28JDK-8191846hotspot/svcjstat prints debug message when debugging is disabled
29JDK-8038392hotspot/svcGenerating prelink cache breaks JAVA 'jinfo' utility normal behaviour
30JDK-8087557javafx/accessibility[Win] [Accessibility, Dialogs] Alert Dialog content is not fully read by Screen Reader
31JDK-8284281javafx/accessibility[Accessibility] [Win] [Narrator] Exceptions with TextArea & TextField when deleted last char
32JDK-8291087javafx/accessibilityWrong position of focus of screen reader on Windows with screen scale > 1
33JDK-8293795javafx/accessibility[Accessibility] [Win] [Narrator] Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField
34JDK-8289542javafx/graphicsUpdate JPEG Image Decoding Software to 9e
35JDK-8293971javafx/mediaLoading new Media from resources can sometimes fail when loading from FXML
36JDK-8289541javafx/webUpdate ICU4C to 71.1
37JDK-8257722security-libs/java.securityImprove "keytool -printcert -jarfile" output
38JDK-8273553security-libs/javax.net.sslsun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
October 18, 2022

The full version string for this update release is 8u351-b10 (where "b" means "build"). The version number is 8u351.



IANA TZ Data 2022b, 2022c​

JDK 8u351 contains IANA time zone data 2022b, 2022c.

  • Chile's DST is delayed by a week in September 2022.
  • Iran no longer observes DST after 2022.
  • Rename Europe/Kiev to Europe/Kyiv.
  • New zic -R option
  • Vanguard form now uses %z.
  • Finish moving duplicate-since-1970 zones to 'backzone'.
  • New build option PACKRATLIST.
  • New tailored_tarballs target, replacing rearguard_tarballs.
  • Work around awk bug in FreeBSD, macOS, etc.
  • Improve tzselect on intercontinental Zones.
For more information, refer to Timezone Data Versions in the Java Runtime.




Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u351 are specified in the following table:


JRE Family VersionJRE Security Baseline (Full Version String)
88u351-b10
77u361-b08

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u351) be used after the next critical patch update scheduled for January 17, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u351) on 2023-02-17. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features​

security-libs/java.security
Upgrade the Default PKCS12 MAC Algorithm (JDK-8267880)

The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.
For compatibility, use the keystore.pkcs12.legacy system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

hotspot/runtime
os::set_native_thread_name() cleanups (JDK-7102541)

On platforms that support the concept of a thread name on their native threads, the java.lang.Thread.setName() method will also set that native thread name. However, this will only occur when called by the current thread, and only for threads started through the java.lang.Thread class (not for native threads that have attached via JNI). The presence of a native thread name can be useful for debugging and monitoring purposes. Some platforms may limit the native thread name to a length much shorter than that used by the java.lang.Thread, which may result in some threads having the same native name.


Other Notes​


install/install
Enable Java Access Bridge Check Box Option in Control Panel Is Not Available with JDK 11 Installer (JDK-8208637)

The Java Access Bridge checkbox in the Windows Control Panel is not available in JDK11. This registration was part of the public JRE installation.
However, Java Access Bridge can still be enabled and disabled by following these steps:
  1. Copy %JAVAHOME%\bin\windowsaccessbridge-64.dll to %WINDOWSHOME%\SYSTEM32. A reboot might be required after this step.
  2. Run %JAVAHOME%\bin\jabswitch /enable and %JAVAHOME%\bin\jabswitch /disable.
Note: %WINDOWSHOME% is the directory where Microsoft Windows is installed (for example, C:\WINDOWS) %JAVAHOME% is the directory where your JDK is installed (for example, C:\Program Files\Java\jdk-11)

security-libs/java.security
Disabled SHA-1 Signed JARs (JDK-8269039)

JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.
To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
  • Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.
This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.
For example:
- Signed by "CN="Signer""

Digest algorithm: SHA-1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 2048-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01


JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.
Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.

security-libs/org.ietf.jgss:krb5
Deprecate 3DES and RC4 in Kerberos (JDK-8139348)

The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.

core-libs/java.lang
Phantom references are automatically cleared as soft and weak references (JDK-8071507)

This enhancement changes phantom references to be automatically cleared by the garbage collector as soft and weak references.
An object becomes phantom reachable after it has been finalized. This change may cause the phantom reachable objects to be GC'ed earlier - previously the referent is kept alive until PhantomReference objects are GC'ed or cleared by the application. This potential behavioral change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap.

core-libs/java.lang
java.lang.ref.Reference.enqueue method clears the reference object before enqueuing (JDK-8175797)

java.lang.ref.Reference.enqueue method clears the reference object before it is added to the registered queue. When the enqueue method is called, the reference object is cleared and get() method will return null in JDK 9.
Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the clear method to avoid memory leak because its referent is no longer referenced. In other words the get method is expected not to be called in common cases once the enqueuemethod is called. In the case when the get method from an enqueued reference object and existing code attempts to access members of the referent, NullPointerException may be thrown. Such code will need to be updated.

core-libs/java.lang
java.lang.ref.Reference Does Not Support Cloning (JDK-8201793)

java.lang.ref.Reference::clone method always throws CloneNotSupportedException. Reference objects cannot be meaningfully cloned. To create a new Reference object, call the constructor to create a Reference object with the same referent and reference queue instead.


Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u351 Bug Fixes page.
July 19, 2022

The full version string for this update release is 8u341-b10 (where "b" means "build"). The version number is 8u341.



IANA TZ Data 2022a​

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u341 are specified in the following table:


JRE Family VersionJRE Security Baseline (Full Version String)
88u341-b10
77u351-b07

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u341) be used after the next critical patch update scheduled for October 18, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u341) on 2022-11-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


New Features​

core-libs/java.net
HTTPS Channel Binding Support for Java GSS/Kerberos

Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully as below:
jdk.https.negotiate.cbt (default: "never")
This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos or the Negotiate authentication scheme using Kerberos are employed over HTTPS with HttpsURLConnection. There are three possible settings:
  • "never". This is also the default value if the property is not set. In this case, CBTs are never sent.
  • "always". CBTs are sent for all Kerberos authentication attempts over HTTPS.
  • "domain:" Each domain in the list specifies destination host or hosts for which a CBT is sent. Domains can be single hosts like foo, or foo.com, or literal IP addresses as specified in RFC 2732, or wildcards like *.foo.com which matches all hosts under foo.com and its sub-domains. CBTs are not sent to any destinations that don't match one of the list entries
The channel binding tokens generated are of the type "tls-server-end-point" as defined in RFC 5929.

security-libs/javax.net.ssl
Enable TLSv1.3 by Default on JDK 8u for Client Roles

The TLSv1.3 implementation is available in JDK 8u from 8u261 and enabled by default for server roles but disabled by default for client roles. From this release onwards, TLSv1.3 is now also enabled by default for client roles. You can find more details in the Additional Information section of the Oracle JRE and JDK Cryptographic Roadmap.

Other Notes​

core-libs/java.net
Update java.net.InetAddress to Detect Ambiguous IPv4 Address Literals

The java.net.InetAddress class has been updated to strictly accept IPv4 address literals in decimal quad notation. The InetAddress class methods are updated to throw an java.net.UnknownHostException for invalid IPv4 address literals. To disable this check, the new "jdk.net.allowAmbiguousIPAddressLiterals" system property can be set to "true".
See JDK-8277608 (not public)​
JDK Bundle Extensions Truncated When Downloading Using Firefox 102

On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like ".exe", ".rpm", ".deb". If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
  • manually add a file extension to the file name after download.
  • use a different browser

See JDK-8277093​
core-libs/java.io:serialization
Vector Should Throw ClassNotFoundException for a Missing Class of an Element

java.util.Vector is updated to correctly report ClassNotFoundException that occurs during deserialization using java.io. ObjectInputStream.GetField.get(name, object) when the class of an element of the Vector is not found. Without this fix, a StreamCorruptedException is thrown that does not provide information about the missing class.

core-libs/java.util.jar
Default JDK Compressor Will Be Closed when IOException Is Encountered

DeflaterOutputStream.close() and GZIPOutputStream.finish() methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry() method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.


Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u341 Bug Fixes page.
May 2, 2022

The full version string for this update release is 8u333-b02 (where "b" means "build"). The version number is 8u333.



IANA TZ Data 2022a​

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines​

The security baselines are unchanged from the release of JDK 8u331.


JRE Family VersionJRE Security Baseline (Full Version String)
88u331-b09
77u341-b08

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u333) be used after the next critical patch update scheduled for July 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u333) on 2022-08-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


Changes​


core-libs/java.io
New System Property to Disable Windows Alternate Data Stream Support in java.io.File

The Windows implementation of java.io.File allows access to NTFS Alternate Data Streams (ADS) by default. Such streams have a structure like “filename:streamname”. A system property jdk.io.File.enableADS has been added to control this behavior. To disable ADS support in java.io.File, the system property [jdk.io](http://jdk.io).File.enableADS should be set to false (case ignored). Stricter path checking however prevents the use of special devices such as NUL:


Bug Fixes​

This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
BugId
Category
Subcategory
Summary
JDK-8284920xmljavax.xml.pathIncorrect Token type causes XPath expression to return incorrect results
JDK-8284548xmljaxpInvalid XPath expression causes StringIndexOutOfBoundsException

Java™ SE Development Kit 8, Update 331 (JDK 8u331)​

April 19, 2022

The full version string for this update release is 8u331-b09 (where "b" means "build"). The version number is 8u331.



IANA TZ Data 2021e​

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u331 are specified in the following table:


JRE Family VersionJRE Security Baseline (Full Version String)
88u331-b09
77u341-b08

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u331) be used after the next critical patch update scheduled for July 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u331) on 2022-08-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.



New Features​

xml/jaxp
New XML Processing Limits
Three processing limits have been added. These are:
  • jdk.xml.xpathExprGrpLimit
Description: Limits the number of groups an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10.
  • jdk.xml.xpathExprOpLimit
Description: Limits the number of operators an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 100.
  • jdk.xml.xpathTotalOpLimit
Description: Limits the total number of XPath operators in an XSL Stylesheet.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10000.
Supported processors
  • jdk.xml.xpathExprGrpLimit and jdk.xml.xpathExprOpLimit are supported by the XPath processor.
  • All three limits are supported by the XSLT processor.
Setting properties
For the XSLT processor, the properties can be changed through the TransformerFactory. For example,
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");

For both the XPath and XSLT processors, the properties can be set through the system property and jaxp.properties configuration file located in the conf directory of the Java installation. For example,
System.setProperty("jdk.xml.xpathExprGrpLimit", "20");

or in the jaxp.properties file,
jdk.xml.xpathExprGrpLimit=20


There are two known issues:
  1. An XPath expression that contains a short form of the parent axis ".." can return incorrect results. See JDK-8284920 for details.
  2. An invalid XPath expression that ends with a relational operator such as ‘<’ ‘>’ and ‘=’ will cause the processor to erroneously throw StringIndexOutOfBoundsException instead of XPathExpressionException. See JDK-8284548 for details.
JDK-8270504 (not public)​

Other Notes​

security-libs/java.security
Only Expose Certificates With Proper Trust Settings as Trusted Certificate Entries in macOS KeychainStore
On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling the KeyStore::setCertificateEntry method or the keytool -importcert command on a KeychainStore keystore now fails with a KeyStoreException. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.
JDK-8278449 (not public)​


core-libs/javax.naming
The parsing of URLs in the LDAP, DNS, RMI and CORBA built-in JNDI providers as been made more strict. The strength of the parsing can be controlled by system properties:
The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers as been made more strict. The strength of the parsing can be controlled by system properties:
-Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control "ldap:" URLs)
-Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control "dns:" URLs)
-Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control "rmi:" URLs)
-Dcom.sun.jndi.corbaURLParsing="legacy" | "compat" | "strict" (to control "iiop:" and "iiopname:" URLs)

The default value is "compat" for all of them.
  • The "legacy" mode turns the new validation off.
  • The "compat" mode limits incompatibilities.
  • The "strict" mode is stricter and may cause regression by rejecting URLs that an application might consider as valid.
If an illegal URL string is found, a javax.naming.NamingException (or a subclass of it) is raised.
JDK-8278972 (not public)​


Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u331 Bug Fixes page.

Java™ SE Development Kit 8, Update 321 (JDK 8u321)​

January 18, 2022

The full version string for this update release is 8u321-b07 (where "b" means "build"). The version number is 8u321.



IANA TZ Data 2021b, 2021c, 2021d, 2021e​

JDK 8u321 contains IANA time zone data 2021b, 2021c, 2021d, 2021e.
  • Jordan now starts DST on February's last Thursday.
  • Samoa no longer observes DST.
  • Merge more location-based Zones whose timestamps agree since 1970.
  • Move some backward-compatibility links to 'backward'.
  • Rename Pacific/Enderbury to Pacific/Kanton.
  • Correct many pre-1993 transitions in Malawi, Portugal, etc.
  • zic now creates each output file or link atomically.
  • zic -L no longer omits the POSIX TZ string in its output.
  • zic fixes for truncation and leap second table expiration.
  • zic now follows POSIX for TZ strings using all-year DST.
  • Fix some localtime crashes and bugs in obscure cases.
  • zdump -v now outputs more-useful boundary cases.
  • tzfile.5 better matches a draft successor to RFC 8536.
  • A new file SECURITY.
  • Revert most 2021b changes to 'backward'.
  • Fix 'zic -b fat' bug in pre-1970 32-bit data.
  • Fix two Link line typos.
  • Distribute SECURITY file.
This release is intended as a bugfix release, to fix compatibility problems and typos reported since 2021b was released.
  • Fiji suspends DST for the 2021/2022 season.
  • 'zic -r' marks unspecified timestamps with "-00".
  • Palestine will fall back 10-29 (not 10-30) at 01:00.
For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u321 are specified in the following table:


JRE Family VersionJRE Security Baseline (Full Version String)
88u321-b07
77u331-b06

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u321) be used after the next critical patch update scheduled for April 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u321) on 2022-05-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features​

security-libs/javax.crypto: pkcs11
New SunPKCS11 Configuration Properties
SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy the underlying PKCS11 Token after logout.
The 3 new attributes for SunPKCS11 provider configuration file are:
  1. destroyTokenAfterLogout (boolean, defaults to false)
    If set to true, when java.security.AuthProvider.logout() is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that a PKCS11 provider with this attribute set to true should not be added to the system provider list since the provider object is not usable after a logout() method call.
  2. cleaner.shortInterval (integer, defaults to 2000, in milliseconds)
    This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).
  3. cleaner.longInterval (integer, defaults to 60000, in milliseconds)
    This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.



Removed Features and Options​

security-libs/java.security
Removed Google's GlobalSign Root Certificate
The following root certificate from Google has been removed from the cacerts keystore:
+ alias name "globalsignr2ca [jdk]"
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2




Other Notes​


core-libs/java.time
Update Timezone Data to 2021c
IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b


Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u321 Bug Fixes page.

Java™ SE Development Kit 8, Update 311 (JDK 8u311)​

October 19, 2021

The full version string for this update release is 8u311-b11 (where "b" means "build"). The version number is 8u311.



IANA TZ Data 2021a​

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines​

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u311 are specified in the following table:


JRE Family VersionJRE Security Baseline (Full Version String)
88u311-b11
77u321-b08

Keeping the JDK up to Date​

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u311) be used after the next critical patch update scheduled for January 18, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u311) on 2022-02-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features​

client-libs/2d
Marlin Renderer in JDK 8u
Starting from version 8u311, the Marlin graphics rasterizer and its artifacts will be built and distributed as a part of the JDK/JRE bundles. It is not the default rendering engine, however there is an option to enable it by setting the following system property:
sun.java2d.renderer=sun.java2d.marlin.MarlinRenderingEngine


core-libs/java.io:serialization
Context-specific Deserialization Filter Subset
Allow applications to configure context-specific and dynamically-selected deserialization filters via a JVM-wide filter factory that is invoked to select a filter for each deserialization stream. The behavior is a strict subset of JEP 415: Context-Specific Deserialization Filters to allow a filter factory to be configured using a property configured on the command line or in the security properties file.
The behavior is opt-in based on the presence of the jdk.serialFilterFactory system property on the command line or the jdk.serialFilterFactory security property. If set, the JVM-wide filter factory selects the filter for each stream when the stream is constructed and when a stream-specific filter is set.
The JVM-wide filter factory is a java.util.function.BinaryOperator<sun.misc.ObjectInputFilter> function invoked when each ObjectInputStream is constructed and when the stream-specific filter is set using sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter). The parameters are the current filter and a requested filter and the function returns the filter to be used for the stream. When invoked from the ObjectInputStream constructors, the first parameter is null and the second parameter is the static JVM-wide filter. When invoked from sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter), the first parameter is the filter currently set on the stream (which was set in the constructor), and the second parameter is the filter requested.
A typical filter factory should use or merge the static JVM-wide filter with other application and context specific filters and the stream-specific filter, if one is set on the stream. The filter factory implementation can also use any contextual information at its disposal, for example, extracted from the application thread context, or its call stack, to compose and combine a new filter. It is not restricted to only use its two parameters.
Refer to Context-Specific Deserialization Filter and Serialization Filtering Guide for details.
JDK-8268680 (not public)​

Removed Features and Options​

security-libs/java.security
Removed IdenTrust Root Certificate
The following root certificate from IdenTrust has been removed from the cacerts keystore:
+ alias name "identrustdstx3 [jdk]"
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.


Other Notes​

core-libs/java.lang
Release Doesn't Correctly Recognize Windows 11
This release doesn't correctly identify Windows 11. The property os.name is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.


security-libs/javax.net.ssl
Updated the Default Enabled Cipher Suites Preference
The default priority order of the cipher suites for TLS 1.0 to TLS 1.3 has been adjusted.
For TLS 1.3, TLS_AES_256_GCM_SHA384 is now preferred over TLS_AES_128_GCM_SHA256.
For TLS 1.0 to TLS 1.2, some of the intermediate suites have been lowered in priority as follows:
  • Cipher suites that do not preserve forward secrecy have been moved lower in priority than those that do support forward secrecy.
  • Cipher suites that use SHA-1 have been moved lower in priority.


core-libs/java.net
Modified HttpURLConnection Behavior When a Suitable Proxy Is Not Found
The behavior of HttpURLConnection when using ProxySelector has been modified in this JDK release. HttpURLConnection used to fall back to a direct connection attempt if the configured proxy(s) failed to make a connection. Beginning with this release, the default behavior has been changed to no longer use a direct connection when the first proxy connection attempt fails.
A new system property, sun.net.http.fallbackToDirect, can be set to a value of "true" should an application need to fall back to the old behavior (fall back to a direct connection when the first proxy connection attempt fails).


core-libs/javax.naming
System Property to Control Reconstruction of Reference Address Objects by JDK's Built-in JNDI LDAP Implementation
The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData and javaReferenceAddress LDAP attributes.
To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed.
JDK-8267712 (not public)​


hotspot/runtime
Release Doesn't Correctly Recognize Windows Server
This release doesn't correctly identify Windows Server. The property os.name is set to Windows 2019 on Windows Server 2022. In HotSpot error logs, the OS is identified as Windows 10.0 for Windows Server releases 2016, 2019, and 2022; however, the HotSpot error log does show the Build number. Windows Server 2016 has Build 14393 or above, Windows Server 2019 has Build 17763 or above, and Windows Server 2022 has Build 20348 or above.


security-libs/javax.crypto: pkcs11
SunPKCS11 Initialization With NSS When External FIPS Modules Are in Security Modules Database
The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module".
This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.


Bug Fixes​

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u311 Bug Fixes page.
Releasedatum: 20. Juli 2021

Releasehauptmerkmale​

  • IANA TZ Data 2021a.
    JDK 8u301 enthält Version 2021a der IANA-Zeitzonendaten. Weitere Informationen finden Sie unter Timezone Data Versions in the JRE Software.
  • Neues Feature: Anpassung der PKCS12-Keystore-Generierung
    Neue System- und Sicherheitseigenschaften wurden hinzugefügt, damit Benutzer die Generierung von PKCS12-Keystores anpassen können. Diese umfassen Algorithmen und Parameter für Schlüsselschutz, Zertifikatsschutz und MacData. Sie finden die detaillierte Erläuterung und die möglichen Werte für diese Eigenschaften im Abschnitt "PKCS12 KeyStore properties" der Datei java.security.
    Siehe JDK-8076190
  • Entfernte Features und Optionen: Root-Zertifikate mit 1024-Bit-Schlüsseln wurden entfernt
    Root-Zertifikate mit schwachen 1024-Bit-RSA-Public Keys wurden aus dem cacerts-Keystore entfernt.
    Siehe JDK-8243559
  • Entfernte Features und Optionen: Sonera Class2 CA-Zertifikat von Telia Company wurde entfernt
    Das folgende Root-Zertifikat wurde aus dem cacerts-Truststore entfernt:
    + Telia Company
    + soneraclass2ca
    DN: CN=Sonera Class2 CA, O=Sonera, C=FI
    Siehe JDK-8225081
  • Andere Hinweise: Die standardmäßigen PKCS12-Verschlüsselungsalgorithmen wurden upgegradet
    Die standardmäßigen Verschlüsselungsalgorithmen in einem PKCS12-Keystore wurden aktualisiert. Die neuen Algorithmen basieren auf AES-256 und SHA-256. Sie sind stärker als die alten Algorithmen, die auf RC2, DESede und SHA-1 basierten. Detaillierte Informationen dazu finden Sie unter den Sicherheitseigenschaften, die mit keystore.pkcs12 beginnen, in der Datei java.security.
    Zur Kompatibilität wird die neue Systemeigenschaft keystore.pkcs12.legacy definiert, die die Algorithmen auf die älteren, schwächeren Versionen zurücksetzt. Für diese Eigenschaft ist kein Wert definiert.
    Siehe JDK-8153005

Releasedatum: 30. März 2021​


Releasehauptmerkmale​

  • IANA-Zeitzonendaten der Versionen 2020e, 2020f, 2021a.
    JDK 8u291 enthält IANA-Zeitzonendaten der Versionen 2020e, 2020f, 2021a. Weitere Informationen finden Sie unter Timezone Data Versions in the JRE Software.
  • Weitere Hinweise: Neue System- und Sicherheitseigenschaften zur Steuerung der Neuerstellung von Remoteobjekten durch die integrierten JNDI-RMI- und -LDAP-Implementierungen des JDK
    jdk.jndi.object.factoriesFilter: Mit dieser System- und Sicherheitseigenschaft kann ein serieller Filter zur Steuerung des Sets von Objekt-Factory-Klassen angegeben werden, die Objekte aus Objektreferenzen instanziieren dürfen, die von Naming-/Directory-Systemen zurückgegeben werden. Die von der Referenzinstanz benannte Factory-Klasse wird bei der Neuerstellung der Remotereferenz mit diesem Filter abgeglichen. Die Filtereigenschaft unterstützt die musterbasierte Filtersyntax mit dem von JEP 290 angegebenen Format. Diese Eigenschaft gilt für die integrierten Providerimplementierungen von JNDI/RMI und JNDI/LDAP gleichermaßen. Der Standardwert ermöglicht einer beliebigen in der Referenz angegebenen Objekt-Factory-Klasse das Neuerstellen des referenzierten Objekts.
    JDK-8244473 (nicht öffentlich)
  • Weitere Hinweise: Die Java-Standardversion wird nicht für eine JAR-Ausführung per Doppelklick aktualisiert
    Wenn die PATH-Umgebungsvariable einen Datensatz enthält, der von Oracle JDK-Installationsprogrammen aus neueren Releases konfiguriert wurde, fügt das Oracle JRE-Installationsprogramm den Pfad zu dem Verzeichnis, das die Java-Befehle (java.exe, javaw.exe und javaws.exe) enthält, in der PATH-Umgebungsvariablen nach diesem Datensatz ein. Zuvor ignorierte das Oracle JRE-Installationsprogramm Änderungen, die von Oracle JDK-Installationsprogrammen aus neueren Releases an der PATH-Umgebungsvariablen vorgenommen wurden, und aktualisierte den Wert der PATH-Umgebungsvariablen nicht korrekt. Weitere technische Informationen finden Sie im folgenden CSR: https://bugs.openjdk.java.net/browse/JDK-8259858
    Siehe JDK-8259215
  • Weitere Hinweise: TLS 1.0 und 1.1 deaktivieren
    TLS 1.0 und 1.1 sind Versionen des TLS-Protokolls, die nicht mehr als sicher erachtet werden und durch sicherere und modernere Versionen (TLS 1.2 und 1.3) ersetzt wurden.
    Diese Versionen wurden jetzt standardmäßig deaktiviert. Wenn Probleme auftreten, können Sie auf eigenes Risiko die Versionen erneut aktivieren, indem Sie "TLSv1" und/oder "TLSv1.1" in der Konfigurationsdatei java.security aus der Sicherheitseigenschaft jdk.tls.disabledAlgorithms entfernen.
    Siehe JDK-8202343
  • Weitere Hinweise: TLS 1.0 und 1.1 für Java-Plug-in-Applets und Java Web Start-Anwendungen deaktivieren
    TLS 1.0 und 1.1 wurden deaktiviert. Diese Protokolle werden von Java-Plug-in-Applets und Java Web Start-Anwendungen nicht standardmäßig verwendet. Wenn Probleme auftreten, ist eine Option zur erneuten Aktivierung der Protokolle über das Java Control Panel verfügbar.
    JDK-8255892 (nicht öffentlich)

Releasedatum: 19. Januar 2021​


Releasehauptmerkmale​

  • IANA Data 2020d
    JDK 8u281 enthält Version 2020d der IANA-Zeitzonendaten. Weitere Informationen finden Sie unter Timezone Data Versions in the JRE Software.
  • Neues Feature: groupname -Option zum Schlüsselpaargenerierungs-Keytool hinzugefügt
    Eine neue -groupname-Option wurde zu keytool -genkeypair hinzugefügt, sodass Benutzer beim Generieren eines Schlüsselpaares eine benannte Gruppe angeben können. Beispiel: keytool -genkeypair -keyalg EC -groupname secp384r1 generiert ein EC-Schlüsselpaar unter Verwendung der secp384r1-Kurve. Da mehrere Kurven mit derselben Größe vorhanden sein können, wird die Verwendung der Option -groupname gegenüber der Option -keysize bevorzugt.
    Siehe JDK-8213400
  • Neues Feature: Apache Santuario Library-Update auf Version 2.1.4
    Die Apache Santuario Library wurde auf Version 2.1.4 aktualisiert. Dementsprechend wurde die neue Systemeigenschaft com.sun.org.apache.xml.internal.security.parser.pool-size eingeführt.
    Diese neue Systemeigenschaft legt die Poolgröße des internen DocumentBuilder-Cache fest, der beim Verarbeiten der XML-Signaturen verwendet wird. Die Funktion entspricht der in Apache Santuario verwendeten Systemeigenschaft org.apache.xml.security.parser.pool-size und hat denselben Standardwert (20).
    Siehe JDK-8231507
  • Neues Feature: Unterstützung für certificate_authorities-Erweiterung
    Die Erweiterung "certificate_authorities" ist eine in TLS 1.3 eingeführte optionale Erweiterung. Damit werden die Certificate Authoritys (CAs) angegeben, die ein Endpunkt unterstützt. Der empfangende Endpunkt muss diese bei der Auswahl des Zertifikats berücksichtigen.
    Siehe JDK-8206925
  • Weitere Hinweise: Properties.loadFromXML zwecks Übereinstimmung mit Spezifikation geändert
    Die Implementierung der java.util.Properties loadFromXML-Methode wurde geändert, um mit ihrer Spezifikation konform zu sein. Insbesondere lehnt die zugrunde liegende XML-Parserimplementierung jetzt nicht konforme XML-Dokumente durch Ausgabe einer InvalidPropertiesFormatException-Ausnahme ab, wie in der loadFromXML-Methode angegeben.
    Siehe JDK-8213325
  • Weitere Hinweise: US/Pacific-New-Zonenname im Rahmen von tzdata2020b entfernt.
    Im Rahmen des JDK-Updates auf tzdata2020b wurden die längst veralteten Dateien namens pacificnew und systemv entfernt. Daher kann die in der pacificnew-Datendatei deklarierte Zone namens "US/Pacific-New" nicht mehr verwendet werden.
    Siehe JDK-8254177
Zurück
Oben Unten