Java SE Development Kit 7 Update 51 Release Notes
To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of ‘unlimited’. See the notes in the java.security file shipping with this release for more information. JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. Update Release Notes summarize changes made in all Java SE 7 update releases. Note that bug fixes are cumulative, that is, bug fixes in previous update versions are included in subsequent update versions.
A new system property, “jdk.tls.ephemeralDHKeySize”, is defined to customize the ephemeral DH key sizes. This can be set to “legacy” if the older JDK behavior (DH keysize of 768 bits) is desired. In the java.security file, an additional constraint named jdkCA is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only java 7 certifications if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property.
Java 8 updates
This option allows control of which implementation of ECC is in use. This change removes obsolete NIST EC curves from the default Named Groups used during TLS negotiation. The curves removed are sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, and secp256k1. As documented in the Java SE Support Roadmap, JavaFX is not supported in JDK 7 after July 2019. Several Linux distributions were affected by this issue because they rely on CFF fonts to support some languages, which is common for CJK (Chinese, Japanese, and Korean) languages.
For a list of bug fixes included in this release, see JDK 7u80 Bug Fixes page. The full version string for this update release https://remotemode.net/ is 1.7.0_80-b15 (where “b” means “build”). For a list of bug fixes included in this release, see JDK 7u51 Bug Fixes page.
Java™ SE Development Kit 7, Update 331 (JDK 7u
The default maximum size of the CodeCache on most of the platforms is 48M. TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced.
- Any disabled mechanism will be ignored if it is specified in the mechanisms argument of Sasl.createSaslClient or the mechanism argument of Sasl.createSaslServer.
- The SHA224withDSA and SHA256withDSA algorithms are now supported in the TLS 1.2 “signature_algorithms” extension in the SunJSSE provider.
- This system property will only have impact from the JDK 7u101 and JDK 6u115 releases.
- A new security property named jceks.key.serialFilter has been introduced.
- To enable unlimited cryptography, one can use the new crypto.policy Security property.
- This release of Java SE 7u4 includes 64-bit JDK support for Mac OS X Lion and above.
- “The security strength of SHA1 digest algorithm is not sufficient for this key size.”
- To restore the named curves, remove the include jdk.disabled.namedCurves either from specific or from all disabledAlgorithms security properties.
