Changelog:
7.0.72: http://www.oracle.com/technetwork/java/javase/7u72-relnotes-2296190.html
Instructions to disable SSL v3.0 in Oracle JDK and JRE
Oracle recommends that users and developers disable use of the SSLv3 protocol. Please follow the Instructions to disable SSL v3.0 in Oracle JDK and JRE.
Change in javax.smartcardio.Card.disconnect(boolean reset) method behavior
Prior to the JDK 8u20 and JDK 7u72 releases, the javax.smartcardio.Card.disconnect(boolean reset) method had inverted logic for the 'reset' boolean value passed to it. The card was reset upon a disconnect if false was passed to it and vice versa. Starting with JDK 7u72 and JDK 8u20, the correct behavior as per API documentation has been implemented.
In order to provide backwards compatibility to users who rely on the old behavior, a new system property has been introduced. The following command-line option can be used to enforce the old broken behavior:
-Dsun.security.smartcardio.invertCardReset=true
This property is set by default for 7u72 and later JDK 7 update releases. By default, no behavioral change will be noticed in this area for JDK 7 update releases.
Also the following command-line option can be used to enforce the new correct behavior:
-Dsun.security.smartcardio.invertCardReset=false
This is default for 8u20 and later JDK 8 update releases. In future Java releases, the property will be ignored/disabled and default disconnect method behavior will be as specified by API.
Bug Fixes
This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 7u72 Bug Fixes page.
Area: security-libs/javax.net.ssl
Synopsis: Decrease the preference mode of RC4 in the enabled cipher suite list
This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider.
See JDK-8043832 (not public).
From: http://www.oracle.com/technetwork/java/javase/2col/7u72-bugfixes-2298229.html
Bug Id Category Subcategory Description
8036022 client-libs 2d D3D: rendering with XOR composite causes InternalError.
8019623 client-libs java.awt Lack of synchronization in AppContext.getAppContext()
8024061 client-libs java.awt Exception thrown when drag and drop between two components is executed quickly
8028617 client-libs java.awt Dvorak keyboard mapping not honored when ctrl key pressed
8016545 client-libs java.beans java.beans.XMLEncoder.writeObject output is wrong
8036819 client-libs javax.accessibility JAB: mneumonics not read for textboxes
8036983 client-libs javax.accessibility JAB:Multiselection Ctrl+CursorUp/Down and ActivateDescenderPropertyChanged event
8028616 client-libs javax.swing Htmleditorkit parser doesn't handle leading slash (/)
8032872 client-libs javax.swing [macosx] Cannot select from JComboBox in a JWindow
8032874 client-libs javax.swing ArrayIndexOutOfBoundsException in JTable while clearing data in JTable
8032878 client-libs javax.swing Editable combos in table do not behave as expected
8041451 core-libs javax.naming com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
8042857 core-libs javax.naming 14 stuck threads waiting for notification on LDAPRequest
7142035 core-svc java.lang.instrument assert in j.l.instrument agents during shutdown when daemon thread is running
8028623 core-svc tools SA: hash codes in SymbolTable mismatching java_lang_String::hash_code for extended characters.
8028619 deploy deployment_toolkit Display issue of java control panel in ko and ja locale
8031490 deploy deployment_toolkit Broken Java SE 7 jnlp samples (app2 and app3)
8038463 deploy deployment_toolkit Java Control Panel doesn't display correctly in high resolution
8025051 globalization locale-data Update resource files for TimeZone display names
8039298 hotspot compiler C2: assert(base == NULL || t_adr->isa_rawptr() || !phase->type(base)->higher_equal(TypePtr::NULL_PTR)) failed: NULL+offs not RAW address?
8038925 hotspot gc Java with G1 crashes in dump_instance_fields using jmap or jcmd without fullgc
8019324 hotspot runtime assert(_f2 == 0 || _f2 == f2) failed: illegal field change
8031290 hotspot runtime Adjust call to getisax() for additional words returned
8033696 hotspot runtime "assert(thread != NULL) failed: just checking" due to Thread::current() and JNI pthread interaction
8051012 hotspot runtime Regression in verifier for <init> method call from inside of a branch
8021804 security-libs java.security Certpath validation fails if validity period of root cert does not include validity period of intermediate cert
8050158 security-libs javax.net.ssl Introduce system property to maintain RC4 preference order
7047033 security-libs javax.smartcardio (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true
7195480 security-libs javax.smartcardio javax.smartcardio does not detect cards on Mac OS X
8039319 security-libs javax.smartcardio (smartcardio) Card.transmitControlCommand() does not work on Mac OS X
8043507 security-libs javax.smartcardio (smartcardio) javax.smartcardio.CardTerminals.list() fails on MacOSX
8046343 security-libs javax.smartcardio (smartcardio) CardTerminal.connect('direct') does not work on MacOSX
8049250 security-libs javax.smartcardio (smartcardio) Need a flag to invert the Card.disconnect(reset) argument
8036709 tools jar Java 7 jarsigner displays warning about cert policy tree
8033113 xml jax-ws wsimport fails on WSDL:header parameter name customization
8029837 xml jaxp NPE seen in XMLDocumentFragmentScannerImpl.setProperty since 7u40b33
7.0.71:
From: http://www.oracle.com/technetwork/java/javase/2col/7u71-bugfixes-2298226.html
Bug Id Category Subcategory Description
8032788 client-libs java.awt ImageIcon constructor throws an NPE and hangs when passed a null String parameter
8057184 client-libs javax.swing JCK8's api/javax_swing/JDesktopPane/descriptions.html#getset failed with GTKLookAndFeel on Linux and Solaris run v.s. JDK8+
8001105 core-libs java.lang.invoke findVirtual of Object[].clone produces internal error
8031502 core-libs java.lang.invoke JSR292: IncompatibleClassChangeError in LambdaForm for CharSequence.toString() method handle type converter
8027821 deploy For signed jars without manifest "Permissions", there is still security warning dialog before Application Error (Or blocked) Dialog.
8054904 deploy webstart Webstart cache path error for Java >= 7u65
8032883 deploy plugin java.lang.UnsupportedClassVersionError occurs while accessing an applet
8036620 deploy plugin JAR file is downloaded on DownloadService.removeResource, if it is not in Deployment Cache
8040786 deploy plugin Text is truncated in JavaScript to Java security warning dialog on OS X
8043478 deploy plugin Oracle Linux 5.x: Expired JRE disabled in the browser automatically and no native dialog prompting for the JRE update
8025726 deploy webstart Certificate rule in DRS does not work for Java Web Start app when caching is turned off
8051891 deploy webstart SWT cannot load native look&feel
8050485 hotspot runtime super() in a try block in a ctor may need to cause VerifyError
8027686 install Fail to install on MacOS 10.10
7160837 security-libs javax.crypto DigestOutputStream does not turn off digest calculation when "close()" is called
8028627 security-libs javax.crypto Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings
8012026 client-libs java.awt [macosx] Component.getMousePosition() does not work in an applet on MacOS
8032078 client-libs java.awt [macosx] CPlatformWindow.setWindowState throws RuntimeException, if windowState=ICONIFIED:MAXIMIZED_BOTH
8032961 client-libs java.awt A JTextField of an applet loses the abillity to receive the focus under certain circumstances.
8032669 client-libs javax.swing Mouse release not being delivered to Swing component in 7u45
7122142 core-libs java.lang (ann) Race condition between isAnnotationPresent and getAnnotations
8005232 core-libs java.lang (JEP-149) Class Instance size reduction
7185456 core-libs java.lang.reflect (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotationsC
8015421 core-libs java.net NegativeArraySizeException occurs in ChunkedOutputStream() with Integer.MAX_VALUE
8021372 core-libs java.net NetworkInterface.getNetworkInterfaces() returns duplicate hardware address
8009764 deploy webstart Java Web Start app run on Java SE 8 b79 shows "trust level" SecurityExceptions
7094099 deploy plugin DropDown List of JComboBox detached
6653795 hotspot compiler C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems
8027359 xml jaxp XML parser returns incorrect parsing results
8032909 xml jaxp XSLT string-length returns incorrect length when string includes complementary chars
* PLIST.linux-i386 and PLIST.linux-x86_64 are confirmed.
Changelog: http://www.oracle.com/technetwork/java/javase/7u60-relnotes-2200106.html
Java SE Development Kit 7, Update 60 (JDK 7u60)
The full version string for this update release is 1.7.0_60-b19 (where "b" means "build"). The version number is 7u60.
Highlights
This update release contains several enhancements and changes including the following:
Java Mission Control
New Features and Changes
IANA Data 2014b
JDK 7u60 contains IANA time zone data version 2014b. For more information, refer to Timezone Data Versions in the JRE Software.
JavaFX
This JDK release includes JavaFX version 2.2.60.
Java Mission Control
This JDK release includes Java Mission Control(JMC) version 5.3. For more information, see JMC 5.3 Release Notes.
New Features and Changes
Java ignores deployment.expiration.check.enabled property for first launch
If you have an older version of Java and expiration check is turned off through deployment.properties file, Java may ignore this property for first launch.
To ensure that expiration check is disabled, use the following Java Web Start command:
javaws -userConfig deployment.expiration.check.enabled false
If this property is changed in the deployment.properties file, open the Java Control Panel before starting an application to ensure that the native cache is synchronized with the file. For more information, see Deployment Configuration File and Properties.
New flags added to Java Management API
The flags MinHeapFreeRatio and MaxHeapFreeRatio have been made manageable. This means they can be changed at runtime using the management API in Java. Support for these flags have also been added to the ParallelGC as part of the adaptive size policy.
Bug Fixes
For a list of bug fixes included in this release, see JDK 7u60 Bug Fixes page.
The following are some of the notable bug fixes in this release:
Area: security-libs/java.security
Synopsis: Realm.getRealmsList returns realms list in wrong order
Java does not support the [capaths] section in krb5.conf correctly if there are more then one intermediate realm between the client realm and the server realm.
See 8012615.
Olson Data 2013h
JavaFX Release Notes
* JavaFX is now part of JDK. JDK 7u51 release includes JavaFX version 2.2.51.
New Features and Changes
* Jarsigner updated to encourage timestamping
* Changes to Security Slider
* Prompt users to clear previously remembered decisions
* Exception Site List
Bug Fixes
This release contains fixes for security vulnerabilities. For more information:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
