Upstream Changelog:
Security
gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Fixed
Fix#354: Signed Integer Overflow gd_io.c
Fix#340: System frozen
Fix OOB reads of the TGA decompression buffer
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Fix potential unsigned underflow
Fix double-free in gdImageWebPtr()
Fix invalid read in gdImageCreateFromTiffPtr()
Fix OOB reads of the TGA decompression buffer
Fix#68: gif: buffer underflow reported by AddressSanitizer
Avoid potentially dangerous signed to unsigned conversion
Fix#304: test suite failure in gif/bug00006 [2.2.3]
Fix#329: GD_BILINEAR_FIXED gdImageScale() can cause black border
Fix#330: Integer overflow in gdImageScaleBilinearPalette()
Fix 321: Null pointer dereferences in gdImageRotateInterpolated
Fix whitespace and add missing comment block
Fix#319: gdImageRotateInterpolated can have wrong background color
Fix color quantization documentation
Fix#309: gdImageGd2() writes wrong chunk sizes on boundaries
Fix#307: GD_QUANT_NEUQUANT fails to unset trueColor flag
Fix#300: gdImageClone() assigns res_y = res_x
Fix#299: Regression regarding gdImageRectangle() with gdImageSetThickness()
Replace GNU old-style field designators with C89 compatible initializers
Fix#297: gdImageCrop() converts palette image to truecolor image
Fix#290: TGA RLE decoding is broken
Fix unnecessary non NULL checks
Fix#289: Passing unrecognized formats to gdImageGd2 results in corrupted files
Fix#280: gdImageWebpEx() quantization parameter is a misnomer
Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx()
Fix issue #276: Sometimes pixels are missing when storing images as BMPs
Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts
Fix copy&paste error in gdImageScaleBicubicFixed()
Added
More documentation
Documentation on GD and GD2 formats
More tests
Tomcat 8.0.41 (violetagg)
Cluster
Add: Make the accessTimeout configurable in BackupManager. The accessTimeout is used as a timeout period for PING in replication map. (kfujino)
Web applications
Fix: Ensure the ASF logo image is displayed in host-manager. (violetagg)
not released Tomcat 8.0.40 (violetagg)
Catalina
Add: 53602: Add HTTP status code 451 (RFC 7725) to the list of HTTP status codes recognised by Tomcat. (markt)
Fix: 60446: Handle the case where the stored user credential uses a different key length than the length currently configured for the CredentialHandler. Based on a patch by Niklas Holm. (markt)
Fix: 60351: Delay creating META-INF/war-tracker file until after the WAR has been expanded to address the case where the Tomcat process terminates during the expansion. (markt)
Fix: Correctly handle the configClass attribute of a Host when embedding Tomcat. (markt)
Fix: 60379: Dispose of the GSS credential once it is no longer required. Patch provided by Michael Osipov. (markt)
Fix: 60380: Ensure that a call to HttpServletRequest#logout() triggers a call to TomcatPrincipal#logout(). Based on a patch by Michael Osipov. (markt)
Fix: 60387: Correct the javadoc for o.a.catalina.AccessLog.setRequestAttributesEnabled. The default value is different for the different implementations. (violetagg)
Code: 60393: Use consistent parameter naming in implementations of Realm#authenticate(GSSContext, boolean). (markt)
Fix: 60395: Log when an Authenticator passes an incomplete GSSContext to a Realm since it indicates a bug in the Authenticator. Patch provided by Michael Osipov. (markt)
Fix: Correctly generate URLs for resources located inside JARs that are themselves located inside a packed WAR file. (markt)
Fix: 60410: Ensure that multiple calls to JarInputStreamWrapper#close() do not incorrectly trigger the closure of the underlying JAR or WAR file. (markt)
Fix: 60411: Implement support in the RewriteValve for symbolic names to specify the redirect code to use when returning a redirect response to the user agent. Patch provided by Michael Osipov. (markt)
Fix: 60413: In the RewriteValve write empty capture groups as the empty string rather than as "null" when generating the re-written URL. Based on a patch by Michael Osipov. (markt)
Update: Update the warnings that reference required options for running on Java 9 to use the latest syntax for those options. (markt)
Fix: 60513: Fix thread safety issue with RMI cleanup code. (remm)
Coyote
Fix: Ensure that the endpoint is able to unlock the acceptor thread during shutdown if the endpoint is configured to listen to any local address of a specific type such as 0.0.0.0 or ::. (markt)
Fix: Prevent read time out when the file is deleted while serving the response. The issue was observed only with APR Connector and sendfile enabled. (violetagg)
Fix: Improve the logic that selects an address to use to unlock the Acceptor to take account of platforms what do not listen on all local addresses when configured with an address of 0.0.0.0 or ::. (markt)
Fix: 60409: When unable to complete sendfile request, ensure the Processor will be added to the cache only once. (markt/violetagg)
Jasper
Fix: 60431: Improve handling of varargs in UEL expressions. Based on a patch by Ben Wolfe. (markt)
Fix: 60497: Restore previous tag reuse behavior following the use of try/finally. (remm)
Fix: Improve the error handling for simple tags to ensure that the tag is released and destroyed once used. (remm)
Fix: 60497: Follow up fix using a better variable name for the tag reuse flag. (remm)
Fix: Revert use of try/finally for simple tags. (remm)
Web applications
Fix: Correct a typo in Host Configuration Reference. Issue reported via comments.apache.org. (violetagg)
Fix: 60344: Add a note to BUILDING.txt regarding using the source bundle with the correct line endings. (markt)
Fix: 60412: Add information on the comment syntax for the RewriteValve configuration. (markt)
Fix: 60467: remove problematic characters from XML documentation. Based upon a patch by Michael Osipov. (schultz)
Add: In the documentation web application, be explicit that clustering requires a secure network for all of the cluster network traffic. (markt)
Update: Update the ASF logos to the new versions.
Fix: 60468: Correct the format of the sample ISO-8601 date used to report the build date for the documentation. Patch provided by Michael Osipov. (markt)
Tribes
Fix: Reduce the warning logs for a message received from a different domain in order to avoid excessive log outputs. (kfujino)
Add: Add log message that PING message has received beyond the timeout period. (kfujino)
Fix: When a PING message that beyond the time-out period has been received, make sure that valid member is added to the map membership. (kfujino)
WebSocket
Fix: 60437: Avoid possible handshake overflows in the websocket client. (remm)
jdbc-pool
Add: 58816: Implement the statistics of jdbc-pool. The stats infos are borrowedCount, returnedCount, createdCount, releasedCount, reconnectedCount, releasedIdleCount and removeAbandonedCount. (kfujino)
Fix: 60194: If validationQuery is not specified, connection validation is done by calling the isValid() method. (kfujino)
Fix: 60398: Fix testcase of TestSlowQueryReport. (kfujino)
Add: Enable reset the statistics without restarting the pool. (kfujino)
Other
Fix: 60366: Change catalina.bat to use directly LOGGING_MANAGER and LOGGING_CONFIG variables in order to configure logging, instead of modifying JAVA_OPTS. Patch provided by Petter Isberg. (violetagg)
Add: New property is added test.verbose in order to control whether the output of the tests is displayed on the console or not. Patch provided by Emmanuel Bourg. (violetagg)
Update: Update the ASF logos used in the Apache Tomcat installer for Windows to use the new versions.
Fix: Spelling corrections provided by Josh Soref. (violetagg)
Junicode (short for Junius-Unicode) is a Unicode font for medievalists.
The current version is a beta; the selection of characters and the
arrangement of the Private Use Area are subject to change.
Junicode contains 3280 characters in the regular style (the italic,
bold and bold italic styles are less complete). These Unicode ranges
are either complete in the regular style or they contain substantial
numbers of glyphs (especially those of interest to medievalists).
Changes noted in doc/en/ReleaseNote:
ver 3.8.0
* Refactor source code and directory tree.
* Add "ssh_auto_reconnect" / --rcn option which enables automatic reconnecting to
ssh server in unexpected disconnection.
* Support libssh2 on Android.
* Add "start_with_local_pty" / --slp option which disables ssh connection dialog
on startup on Android.
* Support context menu (copy&paste, configuration etc) by long click on Android.
* Change library names.
libmkf => libmef, libkik => libpobl
libmlterm_core => libmlterm_coreotf (if open type layout is supported)
* Add --vsep=N and --hsep=N options (which split screen vertically or horizontally)
to mlclientx.
* libvte compatible library supports vte 0.40.0 or later.
* Bug fixes:
Fix the bug which 'mlcc exec hsplit [columns]' split screen by [columns - 1].
Fix the bug which disables dynamic change of options related to ctl such as
"bidi_mode" or etc. (Enbugged at 3.6.2)
Fix the bug which disabled "ButtonN" shortcut key if num_lock is on.
Fix segfault in resizing columns or rows on Android.
Fix the default value of termios.c_cc[VSTATUS]. (Thanks to Oshima Yasushi san)
fio is a tool that will spawn a number of threads or processes doing a
particular type of io action as specified by the user. fio takes a
number of global parameters, each inherited by the thread unless
otherwise parameters given to them overriding that setting is given.
The typical use of fio is to write a job file matching the io load
one wants to simulate.
=========================
Fixes since v2.11
-----------------
* The default Travis-CI configuration specifies newer P4 and GitLFS.
* The character width table has been updated to match Unicode 9.0
* Update the isatty() emulation for Windows by updating the previous
hack that depended on internals of (older) MSVC runtime.
* "git rev-parse --symbolic" failed with a more recent notation like
"HEAD^-1" and "HEAD^!".
* An empty directory in a working tree that can simply be nuked used
to interfere while merging or cherry-picking a change to create a
submodule directory there, which has been fixed..
* The code in "git push" to compute if any commit being pushed in the
superproject binds a commit in a submodule that hasn't been pushed
out was overly inefficient, making it unusable even for a small
project that does not have any submodule but have a reasonable
number of refs.
* "git push --dry-run --recurse-submodule=on-demand" wasn't
"--dry-run" in the submodules.
* The output from "git worktree list" was made in readdir() order,
and was unstable.
* mergetool.<tool>.trustExitCode configuration variable did not apply
to built-in tools, but now it does.
* "git p4" LFS support was broken when LFS stores an empty blob.
* Fix a corner case in merge-recursive regression that crept in
during 2.10 development cycle.
* Update the error messages from the dumb-http client when it fails
to obtain loose objects; we used to give sensible error message
only upon 404 but we now forbid unexpected redirects that needs to
be reported with something sensible.
* When diff.renames configuration is on (and with Git 2.9 and later,
it is enabled by default, which made it worse), "git stash"
misbehaved if a file is removed and another file with a very
similar content is added.
* "git diff --no-index" did not take "--no-abbrev" option.
* "git difftool --dir-diff" had a minor regression when started from
a subdirectory, which has been fixed.
* "git commit --allow-empty --only" (no pathspec) with dirty index
ought to be an acceptable way to create a new commit that does not
change any paths, but it was forbidden, perhaps because nobody
needed it so far.
* A pathname that begins with "//" or "\\" on Windows is special but
path normalization logic was unaware of it.
* "git pull --rebase", when there is no new commits on our side since
we forked from the upstream, should be able to fast-forward without
invoking "git rebase", but it didn't.
* The way to specify hotkeys to "xxdiff" that is used by "git
mergetool" has been modernized to match recent versions of xxdiff.
* Unlike "git am --abort", "git cherry-pick --abort" moved HEAD back
to where cherry-pick started while picking multiple changes, when
the cherry-pick stopped to ask for help from the user, and the user
did "git reset --hard" to a different commit in order to re-attempt
the operation.
* Code cleanup in shallow boundary computation.
* A recent update to receive-pack to make it easier to drop garbage
objects made it clear that GIT_ALTERNATE_OBJECT_DIRECTORIES cannot
have a pathname with a colon in it (no surprise!), and this in turn
made it impossible to push into a repository at such a path. This
has been fixed by introducing a quoting mechanism used when
appending such a path to the colon-separated list.
* The function usage_msg_opt() has been updated to say "fatal:"
before the custom message programs give, when they want to die
with a message about wrong command line options followed by the
standard usage string.
* "git index-pack --stdin" needs an access to an existing repository,
but "git index-pack file.pack" to generate an .idx file that
corresponds to a packfile does not.
* Fix for NDEBUG builds.
* A lazy "git push" without refspec did not internally use a fully
specified refspec to perform 'current', 'simple', or 'upstream'
push, causing unnecessary "ambiguous ref" errors.
* "git p4" misbehaved when swapping a directory and a symbolic link.
* Even though an fix was attempted in Git 2.9.3 days, but running
"git difftool --dir-diff" from a subdirectory never worked. This
has been fixed.
* "git p4" that tracks multile p4 paths imported a single changelist
that touches files in these multiple paths as one commit, followed
by many empty commits. This has been fixed.
* A potential but unlikely buffer overflow in Windows port has been
fixed.
* When the http server gives an incomplete response to a smart-http
rpc call, it could lead to client waiting for a full response that
will never come. Teach the client side to notice this condition
and abort the transfer.
* Some platforms no longer understand "latin-1" that is still seen in
the wild in e-mail headers; replace them with "iso-8859-1" that is
more widely known when conversion fails from/to it.
* Update the procedure to generate "tags" for developer support.
* Update the definition of the MacOSX test environment used by
TravisCI.
* A few git-svn updates.
* Compression setting for producing packfiles were spread across
three codepaths, one of which did not honor any configuration.
Unify these so that all of them honor core.compression and
pack.compression variables the same way.
* "git fast-import" sometimes mishandled while rebalancing notes
tree, which has been fixed.
* Recent update to the default abbreviation length that auto-scales
lacked documentation update, which has been corrected.
* Leakage of lockfiles in the config subsystem has been fixed.
* It is natural that "git gc --auto" may not attempt to pack
everything into a single pack, and there is no point in warning
when the user has configured the system to use the pack bitmap,
leading to disabling further "gc".
* "git archive" did not read the standard configuration files, and
failed to notice a file that is marked as binary via the userdiff
driver configuration.
* "git blame --porcelain" misidentified the "previous" <commit, path>
pair (aka "source") when contents came from two or more files.
* "git rebase -i" with a recent update started showing an incorrect
count when squashing more than 10 commits.
* "git <cmd> @{push}" on a detached HEAD used to segfault; it has
been corrected to error out with a message.
* Tighten a test to avoid mistaking an extended ERE regexp engine as
a PRE regexp engine.
* Typing ^C to pager, which usually does not kill it, killed Git and
took the pager down as a collateral damage in certain process-tree
structure. This has been fixed.
---------------------------------------------
0.56 January 30, 2017
Removed all test files using 'scripts/modulemaker' as first step in
diagnosing problem reported in
https://rt.cpan.org/Ticket/Display.html?id=111637. No changes in
functionality.
* Use internal harfbuzz and graphite2
LibreOffice 5.3.0 requires harfbuzz with graphite2 support.
Enabling graphite2 in fonts/harfbuzz breaks graphics/librsvg, so
I cannot enable graphite2 in fonts/harfbuzz.
* Explicitly specify static libraries of harfbuzz and graphite2
with path to fix a linking of libvcllo.so
* Add some comments to patches
Changelog:
Highlights
LibreOffice 5.3 offers a number of interesting new features in
every area: a new cross-platform text layout engine that uses
HarfBuzz for consistent text layout on all platforms, with significant
advantages across languages and alphabets; a revised Help menu,
with new quick links to user guides and community support forums,
for an improved user experience; and better import/export filters
to new and legacy MS Office documents.
Writer now supports Table Styles, for applying formatting to a
table which is preserved when you make edits to it; a new Page Deck
in the sidebar lets the user quickly customise page settings without
having to go through a separate dialog box; and a new Go to Page
Box makes it possible to jump to another page in the document with
just a few keystrokes.
Calc provides a new set of default cell styles, with greater variety
and better names than in previous releases; in fresh installations,
"enable wildcards in formulas" is now the default option, rather
than regular expressions, to improve compatibility with other
spreadsheet software; and a new text entry box lets the user narrow
down the functions he is looking for, and simplifies the search
for the right one.
Impress now opens with a template selector, to get the user off to
a quick start; and a new Slide Properties Deck is now available in
the sidebar while in slide master mode.
libzmf is a library that parses the file format of Zoner Callisto/Draw
documents. Currently it only understands documents created by Zoner
Draw version 4 and 5.
Changelog:
http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html
core-libs/javax.naming
Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:
com.sun.jndi.rmi.object.trustURLCodebase
com.sun.jndi.cosnaming.object.trustURLCodebase
JDK-8158997 (not public)
security-libs/java.security
jarsigner -verbose -verify should print the algorithms used to sign the jar
The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.
Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".
For example:
- Signed by "CN=weak_signer"
Digest algorithm: MD2 (weak)
Signature algorithm: MD2withRSA (weak), 512-bit key (weak)
Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit key
See JDK-8163304
New Features
core-libs/java.io:serialization
Serialization Filter Configuration
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled.
See JDK-8155760
core-libs/java.rmi
RMI Better constraint checking
RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.
RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.
Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.
JDK-8156802 (not public)
security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions
*New certpath constraint: jdkCA*
In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.
Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCA
See JDK-8140422
Changes
tools/javadoc(tool)
New --allow-script-in-comments option for javadoc
The javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments is specified.
With the --allow-script-in-comments option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.
JDK-8138725 (not public)
security-libs/javax.xml.crypto
Increase the minimum key length to 1024 for XML Signatures
The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.
The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.
If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
JDK-8140353 (not public)
docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.
DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
JDK-8139565 (not public)
security-libs
More checks added to DER encoding parsing code
More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed inparsing. Note that signatures generated using JDK default providers are not affected by this change.
JDK-8168714 (not public)
core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance
Class loaders created by the java.net.URLClasslasses from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a Sege can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
JDK-8151934 (not public)
core-libs/java.util.logging
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks
A new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.
This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.
In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.
If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.
See JDK-8153955
Bug Fixes
The following are some of the notable bug fixes included in this release:
client-libs/javax.swing
Trackpad scrolling of text on OS X 10.12 Sierra is very fast
The MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):
"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."
For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead.
See JDK-8166591
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u121 Bug Fixes page.
Known Issues
deploy/packager
javapackager and fx:deploy bundle the whole JDK instead of JRE
There is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime option. For example: -Bruntime=JavaAppletPlugin.plugin sets where the JavaAppletPlugin.plugin for the desired JRE to bundle is located in the current directory.
See JDK-8166835
install/install
Java Installation will fail for non-admin users with UAC off
The Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds<number>.tmp, in the %TEMP% directory.
JDK-8161460 (not public)
