Java 7 Update 95
Oracle recommends that the JDK is updated with each Critical Patch Update.In order to determine if a release is the latest, the Security Baseline page canbe used to determine which is the latest version for each release family.
Java 7 Update 95
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u371) be used after the next critical patch update scheduledfor April 18, 2023.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u371) on2023-05-18.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u361) be used after the next critical patch update scheduledfor January 17, 2023.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u361) on2023-02-17.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.
Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u351) be used after the next critical patch update scheduledfor October 18, 2022.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u343) be used after the next critical patch update scheduledfor July 19, 2022.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u343) on2022-08-19.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u341) be used after the next critical patch update scheduledfor July 19, 2022.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u341) on2022-08-19.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
In "compat" and "strict" mode, more validation is performed. As an example, in the URL authority component, the new parsing only accepts brackets around IPv6 literal addresses. Developers are encouraged to use java.net.URI constructors or its factory method to build URLs rather than handcrafting URL strings.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u331) be used after the next critical patch update scheduledfor April 19, 2022.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u331) on2022-05-19.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 7u321) be used after the next critical patch update scheduledfor January 18, 2022.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u321) on2022-02-18.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData and javaReferenceAddress LDAP attributes.
To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed.
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 7u311) be used after the next critical patch update scheduled for October 19, 2021.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u311) on2021-11-19.After either condition is met (new release becoming available or expiration date reached),the JRE will provide additional warnings and reminders to users to update to the newer version.For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores. This includes algorithms and parameters for key protection, certificate protection, and MacData. The detailed explanation and possible values for these properties can be found in the "PKCS12 KeyStore properties" section of the java.security file.
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or overriding it using the java.security.properties system property) and removing "SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 jdkCA & denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.