Java.com

Download Help

Printable Version

Java 8 Release Highlights


This article applies to:
  • Java version(s): 8.0

This page highlights changes impacting end users for each Java release. More information about changes can be found in the release notes for each release.
» Java release dates


Java 8 Update 51 (8u51)

Release Highlights
  • IANA Data 2015d
    JDK 8u51 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Add new Comodo roots to root CAs
    Four new root certificates have been added for Commodo:
    1. COMODO ECC Certification Authority
      alias: comodoeccca
      DN: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    2. COMODO RSA Certification Authority
      alias: comodorsaca
      DN: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    3. USERTrust ECC Certification Authority
      alias: usertrusteccca
      DN: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    4. USERTrust RSA Certification Authority
      alias: usertrustrsaca
      DN: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
    See JDK-8077997 (not public).
  • Bug Fix: Add new GlobalSign roots to root CAs
    Two root certificates have been added for GlobalSign:
    1. GlobalSign ECC Root CA - R4
      alias: globalsigneccrootcar4
      DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
    2. GlobalSign ECC Root CA - R5
      alias: globalsigneccrootcar5
      DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
    See JDK-8077995 (not public).
  • Bug Fix: Add Actalis to root CAs
    Added one new root certificate:
    Actalis Authentication Root CA
    alias: actalisauthenticationrootca
    DN: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT

    See JDK-8077903 (not public).
  • Bug Fix: Add new Entrust ECC root
    Added one new root certificate:
    Entrust Root Certification Authority - EC1
    alias: entrustrootcaec1
    DN: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

    See JDK-8073286 (not public).
  • Bug Fix: Remove old Valicert Class 1 and 2 Policy roots
    Removed two root certificates with 1024-bit keys:
    1. ValiCert Class 1 Policy Validation Authority
      alias: secomvalicertclass1ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    2. ValiCert Class 2 Policy Validation Authority
      alias: valicertclass2ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
    See JDK-8077886 (not public).
  • Bug Fix: Remove old Thawte roots
    Removed two root certificates with 1024-bit keys:
    1. Thawte Server CA
      alias: thawteserverca
      DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    2. Thawte Personal Freemail CA
      alias: thawtepersonalfreemailca
      DN: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
    See JDK-8074423 (not public).
  • Bug Fix: Remove more old Verisign, Equifax, and Thawte roots
    Removed five root certificates with 1024-bit keys:
    1. Verisign Class 3 Public Primary Certification Authority - G2
      alias: verisignclass3g2ca
      DN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
    2. Thawte Premium Server CA
      alias: thawtepremiumserverca
      DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    3. Equifax Secure Certificate Authority
      alias: equifaxsecureca
      DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
    4. Equifax Secure eBusiness CA-1
      alias: equifaxsecureebusinessca1
      DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
    5. Equifax Secure Global eBusiness CA-1,
      alias: equifaxsecureglobalebusinessca1
      DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
    See JDK-8076202 (not public).
  • Bug Fix: Remove TrustCenter CA roots from cacerts
    Removed three root certificates:
    1. TC TrustCenter Universal CA I
      alias: trustcenteruniversalcai
      DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
    2. TC TrustCenter Class 2 CA II
      alias: trustcenterclass2caii
      DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
    3. TC TrustCenter Class 4 CA II
      alias: trustcenterclass4caii
      DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
    See JDK-8072958 (not public).
  • Bug Fix: Deprecate RC4 in SunJSSE provider
    RC4 is now considered as a weak cipher. Servers should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list. See JDK-8074006 (not public).
  • Bug Fix: Prohibit RC4 cipher suites
    RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public).
  • Bug Fix: Improved certification checking
    With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK. If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks. See JDK-8067695 (not public).
Java Expiration Date

The expiration date for 8u51 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u51 Bug Fixes page.

» 8u51 Release notes


Java 8 Update 45 (8u45)

Release Highlights
  • IANA Data 2015a
    JDK 8u45 contains IANA time zone data version 2015a. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Improve jar file handling. Starting with JDK 8u45 release, the jar tool no longer allows the leading slash "/" and ".." (dot-dot) path component in zip entry file name when creating new and/or extracting from zip and jar file. If needed, the new command line option "-P" should be used explicitly to preserve the dot-dot and/or absolute path component. See 8064601 (not public).
  • Bug Fix: jnlp app with nested "resource" section fails with NPE on load in jre8u40. A jnlp application, with nested tags within a or tag, can throw a NPE. The issue is now fixed. The tag should be used only if the is actually used. See 8072631 (not public).
Java Expiration Date

The expiration date for 8u45 is July 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u45) on August 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u45 Bug Fixes page.

» 8u45 Release notes


Java 8 Update 40 (8u40)

Release Highlights
  • IANA Data 2014j
    JDK 8u40 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Default and static interface methods in JDI, JDWP and JDB. Since JDK 8 it is possible to have directly executable static and default methods in interfaces. These methods are not executable via JDWP or JDI and therefore can not be properly debugged. See JDK 8 Compatibility Guide for more details. See 8042123.
  • Bug Fix: Java Access Bridge can be enabled from Control panel for 32 bit jres. Previously the "Enable Java Access Bridge" check box got removed from the Java Control Panel with 64 bit jre uninstall even when 32 bit JRE was still present on the system. Starting with JDK 8u40 release, the "Enable Java Access Bridge" checkbox is retained, at Control Panel -> Ease of Access -> Ease of Access Center -> Use the computer without a display, if a 32 bit jre is present. So, a user can enable Java Access bridge via control panel for See 8030124.
  • Bug Fix: Modernizing the JavaFX Media Stack on Mac OS X. An AVFoundation based player platform is added to JavaFX media. The old QTKit based platform is now removable for Mac App Store compatibility. See 8043697 (not public)
  • Bug Fix: Missing DOM APIs. In JDK 8u40 release, the old plugin DOM APIs were inadvertently removed. If an applet requires the use of com.sun.java.browser.dom.DOMService to communicate with the browser, then users may need to update their applet to use netscape.javascript.JSObject or continue using JDK 8 Update 31. This issue has been resolved in build 26 and new 8u40 installers have been posted. If you are experiencing this problem please download and run the updated JDK 8u40 installers. See 8074564.
  • Bug Fix: Mac 10.10: Application run with splash screen has focus issues. Applications started through webstart or standalone applications, which use splash screen, cannot get keyboard focus. Workaround: Launch javaws using the -Xnosplash option. This issue has been resolved in build 27 and a new 8u40 installer has been posted. If you are experiencing this problem, download and run the updated JDK 8u40 installer. See 8074668.
  • Java Packager Tool Enhancements
    JDK 8u40 release contains the following enhancements to the Java Packager:
  • Deprecated APIs
    The endorsed-standards override mechanism and the extension mechanism are deprecated and may be removed in a future release. There are no runtime changes. Existing applications using the 'endorsed-standards override' or 'extension' mechanisms are recommended to migrate away from using these mechanisms. To help identify any existing uses of these mechanisms, the -XX:+CheckEndorsedAndExtDirs command-line option is available. It will fail if any of the following conditions is true:
    • -Djava.endorsed.dirs or -Djava.ext.dirs system property is set to alter the default location; or
    • ${java.home}/lib/endorsed directory exists; or
    • ${java.home}/lib/ext contains any JAR files excluding the ones that JDK ships or
    • any platform-specific system-wide extension directory contains any JAR files.
    The -XX:+CheckEndorsedAndExtDirs command-line option is supported in JDK 8u40 and later releases.
  • JJS Tool Page Differences
    The Japanese version of the jjs help page is different from the English version. Some of the unsupported options have been removed from the English version of the jjs tool page. The Japanese version of document will be updated in future. See 8062100 (not public). For other jjs tool page changes, see Tools Enhancements in JDK 8.
  • Change in default values for G1HeapWastePercent and G1MixedGCLiveThresholdPercent
    The default value for G1HeapWastePercent was changed from 10 to 5 to reduce the need for full GCs. For the same reason the default value for G1MixedGCLiveThresholdPercent was changed from 65 to 85.
  • New Java class-access Filtering Interface
    The jdk.nashorn.api.scripting.ClassFilter interface enables you to restrict access to specified Java classes from scripts run by a Nashorn script engine. See Restricting Script Access to Specified Java Classes in the Nashorn User's Guide and 8043717 (not public) for more information.
  • Issues with Third party's JCE providers
    The fix for JDK-8023069 (in JDK 8u20) updated both the SunJSSE and and SunJCE providers, including some internal interfaces. Some third party JCE providers (such as RSA JSAFE) are using some sun.* internal interfaces, and therefore will not work with the updated SunJSSE provider. Such providers will need to be updated in order for them to work with the updated SunJSSE provider. If you have been impacted by this issue, please contact your JCE vendor for an update. See 8058731.
  • Re-enabled encryptions in Solaris Crypto Framework
    If you are using Solaris 10, a change was made to re-enable operations with MD5, SHA1, and SHA2 through the Solaris Crypto Framework. If you experience a CloneNotSupportedException or PKCS11 error CKR_SAVED_STATE_INVALID message with JDK 8u40, you should verify and apply the below patches or newer version of them:
    • 150531-02 on sparc
    • 150636-01 on x86
  • Troubleshooting Guide Updates for NMT
    The Native Memory Tracking (NMT) is a Java Hotspot VM feature that tracks internal memory usage for a HotSpot JVM. Native Memory Tracking can be used to monitor VM internal memory allocations and diagnose VM memory leaks. VM enhancements page is updated with NMT features. See Java Virtual Machine Enhancements in Java SE 8. Troubleshooting Guide is updated with NMT features. See Native Memory Tracking.
  • Multiple JRE Launcher feature deprecated
    The Launch-Time JRE Version Selection or the Multiple JRE Launcher feature is deprecated in JDK 8u40. Applications that require specific Java versions deployed using this feature must switch to alternate deployment solutions such as Java WebStart.
  • JavaFX Enhancements
    Starting with JDK 8u40 release, JavaFX controls are enhanced to support assistive technologies, meaning that JavaFX controls are now accessible. In addition, a public API is provided to allow developers to write their own accessible controls. Accessibility support is provided on Windows and Mac OS X platforms and includes:
    • Support for reading JavaFX controls by a screen reader
    • JavaFX controls are traversable using the keyboard
    • Support for a special high-contrast mode that makes controls more visible to users.
    See 8043344 (not public).

    JDK 8u40 release includes new JavaFX UI controls; a spinner control, formatted-text support, and a standard set of alert dialogs. See 8043350 (not public).
Commercial Features
  • Application Class Data Sharing (AppCDS)
    Application Class Data Sharing (AppCDS) extends CDS to enable you to place classes from the standard extensions directories and the application class path in the shared archive. This is a commercial feature and is no longer considered experimental (contrary to what is specified in the java tool documentation). See the -XX:+UseAppCDS option in the java launcher tool page.
  • Cooperative Memory Management
    Starting with JDK 8u40, the notion of "memory pressure" has been added to the JDK. Memory pressure is a property that represents the total memory usage (RAM) on the system. The higher the memory pressure, the closer the system is to running out of memory. As a reaction to increased memory pressure, the JDK will try to reduce its memory usage. This is mainly done by reducing the Java heap size. The actions the JDK will take to reduce memory usage may lead to reduced performance. This is an intentional choice. The pressure level is provided by the application through a JMX MXBean using a scale from 0 (no pressure) to 10 (almost out of memory). To enable this feature, the jdk.management.cmm.SystemResourcePressureMXBean should be registered. The memory pressure is then set using the "MemoryPressure" attribute.
    A new command line flag -XX:MemoryRestriction that takes one of the arguments 'none', 'low', 'medium', or 'high', is also available. This flag will set the initial pressure in the JDK and will work also in cases where the MXBean is not registered. Cooperative Memory Management requires the G1 GC (-XX:+UseG1GC). This feature is not compatible with the flag -XX:+ExplicitGCInvokesConcurrent.
  • New commercial flags
    Two new VM options are now available for commercial license holders:
    • -XX:+ResourceManagement
    • -XX:ResourceManagementSampleInterval=value (milliseconds)
    For more information, see Java Launcher documentation.
  • New MSI Installer Documentation:
    The Microsoft Windows Installer (MSI) Enterprise JRE Installer Guide is available. The MSI Enterprise JRE Installer requires a commercial license for use in production. Learn more about commercial features and how to enable them.
Java Expiration Date

The expiration date for 8u40 is April 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u40) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

For a list of bug fixes included in this release, see JDK 8u40 Bug Fixes page.

» 8u40 Release notes


Java 8 Update 31 (8u31)

Release Highlights
  • IANA Data 2014j
    JDK 8u31 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
  • SSLv3 is disabled by default
    Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not normally available. Please see the jdk.tls.disabledAlgorithms property in \lib\security\java.security file. If SSLv3 is absolutely required, the protocol can be reactivated by removing 'SSLv3' from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this security property before JSSE is initialized.
  • Changes to Java Control Panel
    Starting with JDK 8u31 release, SSLv3 protocol is removed from Java Control Panel Advanced options. If the user needs to use SSLv3 for applications, re-enable it manually as follows:
    • Enable SSLv3 protocol on JRE level: as described in the previous section.
    • Enable SSLv3 protocol on deploy level: edit the deployment.properties file and add the following:

      deployment.security.SSLv3=true
Java Expiration Date

The expiration date for 8u31 is April 14, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u31) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u31 Bug Fixes page.

» 8u31 Release notes


Java 8 Update 25 (8u25)

Release Highlights
  • IANA Data 2014c
    JDK 8u25 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
  • Bug Fix: Decrease the preference mode of RC4 in the enabled cipher suite list
    This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider. See 8043200 (not public).
  • Bug Fix: JRE 8u20 crashes while using Japanese IM on Windows
    The VM crashes while using Swing controls when some Japanese or Chinese characters are input on Windows platform. The issue is now fixed. See 8058858 (not public).
Instructions to disable SSL v3.0 in Oracle JDK and JRE

Oracle recommends that users and developers disable use of the SSLv3 protocol.
» How can Java users confirm they are not affected by the SSL V3.0 'Poodle' vulnerability?

Java Expiration Date

The expiration date for 8u25 is January 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u25) on February 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u25 Bug Fixes page.

» 8u25 Release notes


Java 8 Update 20 (8u20)

Release Highlights
  • New flags added to Java Management API
    The flags MinHeapFreeRatio and MaxHeapFreeRatio have been made manageable. This means they can be changed at runtime using the management API in Java. Support for these flags have also been added to the ParallelGC as part of the adaptive size policy.
  • Java Installer Changes
    • A new Microsoft Windows Installer (MSI) Enterprise JRE Installer which enables user to install the JRE across the enterprise, is available. See Downloading the Installer section in JRE Installation for Microsoft Windows for more information. The MSI Enterprise JRE Installer is only available as part of Java SE Advanced or Java SE Suite. For information about these commercial products, see Java SE Advanced and Java SE Suite.
    • The Java Uninstall Tool is integrated with the installer to provide an option to remove older versions of Java from the system. The change is applicable to 32 bit and 64 bit Windows platforms. See Uninstalling the JRE.
  • Java Control Panel Changes
    • The Update tab in the Java Control Panel now enables the users to automatically update 64-bit JREs (in addition to 32-bit versions) that are installed on their system.
    • The Medium security level has been removed. Now only High and Very High levels are available. Applets that do not conform with the latest security practices can still be authorized to run by including the sites that host them to the Exception Site List. The exception site list provides users with the option of allowing the same applets that would have been allowed by selecting the Medium option but on a site-by-site basis therefore minimizing the risk of the using more permissive settings.
  • Java Compiler updated
    The javac compiler has been updated to implement definite assignment analysis for blank final field access using "this". See JDK 8 Compatibility Guide for more details.
  • Change in minimum required Java Version for Java Plugin and Java Webstart
    The minimum version of Java required for Java Plugin and Java Webstart is now Java 5. Applets that do not run in Java 5 or later must be ported to a later version of Java to continue to function. Applets written for earlier versions but able to run in at least Java 5 will continue to work.
  • Change in UsageTracker output formatting
    UsageTracker output formatting has been changed to use quoting, to avoid confusion in the log. This may require changes to the way such information is read. The feature can be configured to behave as in previous versions, although the new format is recommended. See Java Usage Tracker documentation.
  • Changes to Java Packaging Tools
    • javafxpackager has been renamed to javapackager
    • The "-B" option has been added to the javapackager deploy command to enable you to pass arguments to the bundlers that are used to create self-contained applications. See javapackager (Windows)/(Unix) documentation for information
    • The helper parameter argument has been added to JavaFX Ant Task Reference. It enables you to specify an argument (in the element) for the bundler that is used to create self-contained applications.
Java Expiration Date

The expiration date for 8u20 is October 14, 2014. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u20) on November 14, 2014. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.

Bug Fixes

For a list of bug fixes included in this release, see JDK 8u20 Bug Fixes page.

» 8u20 Release notes


Java 8 Update 11 (8u11)

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u11 Bug Fixes page.

» 8u11 Release notes


Java 8 Update 5 (8u5)

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 8u5 Bug Fixes page.

» 8u5 Release notes


Java 8 Release

» JDK and JRE 8 Release notes


You might also be interested in:





Find expert help on Java installation and setup

Select Language | About Java | Support | Developers
Privacy | Terms of Use | Trademarks | Disclaimer

Oracle