For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u131) on May 18, 2017. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u141) on August 18, 2017. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u151) on November 17, 2017.

  • The full version string for this update release is 1.7.0_231-b08 (where «b» means «build»).
  • This release ships with both the limited and unlimited jurisdiction policy files, with unlimited being the default.
  • A new security property named jceks.key.serialFilter has been introduced.
  • This can cause problems if SHA224 and SunMSCAPI private keys are used at the same time.
  • These applications should be rebuilt and shipped with modern C++ runtime dependencies that use a later instance of Visual Studio.
  • The full version string for this update release is 1.7.0_221-b08 (where «b» means «build»).
  • For a more complete list of the bug fixes included in this release, see the JDK 7u171 Bug Fixes page.

In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the property is undefined and the legacy JCE jurisdiction files don’t exist in the legacy lib/security directory, then the default cryptographic level will remain at ‘limited’. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of ‘unlimited’. See the notes in the java.security file shipping with this release for more information. The following sections summarize changes made in all Java SE 7u161 BPR releases.

Product / File Description

This change extends the previous MD5-based certificate restriction («jdk.certpath.disabledAlgorithms») to also include handshake messages in TLS version 1.2. If required, this algorithm can be reactivated by removing «MD5withRSA» from the «jdk.tls.disabledAlgorithms» security property. The list of disabled algorithms is controlled via java 7 certifications the security property, jdk.jar.disabledAlgorithms, in the java.security file. DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the «DES» identifier to the jdk.tls.disabledAlgorithms security property.

  • The JRE expires whenever a new release with security vulnerability fixes becomes available.
  • If the system property is set, it supersedes the XMLCryptoContext property value.
  • JDK 7u381 contains IANA time zone data 2022g which contains the following changes since the previous update.
  • The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.
  • Runtime.exec and ProcessBuilder have been updated in this release to tighten the constraints on the quoting of arguments to processes created by these APIs.

For a more complete list of the bug fixes included in this release, see the JDK 7u121 Bug Fixes page. In some environments certain authentication schemes may be undesirable when proxying HTTPS. Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 7u131 Bug Fixes page.

Java Downloads

To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed. In JDK 12, two new token options for the java.security.manager system property, «allow» and «disallow», were introduced. Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.

A new -tsadigestalg option is added to jarsigner to specify the message digest algorithm that is used to generate the message imprint to be sent to the TSA server. If this new option is not specified, SHA-256 will be used on JDK 7 Updates and later JDK family versions. On JDK 6 Updates, SHA-1 will remain the default but a warning will be printed to the standard output stream.

Java™ SE Development Kit 7, Update 291 (JDK 7u

The following sections summarize changes made in all Java SE 7u141 BPR releases. The following sections summarize changes made in all Java SE 7u151 BPR releases. This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property.

  • The full version string for this update release is 1.7.0_181-b09 (where «b» means «build»).
  • Following the JDK’s update to tzdata2020b, the long-obsolete files named pacificnew and systemv have been removed.
  • The full version string for this update release is 1.7.0_99-b04 (where «b» means «build»).
  • This JRE (version 7u261) will expire with the release of the next critical patch update scheduled for July 14, 2020.
  • If the property is set to the empty String or «true» (case-insensitive), trust anchor certificates can be used if they do not have proper CA extensions.

The jdk.tls.client.protocols system property is now available with the release of JDK 7u95. This property was originally introduced in JDK 8 and behaves in the same way. All our BPR releases are configured with Java Auto Update disabled as default unless otherwise mentioned.