Menu Close

Java Version 8 Update 31 Released

​Java version 8 update 31 has been released by Oracle.  This is the latest version available for users who run Java on their PCs.  Java is a programming language and computing platform.  It is also a software package that runs on more than 850 million personal computers worldwide.  There are lots of applications and websites that will not work properly unless you have Java installed.

 

New Features and Changes


SSLv3 is disabled by default

Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security property jdk.tls.disabledAlgorithms in <JRE_HOME>/lib/security/java.security file.

If SSLv3 is absolutely required, the protocol can be reactivated by removing “SSLv3” from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to “true” before JSSE is initialized.

It should be noted that SSLv3 is obsolete and should no longer be used.

 

Changes to Java Control Panel

Starting with JDK 8u31 release, SSLv3 protocol is removed from Java Control Panel Advanced options.

If the user needs to use SSLv3 for applications, re-enable it manually as follows:

  • Enable SSLv3 protocol on JRE level: as described in the previous section.
  • Enable SSLv3 protocol on deploy level: edit the deployment.properties file and add the following:

    deployment.security.SSLv3=true

 

Bug Fixes

This release contains fixes for security vulnerabilities.  This Critical Patch Update contains 19 new security fixes for Oracle Java SE.  14 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.