Menu Close

Java 8 Update 101 Released

Java version 8 update 101 has been released by Oracle.  This is the latest version available for users who run Java on their PCs.  Java is a programming language and computing platform.  It is also a software package that runs on more than 850 million personal computers worldwide.  There are lots of applications and websites that will not work properly unless you have Java installed.

 

Enhancements


security-libs/javax.net.ssl


Support SHA224withDSA and SHA256withDSA in the SunJSSE provider

The SHA224withDSA and SHA256withDSA algorithms are now supported in the TLS 1.2 “signature_algorithms” extension in the SunJSSE provider. Note that this extension does not apply to TLS 1.1 and previous versions.

See JDK-8049321

 


core-libs/java.lang.invoke


Internal package sun.invoke.anon has been removed

The internal package sun.invoke.anon has been removed. The functionality it used to provide, namely anonymous class loading with possible constant pool patches, is available via the
Unsafe.defineAnonymousClass() method.
 

See JDK-8081512

 


hotspot/runtime


New property jdk.lang.processReaperUseDefaultStackSize

When a large TLS (Thread local storage) size is set for Threads, the JVM results in a stack overflow exception. The reason for this behavior is that the reaper thread was created with a low stack size of 32768k. When a large TLS size is set, it steals space from the threads stack, which eventually results in a stack overflow. This is a known glibc bug.
 

To overcome this issue, we have introduced a workaround (
jdk.lang.processReaperUseDefaultStackSize
) in which the user can set the reaper threads stack size to a default instead of to 32768. This gives the reaper thread a bigger stack size, so for a large TLS size, such as 32k, the process will not fail.
 


Users can set this flag in one of two ways:
 

1. -Djdk.lang.processReaperUseDefaultStackSize=true
 

2. System.setProperty(“jdk.lang.processReaperUseDefaultStackSize”, “true”)
 

The problem has been observed only when JVM is started from JNI code in which TLS is declared using “__thread”
 

See JDK-8130425



Changes

 

security-libs/javax.net.ssl

Modify requirements on Authority Key Identifier extension field during X509 certificate chain building

The requirement to have the Authority Key Identifier (AKID) and Subject Key Identifier (SKID) fields matching when building X509 certificate chains has been modified for some cases.

See JDK-8072463


hotspot/gc

Providing more granular levels for GC verification

This enhancement provides a way to specify more granular levels for the GC verification enabled using the VerifyBeforeGCVerifyAfterGC, and VerifyDuringGC diagnostic options. It introduces a new diagnostic optionVerifySubSet with which one can specify the subset of the memory system that should be verified.
 


With this new option, one or more sub-systems can be specified in a comma separated string. Valid memory sub- systems are: 

threadsheapsymbol_tablestring_tablecodecache dictionary, classloader_data_graphmetaspace, jni_handlesc-heap, and codecache_oops.


During the GC verification, only the sub-systems specified using VerifySubSet get verified:
 


D:\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC -XX:VerifySubSet="threads,c-heap" -Xlog:gc+verify=debug Test 
[0.095s][debug ][gc,verify] Threads 
[0.099s][debug ][gc,verify] C-heap 
[0.105s][info ][gc,verify] Verifying Before GC (0.095s, 0.105s) 10.751ms 
[0.120s][debug ][gc,verify] Threads 
[0.124s][debug ][gc,verify] C-heap 
[0.130s][info ][gc,verify] Verifying Before GC (0.120s, 0.130s) 9.951ms 
[0.148s][debug ][gc,verify] Threads 
[0.152s][debug ][gc,verify] C-heap 



If any invalid memory sub-systems are specified with VerifySubSet, the Java process exits with the following error message:
 



D:\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC -XX:VerifySubSet="threads,c-heap,hello" -Xlog:gc+verify=debug oom 
Error occurred during initialization of VM 
VerifySubSet: 'hello' memory sub-system is unknown, please correct it 



See JDK-8072725



core-libs/javax.naming

Improved exception handling for bad LDAP referral replies

The JDK was throwing a NullPointerException when a non-compliant REFERRAL status result was sent but no referral values were included. With this change, a NamingException with message value of “Illegal encoding: referral is empty” will be thrown in such circumstances.
 

See JDK-8149450 and JDK-8154304


Bug Fixes

The following are some of the notable bug fixes included in this release:

security-libs/javax.net.ssl

Fix to resolve “Unable to process PreMasterSecret, may be too big” issue

Recent JDK updates introduced an issue for applications that depend on having a delayed provider selection mechanism. The issue was introduced in JDK 8u71, JDK 7u95 and JDK 6u111. The main error seen corresponded to an exception like the following :
 



handling exception: javax.net.ssl.SSLProtocolException: Unable to process PreMasterSecret, may be too big 



See JDK-8149017

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u102 Bug Fixes page.


 

 



If you would like assistance managing and deploying Java for PCs, please contact H Tech Solutions using the URL below.

Creative Commons License
H Tech Solutions Blog by Harris Schneiderman is licensed under a Creative Commons Attribution 4.0 International License.
Permissions beyond the scope of this license may be available at https://htechsolutions.biz/contact-us