7u76 Update Release Notes
Java™ SE Development Kit 7, Update 76 (JDK 7u76)
The full version string for this update release is 1.7.0_76-b13 (where "b" means "build"). The version number is 7u76.
Highlights
This update release contains several enhancements and changes including the following:
IANA Data 2014j
JDK 7u76 contains IANA time zone data version 2014j. For more information, refer toTimezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u76 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 7 | 1.7.0_75 |
| 6 | 1.6.0_91 |
| 5.0 | 1.5.0_81 |
For more information about security baselines, seeDeploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
JRE Expiration Date
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 7u76) will expire with the release of the next critical patch update scheduled for April 14, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u76) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, seeJRE Expiration Date.
JavaFX Release Notes
This JDK release includes JavaFX version 2.2.76.
New Features and Changes
SSLv3 is disabled by default
Starting with JDK 7u75 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See thejava.security.Security propertyjdk.tls.disabledAlgorithms in<JRE_HOME>/lib/security/java.security file.
If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from thejdk.tls.disabledAlgorithms property in thejava.security file or by dynamically setting this Security property to "true" before JSSE is initialized.
It should be noted thatSSLv3 is obsolete and should no longer be used.
Changes to Java Control PanelStarting with 7u75 release, SSLv3 protocol is removed fromJava Control Panel Advanced options.
If the user needs to use SSLv3 for applications, re-enable it manually as follows:
- Enable SSLv3 protocol on JRE level: as described in the previous section.
- Enable SSLv3 protocol on deploy level: edit thedeployment.properties file and add the following:
deployment.security.SSLv3=true
Bug Fixes
This release contains fixes for security vulnerabilities. For more information, seeOracle Java SE Critical Patch Update Advisory.
For a list of bug fixes included in this release, seeJDK 7u76 Bug Fixes page.