JDK 15.0.1 Release Notes
Java™ SE Development Kit 15.0.1 (JDK 15.0.1)
October 20, 2020
The full version string for this update release is 15.0.1+9 (where "+" means "build"). The version number is 15.0.1.
IANA Data 2020a
JDK 15.0.1 contains IANA time zone data version 2020a. For more information, refer toTimezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 15.0.1 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 15 | 15.0.1+9 |
| 11 | 11.0.9+7 |
| 8 | 1.8.0_271-b09 |
| 7 | 1.7.0_281-b06 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, theSecurity Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 15.0.1) be used after the next critical patch update scheduled for January 19, 2021.
New Features
A new system property,jdk.tls.maxHandshakeMessageSize, has been added to set the maximum allowed size for the handshake message in TLS/DTLS handshaking. The default value of the system property is 32768 (32 kilobytes).
A new system property,jdk.tls.maxCertificateChainLength, has been added to set the maximum allowed length of the certificate chain in TLS/DTLS handshaking. The default value of the system property is 10.
Other notes
A new environment property,jdk.jndi.ldap.mechsAllowedToSendCredentials, has been added tocontrol which LDAP authentication mechanisms are allowed to sendcredentials overclear LDAP connections - a connection not securedwith TLS. Anencrypted LDAP connection is a connection openedby usingldaps scheme, or a connection opened by usingldap schemeand then upgraded to TLS with a STARTTLS extended operation.
The value of the property, which is by default not set, is a commaseparated list of the mechanism names that are permitted to authenticateover aclear connection. If a value is not specified for the property, then all mechanismsare allowed. If the specified value is an empty list, then no mechanisms areallowed (except fornone andanonymous). The default value for this property is 'null'( i.e.System.getProperty("jdk.jndi.ldap.mechsAllowedToSendCredentials") returns 'null'). To explicitly permit all mechanisms to authenticate over aclear connection, the propertyvalue can be set to"all". If a connection is downgraded fromencrypted toclear, then only the mechanisms that are explicitly permitted are allowed.
The property can be supplied to the LDAP context environment map, orset globally as a system property. When both are supplied, theenvironment map takes precedence.
Note:none andanonymous authentication mechanisms are exemptedfrom these rules and are always allowed regardless of the property value.
The following root certificates have been added to the cacerts truststore:
+ SSL Corporation + sslrootrsaca DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrootevrsaca DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrooteccca DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=USThe following root certificate has been added to the cacerts truststore:
+ Entrust + entrustrootcag4 DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=USThe deserialization ofjava.lang.reflect.Proxy objects can be limited by setting the system propertyjdk.serialProxyInterfaceLimit.The limit is the maximum number of interfaces allowed per Proxy in the stream.Setting the limit to zero prevents any Proxies from being deserialized including Annotations, a limit of less than 2 might interfere with RMI operations.
Bug Fixes
This release also contains fixes for security vulnerabilities described in theOracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see theJDK 15.0.1 Bug Fixes page.
[8]ページ先頭