Java9 – new features

  • More Module System, e.g.  self-describing collection of code and data
    • Using jlink, to introduce a new optional phase, link time, which is in-between compile time and run time, during which a set of modules can be assembled and optimized into a custom runtime image
    • The modular JAR file with module-info.class file in its root directory.
    • Using jmod tool, the New JMOD format can be created. (new packaging format similar to JAR)
  • New version schema ($MAJOR.$MINOR.$SECURITY.$PATCH)
  • java shell: jshell
  • Compile for old java version (6 – java6)
    javac -source 6 -target 6 HelloWorld.java
  • More Diagnostic Commands: jcmd (jcmd pid help command)
  • Multi-Release JAR Files: Extends the JAR file format to enable multiple, Java release-specific versions of class files to coexist in a single archive
  • Removes the hprof, jhat from the JDK
  • More Security: DTLS, TLS,  disable X.509 certificate chains with SHA-1-based signatures,  PKCS12 keystores by default, SHA-3 cryptographic hash functions
  • The Garbage-First Garbage Collector (G1 GC) is the default garbage collector in JDK 9.
  • JavaDB, which was a rebranding of Apache Derby, isn’t included in JDK 9.
  • The launchers java-rmi.exe from Windows and java-rmi.cgi from Linux and Solaris have been removed.
  • In JDK 9, the Windows 32–bit client VM is not available. Only a server VM is offered.
  • Java VisualVM isn’t bundled with JDK 9.
  • The AppleScript engine is removed in JDK 9.

Windows Registry Key Changes

The Java 9 installer creates these Windows registry keys when installing the JRE:

  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JRE”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JRE\9”

The Java 8u152 installer creates these Windows registry keys when installing the JRE:

  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_152”
Advertisements

JDK8u111/112 – MD5 is no longer considered secure

Oracle JRE will no longer trust MD5-signed code by default

Beginning with the April 2017 Critical Patch Update, JAR files signed using MD5 (RSA algorithm) will no longer be considered as signed by the Oracle JRE.

Oracle Java SE 8u131 which will be released with the April 2017 Critical Patch Update.

jdk_8u_111_112_warning

Affected applications: Java applets, or Java Web Start applications.

To check your app/jar file:

jarsigner -verify -J-Djava.security.debug=jar mySynopticApp.jar

To remove any existing MD5 signatures first before re-signing using the zip utility as follows:
zip -d mySynopticApp.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'