[JAVA] [Memo] Oracle JRE will no longer trust MD5-signed code by default (2017/4/18 or later)

I found it, so I'm sorry.

Quoted from Java SE Downloads

Important planned change for MD5-signed JARs Starting with the April Critical Patch Update releases, planned for April 18 2017, all JRE versions will treat JARs signed with MD5 as unsigned.

Translation: Important plans for MD5-signed JARs Starting with the critical update patch in April (planned April 18, 2017), all JRE versions will treat MD5-signed JARs as unsigned.


More Articles: Oracle JRE will no longer trust MD5-signed code by default

This change affecting MD5-signed JARS will be enabled by default no sooner than with Oracle Java SE 8u131 which will be released with the April 2017 Critical Patch Update, as well as in the corresponding releases of Oracle Java SE 7, Oracle Java SE 6 and Oracle JRockit R28, which will be available to qualified customers through My Oracle Support.

The target version is 8u131 or later at the earliest. Updates for Java SE 7, Java SE 6, etc. will be provided at the same time (depending on the content of the support contract).

Recommended Posts

[Memo] Oracle JRE will no longer trust MD5-signed code by default (2017/4/18 or later)
Ruby 2.7.2 has been released and deprecated warnings will no longer be issued by default