July ’16 security fixes for Java 8

icedteaOn the heels of Oracle’s July 2016 security updates for Java 8, the icedtea folks have released version 3.1.0 of their build framework so that I could create packages for OpenJDK 8u101_b13 or “Java 8 Update 101 Build 13”  (and the JRE too of course).

Here is the list of security fixes and CVE‘s as taken from the announcement on Andrew Hughes’s blog:

Download locations:

If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.

There is no more need for a separate “rhino” package (implementation of the JavaScript engine used by OpenJDK) because in OpenJDK 8, this functionality is provided natively using the internal “nashorn” library.

Note about usage:

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.

Have fun! Eric

6 thoughts on “July ’16 security fixes for Java 8



  1. Pingback: Links 30/7/2016: Sysadmin Day, Stardew Valley on GNU/Linux | Techrights

  2. Hi Eric,
    The icedtea-web package seems to only provide support up to java version 1.7.0_50. Even with your openjdk8 package, the browser cannot see java 1.8 available.
    Am I missing something?




Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.