OpenJDK-1.8.0.72

[Fernando de Oliveira]

This release includes security fixes with respect to 1.8.0.66

​http://openjdk.java.net/projects/jdk8u/releases/8u72.html

July 2015 	8u-dev forests begin collecting 8u72 fixes 	
October 2015 	RampDown 2 	Fork for the stabilization forests
January 2016 	GA

[Fernando de Oliveira]

Oops! Was testing while waiting and this happened.

Back to the book

[Pierre Labastie]

Thanks for pointing this one. I forgot to check.

[Fernando de Oliveira]

Forgot to set high priority, it has security fixes. Please, if I am wrong, set back to normal.

[Pierre Labastie]

Thanks. I do not usually set priority, which is wrong, because all the openjdk releases have some sort of security fixes. Will try to update the book this week-end.

[Fernando de Oliveira]

Thanks, that's good for all who knows this this association.

But because sometimes it is not security related but is high priority, I try to include in the first Description line the info (have not a standard way for the words, but make it Heading. Will do for this one, as example.

Recently a package was incorrectly released, breaking the API (or ABI?), and immediately (after one day?) a new version was released reverting the wrong code. For that one, I tagged high, so anybody having updated it could fix the system.

What I read is that 8u71 has security fixes, but not 8u72, which they told to be improvements.

But as we are going directly to 8u72, this one deserves it.

The query

​http://wiki.linuxfromscratch.org/blfs/query?priority=high&desc=1&order=id

will make it easier for users and maintainers to follow just security (almost all of them) or other important issue.

It is for helping others that I repeat some of what here wrote here.

I think you know most of it, so, sorry to bother you, Pierre.

[Pierre Labastie]

Replying to fo:

Thanks, that's good for all who knows this this association.

[...]

What I read is that 8u71 has security fixes, but not 8u72, which they told to be improvements.

But as we are going directly to 8u72, this one deserves it.

As far as I understand, the process is this: (Open)JDK devs upload bug fixes to the mercurial repository as they come, but CVE's are kept secret until the next release. The releases then come in two pieces: 8u<n> has only the security fixes, and 8u<n+1> adds the bug fixes.

The query

​http://wiki.linuxfromscratch.org/blfs/query?priority=high&desc=1&order=id

will make it easier for users and maintainers to follow just security (almost all of them) or other important issue.

Good to know!

It is for helping others that I repeat some of what here wrote here.

I think you know most of it, so, sorry to bother you, Pierre.

Far from it. I really appreciate your explanation.

[Fernando de Oliveira]

Replying to pierre.labastie:

Replying to fo:

What I read is that 8u71 has security fixes, but not 8u72, which they told to be improvements.

But as we are going directly to 8u72, this one deserves it.

As far as I understand, the process is this: (Open)JDK devs upload bug fixes to the mercurial repository as they come, but CVE's are kept secret until the next release. The releases then come in two pieces: 8u<n> has only the security fixes, and 8u<n+1> adds the bug fixes.

Found it!!!

​https://blogs.oracle.com/java/entry/new_release_jdk_8u71_and

New Release JDK 8u71 and JDK 8u72
By Yolande Poirier-Oracle on Jan 19, 2016

JDK 8u71 and 8u72, two new Java 8 updates are now available. Oracle
strongly recommends that most Java SE users upgrade to the latest Java
8u71 CPU release, which includes important security fixes. Java SE 8u72
is a patch-set update, including all of 8u71 plus additional features.

Sorry if I was not exact, having used improvements instead of additional features.

[Pierre Labastie]

Fixed at r16868