JDK 7 Update Release Details & Highlights

This section lists and comments on the highlights of the changes in the selected update release.

This section lists all the changes in the selected update release.

Issue	Priority	Title	Component	Voting
JDK-8250861	2	Crash in MinINode::Ideal(PhaseGVN*, bool) that resulted in the November 2020 respin.	hotspot / compiler	2
JDK-8236862 / CVE-2020-14779	2	Enhance support of Proxy class	Serialization	0
JDK-8237995 / CVE-2020-14782	2	Enhance certificate processing	Libraries	0
JDK-8237990 / CVE-2020-14781	2	Enhanced LDAP contexts	JNDI	0
JDK-8241114 / CVE-2020-14792	2	Better range handling	Hotspot	0
JDK-8242695 / CVE-2020-14798	2	Enhanced Buffer Support	Libraries	0
JDK-8242685 / CVE-2020-14797	2	Better Path Validation	Libraries	0
JDK-8242680 / CVE-2020-14796	2	Improved URI support	Libraries	0
JDK-8244136	2	Improved Buffer supports		0

This section organizes the changes in the selected update release by the main component under which each issue is filed.

Issue	Priority	Title	Component	Voting
JDK-8250861	2	Crash in MinINode::Ideal(PhaseGVN*, bool) that resulted in the November 2020 respin.	hotspot / compiler	2

Issue	Priority	Title
JDK-8236862	2	Enhance support of Proxy class
JDK-8237995	2	Enhance certificate processing
JDK-8237990	2	Enhanced LDAP contexts
JDK-8241114	2	Better range handling
JDK-8242695	2	Enhanced Buffer Support
JDK-8242685	2	Better Path Validation
JDK-8242680	2	Improved URI support
JDK-8244136	2	Improved Buffer supports

This section summarizes JDK Common Vulnerabilities and Exposure (CVE) fixes in the selected update release.

CVE	Component	Protocol	CVSS Version 3.0 Risk (see Risk Matrix Definitions) Base Score	Attack Vector	Attack Complex	Privs Req'd	User Interact	Scope	Confidentiality	Integrity	Availability	Notes
CVE-2020-14792 / JDK-8241114	Hotspot	Multiple	4.2	Network	High	None	Required	Unchanged	Low	Low	None	Note 2 *
CVE-2020-14797 / JDK-8242685	Libraries	Multiple	3.7	Network	High	None	None	Unchanged	None	Low	None	Note 2 *
CVE-2020-14782 / JDK-8237995	Libraries	Multiple	3.7	Network	High	None	None	Unchanged	None	Low	None	Note 2 *
CVE-2020-14781 / JDK-8237990	JNDI	Multiple	3.7	Network	High	None	None	Unchanged	Low	None	None	Note 2 *
CVE-2020-14779 / JDK-8236862	Serialization	Multiple	3.7	Network	High	None	None	Unchanged	None	None	Low	Note 2 *
CVE-2020-14798 / JDK-8242695	Libraries	Multiple	3.1	Network	High	None	Required	Unchanged	None	Low	None	Note 1 *
CVE-2020-14796 / JDK-8242680	Libraries	Multiple	3.1	Network	High	None	Required	Unchanged	Low	None	None	Note 1 *

ID	Notes
1	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2	This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

ID: 1

Notes: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
ID: 2

Notes: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.