Oracle to Announce Java SE 11 & Java Development Kit 11

As reported, support for Java 8 will end in December 2020, and Java 10 won't receive any updates
27 September 2018   777

Oracle developers announced the release of the Java 11 standard and its implementation of the JDK (Java Development Kit) with a long support period up to 2026. It is fully compatible with previous versions. Support for Java 8 will end in December 2020, and Java 10 won't receive any updates.

New in Java SE 11

  • Nest-Based Access Control system implemented
  • The .class format is complemented by the support for the CONSTANT_Dynamic forms, which are loaded by the creation of constants to the bootstrap method.
  • Added support for the latest version of the transport layer security protocol - TLS 1.3. It accelerates the loading of mobile web pages, and also filters out old, vulnerable cryptographic primitives, replacing them with more complex encryption algorithms.
  • Standardized support for the HTTP Client API, introduced in the Java 9 incubator.
  • Epsilon garbage collector is launched in a test mode.
  • The Java EE and CORBA modules are removed from the JDK and the Java SE platform, and the Nashorn engine and the Pack200 tools are declared obsolete.
  • The JavaFX module is excluded from the kernel and is shipped separately.
  • Existing APIs are updated to support the Unicode 10 format.
  • Added tools for streaming low-level data on errors and problems.
  • Added the ability to run single-file programs that contain the source code.

More information about the changes can be found on the Release Notes page of JDK 11.

The previous, intermediate version of the standard and JDK 10 came out in March 2018. A set of development tools has received three new variants of Java virtual machines, the sharing of application classes and the support of the experimental Just-in-Time compiler on Linux / x64.

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   55

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.