Java JRE 8 Update 341 (64-bit)

What's new in this version:

New Features:
Core-libs/java.net:
HTTPS Channel Binding Support for Java GSS/Kerberos:
- Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
- Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.

The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully as below:
- Jdk.https.negotiate.cbt (default: "never")
- This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos or the Negotiate authentication scheme using Kerberos are employed over HTTPS with HttpsURLConnection. There are three possible settings:
- "never". This is also the default value if the property is not set. In this case, CBTs are never sent.
- "always". CBTs are sent for all Kerberos authentication attempts over HTTPS.
- "domain:" Each domain in the list specifies destination host or hosts for which a CBT is sent. Domains can be single hosts like foo, or foo.com, or literal IP addresses as specified in RFC 2732, or wildcards like *.foo.com which matches all hosts under foo.com and its sub-domains. CBTs are not sent to any destinations that don't match one of the list entries
- The channel binding tokens generated are of the type "tls-server-end-point" as defined in RFC 5929

Security-libs/javax.net.ssl:
Enable TLSv1.3 by Default on JDK 8u for Client Roles:
- The TLSv1.3 implementation is available in JDK 8u from 8u261 and enabled by default for server roles but disabled by default for client roles. From this release onwards, TLSv1.3 is now also enabled by default for client roles. You can find more details in the Additional Information section of the Oracle JRE and JDK Cryptographic Roadmap.

Other Notes:
JDK Bundle Extensions Truncated When Downloading Using Firefox 102:
- On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like ".exe", ".rpm", ".deb". If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
- Manually add a file extension to the file name after download.
- Use a different browser

Core-libs/java.io:serialization:
Vector Should Throw ClassNotFoundException for a Missing Class of an Element:
- Java.util.Vector is updated to correctly report ClassNotFoundException that occurs during deserialization using java.io.ObjectInputStream.GetField.get(name, object) when the class of an element of the Vector is not found. Without this fix, a StreamCorruptedException is thrown that does not provide information about the missing class.

Core-libs/java.util.jar:
Default JDK Compressor Will Be Closed when IOException Is Encountered:
- DeflaterOutputStream.close() and GZIPOutputStream.finish() methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry() method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.