They will be patched only if the end user has them installed on the system.
Tomcat versions 8.x and later don't appear to be affected.
Demo packages remain in the existing Solaris patches; however, just because they are there doesn't mean they are installed.
Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". By default, this property will not have a value, and JDK providers will use their own default values.
Entries containing an unrecognized algorithm name will be ignored.
The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.
Refactor existing providers to refer to the same constants for default values for key length Two important changes have been made for this issue: 1.The download and install steps are no longer necessary.To enable unlimited cryptography, one can use the new Security property.For more information, refer to Timezone Data Versions in the JRE Software.The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u161 are specified in the following table: The JRE expires whenever a new release with security vulnerability fixes becomes available.See the following links to release notes including bug fixes, installation information, required licenses, supported configurations, and documentation links contained in this page.