JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) fixes a major regression in JDK versions 17.0.8 and 11.0.20. The patch is already available, the summary of the issue is provided below.
Description
The issue emerged in relation to the patch JDK-8302483: Improved ZIP64 Extra Field Validation, which provides additional validation of ZIP64 extra fields when opening a ZIP file. As a result, a ZipException: Invalid CEN header (invalid zip64 extra data field size) is thrown when opening APK, ZIP, or JAR files with several third-party tools in the following situations:
- Apache Commons-compress and some Ant releases create CEN Zip64 extra headers with a size of 0 when Zip64 mode is required;
- The BMD tool (the maven-bundle-plugin before 5.1.5) added problematic data to the extra field.
- Other third-party tools may add padding bytes to the extra field.
Possible workaround
Additional validation can be turned off completely by setting the jdk.util.zip.disableZip64ExtraFieldValidation property. The most optimal solution though is to keep the security feature turned on and install the update.
Download Liberica JDK builds with the fix now
We recommend updating your runtime to avoid functional regression caused by the bug described above. Click on the button below to head to the Liberica JDK Download Center and download fresh builds of Liberica JDK 11 and 17 with the patch
