(registered 2023-04-27, last updated 2023-04-27) Media type name: application Media subtype name: java-archive Required parameters: N/A Optional parameters: N/A Encoding considerations: binary Security considerations: A java-archive (JAR file) contains executable content and other data as text and binary resources. A Java Runtime Environment may execute code from JAR files without security restrictions and may lead to resource exhaustion and/or unexpected behavior. Due to these risks, it may be necessary to validate the contents of the JAR file before loading it, and/or apply any necessary security mechanisms to the Java Runtime Environment. It may be necessary to determine the trust level of the JAR file, which could involve validating the source or origin of the JAR file, using secure transport mechanisms, or other steps. The contents of JAR files can optionally be signed (which may include a signature timestamp). Users can verify the signature of the JAR file to identify the signing entities and to determine the trust level. The JAR file format is based on the ZIP file format; therefore, any security considerations for the ZIP file format, such as attacks related to decompression or extraction, may also be relevant when handling JAR files. Interoperability considerations: The contents of JAR files may be intended to be cross platform but may contain elements that are specific to an operating system, machine architecture, or Java Runtime Environment. The format and structure of the JAR file is cross platform, the same as ZIP, regardless of the contents. It is recommended that applications which use a media type/media subtype other than "application/java-archive", including "application/jar", "application/jar-archive", "application/x-java-archive" should be updated to use "application/java-archive". Published specification: JSR 394: JavaTM SE 19 (https://jcp.org/en/jsr/detail?id=394) Final Release contains the current JAR file specification published by the Java Community Process (JCP https://jcp.org/) as developed by OpenJDK Project JDK (https://openjdk.org/projects/jdk/.) JAR Files have been in use since JDK 1.0 in 1995. Applications which use this media: Java Runtime Environment and related utilities Fragment identifier considerations: N/A Restrictions on usage: N/A Additional information: 1. Deprecated alias names for this type: "application/jar", "application/jar-archive", "application/x-java-archive" 2. Magic number(s): PK\x03\x04 3. File extension(s): .jar 4. Macintosh file type code: N/A 5. Object Identifiers: N/A General Comments: The JAR file format is based on ZIP: [ZIP] PKWARE, Inc., "APPNOTE.TXT - .ZIP File Format Specification", PKWARE .ZIP File Format Specification - Version 6.3.2, September 2007 Person to contact for further information: 1. Name: Iris Clark, Java SE Platform JSR spec lead 2. Email: pmo&jcp.org Intended usage: COMMON Author/Change controller: Java Community Process (JCP) (pmo&jcp.org)