(registered 2023-04-27, last updated 2023-04-27)

Media type name: application

Media subtype name: java-archive

Required parameters: N/A

Optional parameters: N/A

Encoding considerations: binary

Security considerations: A java-archive (JAR file) contains 
   executable content and other data as text and binary resources.
   A Java Runtime Environment may execute code from JAR files without 
   security restrictions and may lead to resource exhaustion and/or 
   unexpected behavior.

   Due to these risks, it may be necessary to validate the contents 
   of the JAR file before loading it, and/or apply any necessary 
   security mechanisms to the Java Runtime Environment.

   It may be necessary to determine the trust level of the JAR file, 
   which could involve validating the source or origin of the JAR 
   file, using secure transport mechanisms, or other steps.

   The contents of JAR files can optionally be signed (which may 
   include a signature timestamp). Users can verify the signature of 
   the JAR file to identify the signing entities and to determine the 
   trust level.

   The JAR file format is based on the ZIP file format; therefore, 
   any security considerations for the ZIP file format, such as 
   attacks related to decompression or extraction, may also be 
   relevant when handling JAR files.

Interoperability considerations: The contents of JAR files may be 
   intended to be cross platform but may contain elements that are 
   specific to an operating system, machine architecture, or Java 
   Runtime Environment. The format and structure of the JAR file is 
   cross platform, the same as ZIP, regardless of the contents.

   It is recommended that applications which use a media type/media 
   subtype other than "application/java-archive", including 
   "application/jar", "application/jar-archive", 
   "application/x-java-archive" should be updated to use 
   "application/java-archive".

Published specification: JSR 394: JavaTM SE 19 
   (https://jcp.org/en/jsr/detail?id=394) Final Release contains the 
   current JAR file specification published by the Java Community 
   Process (JCP https://jcp.org/) as developed by OpenJDK Project JDK 
   (https://openjdk.org/projects/jdk/.)

   JAR Files have been in use since JDK 1.0 in 1995.

Applications which use this media: Java Runtime Environment and 
   related utilities

Fragment identifier considerations: N/A

Restrictions on usage: N/A

Additional information:

   1. Deprecated alias names for this type: "application/jar", 
      "application/jar-archive", "application/x-java-archive"
   2. Magic number(s): PK\x03\x04
   3. File extension(s): .jar
   4. Macintosh file type code: N/A
   5. Object Identifiers: N/A

General Comments:

   The JAR file format is based on ZIP:

   [ZIP] PKWARE, Inc., "APPNOTE.TXT - .ZIP File Format
   Specification", PKWARE .ZIP File Format Specification -
   Version 6.3.2, September 2007

Person to contact for further information:

   1. Name: Iris Clark, Java SE Platform JSR spec lead
   2. Email: pmo&jcp.org

Intended usage: COMMON

Author/Change controller: Java Community Process (JCP) (pmo&jcp.org)