An API note has been added to the `getCertificates()` method of the `java.util.jar.JarEntry` and `java.net.JarURLConnection` classes and the `getCodeSigners()` method of the `JarEntry` class recommending that the caller should perform further validation steps on the code signers that signed the JAR file, such as validating the code signer's certificate chain, and determining if the signer should be trusted.

In addition, the `JarURLConnection.getCertificates()` method has been updated to specify the order of the returned array of certificates. It is the same order as specified by `java.util.jar.JarEntry.getCertificates()`.