1 |
Key: |
2 |
|
3 |
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X |
4 |
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY |
5 |
|
6 |
New in release OpenJDK 8u332 (2022-04-19): |
7 |
=========================================== |
8 |
Live versions of these release notes can be found at: |
9 |
* https://bitly.com/openjdk8u332 |
10 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt |
11 |
|
12 |
* Security fixes |
13 |
- JDK-8269938: Enhance XML processing passes redux |
14 |
- JDK-8270504, CVE-2022-21426: Better XPath expression handling |
15 |
- JDK-8272255: Completely handle MIDI files |
16 |
- JDK-8272261: Improve JFR recording file processing |
17 |
- JDK-8272594: Better record of recordings |
18 |
- JDK-8274221: More definite BER encodings |
19 |
- JDK-8275151, CVE-2022-21443: Improved Object Identification |
20 |
- JDK-8277227: Better identification of OIDs |
21 |
- JDK-8277672, CVE-2022-21434: Better invocation handler handling |
22 |
- JDK-8278008, CVE-2022-21476: Improve Santuario processing |
23 |
- JDK-8278356: Improve file creation |
24 |
- JDK-8278449: Improve keychain support |
25 |
- JDK-8278805: Enhance BMP image loading |
26 |
- JDK-8278972, CVE-2022-21496: Improve URL supports |
27 |
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo |
28 |
* Other changes |
29 |
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl |
30 |
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl |
31 |
- JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java |
32 |
- JDK-8037259: xerces update: xpointer update |
33 |
- JDK-8041523: Xerces Update: Serializer improvements from Xalan |
34 |
- JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type |
35 |
- JDK-8162572: Update License Header for all JAXP sources |
36 |
- JDK-8167014: jdeps: Missing message: warn.skipped.entry |
37 |
- JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5 |
38 |
- JDK-8202822: Add .git to .hgignore |
39 |
- JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands |
40 |
- JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request |
41 |
- JDK-8210283: Support git as an SCM alternative in the build |
42 |
- JDK-8218682: [TEST_BUG] DashOffset fails in mach5 |
43 |
- JDK-8225690: Multiple AttachListener threads can be created |
44 |
- JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134" |
45 |
- JDK-8227815: Minimal VM: set_state is not a member of AttachListener |
46 |
- JDK-8240633: Memory leaks in the implementations of FileChooserUI |
47 |
- JDK-8241768: git needs .gitattributes |
48 |
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn |
49 |
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens |
50 |
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node |
51 |
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems |
52 |
- JDK-8270290: NTLM authentication fails if HEAD request is used |
53 |
- JDK-8273229: Update OS detection code to recognize Windows Server 2022 |
54 |
- JDK-8273341: Update Siphash to version 1.0 |
55 |
- JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated |
56 |
- JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake |
57 |
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE |
58 |
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 |
59 |
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler |
60 |
- JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack() |
61 |
- JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 |
62 |
- JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character |
63 |
- JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException |
64 |
- JDK-8284920: Incorrect Token type causes XPath expression to return empty result |
65 |
- JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream |
66 |
* Shenandoah |
67 |
- JDK-8260632: Build failures after JDK-8253353 |
68 |
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git |
69 |
|
70 |
New in release OpenJDK 8u322 (2022-01-18): |
71 |
=========================================== |
72 |
Live versions of these release notes can be found at: |
73 |
* https://bitly.com/openjdk8u322 |
74 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt |
75 |
|
76 |
* Security fixes |
77 |
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization |
78 |
- JDK-8268488: More valuable DerValues |
79 |
- JDK-8268494: Better inlining of inlined interfaces |
80 |
- JDK-8268512: More content for ContentInfo |
81 |
- JDK-8268795: Enhance digests of Jar files |
82 |
- JDK-8268801: Improve PKCS attribute handling |
83 |
- JDK-8268813, CVE-2022-21283: Better String matching |
84 |
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo |
85 |
- JDK-8269944: Better HTTP transport redux |
86 |
- JDK-8270392, CVE-2022-21293: Improve String constructions |
87 |
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps |
88 |
- JDK-8270492, CVE-2022-21282: Better resolution of URIs |
89 |
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management |
90 |
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities |
91 |
- JDK-8271962: Better TrueType font loading |
92 |
- JDK-8271968: Better canonical naming |
93 |
- JDK-8271987: Manifest improved manifest entries |
94 |
- JDK-8272014, CVE-2022-21305: Better array indexing |
95 |
- JDK-8272026, CVE-2022-21340: Verify Jar Verification |
96 |
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport |
97 |
- JDK-8272272: Enhance jcmd communication |
98 |
- JDK-8272462: Enhance image handling |
99 |
- JDK-8273290: Enhance sound handling |
100 |
- JDK-8273748, CVE-2022-21349: Improve Solaris font rendering |
101 |
- JDK-8273756, CVE-2022-21360: Enhance BMP image support |
102 |
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing |
103 |
* Other changes |
104 |
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken |
105 |
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03 |
106 |
- JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108 |
107 |
- JDK-8041928: MouseEvent.getModifiersEx gives wrong result |
108 |
- JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402 |
109 |
- JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) |
110 |
- JDK-8048021: Remove @version tag in jaxp repo |
111 |
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage |
112 |
- JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java |
113 |
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile |
114 |
- JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS |
115 |
- JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure |
116 |
- JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade |
117 |
- JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank |
118 |
- JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated |
119 |
- JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind |
120 |
- JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator |
121 |
- JDK-8148915: Intermittent failures of bug6400879.java |
122 |
- JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism |
123 |
- JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black |
124 |
- JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests |
125 |
- JDK-8182036: Load from initializing arraycopy uses wrong memory state |
126 |
- JDK-8183369: RFC unconformity of HttpURLConnection with proxy |
127 |
- JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" |
128 |
- JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll |
129 |
- JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar |
130 |
- JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride |
131 |
- JDK-8190793: Httpserver does not detect truncated request body |
132 |
- JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail |
133 |
- JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit |
134 |
- JDK-8210058: Algorithmic Italic font leans opposite angle in Printing |
135 |
- JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs |
136 |
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 |
137 |
- JDK-8225083: Remove Google certificate that is expiring in December 2021 |
138 |
- JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread |
139 |
- JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software |
140 |
- JDK-8231438: [macOS] Dark mode for the desktop is not supported |
141 |
- JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina |
142 |
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail |
143 |
- JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails |
144 |
- JDK-8236897: Fix the copyright header for pkcs11gcm2.h |
145 |
- JDK-8237499: JFR: Include stack trace in the ThreadStart event |
146 |
- JDK-8239886: Minimal VM build fails after JDK-8237499 |
147 |
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0 |
148 |
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" |
149 |
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions |
150 |
- JDK-8273308: PatternMatchTest.java fails on CI |
151 |
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 |
152 |
- JDK-8273826: Correct Manifest file name and NPE checks |
153 |
- JDK-8273968: JCK javax_xml tests fail in CI |
154 |
- JDK-8274407: (tz) Update Timezone Data to 2021c |
155 |
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b |
156 |
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b |
157 |
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused |
158 |
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST |
159 |
- JDK-8275766: (tz) Update Timezone Data to 2021e |
160 |
- JDK-8275849: TestZoneInfo310.java fails with tzdata2021e |
161 |
- JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 |
162 |
|
163 |
Notes on individual issues: |
164 |
=========================== |
165 |
|
166 |
security-libs/java.security: |
167 |
|
168 |
JDK-8271434: Removed IdenTrust Root Certificate |
169 |
=============================================== |
170 |
The following root certificate from IdenTrust has been removed from |
171 |
the `cacerts` keystore: |
172 |
|
173 |
Alias Name: identrustdstx3 [jdk] |
174 |
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co. |
175 |
|
176 |
JDK-8272535: Removed Google's GlobalSign Root Certificate |
177 |
========================================================= |
178 |
The following root certificate from Google has been removed from the |
179 |
`cacerts` keystore: |
180 |
|
181 |
Alias Name: globalsignr2ca [jdk] |
182 |
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 |
183 |
|
184 |
core-libs/java.time: |
185 |
|
186 |
JDK-8274857: Update Timezone Data to 2021c |
187 |
=========================================== |
188 |
IANA Time Zone Database, on which JDK's Date/Time libraries are based, |
189 |
has been updated to version 2021c |
190 |
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note |
191 |
that with this update, some of the time zone rules prior to the year |
192 |
1970 have been modified according to the changes which were introduced |
193 |
with 2021b. For more detail, refer to the announcement of 2021b |
194 |
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html) |
195 |
|
196 |
New in release OpenJDK 8u312 (2021-10-19): |
197 |
=========================================== |
198 |
Live versions of these release notes can be found at: |
199 |
* https://bitly.com/openjdk8u312 |
200 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt |
201 |
|
202 |
* Security fixes |
203 |
- JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 |
204 |
- JDK-8161016: Strange behavior of URLConnection with proxy |
205 |
- JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference |
206 |
- JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close |
207 |
- JDK-8263314: Enhance XML Dsig modes |
208 |
- JDK-8265167, CVE-2021-35556: Richer Text Editors |
209 |
- JDK-8265574: Improve handling of sheets |
210 |
- JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit |
211 |
- JDK-8265776: Improve Stream handling for SSL |
212 |
- JDK-8266097, CVE-2021-35561: Better hashing support |
213 |
- JDK-8266103: Better specified spec values |
214 |
- JDK-8266109: More Resilient Classloading |
215 |
- JDK-8266115: More Manifest Jar Loading |
216 |
- JDK-8266137, CVE-2021-35564: Improve Keystore integrity |
217 |
- JDK-8266689, CVE-2021-35567: More Constrained Delegation |
218 |
- JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic |
219 |
- JDK-8267712: Better LDAP reference processing |
220 |
- JDK-8267729, CVE-2021-35578: Improve TLS client handshaking |
221 |
- JDK-8267735, CVE-2021-35586: Better BMP support |
222 |
- JDK-8268193: Improve requests of certificates |
223 |
- JDK-8268199: Correct certificate requests |
224 |
- JDK-8268506: More Manifest Digests |
225 |
- JDK-8269618, CVE-2021-35603: Better session identification |
226 |
- JDK-8269624: Enhance method selection support |
227 |
- JDK-8270398: Enhance canonicalization |
228 |
- JDK-8270404: Better canonicalization |
229 |
* Other changes |
230 |
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit |
231 |
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection |
232 |
- JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline |
233 |
- JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime |
234 |
- JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private |
235 |
- JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails |
236 |
- JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated |
237 |
- JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser |
238 |
- JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed |
239 |
- JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently |
240 |
- JDK-8065215: Print warning summary at end of configure |
241 |
- JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object |
242 |
- JDK-8079891: Store configure log in $BUILD/configure.log |
243 |
- JDK-8080082: configure fails if you create an empty directory and then run configure from it |
244 |
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing |
245 |
- JDK-8131062: aarch64: add support for GHASH acceleration |
246 |
- JDK-8134869: AARCH64: GHASH intrinsic is not optimal |
247 |
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address |
248 |
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get |
249 |
- JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream |
250 |
- JDK-8166673: The new implementation of Robot.waitForIdle() may hang |
251 |
- JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders |
252 |
- JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class |
253 |
- JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails |
254 |
- JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore |
255 |
- JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error |
256 |
- JDK-8214418: half-closed SSLEngine status may cause application dead loop |
257 |
- JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 |
258 |
- JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr |
259 |
- JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail |
260 |
- JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4 |
261 |
- JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces |
262 |
- JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 |
263 |
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers |
264 |
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print |
265 |
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) |
266 |
- JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files |
267 |
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available |
268 |
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. |
269 |
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test |
270 |
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space" |
271 |
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames() |
272 |
- JDK-8263311: Watch registry changes for remote printers update instead of polling |
273 |
- JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers" |
274 |
- JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M |
275 |
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode |
276 |
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container |
277 |
- JDK-8265978: make test should look for more locations when searching for exit code |
278 |
- JDK-8266206: Build failure after JDK-8264752 with older GCCs |
279 |
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836 |
280 |
- JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server |
281 |
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark |
282 |
- JDK-8269763: The JEditorPane is blank after JDK-8265167 |
283 |
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport |
284 |
- JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers |
285 |
- JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short |
286 |
- JDK-8269882: stack-use-after-scope in NewObjectA |
287 |
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891 |
288 |
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup |
289 |
- JDK-8271466: StackGap test fails on aarch64 due to "-m64" |
290 |
- JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon |
291 |
- JDK-8272214: [8u] Build failure after backport of JDK-8248901 |
292 |
- JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013 |
293 |
* Shenandoah |
294 |
- [backport] JDK-8269661: JNI_GetStringCritical does not lock char array |
295 |
- Re-cast JNI critical strings patch to be Shenandoah-specific |
296 |
|
297 |
Notes on individual issues: |
298 |
=========================== |
299 |
|
300 |
core-libs/java.net: |
301 |
|
302 |
JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found |
303 |
================================================================================ |
304 |
The behavior of HttpURLConnection when using a ProxySelector has been |
305 |
modified with this JDK release. HttpURLConnection used to fall back to |
306 |
a DIRECT connection attempt if the configured proxy(s) failed to make |
307 |
a connection. This release introduces a change whereby no DIRECT |
308 |
connection will be attempted in such a scenario. Instead, the |
309 |
HttpURLConnection.connect() method will fail and throw an IOException |
310 |
which occurred from the last proxy tested. |
311 |
|
312 |
security-libs/javax.net.ssl: |
313 |
|
314 |
JDK-8219551: Updated the Default Enabled Cipher Suites Preference |
315 |
================================================================= |
316 |
The preference of the default enabled cipher suites has been |
317 |
changed. The compatibility impact should be minimal. If needed, |
318 |
applications can customize the enabled cipher suites and the |
319 |
preference. For more details, refer to the SunJSSE provider |
320 |
documentation and the JSSE Reference Guide documentation. |
321 |
|
322 |
New in release OpenJDK 8u302 (2021-07-20): |
323 |
=========================================== |
324 |
Live versions of these release notes can be found at: |
325 |
* https://bitly.com/openjdk8u302 |
326 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt |
327 |
|
328 |
* Security fixes |
329 |
- JDK-8256157: Improve bytecode assembly |
330 |
- JDK-8256491: Better HTTP transport |
331 |
- JDK-8258432, CVE-2021-2341: Improve file transfers |
332 |
- JDK-8260453: Improve Font Bounding |
333 |
- JDK-8260960: Signs of jarsigner signing |
334 |
- JDK-8260967, CVE-2021-2369: Better jar file validation |
335 |
- JDK-8262380: Enhance XML processing passes |
336 |
- JDK-8262403: Enhanced data transfer |
337 |
- JDK-8262410: Enhanced rules for zones |
338 |
- JDK-8262477: Enhance String Conclusions |
339 |
- JDK-8262967: Improve Zip file support |
340 |
- JDK-8264066, CVE-2021-2388: Enhance compiler validation |
341 |
- JDK-8264079: Improve abstractions |
342 |
- JDK-8264460: Improve NTLM support |
343 |
* Other changes |
344 |
- JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream |
345 |
- JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome |
346 |
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file |
347 |
- JDK-7106851: Test should not use System.exit |
348 |
- JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler |
349 |
- JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails |
350 |
- JDK-8030123: java/beans/Introspector/Test8027648.java fails |
351 |
- JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java |
352 |
- JDK-8033289: clang: clean up unused function warning |
353 |
- JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11 |
354 |
- JDK-8034857: gcc warnings compiling src/solaris/native/sun/management |
355 |
- JDK-8035000: clean up ActivationLibrary.DestroyThread |
356 |
- JDK-8035054: JarFacade.c should not include ctype.h |
357 |
- JDK-8035287: gcc warnings compiling various libraries files |
358 |
- JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions |
359 |
- JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries |
360 |
- JDK-8042891: Format issues embedded in macros for two g1 source files |
361 |
- JDK-8043264: hsdis library not picked up correctly on expected paths |
362 |
- JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang |
363 |
- JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh |
364 |
- JDK-8055754: filemap.cpp does not compile with clang |
365 |
- JDK-8064909: FragmentMetaspace.java got OutOfMemoryError |
366 |
- JDK-8066508: JTReg tests timeout on slow devices when run using JPRT |
367 |
- JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm |
368 |
- JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize |
369 |
- JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137 |
370 |
- JDK-8074835: Resolve disabled warnings for libj2gss |
371 |
- JDK-8074836: Resolve disabled warnings for libosxkrb5 |
372 |
- JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction |
373 |
- JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3 |
374 |
- JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel |
375 |
- JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX |
376 |
- JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header |
377 |
- JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java |
378 |
- JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java |
379 |
- JDK-8132148: G1 hs_err region dump legend out of sync with region values |
380 |
- JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded |
381 |
- JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported |
382 |
- JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel |
383 |
- JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw |
384 |
- JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1 |
385 |
- JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently |
386 |
- JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java |
387 |
- JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME |
388 |
- JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME |
389 |
- JDK-8172188: JDI tests fail due to "permission denied" when creating temp file |
390 |
- JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000) |
391 |
- JDK-8178403: DirectAudio in JavaSound may hang and leak |
392 |
- JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-'' |
393 |
- JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently |
394 |
- JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large |
395 |
- JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size" |
396 |
- JDK-8191955: AArch64: incorrect prefetch distance causes an internal error |
397 |
- JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails |
398 |
- JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM |
399 |
- JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined |
400 |
- JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016 |
401 |
- JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys |
402 |
- JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out" |
403 |
- JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max |
404 |
- JDK-8206925: Support the certificate_authorities extension |
405 |
- JDK-8209996: [PPC64] Fix JFR profiling |
406 |
- JDK-8214345: infinite recursion while checking super class |
407 |
- JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() |
408 |
- JDK-8217348: assert(thread->is_Java_thread()) failed: just checking |
409 |
- JDK-8225081: Remove Telia Company CA certificate expiring in April 2021 |
410 |
- JDK-8225116: Test OwnedWindowsLeak.java intermittently fails |
411 |
- JDK-8228757: Fail fast if the handshake type is unknown |
412 |
- JDK-8230428: Cleanup dead CastIP node code in formssel.cpp |
413 |
- JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE |
414 |
- JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns |
415 |
- JDK-8231949: [PPC64, s390]: Make async profiling more reliable |
416 |
- JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() |
417 |
- JDK-8239053: [8u] clean up undefined-var-template warnings |
418 |
- JDK-8239400: [8u] clean up undefined-var-template warnings |
419 |
- JDK-8241649: Optimize Character.toString |
420 |
- JDK-8241829: Cleanup the code for PrinterJob on windows |
421 |
- JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled |
422 |
- JDK-8243559: Remove root certificates with 1024-bit keys |
423 |
- JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node |
424 |
- JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable |
425 |
- JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList |
426 |
- JDK-8250876: Fix issues with cross-compile on macos |
427 |
- JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows |
428 |
- JDK-8253375: OSX build fails with Xcode 12.0 (12A7209) |
429 |
- JDK-8254631: Better support ALPN byte wire values in SunJSSE |
430 |
- JDK-8255086: Update the root locale display names |
431 |
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too |
432 |
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources |
433 |
- JDK-8257039: [8u] GenericTaskQueue destructor is incorrect |
434 |
- JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
435 |
- JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test |
436 |
- JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
437 |
- JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region |
438 |
- JDK-8258419: RSA cipher buffer cleanup |
439 |
- JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation |
440 |
- JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues |
441 |
- JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" |
442 |
- JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect |
443 |
- JDK-8259886: Improve SSL session cache performance and scalability |
444 |
- JDK-8260029: aarch64: fix typo in verify_oop_array |
445 |
- JDK-8260236: better init AnnotationCollector _contended_group |
446 |
- JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized |
447 |
- JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2 |
448 |
- JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end |
449 |
- JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding |
450 |
- JDK-8261867: Backport relevant test changes & additions from JDK-8130125 |
451 |
- JDK-8262110: DST starts from incorrect time in 2038 |
452 |
- JDK-8262446: DragAndDrop hangs on Windows |
453 |
- JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack |
454 |
- JDK-8262730: Enable jdk8u MacOS external debug symbols |
455 |
- JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external |
456 |
- JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395 |
457 |
- JDK-8263504: Some OutputMachOpcodes fields are uninitialized |
458 |
- JDK-8263600: change rmidRunning to a simple lookup |
459 |
- JDK-8264509: jdk8u MacOS zipped debug symbols won't build |
460 |
- JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type |
461 |
- JDK-8264640: CMS ParScanClosure misses a barrier |
462 |
- JDK-8264816: Weak handles leak causes GC to take longer |
463 |
- JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod |
464 |
- JDK-8265666: Enable AIX build platform to make external debug symbols |
465 |
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u |
466 |
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u |
467 |
- JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant) |
468 |
- JDK-8266723: JFR periodic events are causing extra allocations |
469 |
- JDK-8266929: Unable to use algorithms from 3p providers |
470 |
- JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash |
471 |
- JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM |
472 |
- JDK-8267545: [8u] Enable Xcode 12 builds on macOS |
473 |
- JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode |
474 |
- JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457 |
475 |
- JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow |
476 |
- JDK-8269468: JDK-8269388 breaks the build on older GCCs |
477 |
- JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS |
478 |
* Shenandoah |
479 |
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState |
480 |
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp |
481 |
- [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous |
482 |
- [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode |
483 |
- [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1 |
484 |
- [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally |
485 |
- [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC |
486 |
- [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size |
487 |
- [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127 |
488 |
- Shenandoah: Process weak roots during class unloading cycle |
489 |
|
490 |
Notes on individual issues: |
491 |
=========================== |
492 |
|
493 |
security-libs/java.security: |
494 |
|
495 |
JDK-8256902: Removed Root Certificates with 1024-bit Keys |
496 |
========================================================= |
497 |
The following root certificates with weak 1024-bit RSA public keys |
498 |
have been removed from the `cacerts` keystore: |
499 |
|
500 |
Alias Name: thawtepremiumserverca [jdk] |
501 |
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA |
502 |
|
503 |
Alias Name: verisignclass2g2ca [jdk] |
504 |
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US |
505 |
|
506 |
Alias Name: verisignclass3ca [jdk] |
507 |
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US |
508 |
|
509 |
Alias Name: verisignclass3g2ca [jdk] |
510 |
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US |
511 |
|
512 |
Alias Name: verisigntsaca [jdk] |
513 |
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA |
514 |
|
515 |
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate |
516 |
================================================================= |
517 |
|
518 |
The following root certificate have been removed from the cacerts truststore: |
519 |
|
520 |
Alias Name: soneraclass2ca |
521 |
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI |
522 |
|
523 |
security-libs/javax.net.ssl: |
524 |
|
525 |
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values |
526 |
========================================================================================= |
527 |
Certain TLS ALPN values couldn't be properly read or written by the |
528 |
SunJSSE provider. This is due to the choice of Strings as the API |
529 |
interface and the undocumented internal use of the UTF-8 Character Set |
530 |
which converts characters larger than U+00007F (7-bit ASCII) into |
531 |
multi-byte arrays that may not be expected by a peer. |
532 |
|
533 |
ALPN values are now represented using the network byte representation |
534 |
expected by the peer, which should require no modification for |
535 |
standard 7-bit ASCII-based character Strings. However, SunJSSE now |
536 |
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 |
537 |
characters. This means applications that used characters above |
538 |
U+000007F that were previously encoded using UTF-8 may need to either |
539 |
be modified to perform the UTF-8 conversion, or set the Java security |
540 |
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior. |
541 |
|
542 |
See the updated guide at |
543 |
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html |
544 |
for more information. |
545 |
|
546 |
JDK-8244460: Support for certificate_authorities Extension |
547 |
========================================================== |
548 |
The "certificate_authorities" extension is an optional extension |
549 |
introduced in TLS 1.3. It is used to indicate the certificate |
550 |
authorities (CAs) that an endpoint supports and should be used by the |
551 |
receiving endpoint to guide certificate selection. |
552 |
|
553 |
With this JDK release, the "certificate_authorities" extension is |
554 |
supported for TLS 1.3 in both the client and the server sides. This |
555 |
extension is always present for client certificate selection, while it |
556 |
is optional for server certificate selection. |
557 |
|
558 |
Applications can enable this extension for server certificate |
559 |
selection by setting the `jdk.tls.client.enableCAExtension` system |
560 |
property to `true`. The default value of the property is `false`. |
561 |
|
562 |
Note that if the client trusts more CAs than the size limit of the |
563 |
extension (less than 2^16 bytes), the extension is not enabled. Also, |
564 |
some server implementations do not allow handshake messages to exceed |
565 |
2^14 bytes. Consequently, there may be interoperability issues when |
566 |
`jdk.tls.client.enableCAExtension` is set to `true` and the client |
567 |
trusts more CAs than the server implementation limit. |
568 |
|
569 |
New in release OpenJDK 8u292 (2021-04-20): |
570 |
=========================================== |
571 |
Live versions of these release notes can be found at: |
572 |
* https://bitly.com/openjdk8u292 |
573 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt |
574 |
|
575 |
* Security fixes |
576 |
- JDK-8227467: Better class method invocations |
577 |
- JDK-8244473: Contextualize registration for JNDI |
578 |
- JDK-8244543: Enhanced handling of abstract classes |
579 |
- JDK-8249906, CVE-2021-2163: Enhance opening JARs |
580 |
- JDK-8250568, CVE-2021-2161: Less ambiguous processing |
581 |
- JDK-8253799: Make lists of normal filenames |
582 |
* Other changes |
583 |
- JDK-6345095: regression test EmptyClipRenderingTest fails |
584 |
- JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println |
585 |
- JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop |
586 |
- JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled |
587 |
- JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed |
588 |
- JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7 |
589 |
- JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found |
590 |
- JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently |
591 |
- JDK-8035166: Remove dependency on EC classes from pkcs11 provider |
592 |
- JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error |
593 |
- JDK-8038723: Openup some PrinterJob tests |
594 |
- JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X |
595 |
- JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton |
596 |
- JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS |
597 |
- JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported |
598 |
- JDK-8078450: Implement consistent process for quarantine of tests |
599 |
- JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException |
600 |
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid |
601 |
- JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment |
602 |
- JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms |
603 |
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 |
604 |
- JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error |
605 |
- JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output |
606 |
- JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address |
607 |
- JDK-8160217: JavaSound should clean up resources better |
608 |
- JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods |
609 |
- JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node |
610 |
- JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63 |
611 |
- JDK-8172404: Tools should warn if weak algorithms are used before restricting them |
612 |
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" |
613 |
- JDK-8191915: JCK tests produce incorrect results with C2 |
614 |
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode |
615 |
- JDK-8202343: Disable TLS 1.0 and 1.1 |
616 |
- JDK-8209333: Socket reset issue for TLS 1.3 socket close |
617 |
- JDK-8211301: [macos] support full window content options |
618 |
- JDK-8211339: NPE during SSL handshake caused by HostnameChecker |
619 |
- JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy |
620 |
- JDK-8217338: [Containers] Improve systemd slice memory limit support |
621 |
- JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl |
622 |
- JDK-8221408: Windows 32bit build build errors/warnings in hotspot |
623 |
- JDK-8223186: HotSpot compile warnings from GCC 9 |
624 |
- JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14 |
625 |
- JDK-8225805: Java Access Bridge does not close the logger |
626 |
- JDK-8226899: Problemlist compiler/rtm tests |
627 |
- JDK-8227642: [TESTBUG] Make docker tests podman compatible |
628 |
- JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642 |
629 |
- JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage |
630 |
- JDK-8230388: Problemlist additional compiler/rtm tests |
631 |
- JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR |
632 |
- JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 |
633 |
- JDK-8234728: Some security tests should support TLSv1.3 |
634 |
- JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions |
635 |
- JDK-8235311: Tag mismatch may alert bad_record_mac |
636 |
- JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. |
637 |
- JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory |
638 |
- JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read |
639 |
- JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. |
640 |
- JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 |
641 |
- JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" |
642 |
- JDK-8242141: New System Properties to configure the TLS signature schemes |
643 |
- JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 |
644 |
- JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit |
645 |
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method |
646 |
- JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel |
647 |
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows |
648 |
- JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets |
649 |
- JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities |
650 |
- JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray |
651 |
- JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows |
652 |
- JDK-8253368: TLS connection always receives close_notify exception |
653 |
- JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities |
654 |
- JDK-8253932: SSL debug log prints incorrect caller info |
655 |
- JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations |
656 |
- JDK-8255880: UI of Swing components is not redrawn after their internal state changed |
657 |
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem |
658 |
- JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java |
659 |
- JDK-8256421: Add 2 HARICA roots to cacerts truststore |
660 |
- JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed |
661 |
- JDK-8258079: Eliminate ParNew's use of klass_or_null() |
662 |
- JDK-8256682: JDK-8202343 is incomplete |
663 |
- JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines |
664 |
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 |
665 |
- JDK-8258247: Couple of issues in fix for JDK-8249906 |
666 |
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() |
667 |
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes |
668 |
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures |
669 |
- JDK-8258933: G1 needs klass_or_null_acquire |
670 |
- JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f |
671 |
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will |
672 |
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548 |
673 |
- JDK-8259428: AlgorithmId.getEncodedParams() should return copy |
674 |
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport |
675 |
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS |
676 |
- JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a |
677 |
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function |
678 |
- JDK-8261183: Follow on to Make lists of normal filenames |
679 |
- JDK-8261231: Windows IME was disabled after DnD operation |
680 |
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017 |
681 |
- JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory |
682 |
- JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently |
683 |
- JDK-8263008: AARCH64: Add debug info for libsaproc.so |
684 |
- JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS) |
685 |
* Shenandoah |
686 |
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01. |
687 |
- Revert differences against upstream 8u |
688 |
- [backport] 8202976: Add C1 lea patching support for x86 |
689 |
- [backport] 8221507: Implement JFR Events for Shenandoah |
690 |
- [backport] 8224573: Fix windows build after JDK-8221507 |
691 |
- [backport] 8228369: Shenandoah: Refactor LRB C1 stubs |
692 |
- [backport] 8229474: Shenandoah: Cleanup CM::update_roots() |
693 |
- [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs) |
694 |
- [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2 |
695 |
- [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots |
696 |
- [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB |
697 |
- [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes |
698 |
- [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64 |
699 |
- [backport] 8233574: Shenandoah: build is broken without jfr |
700 |
- [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint |
701 |
- [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx" |
702 |
- [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type |
703 |
- [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength() |
704 |
- [backport] 8240751: Shenandoah: fold ShenandoahTracer definition |
705 |
- [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier |
706 |
- [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition |
707 |
- [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks |
708 |
- [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape" |
709 |
- [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U |
710 |
- [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option |
711 |
- [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues() |
712 |
- [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads |
713 |
- [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask |
714 |
- [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback |
715 |
- [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test |
716 |
- [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false |
717 |
- Fix register allocation for thread register is 32bit LRB |
718 |
- Fix Shenandoah bindings in ADLC formssel |
719 |
- Shenandoah: Backed out weak roots cleaning during full gc |
720 |
|
721 |
Notes on individual issues: |
722 |
=========================== |
723 |
|
724 |
security-libs/java.security: |
725 |
|
726 |
JDK-8260597: Added 2 HARICA Root CA Certificates |
727 |
================================================ |
728 |
|
729 |
The following root certificates have been added to the cacerts truststore: |
730 |
|
731 |
Alias Name: haricarootca2015 |
732 |
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR |
733 |
|
734 |
Alias Name: haricaeccrootca2015 |
735 |
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR |
736 |
|
737 |
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default |
738 |
=================================================================================== |
739 |
Weak named curves are disabled by default by adding them to the |
740 |
following `disabledAlgorithms` security properties: |
741 |
|
742 |
* jdk.tls.disabledAlgorithms |
743 |
* jdk.certpath.disabledAlgorithms |
744 |
* jdk.jar.disabledAlgorithms |
745 |
|
746 |
Red Hat has always disabled many of the curves provided by upstream, |
747 |
so the only addition in this release is: |
748 |
|
749 |
* secp256k1 |
750 |
|
751 |
The curves that remain enabled are: |
752 |
|
753 |
* secp256r1 |
754 |
* secp384r1 |
755 |
* secp521r1 |
756 |
* X25519 |
757 |
* X448 |
758 |
|
759 |
When large numbers of weak named curves need to be disabled, adding |
760 |
individual named curves to each `disabledAlgorithms` property would be |
761 |
overwhelming. To relieve this, a new security property, |
762 |
`jdk.disabled.namedCurves`, is implemented that can list the named |
763 |
curves common to all of the `disabledAlgorithms` properties. To use |
764 |
the new property in the `disabledAlgorithms` properties, precede the |
765 |
full property name with the keyword `include`. Users can still add |
766 |
individual named curves to `disabledAlgorithms` properties separate |
767 |
from this new property. No other properties can be included in the |
768 |
`disabledAlgorithms` properties. |
769 |
|
770 |
To restore the named curves, remove the `include |
771 |
jdk.disabled.namedCurves` either from specific or from all |
772 |
`disabledAlgorithms` security properties. To restore one or more |
773 |
curves, remove the specific named curve(s) from the |
774 |
`jdk.disabled.namedCurves` property. |
775 |
|
776 |
JDK-8244286: Tools Warn If Weak Algorithms Are Used |
777 |
=================================================== |
778 |
The `keytool` and `jarsigner` tools have been updated to warn users |
779 |
when weak cryptographic algorithms are used in keys, certificates, and |
780 |
signed JARs before they are disabled. The weak algorithms are set in |
781 |
the `jdk.security.legacyAlgorithms` security property in the |
782 |
`java.security` configuration file. In this release, the tools issue |
783 |
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys. |
784 |
|
785 |
security-libs/javax.net.ssl: |
786 |
|
787 |
JDK-8256490: Disable TLS 1.0 and 1.1 |
788 |
==================================== |
789 |
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer |
790 |
considered secure and have been superseded by more secure and modern |
791 |
versions (TLS 1.2 and 1.3). |
792 |
|
793 |
These versions have now been disabled by default. If you encounter |
794 |
issues, you can, at your own risk, re-enable the versions by removing |
795 |
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` |
796 |
security property in the `java.security` configuration file. |
797 |
|
798 |
JDK-8242147: New System Properties to Configure the TLS Signature Schemes |
799 |
========================================================================= |
800 |
Two new system properties have been added to customize the TLS |
801 |
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been |
802 |
added for the TLS client side, and `jdk.tls.server.SignatureSchemes` |
803 |
has been added for the server side. |
804 |
|
805 |
Each system property contains a comma-separated list of supported |
806 |
signature scheme names specifying the signature schemes that could be |
807 |
used for the TLS connections. |
808 |
|
809 |
The names are described in the "Signature Schemes" section of the |
810 |
*Java Security Standard Algorithm Names Specification*. |
811 |
|
812 |
tools/javac: |
813 |
|
814 |
JDK-8177368: Several incorporation steps are silently failing when an error should be reported |
815 |
============================================================================================== |
816 |
Reporting previously silent errors found during incorporation, JLS |
817 |
8§18.3, was supposed to be a clean-up with performance only |
818 |
implications. But consider the test case: |
819 |
|
820 |
import java.util.Arrays; |
821 |
import java.util.List; |
822 |
|
823 |
class Klass { |
824 |
public static <A> List<List<A>> foo(List<? extends A>... lists) { |
825 |
return foo(Arrays.asList(lists)); |
826 |
} |
827 |
|
828 |
public static <B> List<List<B>> foo(List<? extends List<? extends B>> lists) { |
829 |
return null; |
830 |
} |
831 |
} |
832 |
|
833 |
This code was not accepted before the patch for [1], but after this |
834 |
patch the compiler is accepting it. Accepting this code is the right |
835 |
behavior as not reporting incorporation errors was a bug in the |
836 |
compiler. While determining the applicability of method: <B> |
837 |
List<List<B>> foo(List<? extends List<? extends B>> lists) for which |
838 |
we have the constraints: b <: Object t <: List<? extends B> t<:Object |
839 |
List<? extends A> <: t first, inference variable b is selected for |
840 |
instantiation: b = CAP1 of ? extends A so this implies that: t <: |
841 |
List<? extends CAP1 of ? extends A> t<: Object List<? extends A> <: t |
842 |
|
843 |
Now all the bounds are checked for consistency. While checking if |
844 |
List<? extends A> is a subtype of List<? extends CAP1 of ? extends A> |
845 |
a bound error is reported. Before the compiler was just swallowing |
846 |
it. As now the error is reported while inference variable b is being |
847 |
instantiated, the bound set is rolled back to it's initial state, 'b' |
848 |
is instantiated to Object, and with this instantiation the constraint |
849 |
set is solvable, the method is applicable, it's the only applicable |
850 |
one and the code is accepted as correct. The compiler behavior in this |
851 |
case is defined at JLS 8 §18.4 |
852 |
|
853 |
This fix has source compatibility impact, right now code that wasn't |
854 |
being accepted is now being accepted by the javac compiler. Currently |
855 |
there are no reports of any other kind of incompatibility. |
856 |
|
857 |
[1] https://bugs.openjdk.java.net/browse/JDK-8078024 |
858 |
|
859 |
New in release OpenJDK 8u282 (2021-01-19): |
860 |
=========================================== |
861 |
Live versions of these release notes can be found at: |
862 |
* https://bitly.com/openjdk8u282 |
863 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt |
864 |
|
865 |
* Security fixes |
866 |
- JDK-8247619: Improve Direct Buffering of Characters |
867 |
* Other changes |
868 |
- JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux |
869 |
- JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation |
870 |
- JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails |
871 |
- JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup |
872 |
- JDK-8030350: Enable additional compiler warnings for GCC |
873 |
- JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows |
874 |
- JDK-8036122: Fix warning 'format not a string literal' |
875 |
- JDK-8039279: Move awt tests to openjdk repository |
876 |
- JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk |
877 |
- JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository |
878 |
- JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree |
879 |
- JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m |
880 |
- JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests |
881 |
- JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk |
882 |
- JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository |
883 |
- JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository |
884 |
- JDK-8046221: [TEST_BUG] Cleanup datatransfer tests |
885 |
- JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository |
886 |
- JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 |
887 |
- JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK |
888 |
- JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 |
889 |
- JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK |
890 |
- JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 |
891 |
- JDK-8051440: move tests about maximizing undecorated to OpenJDK |
892 |
- JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! |
893 |
- JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 |
894 |
- JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3) |
895 |
- JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK |
896 |
- JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 |
897 |
- JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 |
898 |
- JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 |
899 |
- JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK |
900 |
- JDK-8055664: move 14 tests about setLocationRelativeTo to jdk |
901 |
- JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9 |
902 |
- JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10 |
903 |
- JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails |
904 |
- JDK-8062808: Turn on the -Wreturn-type warning |
905 |
- JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 |
906 |
- JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 |
907 |
- JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 |
908 |
- JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 |
909 |
- JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing |
910 |
- JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases |
911 |
- JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease |
912 |
- JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() |
913 |
- JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel |
914 |
- JDK-8068275: Some tests failed after JDK-8063104 |
915 |
- JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once |
916 |
- JDK-8074807: Fix some tests unnecessary using internal API |
917 |
- JDK-8076315: move 4 manual functional swing tests to regression suite |
918 |
- JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT |
919 |
- JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows |
920 |
- JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful |
921 |
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent |
922 |
- JDK-8148916: Mark bug6400879.java as intermittently failing |
923 |
- JDK-8148983: Fix extra comma in changes for JDK-8148916 |
924 |
- JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants |
925 |
- JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic |
926 |
- JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails |
927 |
- JDK-8160761: [TESTBUG] Several compiler tests fail with product bits |
928 |
- JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java |
929 |
- JDK-8165808: Add release barriers when allocating objects with concurrent collection |
930 |
- JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java |
931 |
- JDK-8166583: Add oopDesc::klass_or_null_acquire() |
932 |
- JDK-8166663: Simplify oops_on_card_seq_iterate_careful |
933 |
- JDK-8166862: CMS needs klass_or_null_acquire |
934 |
- JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X |
935 |
- JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp |
936 |
- JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event |
937 |
- JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument |
938 |
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8 |
939 |
- JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 |
940 |
- JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out |
941 |
- JDK-8207766: [testbug] Adapt tests for Aix. |
942 |
- JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation |
943 |
- JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash |
944 |
- JDK-8215727: Restore JFR thread sampler loop to old / previous behavior |
945 |
- JDK-8217362: Emergency dump does not work when disk=false is set |
946 |
- JDK-8217766: Container Support doesn't work for some Join Controllers combinations |
947 |
- JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3 |
948 |
- JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable |
949 |
- JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp |
950 |
- JDK-8220657: JFR.dump does not work when filename is set |
951 |
- JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562 |
952 |
- JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing |
953 |
- JDK-8221710: [TESTBUG] more configurable parameters for docker testing |
954 |
- JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable |
955 |
- JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM |
956 |
- JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs |
957 |
- JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100 |
958 |
- JDK-8229868: Update Apache Santuario TPRM version |
959 |
- JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread |
960 |
- JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes |
961 |
- JDK-8232114: JVM crashed at imjpapi.dll in native code |
962 |
- JDK-8233548: Update CUP to v0.11b |
963 |
- JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area |
964 |
- JDK-8234339: replace JLI_StrTok in java_md_solinux.c |
965 |
- JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes |
966 |
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test |
967 |
- JDK-8242335: Additional Tests for RSASSA-PSS |
968 |
- JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker |
969 |
- JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in |
970 |
- JDK-8245400: Upgrade to LittleCMS 2.11 |
971 |
- JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 |
972 |
- JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention |
973 |
- JDK-8249176: Update GlobalSignR6CA test certificates |
974 |
- JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior |
975 |
- JDK-8250636: iso8601_time returns incorrect offset part on MacOS |
976 |
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY |
977 |
- JDK-8250928: JFR: Improve hash algorithm for stack traces |
978 |
- JDK-8251365: Build failure on AIX after 8250636 |
979 |
- JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java |
980 |
- JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers |
981 |
- JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE |
982 |
- JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries |
983 |
- JDK-8252497: Incorrect numeric currency code for ROL |
984 |
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent |
985 |
- JDK-8252904: VM crashes when JFR is used and JFR event class is transformed |
986 |
- JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal |
987 |
- JDK-8253036: Support building the Zero assembler port on AArch64 |
988 |
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect |
989 |
- JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip |
990 |
- JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly |
991 |
- JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion |
992 |
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate |
993 |
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp |
994 |
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp |
995 |
- JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails |
996 |
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c |
997 |
- JDK-8255003: Build failures on Solaris |
998 |
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d |
999 |
- JDK-8255269: Unsigned overflow in g1Policy.cpp |
1000 |
- JDK-8255603: Memory/Performance regression after JDK-8210985 |
1001 |
- JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized |
1002 |
- JDK-8256618: Zero: Linux x86_32 build still fails |
1003 |
- JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap |
1004 |
- JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder |
1005 |
- JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace |
1006 |
- JDK-8258630: Add expiry exception for QuoVadis root certificate |
1007 |
* AArch64 port |
1008 |
- Fix AArch64 build failure after JDK-8062808 backport |
1009 |
* Shenandoah |
1010 |
- Fix racy update of code roots |
1011 |
|
1012 |
Notes on individual issues: |
1013 |
=========================== |
1014 |
|
1015 |
security-libs/javax.xml.crypto: |
1016 |
|
1017 |
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3 |
1018 |
=========================================================================== |
1019 |
The XML Signature implementation in the `java.xml.crypto` module has |
1020 |
been updated to version 2.1.3 of Apache Santuario. New features |
1021 |
include: |
1022 |
|
1023 |
* Added support for embedding elliptic curve public keys in the |
1024 |
KeyValue element |
1025 |
|
1026 |
New in release OpenJDK 8u275 (2020-11-05): |
1027 |
=========================================== |
1028 |
Live versions of these release notes can be found at: |
1029 |
* https://bitly.com/openjdk8u275 |
1030 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt |
1031 |
|
1032 |
* Regression fixes |
1033 |
- JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" |
1034 |
- JDK-8223940: Private key not supported by chosen signature algorithm |
1035 |
- JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding |
1036 |
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) |
1037 |
|
1038 |
New in release OpenJDK 8u272 (2020-10-20): |
1039 |
=========================================== |
1040 |
Live versions of these release notes can be found at: |
1041 |
* https://bitly.com/openjdk8u272 |
1042 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt |
1043 |
|
1044 |
* New features |
1045 |
- JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 |
1046 |
* Security fixes |
1047 |
- JDK-8233624: Enhance JNI linkage |
1048 |
- JDK-8236196: Improve string pooling |
1049 |
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class |
1050 |
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts |
1051 |
- JDK-8237995, CVE-2020-14782: Enhance certificate processing |
1052 |
- JDK-8240124: Better VM Interning |
1053 |
- JDK-8241114, CVE-2020-14792: Better range handling |
1054 |
- JDK-8242680, CVE-2020-14796: Improved URI Support |
1055 |
- JDK-8242685, CVE-2020-14797: Better Path Validation |
1056 |
- JDK-8242695, CVE-2020-14798: Enhanced buffer support |
1057 |
- JDK-8243302: Advanced class supports |
1058 |
- JDK-8244136, CVE-2020-14803: Improved Buffer supports |
1059 |
- JDK-8244479: Further constrain certificates |
1060 |
- JDK-8244955: Additional Fix for JDK-8240124 |
1061 |
- JDK-8245407: Enhance zoning of times |
1062 |
- JDK-8245412: Better class definitions |
1063 |
- JDK-8245417: Improve certificate chain handling |
1064 |
- JDK-8248574: Improve jpeg processing |
1065 |
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit |
1066 |
- JDK-8253019: Enhanced JPEG decoding |
1067 |
* Other changes |
1068 |
- JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes |
1069 |
- JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java |
1070 |
- JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times |
1071 |
- JDK-8025886: replace [[ and == bash extensions in regtest |
1072 |
- JDK-8026236: Add PrimeTest for BigInteger |
1073 |
- JDK-8031625: javadoc problems referencing inner class constructors |
1074 |
- JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals |
1075 |
- JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c |
1076 |
- JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails |
1077 |
- JDK-8046274: Removing dependency on jakarta-regexp |
1078 |
- JDK-8048933: -XX:+TraceExceptions output should include the message |
1079 |
- JDK-8057003: Large reference arrays cause extremely long synchronization times |
1080 |
- JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler |
1081 |
- JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double |
1082 |
- JDK-8062947: Fix exception message to correctly represent LDAP connection failure |
1083 |
- JDK-8064319: Need to enable -XX:+TraceExceptions in release builds |
1084 |
- JDK-8075774: Small readability and performance improvements for zipfs |
1085 |
- JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails |
1086 |
- JDK-8078334: Mark regression tests using randomness |
1087 |
- JDK-8078880: Mark a few more intermittently failuring security-libs |
1088 |
- JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support |
1089 |
- JDK-8132206: move ScanTest.java into OpenJDK |
1090 |
- JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API |
1091 |
- JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java |
1092 |
- JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh |
1093 |
- JDK-8144539: Update PKCS11 tests to run with security manager |
1094 |
- JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8 |
1095 |
- JDK-8148754: C2 loop unrolling fails due to unexpected graph shape |
1096 |
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent |
1097 |
- JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect |
1098 |
- JDK-8151788: NullPointerException from ntlm.Client.type3 |
1099 |
- JDK-8151834: Test SmallPrimeExponentP.java times out intermittently |
1100 |
- JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings |
1101 |
- JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout |
1102 |
- JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public |
1103 |
- JDK-8154313: Generated javadoc scattered all over the place |
1104 |
- JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization |
1105 |
- JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider |
1106 |
- JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working |
1107 |
- JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k |
1108 |
- JDK-8165936: Potential Heap buffer overflow when seaching timezone info files |
1109 |
- JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite |
1110 |
- JDK-8166148: Fix for JDK-8165936 broke solaris builds |
1111 |
- JDK-8167300: Scheduling failures during gcm should be fatal |
1112 |
- JDK-8167615: Opensource unit/regression tests for JavaSound |
1113 |
- JDK-8168517: java/lang/ProcessBuilder/Basic.java failed |
1114 |
- JDK-8169925: PKCS #11 Cryptographic Token Interface license |
1115 |
- JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java |
1116 |
- JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled |
1117 |
- JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 |
1118 |
- JDK-8177628: Opensource unit/regression tests for ImageIO |
1119 |
- JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java |
1120 |
- JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java |
1121 |
- JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh |
1122 |
- JDK-8184762: ZapStackSegments should use optimized memset |
1123 |
- JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. |
1124 |
- JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied |
1125 |
- JDK-8193137: Nashorn crashes when given an empty script file |
1126 |
- JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak |
1127 |
- JDK-8194298: Add support for per Socket configuration of TCP keepalive |
1128 |
- JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error |
1129 |
- JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails |
1130 |
- JDK-8201633: Problems with AES-GCM native acceleration |
1131 |
- JDK-8203357: Container Metrics |
1132 |
- JDK-8209113: Use WeakReference for lastFontStrike for created Fonts |
1133 |
- JDK-8210147: adjust some WSAGetLastError usages in windows network coding |
1134 |
- JDK-8211049: Second parameter of "initialize" method is not used |
1135 |
- JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean |
1136 |
- JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions |
1137 |
- JDK-8214862: assert(proj != __null) at compile.cpp:3251 |
1138 |
- JDK-8216283: Allow shorter method sampling interval than 10 ms |
1139 |
- JDK-8217606: LdapContext#reconnect always opens a new connection |
1140 |
- JDK-8217647: JFR: recordings on 32-bit systems unreadable |
1141 |
- JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 |
1142 |
- JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 |
1143 |
- JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero |
1144 |
- JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly |
1145 |
- JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound |
1146 |
- JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 |
1147 |
- JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file |
1148 |
- JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs |
1149 |
- JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified |
1150 |
- JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp |
1151 |
- JDK-8224217: RecordingInfo should use textual representation of path |
1152 |
- JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) |
1153 |
- JDK-8226575: OperatingSystemMXBean should be made container aware |
1154 |
- JDK-8226697: Several tests which need the @key headful keyword are missing it. |
1155 |
- JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous |
1156 |
- JDK-8228835: Memory leak in PKCS11 provider when using AES GCM |
1157 |
- JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow |
1158 |
- JDK-8230303: JDB hangs when running monitor command |
1159 |
- JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG |
1160 |
- JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo |
1161 |
- JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate |
1162 |
- JDK-8233097: Fontmetrics for large Fonts has zero width |
1163 |
- JDK-8233621: Mismatch in jsse.enableMFLNExtension property name |
1164 |
- JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion |
1165 |
- JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version |
1166 |
- JDK-8235325: build failure on Linux after 8235243 |
1167 |
- JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink |
1168 |
- JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages |
1169 |
- JDK-8237951: CTW: C2 compilation fails with "malformed control flow" |
1170 |
- JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary |
1171 |
- JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10 |
1172 |
- JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10 |
1173 |
- JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10 |
1174 |
- JDK-8238898: Missing hash characters for header on license file |
1175 |
- JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD |
1176 |
- JDK-8239819: XToolkit: Misread of screen information memory |
1177 |
- JDK-8240295: hs_err elapsed time in seconds is not accurate enough |
1178 |
- JDK-8240676: Meet not symmetric failure when running lucene on jdk8 |
1179 |
- JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one |
1180 |
- JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash |
1181 |
- JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array |
1182 |
- JDK-8243138: Enhance BaseLdapServer to support starttls extended request |
1183 |
- JDK-8243320: Add SSL root certificates to Oracle Root CA program |
1184 |
- JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program |
1185 |
- JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions |
1186 |
- JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 |
1187 |
- JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor |
1188 |
- JDK-8245467: Remove 8u TLSv1.2 implementation files |
1189 |
- JDK-8245469: Remove DTLS protocol implementation |
1190 |
- JDK-8245470: Fix JDK8 compatibility issues |
1191 |
- JDK-8245471: Revert JDK-8148188 |
1192 |
- JDK-8245472: Backport JDK-8038893 to JDK8 |
1193 |
- JDK-8245473: OCSP stapling support |
1194 |
- JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 |
1195 |
- JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default |
1196 |
- JDK-8245477: Adjust TLS tests location |
1197 |
- JDK-8245653: Remove 8u TLS tests |
1198 |
- JDK-8245681: Add TLSv1.3 regression test from 11.0.7 |
1199 |
- JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ |
1200 |
- JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR |
1201 |
- JDK-8246384: Enable JFR by default on supported architectures for October 2020 release |
1202 |
- JDK-8248643: Remove extra leading space in JDK-8240295 8u backport |
1203 |
- JDK-8248851: CMS: Missing memory fences between free chunk check and klass read |
1204 |
- JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase |
1205 |
- JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public |
1206 |
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior |
1207 |
- JDK-8250546: Expect changed behaviour reported in JDK-8249846 |
1208 |
- JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics |
1209 |
- JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java |
1210 |
- JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update |
1211 |
- JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher |
1212 |
- JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false |
1213 |
- JDK-8251341: Minimal Java specification change |
1214 |
- JDK-8251478: Backport TLSv1.3 regression tests to JDK8u |
1215 |
- JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds |
1216 |
- JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled |
1217 |
- JDK-8252573: 8u: Windows build failed after 8222079 backport |
1218 |
- JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed |
1219 |
- JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 |
1220 |
- JDK-8254937: Revert JDK-8148854 for 8u272 |
1221 |
|
1222 |
Notes on individual issues: |
1223 |
=========================== |
1224 |
|
1225 |
core-svc/java.lang.management: |
1226 |
|
1227 |
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data |
1228 |
============================================================================================ |
1229 |
When executing in a container, or other virtualized operating |
1230 |
environment, the following `OperatingSystemMXBean` methods in this |
1231 |
release return container specific information, if |
1232 |
available. Otherwise, they return host specific data: |
1233 |
|
1234 |
* getFreePhysicalMemorySize() |
1235 |
* getTotalPhysicalMemorySize() |
1236 |
* getFreeSwapSpaceSize() |
1237 |
* getTotalSwapSpaceSize() |
1238 |
* getSystemCpuLoad() |
1239 |
|
1240 |
security-libs/java.security: |
1241 |
|
1242 |
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate |
1243 |
======================================================================== |
1244 |
The Entrust root certificate has been added to the cacerts truststore: |
1245 |
|
1246 |
Alias Name: entrustrootcag4 |
1247 |
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US |
1248 |
|
1249 |
JDK-8250860: Added 3 SSL Corporation Root CA Certificates |
1250 |
========================================================= |
1251 |
The following root certificates have been added to the cacerts truststore for the SSL Corporation: |
1252 |
|
1253 |
Alias Name: sslrootrsaca |
1254 |
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US |
1255 |
|
1256 |
Alias Name: sslrootevrsaca |
1257 |
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US |
1258 |
|
1259 |
Alias Name: sslrooteccca |
1260 |
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US |
1261 |
|
1262 |
security-libs/javax.crypto:pkcs11: |
1263 |
|
1264 |
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40 |
1265 |
======================================================================= |
1266 |
The SunPKCS11 provider has been updated with support for PKCS#11 |
1267 |
v2.40. This version adds support for more algorithms such as the |
1268 |
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message |
1269 |
digests, and RSASSA-PSS signatures when the corresponding PKCS11 |
1270 |
mechanisms are supported by the underlying PKCS11 library. |
1271 |
|
1272 |
security-libs/javax.security: |
1273 |
|
1274 |
JDK-8242059: Support for canonicalize in krb5.conf |
1275 |
================================================== |
1276 |
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by |
1277 |
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name |
1278 |
canonicalization is requested by clients in TGT requests to KDC |
1279 |
services (AS protocol). Otherwise, and by default, it is not |
1280 |
requested. |
1281 |
|
1282 |
The new default behavior is different from previous releases where |
1283 |
name canonicalization was always requested by clients in TGT requests |
1284 |
to KDC services (provided that support for RFC 6806[1] was not |
1285 |
explicitly disabled with the *sun.security.krb5.disableReferrals* |
1286 |
system or security properties). |
1287 |
|
1288 |
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html |
1289 |
[1]: https://tools.ietf.org/html/rfc6806 |
1290 |
|
1291 |
security-libs/javax.xml.crypto: |
1292 |
|
1293 |
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1 |
1294 |
===================================================================== |
1295 |
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario. |
1296 |
|
1297 |
New features include: |
1298 |
|
1299 |
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified |
1300 |
in RFC 6931. |
1301 |
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and |
1302 |
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931. |
1303 |
|
1304 |
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format |
1305 |
============================================================================================================ |
1306 |
The upgrade to the Apache Santuario libraries (see above) introduced |
1307 |
an issue where XML signature using Base64 encoding resulted in |
1308 |
appending `
` or `
` to the encoded output. This behavioural |
1309 |
change was made in the Apache Santuario codebase to comply with RFC |
1310 |
2045. The Santuario team has adopted a position of keeping their |
1311 |
libraries compliant with RFC 2045. |
1312 |
|
1313 |
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded |
1314 |
data in a format without `
` or `
`. |
1315 |
|
1316 |
Therefore a new system property, specific to the 8 update stream, |
1317 |
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made |
1318 |
available to fall back to the legacy Base64 encoded format. |
1319 |
|
1320 |
Users can set this flag in one of two ways: |
1321 |
|
1322 |
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true |
1323 |
|
1324 |
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true") |
1325 |
|
1326 |
This new system property is disabled by default. It has no effect on |
1327 |
default behaviour nor when |
1328 |
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property |
1329 |
is set. |
1330 |
|
1331 |
Later JDK family versions will only support the recommended property: |
1332 |
|
1333 |
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` |
1334 |
|
1335 |
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b |
1336 |
==================================================================== |
1337 |
Following JDK's update to tzdata2020b, the long-obsolete files |
1338 |
pacificnew and systemv have been removed. As a result, the |
1339 |
"US/Pacific-New" zone name declared in the pacificnew data file is no |
1340 |
longer available for use. |
1341 |
|
1342 |
Information regarding the update can be viewed at |
1343 |
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html |
1344 |
|
1345 |
New in release OpenJDK 8u265 (2020-07-27): |
1346 |
=========================================== |
1347 |
Live versions of these release notes can be found at: |
1348 |
* https://bitly.com/openjdk8u265 |
1349 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt |
1350 |
|
1351 |
* Bug fixes |
1352 |
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior |
1353 |
- JDK-8250546: Expect changed behaviour reported in JDK-8249846 |
1354 |
|
1355 |
New in release OpenJDK 8u262 (2020-07-14): |
1356 |
=========================================== |
1357 |
Live versions of these release notes can be found at: |
1358 |
* https://bitly.com/oj8u262 |
1359 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt |
1360 |
|
1361 |
* New features |
1362 |
- JDK-8223147: JFR Backport |
1363 |
* Security fixes |
1364 |
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) |
1365 |
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() |
1366 |
- JDK-8230613: Better ASCII conversions |
1367 |
- JDK-8231800: Better listing of arrays |
1368 |
- JDK-8232014: Expand DTD support |
1369 |
- JDK-8233255: Better Swing Buttons |
1370 |
- JDK-8234032: Improve basic calendar services |
1371 |
- JDK-8234042: Better factory production of certificates |
1372 |
- JDK-8234418: Better parsing with CertificateFactory |
1373 |
- JDK-8234836: Improve serialization handling |
1374 |
- JDK-8236191: Enhance OID processing |
1375 |
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior |
1376 |
- JDK-8237592, CVE-2020-14577: Enhance certificate verification |
1377 |
- JDK-8238002, CVE-2020-14581: Better matrix operations |
1378 |
- JDK-8238804: Enhance key handling process |
1379 |
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable |
1380 |
- JDK-8238843: Enhanced font handing |
1381 |
- JDK-8238920, CVE-2020-14583: Better Buffer support |
1382 |
- JDK-8238925: Enhance WAV file playback |
1383 |
- JDK-8240119, CVE-2020-14593: Less Affine Transformations |
1384 |
- JDK-8240482: Improved WAV file playback |
1385 |
- JDK-8241379: Update JCEKS support |
1386 |
- JDK-8241522: Manifest improved jar headers redux |
1387 |
- JDK-8242136, CVE-2020-14621: Better XML namespace handling |
1388 |
* Other changes |
1389 |
- JDK-4949105: Access Bridge lacks html tags parsing |
1390 |
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode |
1391 |
- JDK-8003209: JFR events for network utilization |
1392 |
- JDK-8030680: 292 cleanup from default method code assessment |
1393 |
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently |
1394 |
- JDK-8037866: Replace the Fun class in tests with lambdas |
1395 |
- JDK-8041626: Shutdown tracing event |
1396 |
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree |
1397 |
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null |
1398 |
- JDK-8076475: Misuses of strncpy/strncat |
1399 |
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset |
1400 |
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp |
1401 |
- JDK-8146612: C2: Precedence edges specification violated |
1402 |
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering |
1403 |
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates |
1404 |
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format |
1405 |
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded" |
1406 |
- JDK-8165675: Trace event for thread park has incorrect unit for timeout |
1407 |
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM |
1408 |
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java |
1409 |
- JDK-8176182: 4 security tests are not run |
1410 |
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method |
1411 |
- JDK-8178910: Problemlist sample tests |
1412 |
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds |
1413 |
- JDK-8183925: Decouple crash protection from watcher thread |
1414 |
- JDK-8191393: Random crashes during cfree+0x1c |
1415 |
- JDK-8195817: JFR.stop should require name of recording |
1416 |
- JDK-8195818: JFR.start should increase autogenerated name by one |
1417 |
- JDK-8195819: Remove recording=x from jcmd JFR.check output |
1418 |
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE |
1419 |
- JDK-8199712: Flight Recorder |
1420 |
- JDK-8202578: Revisit location for class unload events |
1421 |
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events |
1422 |
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) |
1423 |
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant |
1424 |
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording |
1425 |
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 |
1426 |
- JDK-8203929: Limit amount of data for JFR.dump |
1427 |
- JDK-8205516: JFR tool |
1428 |
- JDK-8207392: [PPC64] Implement JFR profiling |
1429 |
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it |
1430 |
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR |
1431 |
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() |
1432 |
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 |
1433 |
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch |
1434 |
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events |
1435 |
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions |
1436 |
- JDK-8213421: Line number information for execution samples always 0 |
1437 |
- JDK-8213617: JFR should record the PID of the recorded process |
1438 |
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. |
1439 |
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests |
1440 |
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test |
1441 |
- JDK-8213966: The ZGC JFR events should be marked as experimental |
1442 |
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds |
1443 |
- JDK-8214750: Unnecessary <p> tags in jfr classes |
1444 |
- JDK-8214896: JFR Tool left files behind |
1445 |
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError |
1446 |
- JDK-8214925: JFR tool fails to execute |
1447 |
- JDK-8215175: Inconsistencies in JFR event metadata |
1448 |
- JDK-8215237: jdk.jfr.Recording javadoc does not compile |
1449 |
- JDK-8215284: Reduce noise induced by periodic task getFileSize() |
1450 |
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) |
1451 |
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails |
1452 |
- JDK-8215771: The jfr tool should pretty print reference chains |
1453 |
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly |
1454 |
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() |
1455 |
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp |
1456 |
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps |
1457 |
- JDK-8216578: Remove unused/obsolete method in JFR code |
1458 |
- JDK-8216995: Clean up JFR command line processing |
1459 |
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT |
1460 |
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent |
1461 |
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly |
1462 |
- JDK-8220293: Deadlock in JFR string pool |
1463 |
- JDK-8223689: Add JFR Thread Sampling Support |
1464 |
- JDK-8223690: Add JFR BiasedLock Event Support |
1465 |
- JDK-8223691: Add JFR G1 Region Type Change Event Support |
1466 |
- JDK-8223692: Add JFR G1 Heap Summary Event Support |
1467 |
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant |
1468 |
- JDK-8224475: JTextPane does not show images in HTML rendering |
1469 |
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 |
1470 |
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 |
1471 |
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. |
1472 |
- JDK-8226779: [TESTBUG] Test JFR API from Java agent |
1473 |
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys |
1474 |
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory |
1475 |
- JDK-8227269: Slow class loading when running with JDWP |
1476 |
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant" |
1477 |
- JDK-8229366: JFR backport allows unchecked writing to memory |
1478 |
- JDK-8229401: Fix JFR code cache test failures |
1479 |
- JDK-8229708: JFR backport code does not initialize |
1480 |
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator |
1481 |
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions |
1482 |
- JDK-8229899: Make java.io.File.isInvalid() less racy |
1483 |
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows |
1484 |
- JDK-8230597: Update GIFlib library to the 5.2.1 |
1485 |
- JDK-8230707: JFR related tests are failing |
1486 |
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return |
1487 |
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false |
1488 |
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return |
1489 |
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout |
1490 |
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 |
1491 |
- JDK-8231995: two jtreg tests failed after 8229366 is fixed |
1492 |
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing |
1493 |
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file |
1494 |
- JDK-8233880: Support compilers with multi-digit major version numbers |
1495 |
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info |
1496 |
- JDK-8236008: Some backup files were accidentally left in the hotspot tree |
1497 |
- JDK-8236074: Missed package-info |
1498 |
- JDK-8236174: Should update javadoc since tags |
1499 |
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing |
1500 |
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport |
1501 |
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 |
1502 |
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB |
1503 |
- JDK-8238589: Necessary code cleanup in JFR for JDK8u |
1504 |
- JDK-8238590: Enable JFR by default during compilation in 8u |
1505 |
- JDK-8239055: Wrong implementation of VMState.hasListener |
1506 |
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair |
1507 |
- JDK-8239479: minimal1 and zero builds are failing |
1508 |
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed |
1509 |
- JDK-8239867: correct over use of INCLUDE_JFR macro |
1510 |
- JDK-8240375: Disable JFR by default for July 2020 release |
1511 |
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges |
1512 |
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled |
1513 |
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set |
1514 |
- JDK-8241750: x86_32 build failure after JDK-8227269 |
1515 |
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) |
1516 |
- JDK-8242788: Non-PCH build is broken after JDK-8191393 |
1517 |
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part |
1518 |
- JDK-8243059: Build fails when --with-vendor-name contains a comma |
1519 |
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes |
1520 |
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 |
1521 |
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a |
1522 |
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in |
1523 |
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32 |
1524 |
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result |
1525 |
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value |
1526 |
- JDK-8244843: JapanEraNameCompatTest fails |
1527 |
- JDK-8245167: Top package in method profiling shows null in JMC |
1528 |
- JDK-8246223: Windows build fails after JDK-8227269 |
1529 |
- JDK-8246703: [TESTBUG] Add test for JDK-8233197 |
1530 |
- JDK-8248399: Build installs jfr binary when JFR is disabled |
1531 |
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package |
1532 |
|
1533 |
Notes on individual issues: |
1534 |
=========================== |
1535 |
|
1536 |
hotspot/jfr: |
1537 |
|
1538 |
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u |
1539 |
========================================================= |
1540 |
|
1541 |
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder |
1542 |
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK. |
1543 |
|
1544 |
JFR is a low-overhead framework to collect and provide data helpful to |
1545 |
troubleshoot the performance of the OpenJDK runtime and of Java |
1546 |
applications. It consists of a new API to define custom events under |
1547 |
the jdk.jfr namespace and a JMX interface to interact with the |
1548 |
framework. The recording can also be initiated with the application |
1549 |
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces |
1550 |
the +XX:EnableTracing feature introduced in JEP 167, providing a more |
1551 |
efficient way to retrieve the same information. For compatibility |
1552 |
reasons, +XX:EnableTracing is still accepted, however no data will be |
1553 |
printed. |
1554 |
|
1555 |
While JFR is not built by default upstream, it is included in Red Hat |
1556 |
binaries for supported architectures (x86_64, AArch64 & PowerPC 64) |
1557 |
|
1558 |
hotspot/runtime: |
1559 |
|
1560 |
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording |
1561 |
========================================================================================= |
1562 |
|
1563 |
JFR will be disabled with a warning message if it is enabled during |
1564 |
CDS dumping. The user will see the following warning message: |
1565 |
|
1566 |
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping |
1567 |
|
1568 |
if JFR is enabled during CDS dumping such as in the following command |
1569 |
line: |
1570 |
|
1571 |
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true |
1572 |
|
1573 |
security-libs/java.security: |
1574 |
|
1575 |
JDK-8244167: Removal of Comodo Root CA Certificate |
1576 |
================================================== |
1577 |
|
1578 |
The following expired Comodo root CA certificate was removed from the |
1579 |
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]" |
1580 |
|
1581 |
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE |
1582 |
|
1583 |
JDK-8244166: Removal of DocuSign Root CA Certificate |
1584 |
==================================================== |
1585 |
|
1586 |
The following expired DocuSign root CA certificate was removed from |
1587 |
the `cacerts` keystore: + alias name "keynectisrootca [jdk]" |
1588 |
|
1589 |
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR |
1590 |
|
1591 |
security-libs/javax.crypto:pkcs11: |
1592 |
|
1593 |
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database |
1594 |
============================================================================================================================ |
1595 |
|
1596 |
The SunPKCS11 security provider can now be initialized with NSS when |
1597 |
FIPS-enabled external modules are configured in the Security Modules |
1598 |
Database (NSSDB). Prior to this change, the SunPKCS11 provider would |
1599 |
throw a RuntimeException with the message: "FIPS flag set for |
1600 |
non-internal module" when such a library was configured for NSS in |
1601 |
non-FIPS mode. |
1602 |
|
1603 |
This change allows the JDK to work properly with recent NSS releases |
1604 |
on GNU/Linux operating systems when the system-wide FIPS policy is |
1605 |
turned on. |
1606 |
|
1607 |
Further information can be found in JDK-8238555. |
1608 |
|
1609 |
New in release OpenJDK 8u252 (2020-04-14): |
1610 |
=========================================== |
1611 |
Live versions of these release notes can be found at: |
1612 |
* https://bitly.com/oj8u252 |
1613 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt |
1614 |
|
1615 |
* Security fixes |
1616 |
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn |
1617 |
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching |
1618 |
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs |
1619 |
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues |
1620 |
- JDK-8225603: Enhancement for big integers |
1621 |
- JDK-8227542: Manifest improved jar headers |
1622 |
- JDK-8231415, CVE-2020-2773: Better signatures in XML |
1623 |
- JDK-8233250: Better X11 rendering |
1624 |
- JDK-8233410: Better Build Scripting |
1625 |
- JDK-8234027: Better JCEKS key support |
1626 |
- JDK-8234408, CVE-2020-2781: Improve TLS session handling |
1627 |
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers |
1628 |
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers |
1629 |
- JDK-8235274, CVE-2020-2805: Enhance typing of methods |
1630 |
- JDK-8236201, CVE-2020-2830: Better Scanner conversions |
1631 |
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap |
1632 |
* Other changes |
1633 |
- JDK-8005819: Support cross-realm MSSFU |
1634 |
- JDK-8022263: use same Clang warnings on BSD as on Linux |
1635 |
- JDK-8038631: Create wrapper for awt.Robot with additional functionality |
1636 |
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid |
1637 |
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests |
1638 |
- JDK-8068184: Fix for JDK-8032832 caused a deadlock |
1639 |
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature |
1640 |
- JDK-8132130: some docs cleanup |
1641 |
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit |
1642 |
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal |
1643 |
- JDK-8144446: Automate the Marlin crash test |
1644 |
- JDK-8144526: Remove Marlin logging use of deleted internal API |
1645 |
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats |
1646 |
- JDK-8144654: Improve Marlin logging |
1647 |
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins |
1648 |
- JDK-8166976: TestCipherPBECons has wrong @run line |
1649 |
- JDK-8167409: Invalid value passed to critical JNI function |
1650 |
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant |
1651 |
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT |
1652 |
- JDK-8191227: issues with unsafe handle resolution |
1653 |
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider |
1654 |
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object |
1655 |
- JDK-8215756: Memory leaks in the AWT on macOS |
1656 |
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) |
1657 |
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread |
1658 |
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions |
1659 |
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test |
1660 |
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test |
1661 |
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder |
1662 |
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC |
1663 |
- JDK-8229872: (fs) Increase buffer size used with getmntent |
1664 |
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception |
1665 |
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type |
1666 |
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 |
1667 |
- JDK-8235904: Infinite loop when rendering huge lines |
1668 |
- JDK-8236179: C1 register allocation error with T_ADDRESS |
1669 |
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read |
1670 |
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call |
1671 |
- JDK-8241296: Segfault in JNIHandleBlock::oops_do() |
1672 |
- JDK-8241307: Marlin renderer should not be the default in 8u252 |
1673 |
|
1674 |
Notes on individual issues: |
1675 |
=========================== |
1676 |
|
1677 |
hotspot/svc: |
1678 |
|
1679 |
JDK-8174881: Binary format for HPROF updated |
1680 |
============================================ |
1681 |
|
1682 |
When dumping the heap in binary format, HPROF format 1.0.2 is always |
1683 |
used now. Previously, format 1.0.1 was used for heaps smaller than |
1684 |
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the |
1685 |
serviceability agent. |
1686 |
|
1687 |
security-libs/java.security: |
1688 |
|
1689 |
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature |
1690 |
==================================================================================== |
1691 |
|
1692 |
The SunRsaSign and SunJCE providers have been enhanced with support |
1693 |
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS |
1694 |
signature and OAEP using FIPS 180-4 digest algorithms. New |
1695 |
constructors and methods have been added to relevant JCA/JCE classes |
1696 |
under the `java.security.spec` and `javax.crypto.spec` packages for |
1697 |
supporting additional RSASSA-PSS parameters. |
1698 |
|
1699 |
security-libs/javax.crypto: |
1700 |
|
1701 |
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI |
1702 |
============================================================ |
1703 |
|
1704 |
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. |
1705 |
|
1706 |
security-libs/javax.security: |
1707 |
|
1708 |
JDK-8227564: Allow SASL Mechanisms to Be Restricted |
1709 |
=================================================== |
1710 |
|
1711 |
A security property named `jdk.sasl.disabledMechanisms` has been added |
1712 |
that can be used to disable SASL mechanisms. Any disabled mechanism |
1713 |
will be ignored if it is specified in the `mechanisms` argument of |
1714 |
`Sasl.createSaslClient` or the `mechanism` argument of |
1715 |
`Sasl.createSaslServer`. The default value for this security property |
1716 |
is empty, which means that no mechanisms are disabled out-of-the-box. |