| 3 |
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X |
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X |
| 4 |
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY |
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY |
| 5 |
|
|
| 6 |
|
New in release OpenJDK 8u362 (2023-01-17): |
| 7 |
|
=========================================== |
| 8 |
|
Live versions of these release notes can be found at: |
| 9 |
|
* https://bit.ly/openjdk8u362 |
| 10 |
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u362.html |
| 11 |
|
|
| 12 |
|
* CVEs |
| 13 |
|
- CVE-2023-21830 |
| 14 |
|
- CVE-2023-21843 |
| 15 |
|
* Security fixes |
| 16 |
|
- JDK-8285021: Improve CORBA communication |
| 17 |
|
- JDK-8286496: Improve Thread labels |
| 18 |
|
- JDK-8288516: Enhance font creation |
| 19 |
|
- JDK-8289350: Better media supports |
| 20 |
|
- JDK-8293554: Enhanced DH Key Exchanges |
| 21 |
|
- JDK-8293598: Enhance InetAddress address handling |
| 22 |
|
- JDK-8293717: Objective view of ObjectView |
| 23 |
|
- JDK-8293734: Improve BMP image handling |
| 24 |
|
- JDK-8293742: Better Banking of Sounds |
| 25 |
|
- JDK-8295687: Better BMP bounds |
| 26 |
|
* Other changes |
| 27 |
|
- JDK-6885993: Named Thread: introduce print() and print_on(outputStream* st) methods |
| 28 |
|
- JDK-7124218: [TEST_BUG] [macosx] Space should select cell in the JTable |
| 29 |
|
- JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout |
| 30 |
|
- JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size. |
| 31 |
|
- JDK-8071530: Update OS detection code to reflect Windows 10 version change |
| 32 |
|
- JDK-8073464: GC workers do not have thread names |
| 33 |
|
- JDK-8079255: [TEST_BUG] [macosx] Test closed/java/awt/Robot/RobotWheelTest/RobotWheelTest fails for Mac only |
| 34 |
|
- JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails |
| 35 |
|
- JDK-8148005: One byte may be corrupted by get_datetime_string() |
| 36 |
|
- JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java |
| 37 |
|
- JDK-8159720: Failure of C2 compilation with tiered prevents some C1 compilations |
| 38 |
|
- JDK-8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 |
| 39 |
|
- JDK-8197859: VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp |
| 40 |
|
- JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems |
| 41 |
|
- JDK-8221529: [TESTBUG] Docker tests use old/deprecated image on AArch64 |
| 42 |
|
- JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137 |
| 43 |
|
- JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS |
| 44 |
|
- JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows |
| 45 |
|
- JDK-8253702: BigSur version number reported as 10.16, should be 11.nn |
| 46 |
|
- JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() |
| 47 |
|
- JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport |
| 48 |
|
- JDK-8269039: Disable SHA-1 Signed JARs |
| 49 |
|
- JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 |
| 50 |
|
- JDK-8270344: Session resumption errors |
| 51 |
|
- JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity |
| 52 |
|
- JDK-8273176: handle latest VS2019 in abstract_vm_version |
| 53 |
|
- JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening |
| 54 |
|
- JDK-8274840: Update OS detection code to recognize Windows 11 |
| 55 |
|
- JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled |
| 56 |
|
- JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
| 57 |
|
- JDK-8283277: ISO 4217 Amendment 171 Update |
| 58 |
|
- JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode |
| 59 |
|
- JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer |
| 60 |
|
- JDK-8284622: Update versions of some Github Actions used in JDK workflow |
| 61 |
|
- JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled |
| 62 |
|
- JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041) |
| 63 |
|
- JDK-8289549: ISO 4217 Amendment 172 Update |
| 64 |
|
- JDK-8292762: Remove .jcheck directories from jdk8u subcomponents |
| 65 |
|
- JDK-8293181: Bump update version of OpenJDK: 8u362 |
| 66 |
|
- JDK-8293461: Add a test for JDK-8290832 |
| 67 |
|
- JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening |
| 68 |
|
- JDK-8294307: ISO 4217 Amendment 173 Update |
| 69 |
|
- JDK-8294357: (tz) Update Timezone Data to 2022d |
| 70 |
|
- JDK-8294863: Enable partial tier1 testing in GHA for JDK8 |
| 71 |
|
- JDK-8295164: JDK 8 jdi tests should not use tasklist command on Windows |
| 72 |
|
- JDK-8295173: (tz) Update Timezone Data to 2022e |
| 73 |
|
- JDK-8295288: Some vm_flags tests associate with a wrong BugID |
| 74 |
|
- JDK-8295714: GHA ::set-output is deprecated and will be removed |
| 75 |
|
- JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error |
| 76 |
|
- JDK-8295915: Problemlist compiler/rtm failures specific to 8u |
| 77 |
|
- JDK-8295950: Enable langtools/tier1 in GHA for 8u |
| 78 |
|
- JDK-8296108: (tz) Update Timezone Data to 2022f |
| 79 |
|
- JDK-8296239: ISO 4217 Amendment 174 Update |
| 80 |
|
- JDK-8296555: Enable hotspot/tier1 for 64-bit builds in GHA for 8u |
| 81 |
|
- JDK-8296715: CLDR v42 update for tzdata 2022f |
| 82 |
|
- JDK-8296959: Fix hotspot shell tests of 8u on multilib systems |
| 83 |
|
- JDK-8297141: Fix hotspot/test/runtime/SharedArchiveFile/DefaultUseWithClient.java for 8u |
| 84 |
|
- JDK-8297804: (tz) Update Timezone Data to 2022g |
| 85 |
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
| 86 |
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java |
| 87 |
|
- JDK-8300178: JDK-8286496 causes build failure on older GCC |
| 88 |
|
- JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010 |
| 89 |
|
|
| 90 |
|
Notes on individual issues: |
| 91 |
|
=========================== |
| 92 |
|
|
| 93 |
|
client-libs/javax.imageio: |
| 94 |
|
|
| 95 |
|
JDK-8295687: Better BMP bounds |
| 96 |
|
============================== |
| 97 |
|
Loading a linked ICC profile within a BMP image is now disabled by |
| 98 |
|
default. To re-enable it, set the new system property |
| 99 |
|
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property |
| 100 |
|
replaces the old property, |
| 101 |
|
`sun.imageio.plugins.bmp.disableLinkedProfiles`. |
| 102 |
|
|
| 103 |
|
client-libs/javax.sound: |
| 104 |
|
|
| 105 |
|
JDK-8293742: Better Banking of Sounds |
| 106 |
|
===================================== |
| 107 |
|
Previously, the SoundbankReader implementation, |
| 108 |
|
`com.sun.media.sound.JARSoundbankReader`, would download a JAR |
| 109 |
|
soundbank from a URL. This behaviour is now disabled by default. To |
| 110 |
|
re-enable it, set the new system property `jdk.sound.jarsoundbank` to |
| 111 |
|
`true`. |
| 112 |
|
|
| 113 |
|
hotspot/runtime: |
| 114 |
|
|
| 115 |
|
JDK-8274840: Release Now Recognises Windows 11 |
| 116 |
|
============================================== |
| 117 |
|
This release now correctly sets the `os.name` property to `Windows |
| 118 |
|
11`, as would be expected. |
| 119 |
|
|
| 120 |
|
other-libs/corba:idl: |
| 121 |
|
|
| 122 |
|
JDK-8285021: Improve CORBA communication |
| 123 |
|
======================================== |
| 124 |
|
The JDK's CORBA implementation now refuses by default to deserialize |
| 125 |
|
objects, unless they have the "IOR:" prefix. The previous behaviour |
| 126 |
|
can be re-enabled by setting the new property |
| 127 |
|
`com.sun.CORBA.ORBAllowDeserializeObject` to `true`. |
| 128 |
|
|
| 129 |
|
security-libs/java.security: |
| 130 |
|
|
| 131 |
|
JDK-8269039: Disabled SHA-1 Signed JARs |
| 132 |
|
======================================= |
| 133 |
|
JARs signed with SHA-1 algorithms are now restricted by default and |
| 134 |
|
treated as if they were unsigned. This applies to the algorithms used |
| 135 |
|
to digest, sign, and optionally timestamp the JAR. It also applies to |
| 136 |
|
the signature and digest algorithms of the certificates in the |
| 137 |
|
certificate chain of the code signer and the Timestamp Authority, and |
| 138 |
|
any CRLs or OCSP responses that are used to verify if those |
| 139 |
|
certificates have been revoked. These restrictions also apply to |
| 140 |
|
signed JCE providers. |
| 141 |
|
|
| 142 |
|
To reduce the compatibility risk for JARs that have been previously |
| 143 |
|
timestamped, there is one exception to this policy: |
| 144 |
|
|
| 145 |
|
- Any JAR signed with SHA-1 algorithms and timestamped prior to |
| 146 |
|
January 01, 2019 will not be restricted. |
| 147 |
|
|
| 148 |
|
This exception may be removed in a future JDK release. To determine if |
| 149 |
|
your signed JARs are affected by this change, run: |
| 150 |
|
|
| 151 |
|
$ jarsigner -verify -verbose -certs` |
| 152 |
|
|
| 153 |
|
on the signed JAR, and look for instances of "SHA1" or "SHA-1" and |
| 154 |
|
"disabled" and a warning that the JAR will be treated as unsigned in |
| 155 |
|
the output. |
| 156 |
|
|
| 157 |
|
For example: |
| 158 |
|
|
| 159 |
|
Signed by "CN="Signer"" |
| 160 |
|
Digest algorithm: SHA-1 (disabled) |
| 161 |
|
Signature algorithm: SHA1withRSA (disabled), 2048-bit key |
| 162 |
|
|
| 163 |
|
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: |
| 164 |
|
|
| 165 |
|
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 |
| 166 |
|
|
| 167 |
|
JARs affected by these new restrictions should be replaced or |
| 168 |
|
re-signed with stronger algorithms. |
| 169 |
|
|
| 170 |
|
Users can, *at their own risk*, remove these restrictions by modifying |
| 171 |
|
the `java.security` configuration file (or override it by using the |
| 172 |
|
`java.security.properties` system property) and removing "SHA1 usage |
| 173 |
|
SignedJAR & denyAfter 2019-01-01" from the |
| 174 |
|
`jdk.certpath.disabledAlgorithms` security property and "SHA1 |
| 175 |
|
denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security |
| 176 |
|
property. |
| 177 |
|
|
| 178 |
New in release OpenJDK 8u352 (2022-10-18): |
New in release OpenJDK 8u352 (2022-10-18): |
| 179 |
=========================================== |
=========================================== |
| 180 |
Live versions of these release notes can be found at: |
Live versions of these release notes can be found at: |
| 293 |
limit has been reached, then the newly accepted connection will be |
limit has been reached, then the newly accepted connection will be |
| 294 |
closed immediately. |
closed immediately. |
| 295 |
|
|
| 296 |
|
core-libs/java.net: |
| 297 |
|
|
| 298 |
|
JDK-8286918: Better HttpServer service |
| 299 |
|
====================================== |
| 300 |
|
The HttpServer can be optionally configured with a maximum connection |
| 301 |
|
limit by setting the jdk.httpserver.maxConnections system property. A |
| 302 |
|
value of 0 or a negative integer is ignored and considered to |
| 303 |
|
represent no connection limit. In the case of a positive integer |
| 304 |
|
value, any newly accepted connections will be first checked against |
| 305 |
|
the current count of established connections and, if the configured |
| 306 |
|
limit has been reached, then the newly accepted connection will be |
| 307 |
|
closed immediately. |
| 308 |
|
|
| 309 |
security-libs/javax.net.ssl: |
security-libs/javax.net.ssl: |
| 310 |
|
|
| 311 |
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles |
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles |
| 356 |
|
|
| 357 |
SSLParameters params = sslSocket.getSSLParameters(); |
SSLParameters params = sslSocket.getSSLParameters(); |
| 358 |
params.setProtocols(new String[] {"TLSv1.2"}); |
params.setProtocols(new String[] {"TLSv1.2"}); |
| 359 |
slsSocket.setSSLParameters(params); |
sslSocket.setSSLParameters(params); |
| 360 |
|
|
| 361 |
New in release OpenJDK 8u345 (2022-08-01): |
New in release OpenJDK 8u345 (2022-08-01): |
| 362 |
=========================================== |
=========================================== |
| 387 |
New in release OpenJDK 8u342 (2022-07-19): |
New in release OpenJDK 8u342 (2022-07-19): |
| 388 |
=========================================== |
=========================================== |
| 389 |
Live versions of these release notes can be found at: |
Live versions of these release notes can be found at: |
| 390 |
* https://bitly.com/openjdk8u342 |
* https://bit.ly/openjdk8u342 |
| 391 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt |
| 392 |
|
|
| 393 |
* Security fixes |
* Security fixes |
| 567 |
New in release OpenJDK 8u322 (2022-01-18): |
New in release OpenJDK 8u322 (2022-01-18): |
| 568 |
=========================================== |
=========================================== |
| 569 |
Live versions of these release notes can be found at: |
Live versions of these release notes can be found at: |
| 570 |
* https://bitly.com/openjdk8u322 |
* https://bit.ly/openjdk8u322 |
| 571 |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt |
| 572 |
|
|
| 573 |
* Security fixes |
* Security fixes |
Parent Directory
| 
Revision Log
| 
Patch