84a771
Key:
84a771
84a771
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
84a771
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
84a771
5cf6c5
New in release OpenJDK 8u302 (2021-07-20):
5cf6c5
===========================================
5cf6c5
Live versions of these release notes can be found at:
5cf6c5
  * https://bitly.com/openjdk8u302
5cf6c5
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
5cf6c5
5cf6c5
* Security fixes
5cf6c5
* Other changes
5cf6c5
  - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
5cf6c5
  - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
5cf6c5
  - JDK-8030123: java/beans/Introspector/Test8027648.java fails
5cf6c5
  - JDK-8033289: clang: clean up unused function warning
5cf6c5
  - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
5cf6c5
  - JDK-8042891: Format issues embedded in macros for two g1 source files
5cf6c5
  - JDK-8055754: filemap.cpp does not compile with clang
5cf6c5
  - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
5cf6c5
  - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
5cf6c5
  - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
5cf6c5
  - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
5cf6c5
  - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
5cf6c5
  - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
5cf6c5
  - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
5cf6c5
  - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
5cf6c5
  - JDK-8132148: G1 hs_err region dump legend out of sync with region values
5cf6c5
  - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
5cf6c5
  - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
5cf6c5
  - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
5cf6c5
  - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
5cf6c5
  - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
5cf6c5
  - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
5cf6c5
  - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
5cf6c5
  - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
5cf6c5
  - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
5cf6c5
  - JDK-8178403: DirectAudio in JavaSound may hang and leak
5cf6c5
  - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
5cf6c5
  - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
5cf6c5
  - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
5cf6c5
  - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
5cf6c5
  - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
5cf6c5
  - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
5cf6c5
  - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
5cf6c5
  - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
5cf6c5
  - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
5cf6c5
  - JDK-8209996: [PPC64] Fix JFR profiling
5cf6c5
  - JDK-8214345: infinite recursion while checking super class
5cf6c5
  - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
5cf6c5
  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
5cf6c5
  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
5cf6c5
  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
5cf6c5
  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
5cf6c5
  - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
5cf6c5
  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
5cf6c5
  - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
5cf6c5
  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
5cf6c5
  - JDK-8241649: Optimize Character.toString
5cf6c5
  - JDK-8243559: Remove root certificates with 1024-bit keys
5cf6c5
  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
5cf6c5
  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
5cf6c5
  - JDK-8255086: Update the root locale display names
5cf6c5
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
5cf6c5
  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
5cf6c5
  - JDK-8258419: RSA cipher buffer cleanup
5cf6c5
  - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
5cf6c5
  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
5cf6c5
  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
5cf6c5
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
5cf6c5
  - JDK-8259886: Improve SSL session cache performance and scalability
5cf6c5
  - JDK-8260029: aarch64: fix typo in verify_oop_array
5cf6c5
  - JDK-8260236: better init AnnotationCollector _contended_group
5cf6c5
  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
5cf6c5
  - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
5cf6c5
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
5cf6c5
  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
5cf6c5
  - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
5cf6c5
  - JDK-8262110: DST starts from incorrect time in 2038
5cf6c5
  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
5cf6c5
  - JDK-8262730: Enable jdk8u MacOS external debug symbols
5cf6c5
  - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
5cf6c5
  - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
5cf6c5
  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
5cf6c5
  - JDK-8263600: change rmidRunning to a simple lookup
5cf6c5
  - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
5cf6c5
  - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
5cf6c5
  - JDK-8264816: Weak handles leak causes GC to take longer
5cf6c5
  - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
5cf6c5
  - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
5cf6c5
  - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
5cf6c5
5cf6c5
Notes on individual issues:
5cf6c5
===========================
5cf6c5
5cf6c5
security-libs/java.security:
5cf6c5
5cf6c5
JDK-8256902: Removed Root Certificates with 1024-bit Keys
5cf6c5
=========================================================
5cf6c5
The following root certificates with weak 1024-bit RSA public keys
5cf6c5
have been removed from the `cacerts` keystore:
5cf6c5
5cf6c5
Alias Name: thawtepremiumserverca [jdk]
5cf6c5
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
5cf6c5
5cf6c5
Alias Name: verisignclass2g2ca [jdk]
5cf6c5
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
5cf6c5
5cf6c5
Alias Name: verisignclass3ca [jdk]
5cf6c5
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
5cf6c5
5cf6c5
Alias Name: verisignclass3g2caÂ[jdk]
5cf6c5
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
5cf6c5
5cf6c5
Alias Name: verisigntsaca [jdk]
5cf6c5
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
5cf6c5
5cf6c5
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
5cf6c5
=================================================================
5cf6c5
5cf6c5
The following root certificate have been removed from the cacerts truststore:
5cf6c5
5cf6c5
Alias Name: soneraclass2ca
5cf6c5
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
5cf6c5
59ff46
New in release OpenJDK 8u292 (2021-04-20):
59ff46
===========================================
59ff46
Live versions of these release notes can be found at:
59ff46
  * https://bitly.com/openjdk8u292
59ff46
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
59ff46
3d1930
* Security fixes
3d1930
  - JDK-8227467: Better class method invocations
3d1930
  - JDK-8244473: Contextualize registration for JNDI
3d1930
  - JDK-8244543: Enhanced handling of abstract classes
3d1930
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
3d1930
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
3d1930
  - JDK-8253799: Make lists of normal filenames
59ff46
* Other changes
935881
  - JDK-6345095: regression test EmptyClipRenderingTest fails
935881
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
59ff46
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
935881
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
935881
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
935881
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
935881
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
59ff46
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
59ff46
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
59ff46
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
59ff46
  - JDK-8038723: Openup some PrinterJob tests
935881
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
59ff46
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
609ec2
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
935881
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
59ff46
  - JDK-8078450: Implement consistent process for quarantine of tests
609ec2
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
59ff46
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
59ff46
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
935881
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
59ff46
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
609ec2
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
59ff46
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
609ec2
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
59ff46
  - JDK-8160217: JavaSound should clean up resources better
59ff46
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
59ff46
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
609ec2
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
609ec2
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
59ff46
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
935881
  - JDK-8191915: JCK tests produce incorrect results with C2
609ec2
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
59ff46
  - JDK-8202343: Disable TLS 1.0 and 1.1
609ec2
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
935881
  - JDK-8211301: [macos] support full window content options
59ff46
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
59ff46
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
59ff46
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
609ec2
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
59ff46
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
59ff46
  - JDK-8223186: HotSpot compile warnings from GCC 9
609ec2
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
59ff46
  - JDK-8225805: Java Access Bridge does not close the logger
59ff46
  - JDK-8226899: Problemlist compiler/rtm tests
59ff46
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
59ff46
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
59ff46
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
59ff46
  - JDK-8230388: Problemlist additional compiler/rtm tests
59ff46
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
59ff46
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
59ff46
  - JDK-8234728: Some security tests should support TLSv1.3
609ec2
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
609ec2
  - JDK-8235311: Tag mismatch may alert bad_record_mac
59ff46
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
609ec2
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
59ff46
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
609ec2
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
935881
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
609ec2
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
59ff46
  - JDK-8242141: New System Properties to configure the TLS signature schemes
59ff46
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
935881
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
59ff46
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
609ec2
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
59ff46
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
609ec2
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
59ff46
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
59ff46
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
59ff46
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
59ff46
  - JDK-8253368: TLS connection always receives close_notify exception
59ff46
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
59ff46
  - JDK-8253932: SSL debug log prints incorrect caller info
59ff46
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
609ec2
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
59ff46
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
59ff46
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
935881
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
59ff46
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
59ff46
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
609ec2
  - JDK-8256682: JDK-8202343 is incomplete
935881
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
59ff46
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
3d1930
  - JDK-8258247: Couple of issues in fix for JDK-8249906
59ff46
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
59ff46
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
609ec2
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
59ff46
  - JDK-8258933: G1 needs klass_or_null_acquire
935881
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
59ff46
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
59ff46
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
3d1930
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
59ff46
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
609ec2
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
935881
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
609ec2
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
3d1930
  - JDK-8261183: Follow on to Make lists of normal filenames
935881
  - JDK-8261231: Windows IME was disabled after DnD operation
609ec2
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
935881
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
609ec2
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
935881
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
935881
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
935881
* Shenandoah
59ff46
  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
609ec2
  - Revert differences against upstream 8u
935881
  - [backport] 8202976: Add C1 lea patching support for x86
935881
  - [backport] 8221507: Implement JFR Events for Shenandoah
935881
  - [backport] 8224573: Fix windows build after JDK-8221507
935881
  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
935881
  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
935881
  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
935881
  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
935881
  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
935881
  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
935881
  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
935881
  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
935881
  - [backport] 8233574: Shenandoah: build is broken without jfr
935881
  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
935881
  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
935881
  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
935881
  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
935881
  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
935881
  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
935881
  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
935881
  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
935881
  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
935881
  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
935881
  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
935881
  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
935881
  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
935881
  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
935881
  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
935881
  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
935881
  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
935881
  - Fix register allocation for thread register is 32bit LRB
935881
  - Fix Shenandoah bindings in ADLC formssel
935881
  - Shenandoah: Backed out weak roots cleaning during full gc
59ff46
59ff46
Notes on individual issues:
59ff46
===========================
59ff46
59ff46
security-libs/java.security:
59ff46
935881
JDK-8260597: Added 2 HARICA Root CA Certificates
935881
================================================
935881
935881
The following root certificates have been added to the cacerts truststore:
935881
935881
Alias Name: haricarootca2015
935881
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
935881
935881
Alias Name: haricaeccrootca2015
935881
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
935881
59ff46
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
59ff46
===================================================================================
59ff46
Weak named curves are disabled by default by adding them to the
59ff46
following `disabledAlgorithms` security properties:
59ff46
59ff46
* jdk.tls.disabledAlgorithms
59ff46
* jdk.certpath.disabledAlgorithms
59ff46
* jdk.jar.disabledAlgorithms
59ff46
59ff46
Red Hat has always disabled many of the curves provided by upstream,
59ff46
so the only addition in this release is:
59ff46
59ff46
* secp256k1
59ff46
59ff46
The curves that remain enabled are:
59ff46
59ff46
* secp256r1
59ff46
* secp384r1
59ff46
* secp521r1
59ff46
* X25519
59ff46
* X448
59ff46
59ff46
When large numbers of weak named curves need to be disabled, adding
59ff46
individual named curves to each `disabledAlgorithms` property would be
59ff46
overwhelming. To relieve this, a new security property,
59ff46
`jdk.disabled.namedCurves`, is implemented that can list the named
59ff46
curves common to all of the `disabledAlgorithms` properties. To use
59ff46
the new property in the `disabledAlgorithms` properties, precede the
59ff46
full property name with the keyword `include`.  Users can still add
59ff46
individual named curves to `disabledAlgorithms` properties separate
59ff46
from this new property.  No other properties can be included in the
59ff46
`disabledAlgorithms` properties.
59ff46
59ff46
To restore the named curves, remove the `include
59ff46
jdk.disabled.namedCurves` either from specific or from all
59ff46
`disabledAlgorithms` security properties. To restore one or more
59ff46
curves, remove the specific named curve(s) from the
59ff46
`jdk.disabled.namedCurves` property.
59ff46
609ec2
JDK-8244286: Tools Warn If Weak Algorithms Are Used
609ec2
===================================================
609ec2
The `keytool` and `jarsigner` tools have been updated to warn users
609ec2
when weak cryptographic algorithms are used in keys, certificates, and
609ec2
signed JARs before they are disabled. The weak algorithms are set in
609ec2
the `jdk.security.legacyAlgorithms` security property in the
609ec2
`java.security` configuration file. In this release, the tools issue
609ec2
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
609ec2
59ff46
security-libs/javax.net.ssl:
59ff46
59ff46
JDK-8256490: Disable TLS 1.0 and 1.1
59ff46
====================================
59ff46
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
59ff46
considered secure and have been superseded by more secure and modern
59ff46
versions (TLS 1.2 and 1.3).
59ff46
59ff46
These versions have now been disabled by default. If you encounter
59ff46
issues, you can, at your own risk, re-enable the versions by removing
59ff46
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
59ff46
security property in the `java.security` configuration file.
59ff46
59ff46
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
59ff46
=========================================================================
59ff46
Two new system properties have been added to customize the TLS
59ff46
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
59ff46
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
59ff46
has been added for the server side.
59ff46
59ff46
Each system property contains a comma-separated list of supported
59ff46
signature scheme names specifying the signature schemes that could be
59ff46
used for the TLS connections.
59ff46
59ff46
The names are described in the "Signature Schemes" section of the
59ff46
*Java Security Standard Algorithm Names Specification*.
59ff46
935881
tools/javac:
935881
935881
JDK-8177368: Several incorporation steps are silently failing when an error should be reported
935881
==============================================================================================
935881
Reporting previously silent errors found during incorporation, JLS
935881
8§18.3, was supposed to be a clean-up with performance only
935881
implications. But consider the test case:
935881
935881
import java.util.Arrays;
935881
import java.util.List;
935881
935881
class Klass {
935881
  public static  List<List<A>> foo(List... lists) {
935881
    return foo(Arrays.asList(lists));
935881
    }
935881
935881
  public static  List<List<B>> foo(List> lists) {
935881
    return null;
935881
  }
935881
}
935881
935881
This code was not accepted before the patch for [1], but after this
935881
patch the compiler is accepting it. Accepting this code is the right
935881
behavior as not reporting incorporation errors was a bug in the
935881
compiler.  While determining the applicability of method: 
935881
List<List<B>> foo(List> lists) for which
935881
we have the constraints: b <: Object t <: List t<:Object
935881
List <: t first, inference variable b is selected for
935881
instantiation: b = CAP1 of ? extends A so this implies that: t <:
935881
List t<: Object List <: t
935881
935881
Now all the bounds are checked for consistency. While checking if
935881
List is a subtype of List
935881
a bound error is reported. Before the compiler was just swallowing
935881
it. As now the error is reported while inference variable b is being
935881
instantiated, the bound set is rolled back to it's initial state, 'b'
935881
is instantiated to Object, and with this instantiation the constraint
935881
set is solvable, the method is applicable, it's the only applicable
935881
one and the code is accepted as correct. The compiler behavior in this
935881
case is defined at JLS 8 §18.4
935881
935881
This fix has source compatibility impact, right now code that wasn't
935881
being accepted is now being accepted by the javac compiler. Currently
935881
there are no reports of any other kind of incompatibility.
935881
935881
[1] https://bugs.openjdk.java.net/browse/JDK-8078024
935881
3b0995
New in release OpenJDK 8u282 (2021-01-19):
3b0995
===========================================
3b0995
Live versions of these release notes can be found at:
3b0995
  * https://bitly.com/openjdk8u282
3b0995
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
3b0995
4acfd9
* Security fixes
4acfd9
  - JDK-8247619: Improve Direct Buffering of Characters
3b0995
* Other changes
3b0995
  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
3b0995
  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
3b0995
  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
3b0995
  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
3b0995
  - JDK-8030350: Enable additional compiler warnings for GCC
3b0995
  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
3b0995
  - JDK-8036122: Fix warning 'format not a string literal'
3b0995
  - JDK-8039279: Move awt tests to openjdk repository
3b0995
  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
3b0995
  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
3b0995
  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
3b0995
  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
3b0995
  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
3b0995
  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
3b0995
  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
3b0995
  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
3b0995
  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
3b0995
  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
3b0995
  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
3b0995
  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
3b0995
  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
3b0995
  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
3b0995
  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
3b0995
  - JDK-8051440: move tests about maximizing undecorated to OpenJDK
3b0995
  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
3b0995
  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
3b0995
  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
3b0995
  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
3b0995
  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
3b0995
  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
3b0995
  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
3b0995
  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
3b0995
  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
3b0995
  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
3b0995
  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
3b0995
  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
3b0995
  - JDK-8062808: Turn on the -Wreturn-type warning
3b0995
  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
3b0995
  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
3b0995
  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
3b0995
  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
3b0995
  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
3b0995
  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
3b0995
  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
3b0995
  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
3b0995
  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
3b0995
  - JDK-8068275: Some tests failed after JDK-8063104
3b0995
  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
3b0995
  - JDK-8074807: Fix some tests unnecessary using internal API
3b0995
  - JDK-8076315: move 4 manual functional swing tests to regression suite
3b0995
  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
3b0995
  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
3b0995
  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
3b0995
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
3b0995
  - JDK-8148916: Mark bug6400879.java as intermittently failing
3b0995
  - JDK-8148983: Fix extra comma in changes for JDK-8148916
3b0995
  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
3b0995
  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
3b0995
  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
3b0995
  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
3b0995
  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
3b0995
  - JDK-8165808: Add release barriers when allocating objects with concurrent collection
3b0995
  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
3b0995
  - JDK-8166583: Add oopDesc::klass_or_null_acquire()
3b0995
  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful
3b0995
  - JDK-8166862: CMS needs klass_or_null_acquire
3b0995
  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
3b0995
  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
3b0995
  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
3b0995
  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
3b0995
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
3b0995
  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
3b0995
  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
3b0995
  - JDK-8207766: [testbug] Adapt tests for Aix.
3b0995
  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
3b0995
  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
3b0995
  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
3b0995
  - JDK-8217362: Emergency dump does not work when disk=false is set
3b0995
  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations
3b0995
  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
3b0995
  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
3b0995
  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
3b0995
  - JDK-8220657: JFR.dump does not work when filename is set
3b0995
  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
3b0995
  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
3b0995
  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing
3b0995
  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
3b0995
  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
3b0995
  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
3b0995
  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
3b0995
  - JDK-8229868: Update Apache Santuario TPRM version
3b0995
  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
3b0995
  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
3b0995
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
3b0995
  - JDK-8233548: Update CUP to v0.11b
3b0995
  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
3b0995
  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
3b0995
  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
3b0995
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
3b0995
  - JDK-8242335: Additional Tests for RSASSA-PSS
3b0995
  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
3b0995
  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
3b0995
  - JDK-8245400: Upgrade to LittleCMS 2.11
3b0995
  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
3b0995
  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
3b0995
  - JDK-8249176: Update GlobalSignR6CA test certificates
3b0995
  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
3b0995
  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
3b0995
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
3b0995
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
3b0995
  - JDK-8251365: Build failure on AIX after 8250636
3b0995
  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
3b0995
  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
3b0995
  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
3b0995
  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
3b0995
  - JDK-8252497: Incorrect numeric currency code for ROL
3b0995
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
3b0995
  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
3b0995
  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
3b0995
  - JDK-8253036: Support building the Zero assembler port on AArch64
3b0995
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
3b0995
  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
3b0995
  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
3b0995
  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
3b0995
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
3b0995
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
3b0995
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
3b0995
  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
3b0995
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
3b0995
  - JDK-8255003: Build failures on Solaris
3b0995
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
3b0995
  - JDK-8255269: Unsigned overflow in g1Policy.cpp
3b0995
  - JDK-8255603: Memory/Performance regression after JDK-8210985
3b0995
  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
3b0995
  - JDK-8256618: Zero: Linux x86_32 build still fails
3b0995
  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
3b0995
  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
3b0995
  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
3b0995
  - JDK-8258630: Add expiry exception for QuoVadis root certificate
3b0995
* AArch64 port
3b0995
  - Fix AArch64 build failure after JDK-8062808 backport
3b0995
* Shenandoah
3b0995
  - Fix racy update of code roots
3b0995
3b0995
Notes on individual issues:
3b0995
===========================
3b0995
3b0995
security-libs/javax.xml.crypto:
3b0995
3b0995
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
3b0995
===========================================================================
3b0995
The XML Signature implementation in the `java.xml.crypto` module has
3b0995
been updated to version 2.1.3 of Apache Santuario. New features
3b0995
include:
3b0995
3b0995
* Added support for embedding elliptic curve public keys in the
3b0995
  KeyValue element
3b0995
3b0995
New in release OpenJDK 8u275 (2020-11-05):
3b0995
===========================================
3b0995
Live versions of these release notes can be found at:
3b0995
  * https://bitly.com/openjdk8u275
3b0995
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
3b0995
3b0995
* Regression fixes
3b0995
  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
3b0995
  - JDK-8223940: Private key not supported by chosen signature algorithm
3b0995
  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
3b0995
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
3b0995
56ca5d
New in release OpenJDK 8u272 (2020-10-20):
56ca5d
===========================================
56ca5d
Live versions of these release notes can be found at:
56ca5d
  * https://bitly.com/openjdk8u272
56ca5d
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
56ca5d
56ca5d
* New features
56ca5d
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
56ca5d
* Security fixes
56ca5d
  - JDK-8233624: Enhance JNI linkage
56ca5d
  - JDK-8236196: Improve string pooling
56ca5d
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
56ca5d
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
56ca5d
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
56ca5d
  - JDK-8240124: Better VM Interning
56ca5d
  - JDK-8241114, CVE-2020-14792: Better range handling
56ca5d
  - JDK-8242680, CVE-2020-14796: Improved URI Support
56ca5d
  - JDK-8242685, CVE-2020-14797: Better Path Validation
56ca5d
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
56ca5d
  - JDK-8243302: Advanced class supports
56ca5d
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
56ca5d
  - JDK-8244479: Further constrain certificates
56ca5d
  - JDK-8244955: Additional Fix for JDK-8240124
56ca5d
  - JDK-8245407: Enhance zoning of times
56ca5d
  - JDK-8245412: Better class definitions
56ca5d
  - JDK-8245417: Improve certificate chain handling
56ca5d
  - JDK-8248574: Improve jpeg processing
56ca5d
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
56ca5d
  - JDK-8253019: Enhanced JPEG decoding
56ca5d
* Other changes
56ca5d
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
56ca5d
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
56ca5d
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
56ca5d
  - JDK-8025886: replace [[ and == bash extensions in regtest
56ca5d
  - JDK-8026236: Add PrimeTest for BigInteger
56ca5d
  - JDK-8031625: javadoc problems referencing inner class constructors
56ca5d
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
56ca5d
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
56ca5d
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
56ca5d
  - JDK-8046274: Removing dependency on jakarta-regexp
56ca5d
  - JDK-8048933: -XX:+TraceExceptions output should include the message
56ca5d
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
56ca5d
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
56ca5d
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
56ca5d
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
56ca5d
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
56ca5d
  - JDK-8075774: Small readability and performance improvements for zipfs
56ca5d
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
56ca5d
  - JDK-8078334: Mark regression tests using randomness
56ca5d
  - JDK-8078880: Mark a few more intermittently failuring security-libs
56ca5d
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
56ca5d
  - JDK-8132206: move ScanTest.java into OpenJDK
56ca5d
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
56ca5d
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
56ca5d
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
56ca5d
  - JDK-8144539: Update PKCS11 tests to run with security manager
56ca5d
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
56ca5d
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
56ca5d
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
56ca5d
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
56ca5d
  - JDK-8151788: NullPointerException from ntlm.Client.type3
56ca5d
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
56ca5d
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
56ca5d
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
56ca5d
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
56ca5d
  - JDK-8154313: Generated javadoc scattered all over the place
56ca5d
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
56ca5d
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
56ca5d
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
56ca5d
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
56ca5d
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
56ca5d
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
56ca5d
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
56ca5d
  - JDK-8167300: Scheduling failures during gcm should be fatal
56ca5d
  - JDK-8167615: Opensource unit/regression tests for JavaSound
56ca5d
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
56ca5d
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
56ca5d
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
56ca5d
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
56ca5d
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
56ca5d
  - JDK-8177628: Opensource unit/regression tests for ImageIO
56ca5d
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
56ca5d
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
56ca5d
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
56ca5d
  - JDK-8184762: ZapStackSegments should use optimized memset
56ca5d
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
56ca5d
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
56ca5d
  - JDK-8193137: Nashorn crashes when given an empty script file
56ca5d
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
56ca5d
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
56ca5d
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
56ca5d
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
56ca5d
  - JDK-8201633: Problems with AES-GCM native acceleration
56ca5d
  - JDK-8203357: Container Metrics
56ca5d
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
56ca5d
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
56ca5d
  - JDK-8211049: Second parameter of "initialize" method is not used
56ca5d
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
56ca5d
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
56ca5d
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
56ca5d
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
56ca5d
  - JDK-8217606: LdapContext#reconnect always opens a new connection
56ca5d
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
56ca5d
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
56ca5d
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
56ca5d
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
56ca5d
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
56ca5d
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
56ca5d
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
56ca5d
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
56ca5d
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
56ca5d
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
56ca5d
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
56ca5d
  - JDK-8224217: RecordingInfo should use textual representation of path
56ca5d
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
56ca5d
  - JDK-8226575: OperatingSystemMXBean should be made container aware
56ca5d
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
56ca5d
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
56ca5d
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
56ca5d
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
56ca5d
  - JDK-8230303: JDB hangs when running monitor command
56ca5d
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
56ca5d
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
56ca5d
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
56ca5d
  - JDK-8233097: Fontmetrics for large Fonts has zero width
56ca5d
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
56ca5d
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
56ca5d
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
56ca5d
  - JDK-8235325: build failure on Linux after 8235243
56ca5d
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
56ca5d
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
56ca5d
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
56ca5d
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
56ca5d
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
56ca5d
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
56ca5d
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
56ca5d
  - JDK-8238898: Missing hash characters for header on license file
56ca5d
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
56ca5d
  - JDK-8239819: XToolkit: Misread of screen information memory
56ca5d
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
56ca5d
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
56ca5d
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
56ca5d
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
56ca5d
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
56ca5d
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
56ca5d
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
56ca5d
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
56ca5d
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
56ca5d
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
56ca5d
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
56ca5d
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
56ca5d
  - JDK-8245469: Remove DTLS protocol implementation
56ca5d
  - JDK-8245470: Fix JDK8 compatibility issues
56ca5d
  - JDK-8245471: Revert JDK-8148188
56ca5d
  - JDK-8245472: Backport JDK-8038893 to JDK8
56ca5d
  - JDK-8245473: OCSP stapling support
56ca5d
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
56ca5d
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
56ca5d
  - JDK-8245477: Adjust TLS tests location
56ca5d
  - JDK-8245653: Remove 8u TLS tests
56ca5d
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
56ca5d
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
56ca5d
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
56ca5d
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
56ca5d
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
56ca5d
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
56ca5d
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
56ca5d
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
56ca5d
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
56ca5d
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
56ca5d
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
56ca5d
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
56ca5d
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
56ca5d
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
56ca5d
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
56ca5d
  - JDK-8251341: Minimal Java specification change
56ca5d
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
56ca5d
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
56ca5d
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
56ca5d
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
56ca5d
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
56ca5d
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
56ca5d
  - JDK-8254937: Revert JDK-8148854 for 8u272
56ca5d
56ca5d
Notes on individual issues:
56ca5d
===========================
56ca5d
56ca5d
core-svc/java.lang.management:
56ca5d
56ca5d
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
56ca5d
============================================================================================
56ca5d
When executing in a container, or other virtualized operating
56ca5d
environment, the following `OperatingSystemMXBean` methods in this
56ca5d
release return container specific information, if
56ca5d
available. Otherwise, they return host specific data:
56ca5d
56ca5d
* getFreePhysicalMemorySize()
56ca5d
* getTotalPhysicalMemorySize()
56ca5d
* getFreeSwapSpaceSize()
56ca5d
* getTotalSwapSpaceSize()
56ca5d
* getSystemCpuLoad()
56ca5d
56ca5d
security-libs/java.security:
56ca5d
56ca5d
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
56ca5d
========================================================================
56ca5d
The Entrust root certificate has been added to the cacerts truststore:
56ca5d
56ca5d
Alias Name: entrustrootcag4
56ca5d
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
56ca5d
56ca5d
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
56ca5d
=========================================================
56ca5d
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
56ca5d
56ca5d
Alias Name: sslrootrsaca
56ca5d
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
56ca5d
56ca5d
Alias Name: sslrootevrsaca
56ca5d
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
56ca5d
56ca5d
Alias Name: sslrooteccca
56ca5d
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
56ca5d
56ca5d
security-libs/javax.crypto:pkcs11:
56ca5d
56ca5d
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
56ca5d
=======================================================================
56ca5d
The SunPKCS11 provider has been updated with support for PKCS#11
56ca5d
v2.40. This version adds support for more algorithms such as the
56ca5d
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
56ca5d
digests, and RSASSA-PSS signatures when the corresponding PKCS11
56ca5d
mechanisms are supported by the underlying PKCS11 library.
56ca5d
56ca5d
security-libs/javax.security:
56ca5d
56ca5d
JDK-8242059: Support for canonicalize in krb5.conf
56ca5d
==================================================
56ca5d
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
56ca5d
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
56ca5d
canonicalization is requested by clients in TGT requests to KDC
56ca5d
services (AS protocol). Otherwise, and by default, it is not
56ca5d
requested.
56ca5d
56ca5d
The new default behavior is different from previous releases where
56ca5d
name canonicalization was always requested by clients in TGT requests
56ca5d
to KDC services (provided that support for RFC 6806[1] was not
56ca5d
explicitly disabled with the *sun.security.krb5.disableReferrals*
56ca5d
system or security properties).
56ca5d
56ca5d
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
56ca5d
[1]: https://tools.ietf.org/html/rfc6806
56ca5d
56ca5d
security-libs/javax.xml.crypto:
56ca5d
56ca5d
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
56ca5d
=====================================================================
56ca5d
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
56ca5d
56ca5d
New features include:
56ca5d
56ca5d
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
56ca5d
in RFC 6931.
56ca5d
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
56ca5d
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
56ca5d
56ca5d
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
56ca5d
============================================================================================================
56ca5d
The upgrade to the Apache Santuario libraries (see above) introduced
56ca5d
an issue where XML signature using Base64 encoding resulted in
56ca5d
appending `&#xd` or `&#13` to the encoded output. This behavioural
56ca5d
change was made in the Apache Santuario codebase to comply with RFC
56ca5d
2045. The Santuario team has adopted a position of keeping their
56ca5d
libraries compliant with RFC 2045.
56ca5d
56ca5d
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
56ca5d
data in a format without `&#xd` or `&#13`.
56ca5d
56ca5d
Therefore a new system property, specific to the 8 update stream,
56ca5d
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
56ca5d
available to fall back to the legacy Base64 encoded format.
56ca5d
56ca5d
Users can set this flag in one of two ways:
56ca5d
56ca5d
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
56ca5d
56ca5d
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
56ca5d
56ca5d
This new system property is disabled by default. It has no effect on
56ca5d
default behaviour nor when
56ca5d
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
56ca5d
is set.
56ca5d
56ca5d
Later JDK family versions will only support the recommended property:
56ca5d
56ca5d
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
56ca5d
56ca5d
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
56ca5d
====================================================================
56ca5d
Following JDK's update to tzdata2020b, the long-obsolete files
56ca5d
pacificnew and systemv have been removed. As a result, the
56ca5d
"US/Pacific-New" zone name declared in the pacificnew data file is no
56ca5d
longer available for use.
56ca5d
56ca5d
Information regarding the update can be viewed at
56ca5d
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
56ca5d
efcefa
New in release OpenJDK 8u265 (2020-07-27):
efcefa
===========================================
efcefa
Live versions of these release notes can be found at:
efcefa
  * https://bitly.com/openjdk8u265
efcefa
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
efcefa
efcefa
* Bug fixes
efcefa
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
efcefa
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
efcefa
8df9ce
New in release OpenJDK 8u262 (2020-07-14):
8df9ce
===========================================
8df9ce
Live versions of these release notes can be found at:
8df9ce
  * https://bitly.com/oj8u262
8df9ce
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
8df9ce
8df9ce
* New features
8df9ce
  - JDK-8223147: JFR Backport
8df9ce
* Security fixes
8df9ce
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
8df9ce
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
8df9ce
  - JDK-8230613: Better ASCII conversions
8df9ce
  - JDK-8231800: Better listing of arrays
8df9ce
  - JDK-8232014: Expand DTD support
8df9ce
  - JDK-8233255: Better Swing Buttons
8df9ce
  - JDK-8234032: Improve basic calendar services
8df9ce
  - JDK-8234042: Better factory production of certificates
8df9ce
  - JDK-8234418: Better parsing with CertificateFactory
8df9ce
  - JDK-8234836: Improve serialization handling
8df9ce
  - JDK-8236191: Enhance OID processing
8df9ce
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
8df9ce
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
8df9ce
  - JDK-8238002, CVE-2020-14581: Better matrix operations
8df9ce
  - JDK-8238804: Enhance key handling process
8df9ce
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
8df9ce
  - JDK-8238843: Enhanced font handing
8df9ce
  - JDK-8238920, CVE-2020-14583: Better Buffer support
8df9ce
  - JDK-8238925: Enhance WAV file playback
8df9ce
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
8df9ce
  - JDK-8240482: Improved WAV file playback
8df9ce
  - JDK-8241379: Update JCEKS support
8df9ce
  - JDK-8241522: Manifest improved jar headers redux
8df9ce
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
8df9ce
* Other changes
8df9ce
  - JDK-4949105: Access Bridge lacks html tags parsing
8df9ce
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
8df9ce
  - JDK-8003209: JFR events for network utilization
8df9ce
  - JDK-8030680: 292 cleanup from default method code assessment
8df9ce
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
8df9ce
  - JDK-8037866: Replace the Fun class in tests with lambdas
8df9ce
  - JDK-8041626: Shutdown tracing event
8df9ce
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
8df9ce
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
8df9ce
  - JDK-8076475: Misuses of strncpy/strncat
8df9ce
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
8df9ce
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
8df9ce
  - JDK-8146612: C2: Precedence edges specification violated
8df9ce
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
8df9ce
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
8df9ce
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
8df9ce
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
8df9ce
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
8df9ce
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
8df9ce
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
8df9ce
  - JDK-8176182: 4 security tests are not run
8df9ce
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
8df9ce
  - JDK-8178910: Problemlist sample tests
8df9ce
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
8df9ce
  - JDK-8183925: Decouple crash protection from watcher thread
8df9ce
  - JDK-8191393: Random crashes during cfree+0x1c
8df9ce
  - JDK-8195817: JFR.stop should require name of recording
8df9ce
  - JDK-8195818: JFR.start should increase autogenerated name by one
8df9ce
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
8df9ce
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
8df9ce
  - JDK-8199712: Flight Recorder
8df9ce
  - JDK-8202578: Revisit location for class unload events
8df9ce
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
8df9ce
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
8df9ce
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
8df9ce
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
8df9ce
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
8df9ce
  - JDK-8203929: Limit amount of data for JFR.dump
8df9ce
  - JDK-8205516: JFR tool
8df9ce
  - JDK-8207392: [PPC64] Implement JFR profiling
8df9ce
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
8df9ce
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
8df9ce
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
8df9ce
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
8df9ce
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
8df9ce
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
8df9ce
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
8df9ce
  - JDK-8213421: Line number information for execution samples always 0
8df9ce
  - JDK-8213617: JFR should record the PID of the recorded process
8df9ce
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
8df9ce
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
8df9ce
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
8df9ce
  - JDK-8213966: The ZGC JFR events should be marked as experimental
8df9ce
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
8df9ce
  - JDK-8214750: Unnecessary 

tags in jfr classes

8df9ce
  - JDK-8214896: JFR Tool left files behind
8df9ce
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
8df9ce
  - JDK-8214925: JFR tool fails to execute
8df9ce
  - JDK-8215175: Inconsistencies in JFR event metadata
8df9ce
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
8df9ce
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
8df9ce
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
8df9ce
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
8df9ce
  - JDK-8215771: The jfr tool should pretty print reference chains
8df9ce
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
8df9ce
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
8df9ce
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
8df9ce
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
8df9ce
  - JDK-8216578: Remove unused/obsolete method in JFR code
8df9ce
  - JDK-8216995: Clean up JFR command line processing
8df9ce
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
8df9ce
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
8df9ce
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
8df9ce
  - JDK-8220293: Deadlock in JFR string pool
8df9ce
  - JDK-8223689: Add JFR Thread Sampling Support
8df9ce
  - JDK-8223690: Add JFR BiasedLock Event Support
8df9ce
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
8df9ce
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
8df9ce
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
8df9ce
  - JDK-8224475: JTextPane does not show images in HTML rendering
8df9ce
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
8df9ce
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
8df9ce
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
8df9ce
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
8df9ce
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
8df9ce
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
8df9ce
  - JDK-8227269: Slow class loading when running with JDWP
8df9ce
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
8df9ce
  - JDK-8229366: JFR backport allows unchecked writing to memory
8df9ce
  - JDK-8229401: Fix JFR code cache test failures
8df9ce
  - JDK-8229708: JFR backport code does not initialize
8df9ce
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
8df9ce
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
8df9ce
  - JDK-8229899: Make java.io.File.isInvalid() less racy
8df9ce
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
8df9ce
  - JDK-8230597: Update GIFlib library to the 5.2.1
8df9ce
  - JDK-8230707: JFR related tests are failing
8df9ce
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
8df9ce
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
8df9ce
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
8df9ce
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
8df9ce
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
8df9ce
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
8df9ce
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
8df9ce
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
8df9ce
  - JDK-8233880: Support compilers with multi-digit major version numbers
8df9ce
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
8df9ce
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
8df9ce
  - JDK-8236074: Missed package-info
8df9ce
  - JDK-8236174: Should update javadoc since tags
8df9ce
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
8df9ce
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
8df9ce
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
8df9ce
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
8df9ce
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
8df9ce
  - JDK-8238590: Enable JFR by default during compilation in 8u
8df9ce
  - JDK-8239055: Wrong implementation of VMState.hasListener
8df9ce
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
8df9ce
  - JDK-8239479: minimal1 and zero builds are failing
8df9ce
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
8df9ce
  - JDK-8239867: correct over use of INCLUDE_JFR macro
8df9ce
  - JDK-8240375: Disable JFR by default for July 2020 release
8df9ce
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
8df9ce
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
8df9ce
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
8df9ce
  - JDK-8241750: x86_32 build failure after JDK-8227269
8df9ce
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
8df9ce
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
8df9ce
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
8df9ce
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
8df9ce
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
8df9ce
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
8df9ce
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
8df9ce
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
8df9ce
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
8df9ce
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
8df9ce
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
8df9ce
  - JDK-8244843: JapanEraNameCompatTest fails
8df9ce
  - JDK-8245167: Top package in method profiling shows null in JMC
8df9ce
  - JDK-8246223: Windows build fails after JDK-8227269
8df9ce
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
8df9ce
  - JDK-8248399: Build installs jfr binary when JFR is disabled
8df9ce
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
8df9ce
8df9ce
Notes on individual issues:
8df9ce
===========================
8df9ce
8df9ce
hotspot/jfr:
8df9ce
8df9ce
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
8df9ce
=========================================================
8df9ce
8df9ce
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
8df9ce
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
8df9ce
8df9ce
JFR is a low-overhead framework to collect and provide data helpful to
8df9ce
troubleshoot the performance of the OpenJDK runtime and of Java
8df9ce
applications. It consists of a new API to define custom events under
8df9ce
the jdk.jfr namespace and a JMX interface to interact with the
8df9ce
framework. The recording can also be initiated with the application
8df9ce
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
8df9ce
the +XX:EnableTracing feature introduced in JEP 167, providing a more
8df9ce
efficient way to retrieve the same information. For compatibility
8df9ce
reasons, +XX:EnableTracing is still accepted, however no data will be
8df9ce
printed.
8df9ce
8df9ce
While JFR is not built by default upstream, it is included in Red Hat
8df9ce
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
8df9ce
8df9ce
hotspot/runtime:
8df9ce
8df9ce
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
8df9ce
=========================================================================================
8df9ce
8df9ce
JFR will be disabled with a warning message if it is enabled during
8df9ce
CDS dumping. The user will see the following warning message:
8df9ce
8df9ce
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
8df9ce
8df9ce
if JFR is enabled during CDS dumping such as in the following command
8df9ce
line:
8df9ce
8df9ce
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
8df9ce
8df9ce
security-libs/java.security:
8df9ce
8df9ce
JDK-8244167: Removal of Comodo Root CA Certificate
8df9ce
==================================================
8df9ce
8df9ce
The following expired Comodo root CA certificate was removed from the
8df9ce
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
8df9ce
8df9ce
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
8df9ce
8df9ce
JDK-8244166: Removal of DocuSign Root CA Certificate
8df9ce
====================================================
8df9ce
8df9ce
The following expired DocuSign root CA certificate was removed from
8df9ce
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
8df9ce
8df9ce
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
8df9ce
8df9ce
security-libs/javax.crypto:pkcs11:
8df9ce
8df9ce
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
8df9ce
============================================================================================================================
8df9ce
8df9ce
The SunPKCS11 security provider can now be initialized with NSS when
8df9ce
FIPS-enabled external modules are configured in the Security Modules
8df9ce
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
8df9ce
throw a RuntimeException with the message: "FIPS flag set for
8df9ce
non-internal module" when such a library was configured for NSS in
8df9ce
non-FIPS mode.
8df9ce
8df9ce
This change allows the JDK to work properly with recent NSS releases
8df9ce
on GNU/Linux operating systems when the system-wide FIPS policy is
8df9ce
turned on.
8df9ce
8df9ce
Further information can be found in JDK-8238555.
8df9ce
84a771
New in release OpenJDK 8u252 (2020-04-14):
84a771
===========================================
84a771
Live versions of these release notes can be found at:
84a771
  * https://bitly.com/oj8u252
84a771
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
84a771
84a771
* Security fixes
84a771
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
84a771
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
84a771
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
84a771
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
84a771
  - JDK-8225603: Enhancement for big integers
84a771
  - JDK-8227542: Manifest improved jar headers
84a771
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
84a771
  - JDK-8233250: Better X11 rendering
84a771
  - JDK-8233410: Better Build Scripting
84a771
  - JDK-8234027: Better JCEKS key support
84a771
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
84a771
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
84a771
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
84a771
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
84a771
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
84a771
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
84a771
* Other changes
84a771
  - JDK-8005819: Support cross-realm MSSFU
84a771
  - JDK-8022263: use same Clang warnings on BSD as on Linux
84a771
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
84a771
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
84a771
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
84a771
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
84a771
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
84a771
  - JDK-8132130: some docs cleanup
84a771
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
84a771
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
84a771
  - JDK-8144446: Automate the Marlin crash test
84a771
  - JDK-8144526: Remove Marlin logging use of deleted internal API
84a771
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
84a771
  - JDK-8144654: Improve Marlin logging
84a771
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
84a771
  - JDK-8166976: TestCipherPBECons has wrong @run line
84a771
  - JDK-8167409: Invalid value passed to critical JNI function
84a771
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
84a771
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
84a771
  - JDK-8191227: issues with unsafe handle resolution
84a771
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
84a771
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
84a771
  - JDK-8215756: Memory leaks in the AWT on macOS
84a771
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
84a771
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
84a771
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
84a771
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
84a771
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
84a771
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
84a771
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
84a771
  - JDK-8229872: (fs) Increase buffer size used with getmntent
84a771
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
84a771
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
84a771
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
84a771
  - JDK-8235904: Infinite loop when rendering huge lines
84a771
  - JDK-8236179: C1 register allocation error with T_ADDRESS
84a771
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
84a771
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
84a771
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
84a771
  - JDK-8241307: Marlin renderer should not be the default in 8u252
84a771
84a771
Notes on individual issues:
84a771
===========================
84a771
84a771
hotspot/svc:
84a771
84a771
JDK-8174881: Binary format for HPROF updated 
84a771
============================================
84a771
84a771
When dumping the heap in binary format, HPROF format 1.0.2 is always
84a771
used now. Previously, format 1.0.1 was used for heaps smaller than
84a771
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
84a771
serviceability agent.
84a771
84a771
security-libs/java.security:
84a771
84a771
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
84a771
====================================================================================
84a771
84a771
The SunRsaSign and SunJCE providers have been enhanced with support
84a771
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
84a771
signature and OAEP using FIPS 180-4 digest algorithms. New
84a771
constructors and methods have been added to relevant JCA/JCE classes
84a771
under the `java.security.spec` and `javax.crypto.spec` packages for
84a771
supporting additional RSASSA-PSS parameters.
84a771
84a771
security-libs/javax.crypto:
84a771
84a771
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
84a771
============================================================
84a771
84a771
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
84a771
84a771
security-libs/javax.security:
84a771
84a771
JDK-8227564: Allow SASL Mechanisms to Be Restricted
84a771
===================================================
84a771
84a771
A security property named `jdk.sasl.disabledMechanisms` has been added
84a771
that can be used to disable SASL mechanisms. Any disabled mechanism
84a771
will be ignored if it is specified in the `mechanisms` argument of
84a771
`Sasl.createSaslClient` or the `mechanism` argument of
84a771
`Sasl.createSaslServer`. The default value for this security property
84a771
is empty, which means that no mechanisms are disabled out-of-the-box.