7e9da4
Key:
7e9da4
7e9da4
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
7e9da4
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
7e9da4
9aeff1
New in release OpenJDK 8u262 (2020-07-14):
9aeff1
===========================================
9aeff1
Live versions of these release notes can be found at:
9aeff1
  * https://bitly.com/oj8u262
9aeff1
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
9aeff1
9aeff1
* New features
9aeff1
  - JDK-8223147: JFR Backport
9aeff1
* Security fixes
9aeff1
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
9aeff1
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
9aeff1
  - JDK-8230613: Better ASCII conversions
9aeff1
  - JDK-8231800: Better listing of arrays
9aeff1
  - JDK-8232014: Expand DTD support
9aeff1
  - JDK-8233255: Better Swing Buttons
9aeff1
  - JDK-8234032: Improve basic calendar services
9aeff1
  - JDK-8234042: Better factory production of certificates
9aeff1
  - JDK-8234418: Better parsing with CertificateFactory
9aeff1
  - JDK-8234836: Improve serialization handling
9aeff1
  - JDK-8236191: Enhance OID processing
9aeff1
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
9aeff1
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
9aeff1
  - JDK-8238002, CVE-2020-14581: Better matrix operations
9aeff1
  - JDK-8238804: Enhance key handling process
9aeff1
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
9aeff1
  - JDK-8238843: Enhanced font handing
9aeff1
  - JDK-8238920, CVE-2020-14583: Better Buffer support
9aeff1
  - JDK-8238925: Enhance WAV file playback
9aeff1
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
9aeff1
  - JDK-8240482: Improved WAV file playback
9aeff1
  - JDK-8241379: Update JCEKS support
9aeff1
  - JDK-8241522: Manifest improved jar headers redux
9aeff1
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
9aeff1
* Other changes
9aeff1
  - JDK-4949105: Access Bridge lacks html tags parsing
9aeff1
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
9aeff1
  - JDK-8003209: JFR events for network utilization
9aeff1
  - JDK-8030680: 292 cleanup from default method code assessment
9aeff1
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
9aeff1
  - JDK-8037866: Replace the Fun class in tests with lambdas
9aeff1
  - JDK-8041626: Shutdown tracing event
9aeff1
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
9aeff1
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
9aeff1
  - JDK-8076475: Misuses of strncpy/strncat
9aeff1
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
9aeff1
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
9aeff1
  - JDK-8146612: C2: Precedence edges specification violated
9aeff1
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
9aeff1
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
9aeff1
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
9aeff1
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
9aeff1
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
9aeff1
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
9aeff1
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
9aeff1
  - JDK-8176182: 4 security tests are not run
9aeff1
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
9aeff1
  - JDK-8178910: Problemlist sample tests
9aeff1
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
9aeff1
  - JDK-8183925: Decouple crash protection from watcher thread
9aeff1
  - JDK-8191393: Random crashes during cfree+0x1c
9aeff1
  - JDK-8195817: JFR.stop should require name of recording
9aeff1
  - JDK-8195818: JFR.start should increase autogenerated name by one
9aeff1
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
9aeff1
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
9aeff1
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
9aeff1
  - JDK-8199712: Flight Recorder
9aeff1
  - JDK-8202578: Revisit location for class unload events
9aeff1
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
9aeff1
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
9aeff1
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
9aeff1
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
9aeff1
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
9aeff1
  - JDK-8203929: Limit amount of data for JFR.dump
9aeff1
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
9aeff1
  - JDK-8205516: JFR tool
9aeff1
  - JDK-8207392: [PPC64] Implement JFR profiling
9aeff1
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
9aeff1
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
9aeff1
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
9aeff1
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
9aeff1
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
9aeff1
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
9aeff1
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
9aeff1
  - JDK-8213421: Line number information for execution samples always 0
9aeff1
  - JDK-8213617: JFR should record the PID of the recorded process
9aeff1
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
9aeff1
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
9aeff1
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
9aeff1
  - JDK-8213966: The ZGC JFR events should be marked as experimental
9aeff1
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
9aeff1
  - JDK-8214750: Unnecessary 

tags in jfr classes

9aeff1
  - JDK-8214896: JFR Tool left files behind
9aeff1
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
9aeff1
  - JDK-8214925: JFR tool fails to execute
9aeff1
  - JDK-8215175: Inconsistencies in JFR event metadata
9aeff1
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
9aeff1
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
9aeff1
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
9aeff1
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
9aeff1
  - JDK-8215771: The jfr tool should pretty print reference chains
9aeff1
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
9aeff1
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
9aeff1
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
9aeff1
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
9aeff1
  - JDK-8216578: Remove unused/obsolete method in JFR code
9aeff1
  - JDK-8216995: Clean up JFR command line processing
9aeff1
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
9aeff1
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
9aeff1
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
9aeff1
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
9aeff1
  - JDK-8220293: Deadlock in JFR string pool
9aeff1
  - JDK-8223689: Add JFR Thread Sampling Support
9aeff1
  - JDK-8223690: Add JFR BiasedLock Event Support
9aeff1
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
9aeff1
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
9aeff1
  - JDK-8223898: Forward references to Nashorn
9aeff1
  - JDK-8223904: Improve Nashorn matching
9aeff1
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
9aeff1
  - JDK-8224475: JTextPane does not show images in HTML rendering
9aeff1
  - JDK-8224541: Better mapping of serial ENUMs
9aeff1
  - JDK-8224549: Less Blocking Array Queues
9aeff1
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
9aeff1
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
9aeff1
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
9aeff1
  - JDK-8225603: Enhancement for big integers
9aeff1
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
9aeff1
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
9aeff1
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
9aeff1
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
9aeff1
  - JDK-8227269: Slow class loading when running with JDWP
9aeff1
  - JDK-8227542: Manifest improved jar headers
9aeff1
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
9aeff1
  - JDK-8229366: JFR backport allows unchecked writing to memory
9aeff1
  - JDK-8229401: Fix JFR code cache test failures
9aeff1
  - JDK-8229708: JFR backport code does not initialize
9aeff1
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
9aeff1
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
9aeff1
  - JDK-8229899: Make java.io.File.isInvalid() less racy
9aeff1
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
9aeff1
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
9aeff1
  - JDK-8230597: Update GIFlib library to the 5.2.1
9aeff1
  - JDK-8230707: JFR related tests are failing
9aeff1
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
9aeff1
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
9aeff1
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
9aeff1
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
9aeff1
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
9aeff1
  - JDK-8231415: Better signatures in XML
9aeff1
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
9aeff1
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
9aeff1
  - JDK-8233250: Better X11 rendering
9aeff1
  - JDK-8233410: Better Build Scripting
9aeff1
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
9aeff1
  - JDK-8233880: Support compilers with multi-digit major version numbers
9aeff1
  - JDK-8234027: Better JCEKS key support
9aeff1
  - JDK-8234408: Improve TLS session handling
9aeff1
  - JDK-8234825: Better Headings for HTTP Servers
9aeff1
  - JDK-8234841: Enhance buffering of byte buffers
9aeff1
  - JDK-8235274: Enhance typing of methods
9aeff1
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
9aeff1
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
9aeff1
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
9aeff1
  - JDK-8236074: Missed package-info
9aeff1
  - JDK-8236174: Should update javadoc since tags
9aeff1
  - JDK-8236201: Better Scanner conversions
9aeff1
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
9aeff1
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
9aeff1
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
9aeff1
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
9aeff1
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
9aeff1
  - JDK-8238590: Enable JFR by default during compilation in 8u
9aeff1
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
9aeff1
  - JDK-8239055: Wrong implementation of VMState.hasListener
9aeff1
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
9aeff1
  - JDK-8239479: minimal1 and zero builds are failing
9aeff1
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
9aeff1
  - JDK-8239867: correct over use of INCLUDE_JFR macro
9aeff1
  - JDK-8240375: Disable JFR by default for July 2020 release
9aeff1
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
9aeff1
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
9aeff1
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
9aeff1
  - JDK-8241307: Marlin renderer should not be the default in 8u252
9aeff1
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
9aeff1
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
9aeff1
  - JDK-8241750: x86_32 build failure after JDK-8227269
9aeff1
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
9aeff1
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
9aeff1
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
9aeff1
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
9aeff1
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
9aeff1
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
9aeff1
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
9aeff1
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
9aeff1
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
9aeff1
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
9aeff1
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
9aeff1
  - JDK-8244843: JapanEraNameCompatTest fails
9aeff1
  - JDK-8245167: Top package in method profiling shows null in JMC
9aeff1
  - JDK-8246223: Windows build fails after JDK-8227269
9aeff1
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
9aeff1
  - JDK-8248399: Build installs jfr binary when JFR is disabled
9aeff1
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
9aeff1
9aeff1
Notes on individual issues:
9aeff1
===========================
9aeff1
9aeff1
hotspot/jfr:
9aeff1
9aeff1
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
9aeff1
=========================================================
9aeff1
9aeff1
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
9aeff1
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
9aeff1
9aeff1
JFR is a low-overhead framework to collect and provide data helpful to
9aeff1
troubleshoot the performance of the OpenJDK runtime and of Java
9aeff1
applications. It consists of a new API to define custom events under
9aeff1
the jdk.jfr namespace and a JMX interface to interact with the
9aeff1
framework. The recording can also be initiated with the application
9aeff1
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
9aeff1
the +XX:EnableTracing feature introduced in JEP 167, providing a more
9aeff1
efficient way to retrieve the same information. For compatibility
9aeff1
reasons, +XX:EnableTracing is still accepted, however no data will be
9aeff1
printed.
9aeff1
9aeff1
While JFR is not built by default upstream, it is included in Red Hat
9aeff1
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
9aeff1
9aeff1
hotspot/runtime:
9aeff1
9aeff1
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
9aeff1
=========================================================================================
9aeff1
9aeff1
JFR will be disabled with a warning message if it is enabled during
9aeff1
CDS dumping. The user will see the following warning message:
9aeff1
9aeff1
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
9aeff1
9aeff1
if JFR is enabled during CDS dumping such as in the following command
9aeff1
line:
9aeff1
9aeff1
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
9aeff1
9aeff1
security-libs/java.security:
9aeff1
9aeff1
JDK-8244167: Removal of Comodo Root CA Certificate
9aeff1
==================================================
9aeff1
9aeff1
The following expired Comodo root CA certificate was removed from the
9aeff1
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
9aeff1
9aeff1
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
9aeff1
9aeff1
JDK-8244166: Removal of DocuSign Root CA Certificate
9aeff1
====================================================
9aeff1
9aeff1
The following expired DocuSign root CA certificate was removed from
9aeff1
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
9aeff1
9aeff1
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
9aeff1
9aeff1
security-libs/javax.crypto:pkcs11:
9aeff1
9aeff1
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
9aeff1
============================================================================================================================
9aeff1
9aeff1
The SunPKCS11 security provider can now be initialized with NSS when
9aeff1
FIPS-enabled external modules are configured in the Security Modules
9aeff1
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
9aeff1
throw a RuntimeException with the message: "FIPS flag set for
9aeff1
non-internal module" when such a library was configured for NSS in
9aeff1
non-FIPS mode.
9aeff1
9aeff1
This change allows the JDK to work properly with recent NSS releases
9aeff1
on GNU/Linux operating systems when the system-wide FIPS policy is
9aeff1
turned on.
9aeff1
9aeff1
Further information can be found in JDK-8238555.
9aeff1
7e9da4
New in release OpenJDK 8u252 (2020-04-14):
7e9da4
===========================================
7e9da4
Live versions of these release notes can be found at:
7e9da4
  * https://bitly.com/oj8u252
7e9da4
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
7e9da4
7e9da4
* Security fixes
7e9da4
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
7e9da4
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
7e9da4
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
7e9da4
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
7e9da4
  - JDK-8225603: Enhancement for big integers
7e9da4
  - JDK-8227542: Manifest improved jar headers
7e9da4
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
7e9da4
  - JDK-8233250: Better X11 rendering
7e9da4
  - JDK-8233410: Better Build Scripting
7e9da4
  - JDK-8234027: Better JCEKS key support
7e9da4
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
7e9da4
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
7e9da4
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
7e9da4
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
7e9da4
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
7e9da4
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
7e9da4
* Other changes
7e9da4
  - JDK-8005819: Support cross-realm MSSFU
7e9da4
  - JDK-8022263: use same Clang warnings on BSD as on Linux
7e9da4
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
7e9da4
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
7e9da4
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
7e9da4
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
7e9da4
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
7e9da4
  - JDK-8132130: some docs cleanup
7e9da4
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
7e9da4
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
7e9da4
  - JDK-8144446: Automate the Marlin crash test
7e9da4
  - JDK-8144526: Remove Marlin logging use of deleted internal API
7e9da4
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
7e9da4
  - JDK-8144654: Improve Marlin logging
7e9da4
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
7e9da4
  - JDK-8166976: TestCipherPBECons has wrong @run line
7e9da4
  - JDK-8167409: Invalid value passed to critical JNI function
7e9da4
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
7e9da4
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
7e9da4
  - JDK-8191227: issues with unsafe handle resolution
7e9da4
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
7e9da4
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
7e9da4
  - JDK-8215756: Memory leaks in the AWT on macOS
7e9da4
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
7e9da4
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
7e9da4
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
7e9da4
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
7e9da4
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
7e9da4
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
7e9da4
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
7e9da4
  - JDK-8229872: (fs) Increase buffer size used with getmntent
7e9da4
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
7e9da4
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
7e9da4
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
7e9da4
  - JDK-8235904: Infinite loop when rendering huge lines
7e9da4
  - JDK-8236179: C1 register allocation error with T_ADDRESS
7e9da4
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
7e9da4
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
7e9da4
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
7e9da4
  - JDK-8241307: Marlin renderer should not be the default in 8u252
7e9da4
7e9da4
Notes on individual issues:
7e9da4
===========================
7e9da4
7e9da4
hotspot/svc:
7e9da4
7e9da4
JDK-8174881: Binary format for HPROF updated 
7e9da4
============================================
7e9da4
7e9da4
When dumping the heap in binary format, HPROF format 1.0.2 is always
7e9da4
used now. Previously, format 1.0.1 was used for heaps smaller than
7e9da4
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
7e9da4
serviceability agent.
7e9da4
7e9da4
security-libs/java.security:
7e9da4
7e9da4
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
7e9da4
====================================================================================
7e9da4
7e9da4
The SunRsaSign and SunJCE providers have been enhanced with support
7e9da4
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
7e9da4
signature and OAEP using FIPS 180-4 digest algorithms. New
7e9da4
constructors and methods have been added to relevant JCA/JCE classes
7e9da4
under the `java.security.spec` and `javax.crypto.spec` packages for
7e9da4
supporting additional RSASSA-PSS parameters.
7e9da4
7e9da4
security-libs/javax.crypto:
7e9da4
7e9da4
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
7e9da4
============================================================
7e9da4
7e9da4
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
7e9da4
7e9da4
security-libs/javax.security:
7e9da4
7e9da4
JDK-8227564: Allow SASL Mechanisms to Be Restricted
7e9da4
===================================================
7e9da4
7e9da4
A security property named `jdk.sasl.disabledMechanisms` has been added
7e9da4
that can be used to disable SASL mechanisms. Any disabled mechanism
7e9da4
will be ignored if it is specified in the `mechanisms` argument of
7e9da4
`Sasl.createSaslClient` or the `mechanism` argument of
7e9da4
`Sasl.createSaslServer`. The default value for this security property
7e9da4
is empty, which means that no mechanisms are disabled out-of-the-box.