edf4c9
Key:
edf4c9
edf4c9
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
edf4c9
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
edf4c9
edf4c9
New in release OpenJDK 8u252 (2020-04-14):
edf4c9
===========================================
edf4c9
Live versions of these release notes can be found at:
edf4c9
  * https://bitly.com/oj8u252
edf4c9
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
edf4c9
edf4c9
* Security fixes
edf4c9
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
edf4c9
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
edf4c9
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
edf4c9
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
edf4c9
  - JDK-8225603: Enhancement for big integers
edf4c9
  - JDK-8227542: Manifest improved jar headers
edf4c9
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
edf4c9
  - JDK-8233250: Better X11 rendering
edf4c9
  - JDK-8233410: Better Build Scripting
edf4c9
  - JDK-8234027: Better JCEKS key support
edf4c9
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
edf4c9
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
edf4c9
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
edf4c9
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
edf4c9
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
edf4c9
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
edf4c9
* Other changes
edf4c9
  - JDK-8005819: Support cross-realm MSSFU
edf4c9
  - JDK-8022263: use same Clang warnings on BSD as on Linux
edf4c9
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
edf4c9
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
edf4c9
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
edf4c9
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
edf4c9
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
edf4c9
  - JDK-8132130: some docs cleanup
edf4c9
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
edf4c9
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
edf4c9
  - JDK-8144446: Automate the Marlin crash test
edf4c9
  - JDK-8144526: Remove Marlin logging use of deleted internal API
edf4c9
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
edf4c9
  - JDK-8144654: Improve Marlin logging
edf4c9
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
edf4c9
  - JDK-8166976: TestCipherPBECons has wrong @run line
edf4c9
  - JDK-8167409: Invalid value passed to critical JNI function
edf4c9
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
edf4c9
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
edf4c9
  - JDK-8191227: issues with unsafe handle resolution
edf4c9
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
edf4c9
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
edf4c9
  - JDK-8215756: Memory leaks in the AWT on macOS
edf4c9
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
edf4c9
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
edf4c9
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
edf4c9
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
edf4c9
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
edf4c9
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
edf4c9
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
edf4c9
  - JDK-8229872: (fs) Increase buffer size used with getmntent
edf4c9
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
edf4c9
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
edf4c9
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
edf4c9
  - JDK-8235904: Infinite loop when rendering huge lines
edf4c9
  - JDK-8236179: C1 register allocation error with T_ADDRESS
edf4c9
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
edf4c9
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
edf4c9
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
edf4c9
  - JDK-8241307: Marlin renderer should not be the default in 8u252
edf4c9
edf4c9
Notes on individual issues:
edf4c9
===========================
edf4c9
edf4c9
hotspot/svc:
edf4c9
edf4c9
JDK-8174881: Binary format for HPROF updated 
edf4c9
============================================
edf4c9
edf4c9
When dumping the heap in binary format, HPROF format 1.0.2 is always
edf4c9
used now. Previously, format 1.0.1 was used for heaps smaller than
edf4c9
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
edf4c9
serviceability agent.
edf4c9
edf4c9
security-libs/java.security:
edf4c9
edf4c9
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
edf4c9
====================================================================================
edf4c9
edf4c9
The SunRsaSign and SunJCE providers have been enhanced with support
edf4c9
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
edf4c9
signature and OAEP using FIPS 180-4 digest algorithms. New
edf4c9
constructors and methods have been added to relevant JCA/JCE classes
edf4c9
under the `java.security.spec` and `javax.crypto.spec` packages for
edf4c9
supporting additional RSASSA-PSS parameters.
edf4c9
edf4c9
security-libs/javax.crypto:
edf4c9
edf4c9
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
edf4c9
============================================================
edf4c9
edf4c9
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
edf4c9
edf4c9
security-libs/javax.security:
edf4c9
edf4c9
JDK-8227564: Allow SASL Mechanisms to Be Restricted
edf4c9
===================================================
edf4c9
edf4c9
A security property named `jdk.sasl.disabledMechanisms` has been added
edf4c9
that can be used to disable SASL mechanisms. Any disabled mechanism
edf4c9
will be ignored if it is specified in the `mechanisms` argument of
edf4c9
`Sasl.createSaslClient` or the `mechanism` argument of
edf4c9
`Sasl.createSaslServer`. The default value for this security property
edf4c9
is empty, which means that no mechanisms are disabled out-of-the-box.