This page contains all of the release notes for General Availability (GA) releases and Bundled Patch Release (BPR) builds of JDK 8.
BPR builds are available only as commercial offerings to Oracle customers. They include fixes critical to customers that could not wait until the next scheduled release. Fixes introduced on BPRs are added to later GA releases.
Release date: January 21, 2025
The full version string for this update release is 1.8.0_441-perf-b09 (where "b" means "build"). The version number is 1.8.0_441-perf.
JDK 8u441 contains IANA time zone data 2024b which contains the following changes since the previous update.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u441 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_441-perf-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u441) be used after the next critical patch update scheduled for April 15, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u441) on 2025-05-15. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The ClassLoadingMXBean::setVerbose(boolean enabled)
method will set class+load*
logging on log output stdout
to level info
if enabled
is true, and to level off
otherwise. In contrast, the isVerbose
method would check if exactly class+load
logging was enabled at the info
level on _any_ log output. This could result in counter-intuitive behavior when logging class+load=info
to a file via the command-line, as it caused isVerbose
to return true, even after a call to setVerbose(false)
had been made. A similar problem existed for the MemoryMXBean::isVerbose
method. Starting with this release, the behavior is as follows:
ClassLoadingMXBean::isVerbose
will return true only if class+load*
logging (note the wildcard use) has been enabled at the `info` level (or above) on the stdout
log output.MemoryMXBean::isVerbose
will return true only if gc
logging has been enabled at the info
level (or above) on the stdout
log output.
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8337066 | hotspot/compiler | Repeated call of StringBuffer.reverse with double byte string returns wrong result |
2 | JDK-8335709 | hotspot/compiler | C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop |
3 | JDK-8315988 | hotspot/gc | Parallel: Make TestAggressiveHeap use createTestJvm |
4 | JDK-8338389 | hotspot/jfr | [JFR] Long strings should be added to the string pool |
5 | JDK-8319818 | hotspot/runtime | Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) |
6 | JDK-8340387 | hotspot/runtime | Update OS detection code to recognize Windows Server 2025 |
7 | JDK-8337410 | hotspot/test | The makefiles should set problemlist and adjust timeout basing on the given VM flags |
Release date: January 21, 2025
The full version string for this update release is 1.8.0_441-b07 (where "b" means "build"). The version number is 8u441. This JDK conforms to version 8.6 of the Java SE Specification (JSR 337 MR 6 2024-07-02).
JDK 8u441 contains IANA time zone data 2024b which contains the following changes since the previous update.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u441 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_441-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u441) be used after the next critical patch update scheduled for April 15, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u441) on 2025-05-15. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
This release, JDK and JRE 8 update 441, is the last release to bundle JavaFX. As announced in 2020, support for JavaFX on JDK 8, the last commercially supported version of JavaFX from Oracle, will end in March 2025. Accordingly, JDK 8 update 441 is the last upgrade of JDK/JRE 8 with JavaFX. Oracle continues to develop and release JavaFX as stand-alone modules via the OpenJFX project for the latest versions of Java only. For more details see the Java SE Spring 2024 Roadmap Update. Please contact Oracle Sales if you have any additional needs.
ProcessBuilder
on Windows Quotes Argument Strings Containing Any Space Character
(JDK-8335428 (not public))
On Windows, the ProcessBuilder
has expanded the quoting of argument strings when starting a process to ensure they are recognized by the application as a single command argument. The set of space characters has been expanded from space (0x20) to include all space characters as defined by java.lang.Character.isSpaceChar
, which includes all Unicode space separator characters, such as EN-SPACE (0x2002), and line separator and paragraph separator characters.
IANA Time Zone Database has been upgraded to 2024b. This version mainly includes changes to improve historical data for Mexico, Mongolia, and Portugal. It also changes one timestamp abbreviation, for the time zone 'MET'. Also Asia/Choibalsan is now an alias for Asia/Ulaanbaatar.
The new tzdata changes also impact some legacy time zone IDs. As per 2024b changes "EST" links to "America/Panama", "HST" links to "Pacific/Honolulu" and "MST" links to "America/Phoenix". To maintain compatibility with the Java SE specification, the java.time.ZoneId.SHORT_IDS
Map has not changed. Further details are available at JDK-8342331
Library | New Version | Module | JBS |
---|---|---|---|
Pipewire | 0.3.68 | java.desktop | JDK-8280982 |
Sparkle | 2.6.4 | JDK-8342000 (not public) | |
GStreamer | 1.24.6 | javafx.media | JDK-8336940 |
Glib | 2.80.4 | javafx.media | JDK-8336939 |
libFFI | 3.4.6 | javafx.media | JDK-8336938 |
libxslt | 1.1.42 | javafx.web | JDK-8336941 |
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u441 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8280993 | client-libs/java.awt | [XWayland] Popup is not closed on click outside of area controlled by XWayland |
2 | JDK-8309756 | client-libs/java.awt | Occasional crashes with pipewire screen capture on Wayland |
3 | JDK-8313697 | client-libs/java.awt | [XWayland][Screencast] consequent getPixelColor calls are slow |
4 | JDK-8331011 | client-libs/java.awt | [XWayland] TokenStorage fails under Security Manager |
5 | JDK-8321176 | client-libs/java.awt | [Screencast] make a second attempt on screencast failure |
6 | JDK-8280994 | client-libs/java.awt | [XWayland] Drag and Drop does not work in java -> wayland app direction |
7 | JDK-8158380 | client-libs/java.awt | [macosx] Regression: java/awt/List/ActionEventTest/ActionEventTest.java |
8 | JDK-8215921 | client-libs/java.awt | There is no change when select different Foreground and Background by mouse. |
9 | JDK-8014503 | client-libs/java.awt | AWT Choice implementation should be made consistent across platforms. |
10 | JDK-8280982 | client-libs/java.awt | [Wayland] [XWayland] java.awt.Robot taking screenshots |
11 | JDK-8329667 | client-libs/javax.accessibility | [macos] Issue with JTree related fix for JDK-8317771 |
12 | JDK-8319103 | client-libs/javax.swing | Popups that request focus are not shown on Linux with Wayland |
13 | JDK-8079841 | core-libs/java.util.jar | Buffer underflow with empty zip entry names |
14 | JDK-8219448 | hotspot/compiler | split-if update_uses accesses stale idom data |
15 | JDK-8340387 | hotspot/runtime | Update OS detection code to recognize Windows Server 2025 |
16 | JDK-8338701 | javafx/media | Provide media support for libavcodec version 61 |
17 | JDK-8337481 | javafx/web | File API: file.name contains path instead of name |
18 | JDK-8340208 | javafx/web | Additional WebKit 619.1 fixes from WebKitGTK 2.44.4 |
19 | JDK-8334124 | javafx/web | Rendering issues with CSS "text-shadow" in WebView |
20 | JDK-8328723 | security-libs/java.security | IP Address error when client enables HTTPS endpoint check on server socket |
The following sections summarize changes made in all Java SE 8u431 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8215757 | hotspot | compiler | C2: PhaseIdealLoop::create_new_if_for_predicate() computes wrong IDOM |
JDK-8219448 | hotspot | compiler | split-if update_uses accesses stale idom data |
Release date: October 15, 2024
The full version string for this update release is 1.8.0_431-perf-b11 (where "b" means "build"). The version number is 1.8.0_431-perf.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u431 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_431-perf-b11 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u431) be used after the next critical patch update scheduled for January 21, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u431) on 2025-02-21. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The java.security.debug
system property now accepts arguments which add thread ID, thread name, caller information, and timestamp information to debug statements for all components or a specific component.
+timestamp
can be appended to debug options to print a timestamp for that debug option. +thread
can be appended to debug options to print thread and caller information for that debug option.
Examples: -Djava.security.debug=all+timestamp+thread
adds timestamp and thread information to every debug statement generated.
-Djava.security.debug=properties+timestamp
adds timestamp information to every debug statement generated for the properties
component.
You can also specify -Djava.security.debug=help
which will display a complete list of supported components and arguments.
See Printing Thread and Timestamp Information for more information.
Fixed the issue with entries in the "java" and "javac" groups not being properly managed during an RPM upgrade.
Upgrading from an older Java RPM installed into a shared directory (/usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH}
) to a Java RPM installing into a version-specific directory (/usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}
), results in the older Java entries in the "java" and "javac" groups not being deleted.
The issue does not manifest until the new Java is uninstalled. When it is uninstalled and Java from the lower release is installed, running Java commands like java
or keytool
without the full path specified will result in the "command not found" error. For example, install 21.0.3; upgrade it to 21.0.4; uninstall 21.0.4; install any Java update of 17 or 11 or 8 release; run "java" from the command line. The command will fail with the "command not found" error.
Manually delete orphan Java entries in the "java" and "javac" groups to workaround the issue.
The following root certificates have been added to the cacerts truststore:
+ SSL.com
+ ssltlsrootecc2022
DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
+ SSL.com
+ ssltlsrootrsa2022
DN: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
This JDK release relaxes the specification of java.awt.Robot
to account for possible platform and desktop environment access restrictions or limitations.
In the JDK, java.text.MessageFormat
now has an implementation limit for the ArgumentIndex
pattern element. The hard limit for the value is 10,000.
If an ArgumentIndex
value is equal to or exceeds the upper limit, an IllegalArgumentException
will now be thrown by
MessageFormats
constructorsapplyPattern(String pattern)
instance methodformat(String pattern, Object... arguments)
static methodDe-serializing a MessageFormat
object with an ArgumentIndex
value at or over the limit will throw an InvalidObjectException
.
The showSettings
launcher option no longer prints available locales information by default, when -XshowSettings
is used. The -XshowSettings:locale
option will continue to print all settings related to available locales.
New, default limits have been added to HTTP in the JDK.
The JDK built-in implementation of the URL protocol handler for HTTP (HttpURLConnection
) now has a default limit on the maximum response headers size that will be accepted from a remote party. The limit is set by default at 384kB (393216 bytes) and is computed as the cumulative size of all header names and header values plus an overhead of 32 bytes per header name value pair.
The default value of the limit can be changed by specifying a positive value with the jdk.http.maxHeaderSize
system property on the command line, or in the conf/net.properties file. A negative or zero value is interpreted as no limit. If the limit is exceeded, the request will fail with a protocol exception.
The JDK built-in implementation of the com.sun.net.httpserver.HttpServer
implements a similar limit for the maximum request header size the server is prepared to accept. The HttpServer
limit can be changed by specifying a positive value with the sun.net.httpserver.maxReqHeaderSize
system property on the command line. A negative or zero value is interpreted as no limit. The limit is set by default at 384kB (393216 bytes) and the size is computed in the same way as explained above. If the limit is exceeded, the connection is closed.
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8005885 | hotspot/compiler | enhance PrintCodeCache to print more data |
2 | JDK-8329126 | hotspot/compiler | No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 |
Release date: October 15, 2024
The full version string for this update release is 1.8.0_431-b10 (where "b" means "build"). The version number is 8u431.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u431 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_431-b10 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u431) be used after the next critical patch update scheduled for January 21, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u431) on 2025-02-21. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Fixed the issue with entries in the "java" and "javac" groups not being properly managed during an RPM upgrade.
Upgrading from an older Java RPM installed into a shared directory (/usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH}
) to a Java RPM installing into a version-specific directory (/usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}
), results in the older Java entries in the "java" and "javac" groups not being deleted.
The issue does not manifest until the new Java is uninstalled. When it is uninstalled and Java from the lower release is installed, running Java commands like java
or keytool
without the full path specified will result in the "command not found" error. For example, install 21.0.3; upgrade it to 21.0.4; uninstall 21.0.4; install any Java update of 17 or 11 or 8 release; run "java" from the command line. The command will fail with the "command not found" error.
Manually delete orphan Java entries in the "java" and "javac" groups to workaround the issue.
New, default limits have been added to HTTP in the JDK.
The JDK built-in implementation of the URL protocol handler for HTTP (HttpURLConnection
) now has a default limit on the maximum response headers size that will be accepted from a remote party. The limit is set by default at 384kB (393216 bytes) and is computed as the cumulative size of all header names and header values plus an overhead of 32 bytes per header name value pair.
The default value of the limit can be changed by specifying a positive value with the jdk.http.maxHeaderSize
system property on the command line, or in the conf/net.properties file. A negative or zero value is interpreted as no limit. If the limit is exceeded, the request will fail with a protocol exception.
The JDK built-in implementation of the com.sun.net.httpserver.HttpServer
implements a similar limit for the maximum request header size the server is prepared to accept. The HttpServer
limit can be changed by specifying a positive value with the sun.net.httpserver.maxReqHeaderSize
system property on the command line. A negative or zero value is interpreted as no limit. The limit is set by default at 384kB (393216 bytes) and the size is computed in the same way as explained above. If the limit is exceeded, the connection is closed.
The following root certificates have been added to the cacerts truststore:
+ SSL.com
+ ssltlsrootecc2022
DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
+ SSL.com
+ ssltlsrootrsa2022
DN: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
The TLS_ECDH cipher suites have been disabled by default, by adding "ECDH" to the jdk.tls.disabledAlgorithms
security property in the java.security
configuration file. The TLS_ECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note that some TLS_ECDH cipher suites were already disabled because they use algorithms that are disabled, such as 3DES and RC4. This action disables the rest. Any attempts to use cipher suites starting with "TLS_ECDH_" will fail with an SSLHandshakeException
. Users can, at their own risk, re-enable these cipher suites by removing "ECDH" from the jdk.tls.disabledAlgorithms
security property.
Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.
The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust.
TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected.
The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024.
An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:
TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust root CA: CN=Entrust.net Certification Authority (2048),
OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the jdk.security.caDistrustPolicies
security property in the java.security
configuration file.
The restrictions are imposed on the following Entrust Root certificates included in the JDK:
Distinguished Name | SHA-256 Fingerprint |
---|---|
CN=Entrust Root Certification Authority, OU=(c) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, O=Entrust, Inc., C=US |
73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C |
CN=Entrust Root Certification Authority - EC1, OU=(c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US |
02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 |
CN=Entrust Root Certification Authority - G2, OU=(c) 2009 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US |
43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 |
CN=Entrust Root Certification Authority - G4, OU=(c) 2015 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US |
DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 |
CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net |
6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 |
CN=AffirmTrust Commercial, O=AffirmTrust, C=US |
03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7 |
CN=AffirmTrust Networking, O=AffirmTrust, C=US |
0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B |
CN=AffirmTrust Premium, O=AffirmTrust, C=US |
70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A |
CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US |
BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23 |
You can also use the keytool
utility from the JDK to print out details of the certificate chain, as follows:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server.
This JDK release relaxes the specification of java.awt.Robot
to account for possible platform and desktop environment access restrictions or limitations.
This JDK implements Maintenance Release 6 of the Java SE 8 specification JSR 337. This is indicated by the system property java.specification.maintenance.version
having the value of "6"
.
In the JDK, java.text.MessageFormat
now has an implementation limit for the ArgumentIndex
pattern element. The hard limit for the value is 10,000.
If an ArgumentIndex
value is equal to or exceeds the upper limit, an IllegalArgumentException
will now be thrown by
MessageFormats
constructorsapplyPattern(String pattern)
instance methodformat(String pattern, Object... arguments)
static methodDe-serializing a MessageFormat
object with an ArgumentIndex
value at or over the limit will throw an InvalidObjectException
.
There are some scenarios where upgrading from a JRE version 8u361 or below to a newer JRE version of Java 8 may break some of the Windows registry keys for the Java Runtime Environment. The Java Uninstall Tool will repair such situations, regardless if a JRE is selected for uninstall or not.
Library | New Version | Module | JBS |
---|---|---|---|
GIFlib | 5.2.2 | JDK-8328999 | |
Libpng | 1.6.43 | JDK-8329004 | |
Libxml2 | 2.12.17 | JDK-8332539 | |
WebKit | 619.1 | JDK-8328994 |
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u431 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8325179 | client-libs/javax.swing | Race in BasicDirectoryModel.validateFileCache |
2 | JDK-8328953 | client-libs/javax.swing | JEditorPane.read throws ChangedCharSetException |
3 | JDK-8330415 | core-libs/java.lang | Update system property for Java SE specification maintenance version |
4 | JDK-8267938 | core-libs/java.net | (sctp) SCTP channel factory methods should check platform support |
5 | JDK-8299058 | core-libs/java.net | AssertionError in sun.net.httpserver.ServerImpl when connection is idle |
6 | JDK-8332424 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2024-05-16 |
7 | JDK-8334418 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2024-06-14 |
8 | JDK-8334653 | core-libs/java.util:i18n | ISO 4217 Amendment 177 Update |
9 | JDK-8337230 | docs/guides | Update JSSE security and system properties in Customizing JSSE |
10 | JDK-8202948 | hotspot/compiler | C2: assert(init_offset >= 0) failed: positive offset from object start |
11 | JDK-8330462 | javafx/accessibility | StringIndexOutOfBoundException when typing anything into TextField |
12 | JDK-8331881 | javafx/web | WebView: Update Public Suffix List to 1cbd6e7 |
13 | JDK-8329011 | javafx/web | Update SQLite to 3.45.3 |
14 | JDK-8338306 | javafx/web | WebView Drag and Drop fails with WebKit 619.1 |
15 | JDK-8338307 | javafx/web | Additional WebKit 619.1 fixes from WebKitGTK 2.44.3 |
16 | JDK-8331765 | javafx/web | Websocket callbacks are not executed after WebKit 617.1 update |
17 | JDK-8261433 | security-libs/javax.crypto:pkcs11 | Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit |
18 | JDK-8219991 | security-libs/javax.net.ssl | New fix of the deadlock in sun.security.ssl.SSLSocketImpl |
19 | JDK-8341059 | security-libs/javax.net.ssl | Change Entrust TLS distrust date to November 12, 2024 |
The following sections summarize changes made in all Java SE 8u421 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8336952 (not public) | install | jre msi installer can fail if run after using MSI Advertise option |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8336107 (not public) | install | JDK rpm upgrade from 11.0.23 to 11.0.25 leaves "orphan" alternatives entry |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8331765 | javafx | web | Websocket callbacks are not executed after WebKit 617.1 update |
JDK-8333859 | core-libs | java.util.jar | Pack200.newUnpacker().unpack() throws IOException |
JDK-8333447 (not public) | install | install | "alternatives" uninstallation results into intermittent “Java not available” issues |
The following sections summarize changes made in Java SE 8u421 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8333859 | core-libs | java.util.jar | Pack200.newUnpacker().unpack() throws IOException |
Release date: July 16, 2024
The full version string for this update release is 8u421-perf-b07 (where "b" means "build"). The version number is 8u421-perf.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u421 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u421-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u421) be used after the next critical patch update scheduled for October 15, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u421) on 2024-11-15. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The following root certificates have been added to the cacerts truststore:
+ GlobalSign
+ globalsignr46
DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
+ GlobalSign
+ globalsigne46
DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
DTLS 1.0 has been disabled by default, by adding "DTLSv1.0" to the jdk.tls.disabledAlgorithms
security property in the java.security
configuration file. DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. Any attempts to use DTLSv1.0 will fail with an SSLHandshakeException
. Users can, at their own risk, re-enable the version by removing "DTLSv1.0" from the jdk.tls.disabledAlgorithms
security property.
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8321599 | hotspot/compiler | Data loss in AVX3 Base64 decoding |
2 | JDK-8310844 | hotspot/compiler | [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate |
3 | JDK-8324050 | hotspot/compiler | Issue store-store barrier after re-materializing objects during deoptimization |
4 | JDK-8326638 | hotspot/compiler | Crash in PhaseIdealLoop::remix_address_expressions due to unexpected Region instead of Loop |
5 | JDK-8319372 | hotspot/compiler | C2 compilation fails with "Bad immediate dominator info" |
6 | JDK-8282414 | hotspot/compiler | x86: Enhance the assembler to generate more compact instructions |
7 | JDK-8298129 | hotspot/jfr | Let checkpoint event sizes grow beyond u4 limit |
8 | JDK-8298649 | hotspot/jfr | JFR: RemoteRecordingStream support for checkpoint event sizes beyond u4 |
9 | JDK-8286740 | hotspot/jfr | JFR: Active Setting event emitted incorrectly |
10 | JDK-8326106 | hotspot/jfr | Write and clear stack trace table outside of safepoint |
11 | JDK-8298472 | hotspot/runtime | AArch64: Detect Ampere-1 and Ampere-1A CPUs and set default options |
12 | JDK-8278241 | hotspot/runtime | Implement JVM SpinPause on linux-aarch64 |
13 | JDK-8296437 | hotspot/runtime | NMT incurs costs if disabled |
14 | JDK-8327036 | hotspot/runtime | [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 |
15 | JDK-8319048 | hotspot/runtime | Monitor deflation unlink phase prolongs time to safepoint |
16 | JDK-8324933 | hotspot/runtime | ConcurrentHashTable::statistics_calculate synchronization is expensive |
Release date: July 16, 2024
The full version string for this update release is 8u421-b09 (where "b" means "build"). The version number is 8u421.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u421 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u421-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u421) be used after the next critical patch update scheduled for October 15, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u421) on 2024-11-15. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Debug log files for Java Updater
and JCP
have been added to the directory $HOME/Library/Application Support/Oracle/Java/Java Updater/
for macOS x64 and aarch64. Logs for Java Updater
and JCP
are separated into two log files: JavaUpdaterLog.txt
and JCPUpdateLog.txt
.
JavaUpdaterLog.txt
is generated and logs debug lines if it does not already exist when Java Updater
is run. Likewise, JCPUpdateLog.txt
is generated and logs debug lines if it does not already exist when Java Control Panel is run.
If a log file already exists for Java Updater
or JCP
, the newly logged debug lines are appended at the end of the log file. Each log session has a header with a timestamp of when the application was run.
-XshowSettings
Launcher Option
(JDK-8281658)
The -XshowSettings
launcher has a new security
category. Settings from security properties, security providers and TLS related settings are displayed with this option. A security sub-category can be passed as an argument to the security category option. See the output from java -X
:
-XshowSettings:security
show all security settings and continue
-XshowSettings:security:*sub-category*
show settings for the specified security sub-category and continue. Possible *sub-category* arguments for this option include:
all: show all security settings and continue
properties: show security properties and continue
providers: show static security provider settings and continue
tls: show TLS related security settings and continue
Third party security provider details will be reported if they are included in the application class path or module path and such providers are configured in the java.security
file.
On Windows, once the feature “Use certificates and keys in browser keystore” is enabled (which it is by default), Java WebStart and Java Plugin can access the certificates that are currently trusted by the local machine. There is no guarantee that the full list of trusted certificates is available, since the certificates are dynamically loaded. As a result, Java applets and Java WebStart applications might experience signature validation and secure connection issues caused by a lack of relevant certificates since the Deployment framework can only access the certificates that are 'active' at the time of an application's launch.
To allow the java
, javaw
, and javaws
executables to be run from any location, the JRE 8 Windows installers copy java.exe
, javaw.exe
, and javaws.exe
helper files into the following directory:
C:\Program Files (x86)\Common Files\Oracle\Java\java8path
Also, the system PATH variable is updated to include this location.
These helper files are lightweight executables that launch the latest version installed. They pass any commandline arguments along to the real executables in the bin directory. They are not specificially tied to a version other than the FileVersion of the exe. The installers will leave the latest versions of the shims in this location until the last Java 8 is uninstalled.
Note: In 8u411 and later releases, the directory name was changed from "javapath" to "java8path" to ensure compatibility with newer JDK family versions.
Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons
, /usr/share/mime
, and /usr/share/applications
subtrees.
STATIC=1
Argument to the JRE Installer
(JDK-8313223 (not public))
This fix will add the STATIC=1
installer argument and deprecating the RETAIN_ALL_VERSIONS=1
installer argument. Passing STATIC=1
will protect older JRE 8 versions from being uninstalled during a manual upgrade or an auto-update.
The "Obsoletes" tag has been removed from "jdk-1.8" and "jre-1.8" RPM packages.
New stub "jdk1.8" and "jre1.8" RPM packages have been provided. These are the pre-8u371 names without a dash. These packages do not install any files, but require corresponding update releases for "jdk-1.8" and "jre-1.8" packages, the post-8u371 name with the dash, respectively.
Users who only have 8u371 or newer RPM packages installed do not need to use the new stub "jdk1.8" or "jre1.8" RPM packages, and will not be affected by this change.
Users who install the new stub "jdk1.8" package and would like to downgrade it to 8u361 or an older version, will need to first manually uninstall the "jdk-1.8" package before the downgrade to prevent the side-by-side installation of older and newer Java 8 JDK RPM packages. The same applies to the "jre1.8" and "jre-1.8" packages.
If the "jdk-1.8" package is stored in an RPM repository, maintainers of the repository need to place an additional stub "jdk1.8" package next to "jdk-1.8" in that RPM repository. The same applies to the "jre1.8" and "jre-1.8" packages.
Users who install the "jdk-1.8" package from something other than an RPM repository need to specify paths to the RPM files with "jdk1.8" and "jdk-1.8" packages in a single update command if they would like to upgrade from 8u361 or older "jdk1.8" package. The same applies to the "jre1.8" and "jre-1.8" packages.
The following root certificates have been added to the cacerts truststore:
+ GlobalSign
+ globalsignr46
DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
+ GlobalSign
+ globalsigne46
DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
RPATH
Instead of RUNPATH
(JDK-8326891)
Native executables and libraries on Linux have switched to using RPATH
instead of RUNPATH
in this release.
JDK native executables and libraries use embedded runtime search paths to locate other internal JDK native libraries. On Linux these can be defined as either RPATH
or RUNPATH
. The main difference is that the dynamic linker considers RPATH
before the LD_LIBRARY_PATH
environment variable, while RUNPATH
is only considered after LD_LIBRARY_PATH
.
By making the change to using RPATH
, it is no longer possible to replace JDK internal native libraries using LD_LIBRARY_PATH
.
The installation directory name of the Oracle JDK in RPM and DEB packages has changed from /usr/lib/jvm/jdk-1.8-oracle-${ARCH}
to /usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}
.
The installation directory name of the Oracle JRE in RPM and DEB packages has changed from /usr/lib/jvm/jre-1.8-oracle-${ARCH}
to /usr/lib/jvm/jre-${VERSION}-oracle-${ARCH}
.
Every update release will be installed in a separate directory on Linux platforms.
Installers will create a /usr/java/jdk-1.8-oracle-${ARCH}
link pointing to the installation directory to allow programs to find the latest JDK8 version.
Installers will create a /usr/java/jre-1.8-oracle-${ARCH}
link pointing to the installation directory to allow programs to find the latest JRE8 version.
The JRE will be installed in the following location, C:\Program Files\Java\jre$fullversion
, where $fullversion
is the technical version of the JRE. For instance, 8u421 will install into C:\Program Files\Java\jre1.8.0_421
.
"C:\Program Files"
will be adjusted to "C:\Program Files (x86)"
for 32-bit Java.
For 64-bit installs, a junction will be created at C:\Program Files\Java\latest\jre-1.8
. It will point to the latest 64-bit JRE of the Java 8 family.
For 32-bit installs, a junction will be created at C:\Program Files (x86)\Java\latest\jre-1.8
. It will point to the latest 32-bit JRE of the Java 8 family.
This change of the JRE installation directories will also be reflected in the public JRE that is shipped with the JDK installer. Such changes were part of STATIC support implementation introduced in the 8u421 release.
Library | New Version | Module | JBS |
---|---|---|---|
ICU4C | 74.2 | javafx | JDK-8324326 |
LCMS | 2.16 | java.desktop | JDK-8321489 |
JPEG Image Decoding Software | 9f | java.desktop | JDK-8324233 |
Zlib Data Compression Library | 1.3.1 | java.base | JDK-8324632 |
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u421 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8317771 | client-libs/javax.accessibility | [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma |
2 | JDK-8296878 | client-libs/javax.swing | Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters |
3 | JDK-8218917 | client-libs/javax.swing | KeyEvent.getModifiers() returns inconsistent values for ALT keys |
4 | JDK-8322239 | client-libs/javax.swing | [macos] a11y : java.lang.NullPointerException is thrown when focus is moved on the JTabbedPane |
5 | JDK-8318599 | core-libs/java.net | HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809 |
6 | JDK-8180310 | core-libs/java.rmi | [testlibrary] TestSocketFactory null pointer when updating match bytes |
7 | JDK-8324632 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.3.1 |
8 | JDK-8315117 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.3 |
9 | JDK-8318322 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-10-16 |
10 | JDK-8304761 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-03-22 |
11 | JDK-8302512 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-02-14 |
12 | JDK-8306031 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-04-13 |
13 | JDK-8308021 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-05-11 |
14 | JDK-8327631 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2024-03-07 |
15 | JDK-8313702 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-08-02 |
16 | JDK-8325029 | core-libs/javax.naming | Connection.java now requires custom socket factories to implement javax.net.SocketFactory |
17 | JDK-8285835 | hotspot/compiler | SIGSEGV in PhaseIdealLoop::build_loop_late_post_work |
18 | JDK-8287432 | hotspot/compiler | C2: assert(tn->in(0) != __null) failed: must have live top node |
19 | JDK-8197901 | hotspot/runtime | Crash during GC when logging level is debug |
20 | JDK-8059924 | hotspot/runtime | com/sun/management/DiagnosticCommandMBean/DcmdMBeanPermissionsTest.java: assert(Universe::verify_in_progress() || !SafepointSynchronize::is_at_safepoint()) failed: invariant |
21 | JDK-8329705 | javafx/accessibility | Add missing Application thread checks to platform specific a11y methods |
22 | JDK-8309374 | javafx/accessibility | Accessibility Focus Rectangle on ListItem is not drawn when ListView is shown for first time |
23 | JDK-8311492 | javafx/graphics | FontSmoothingType LCD produces wrong color when transparency is used |
24 | JDK-8324233 | javafx/graphics | Update JPEG Image Decoding Software to 9f |
25 | JDK-8324326 | javafx/web | Update ICU4C to 74.2 |
26 | JDK-8327177 | javafx/window-toolkit | macOS: wrong GlobalRef deleted in GlassMenu |
27 | JDK-8326643 | security-libs/java.security | JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message |
28 | JDK-8312383 | security-libs/javax.net.ssl | Log X509ExtendedKeyManager implementation class name in TLS/SSL connection |
29 | JDK-8247907 | security-libs/javax.xml.crypto | XMLDsig logging does not work |
30 | JDK-8303809 | security-libs/org.ietf.jgss | Dispose context in SPNEGO NegotiatorImpl |
The following sections summarize changes made in all Java SE 8u411 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
Fixes from the prior BPR are included in this version.
Release date: April 16, 2024
The full version string for this update release is 8u411-perf-b08 (where "b" means "build"). The version number is 8u411-perf.
JDK 8u411 contains IANA time zone data 2024a which contains the following changes:
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u411 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u411-perf-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u411) be used after the next critical patch update scheduled for July 16, 2024.
Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider Java Management Service (JMS).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u411-perf) on 2024-08-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The XML Signature implementation has been updated to Santuario 3.0.3. Support for four new SHA-3 based RSA-MGF1 signature methods have been added: SHA3_224_RSA_MGF1
, SHA3_256_RSA_MGF1
, SHA3_384_RSA_MGF1
, and SHA3_512_RSA_MGF1
. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod
in the JDK update releases, they may be represented as string literals in order to be functionally equivalent. SHA-3 hash algorithm support was delivered to JDK 9 via JEP 287. Releases earlier than that may use third party security providers.
Additionally, support for the following EdDSA signatures has been added: ED25519
and ED448
. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod
in the JDK Update releases, they may be represented as string literals in order to be functionally equivalent. The JDK supports EdDSA since JDK 15. Releases earlier than that may use 3rd party security providers. One other difference is that the JDK still supports the here()
function by default. However, we recommend avoiding the use of the here()
function in new signatures and replacing existing signatures that use the here()
function. Future versions of the JDK will likely disable, and eventually remove, support for this function, as it cannot be supported using the standard Java XPath API. Users can now disable the here()
function by setting the security property jdk.xml.dsig.hereFunctionSupported
to "false".
The java.awt.SystemTray
API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that.
Therefore, in accordance with the existing Java SE specification, java.awt.SystemTray.isSupported()
will return false where ever the JDK determines the platform bug is likely to be present.
The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.
The following root certificates have been added to the cacerts truststore:
+ Certainly
+ certainlyrootr1
DN: CN=Certainly Root R1, O=Certainly, C=US
+ Certainly
+ certainlyroote1
DN: CN=Certainly Root E1, O=Certainly, C=US
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8271118 | hotspot/compiler | C2: StressGCM should have higher priority than frequency-based policy |
2 | JDK-8316679 | hotspot/compiler | C2 SuperWord: wrong result, load should not be moved before store if not comparable |
3 | JDK-8274060 | hotspot/compiler | C2: Incorrect computation after JDK-8273454 |
4 | JDK-8273454 | hotspot/compiler | C2: Transform (-a)*(-b) into a*b |
5 | JDK-8315920 | hotspot/compiler | C2: "control input must dominate current control" assert failure |
6 | JDK-8297968 | hotspot/compiler | Crash in PrintOptoAssembly |
7 | JDK-8321215 | hotspot/compiler | Incorrect x86 instruction encoding for VSIB addressing mode |
8 | JDK-8316414 | hotspot/compiler | C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 |
9 | JDK-8320209 | hotspot/compiler | VectorMaskGen clobbers rflags on x86_64 |
10 | JDK-8318889 | hotspot/compiler | C2: add bailout after assert Bad graph detected in build_loop_late |
11 | JDK-8317507 | hotspot/compiler | C2 compilation fails with "Exceeded _node_regs array" |
12 | JDK-8277919 | hotspot/jfr | OldObjectSample event causing bloat in the class constant pool in JFR recording |
13 | JDK-8287113 | hotspot/jfr | JFR: Periodic task thread uses period for method sampling events |
14 | JDK-8322321 | hotspot/runtime | Add man page doc for -XX:+VerifySharedSpaces |
15 | JDK-8312585 | hotspot/runtime | Rename DisableTHPStackMitigation flag to THPStackMitigation |
16 | JDK-8312182 | hotspot/runtime | THPs cause huge RSS due to thread start timing issue |
17 | JDK-8312620 | hotspot/runtime | WSL Linux build crashes after JDK-8310233 |
18 | JDK-8312394 | hotspot/runtime | [linux] SIGSEGV if kernel was built without hugepage support |
19 | JDK-8323243 | hotspot/runtime | JNI invocation of an abstract instance method corrupts the stack |
Release date: April 16, 2024
The full version string for this update release is 8u411-b09 (where "b" means "build"). The version number is 8u411.
JDK 8u411 contains IANA time zone data 2024a which contains the following changes:
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u411 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u411-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u411) be used after the next critical patch update scheduled for July 16, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u411) on 2024-08-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The XML Signature implementation has been updated to Santuario 3.0.3. Support for four new SHA-3 based RSA-MGF1 signature methods have been added: SHA3_224_RSA_MGF1
, SHA3_256_RSA_MGF1
, SHA3_384_RSA_MGF1
, and SHA3_512_RSA_MGF1
. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod
in the JDK update releases, they may be represented as string literals in order to be functionally equivalent. SHA-3 hash algorithm support was delivered to JDK 9 via JEP 287. Releases earlier than that may use third party security providers.
Additionally, support for the following EdDSA signatures has been added: ED25519
and ED448
. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod
in the JDK Update releases, they may be represented as string literals in order to be functionally equivalent. The JDK supports EdDSA since JDK 15. Releases earlier than that may use 3rd party security providers. One other difference is that the JDK still supports the here()
function by default. However, we recommend avoiding the use of the here()
function in new signatures and replacing existing signatures that use the here()
function. Future versions of the JDK will likely disable, and eventually remove, support for this function, as it cannot be supported using the standard Java XPath API. Users can now disable the here()
function by setting the security property jdk.xml.dsig.hereFunctionSupported
to "false".
The java.awt.SystemTray
API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that.
Therefore, in accordance with the existing Java SE specification, java.awt.SystemTray.isSupported()
will return false where ever the JDK determines the platform bug is likely to be present.
The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.
The following root certificates have been added to the cacerts truststore:
+ Certainly
+ certainlyrootr1
DN: CN=Certainly Root R1, O=Certainly, C=US
+ Certainly
+ certainlyroote1
DN: CN=Certainly Root E1, O=Certainly, C=US
The XML Signature secure validation mode has been enabled by default (previously it was not enabled by default unless running with a security manager). When enabled, validation of XML signatures are subject to stricter checking of algorithms and other constraints as specified by the jdk.xml.dsig.secureValidationPolicy
security property.
If necessary, and at their own risk, applications can disable the mode by setting the org.jcp.xml.dsig.secureValidation
property to Boolean.FALSE
with the DOMValidateContext.setProperty()
API.
Library | New Version | Module | JBS |
---|---|---|---|
Libxslt | 1.1.39 | javafx | JDK-8318388 |
WebKit | 617.1 | javafx | JDK-8318614 |
Glib | 2.78.1 | javafx | JDK-8318386 |
GStreamer | 1.22.6 | javafx | JDK-8318387 |
libpng | 1.6.40 | java.desktop | JDK-8316030 |
Joni | 2.2.1 | jdk.scripting.nashorn | JDK-8322094 |
Xalan Java | 2.7.3 | java.xml | JDK-8305814 |
XML Security for Java | 3.0.3 | java.xml.crypto | JDK-8319124 |
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u411 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8318951 | client-libs/2d | Additional negative value check in JPEG decoding |
2 | JDK-8152924 | core-libs/java.util.concurrent | Improve scalability of CompletableFuture with large number of dependents |
3 | JDK-8186464 | core-libs/java.util.jar | ZipFile cannot read some InfoZip ZIP64 zip files |
4 | JDK-8321480 | core-libs/java.util:i18n | ISO 4217 Amendment 176 Update |
5 | JDK-8260556 | docs/guides | Update Security Guide for Enable XML Signature secure validation mode by default |
6 | JDK-8244207 | hotspot/compiler | Simplify usage of Compile::print_method() when debugging with gdb and enable its use with rr |
7 | JDK-8144856 | hotspot/compiler | fix assert in CompiledStaticCall::set_to_interpreted |
8 | JDK-8236772 | hotspot/compiler | Fix build for windows 32-bit after 8212160 and 8234331. |
9 | JDK-8231430 | hotspot/compiler | C2: Memory stomp in max_array_length() for T_ILLEGAL type |
10 | JDK-8318889 | hotspot/compiler | C2: add bailout after assert Bad graph detected in build_loop_late |
11 | JDK-8317507 | hotspot/compiler | C2 compilation fails with "Exceeded _node_regs array" |
12 | JDK-8147611 | hotspot/gc | G1 - Missing memory barrier in start_cset_region_for_worker |
13 | JDK-8061467 | hotspot/gc | Bad page size passed to setup_large_pages() on Solaris |
14 | JDK-8212160 | hotspot/jvmti | JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value" |
15 | JDK-8227277 | hotspot/jvmti | HeapInspection::find_instances_at_safepoint walks dead objects |
16 | JDK-8236124 | hotspot/jvmti | Minimal VM slowdebug build failed after JDK-8212160 |
17 | JDK-8322321 | hotspot/runtime | Add man page doc for -XX:+VerifySharedSpaces |
18 | JDK-8059586 | hotspot/runtime | hs_err report should treat redirected core pattern. |
19 | JDK-8323243 | hotspot/runtime | JNI invocation of an abstract instance method corrupts the stack |
20 | JDK-8067447 | hotspot/svc | Factor out the shared implementation of the VM flags manipulation code |
21 | JDK-8284544 | javafx/accessibility | [Win] Name-Property of Spinner cannot be changed |
22 | JDK-8319079 | javafx/graphics | Missing range checks in decora |
23 | JDK-8320267 | javafx/web | WebView crashes on macOS 11 with WebKit 616.1 |
24 | JDK-8320260 | javafx/web | WebView: Update Public Suffix List to b5bf572 |
25 | JDK-8323879 | javafx/web | constructor Path(Path) which takes another Path object fail to draw on canvas html |
26 | JDK-8324337 | javafx/web | Cherry-pick WebKit 617.1 stabilization fixes |
27 | JDK-8322703 | javafx/web | Intermittent crash in WebView in a JFXPanel from IME calls on macOS |
28 | JDK-8325258 | javafx/web | Additional WebKit 617.1 fixes from WebKitGTK 2.42.5 |
29 | JDK-8323880 | javafx/web | Caret rendered at wrong position in case of a click event on RTL text |
30 | JDK-8326989 | javafx/web | Text selection issues on WebView after WebKit 617.1 |
31 | JDK-8221261 | javafx/window-toolkit | Deadlock on macOS in JFXPanel app when handling IME calls |
32 | JDK-8319669 | javafx/window-toolkit | [macos14] Running any JavaFX app prints Secure coding warning |
33 | JDK-8319727 | other-libs/corba:idl | Harden BufferManagerReadStream underflow logic |
34 | JDK-8307185 | security-libs/javax.crypto:pkcs11 | pkcs11 native libraries make JNI calls into java code while holding GC lock |
35 | JDK-8255867 | security-libs/javax.net.ssl | SignatureScheme JSSE property does not preserve ordering in handshake messages |
36 | JDK-8308245 | tools/javac | Add -proc:full to describe current default annotation processing policy |
37 | JDK-8317815 | xml/jaxp | Xerces-J - Version.java did not get updated in JDK-8282280 |
The following sections summarize changes made in all Java SE 8u401 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8326643 | security-libs | java.security | JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8325580 (not public) | install | install | Remove "alternatives --remove" call from Java rpm installer |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8309374 | javafx | accessibility | Accessibility Focus Rectangle on ListItem is not drawn when ListView is shown for first time |
JDK-8311492 | javafx | graphics | FontSmoothingType LCD produces wrong color when transparency is used |
JDK-8325150 | core-libs | java.time | (tz) Update Timezone Data to 2024a |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8227277 | hotspot | jvmti | HeapInspection::find_instances_at_safepoint walks dead objects |
JDK-8322725 | core-libs | java.time | (tz) Update Timezone Data to 2023d |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8284544 | javafx | accessibility | [Win] Name-Property of Spinner cannot be changed |
JDK-8319727 | other-libs | corba:idl | Harden BufferManagerReadStream underflow logic |
The following sections summarize changes made in Java SE 8u401 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
This BPR contains all of the fixes included in the previous JDK 8 Enterprise Performance Pack BPR.
January 16, 2024
The full version string for this update release is 8u401-perf-b10 (where "b" means "build"). The version number is 8u401-perf.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u401 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u401-perf-b10 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u401) be used after the next critical patch update scheduled for April 16, 2024.
Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider Java Management Service (JMS).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u401-perf) on 2024-05-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A new system property named org.jcp.xml.dsig.secureValidation
has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the XMLCryptoContext
property value.
Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.
When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.
This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine
or -XX:TieredStopAtLevel=[1,2,3]
.
The following root certificates have been added to the cacerts truststore:
+ DigiCert, Inc.
+ digicertcseccrootg5
DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicertcsrsarootg5
DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicerttlseccrootg5
DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicerttlsrsarootg5
DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
The following root certificates have been added to the cacerts truststore:
+ eMudhra Technologies Limited
+ emsignrootcag1
DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
+ eMudhra Technologies Limited
+ emsigneccrootcag3
DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
+ eMudhra Technologies Limited
+ emsignrootcag2
DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
The following root certificate has been added to the cacerts truststore:
+ Let's Encrypt
+ letsencryptisrgx2
DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US
X509KeyManager.chooseClientAlias
Once for All Key Types
(JDK-8262186)
The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias()
only once during handshaking for client authentication, even if there are multiple algorithms requested .
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8299658 | hotspot/compiler | C1 compilation crashes in LinearScan::resolve_exception_edge |
2 | JDK-8301489 | hotspot/compiler | C1: ShortLoopOptimizer might lift instructions before their inputs |
3 | JDK-8313626 | hotspot/compiler | C2 crash due to unexpected exception control flow |
4 | JDK-8313402 | hotspot/compiler | C1: Incorrect LoadIndexed value numbering |
5 | JDK-8312909 | hotspot/compiler | C1 should not inline through interface calls with non-subtype receiver |
6 | JDK-8303279 | hotspot/compiler | C2: crash in SubTypeCheckNode::sub() at IGVN split if |
7 | JDK-8304954 | hotspot/compiler | SegmentedCodeCache fails when using large pages |
8 | JDK-8316178 | hotspot/compiler | Better diagnostic header for CodeBlobs |
9 | JDK-8315377 | hotspot/compiler | C2: assert(u->find_out_with(Op_AddP) == nullptr) failed: more than 2 chained AddP nodes? |
10 | JDK-8316514 | hotspot/compiler | Better diagnostic header for VtableStub |
11 | JDK-8314024 | hotspot/compiler | SIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info |
12 | JDK-8313262 | hotspot/compiler | C2: Sinking node may cause required cast to be dropped |
13 | JDK-8312440 | hotspot/compiler | assert(cast != nullptr) failed: must have added a cast to pin the node |
14 | JDK-8313756 | hotspot/compiler | [BACKOUT] 8308682: Enhance AES performance |
15 | JDK-8313760 | hotspot/compiler | [REDO] Enhance AES performance |
16 | JDK-8308103 | hotspot/compiler | Massive (up to ~30x) increase in C2 compilation time since JDK 17 |
17 | JDK-8307683 | hotspot/compiler | Loop Predication should not hoist range checks with trap on success projection by negating their condition |
18 | JDK-8309119 | hotspot/compiler | [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication |
19 | JDK-8275333 | hotspot/gc | Print count in "Too many recored phases?" assert |
20 | JDK-8316906 | hotspot/gc | Clarify TLABWasteTargetPercent flag |
21 | JDK-8270894 | hotspot/runtime | Use acquire semantics in ObjectSynchronizer::read_stable_mark() |
22 | JDK-8305994 | hotspot/runtime | Guarantee eventual async monitor deflation |
23 | JDK-8309228 | hotspot/runtime | Clarify EXPERIMENTAL flags comment in hotspot/share/runtime/globals.hpp |
24 | JDK-8306825 | hotspot/runtime | Monitor deflation might be accidentally disabled by zero intervals |
25 | JDK-8279545 | hotspot/runtime | Buffer overrun in reverse_words of sharedRuntime_x86_64.cpp:3517 |
26 | JDK-8283326 | hotspot/runtime | Implement SafeFetch statically |
27 | JDK-8314679 | hotspot/svc-agent | SA fails to properly attach to JVM after having just detached from a different JVM |
January 16, 2024
The full version string for this update release is 8u401-b10 (where "b" means "build"). The version number is 8u401.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 8u401 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
8 | 8u401-b10 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u401) be used after the next critical patch update scheduled for April 16, 2024.
Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider using Java Management Service (JMS).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u401) on 2024-05-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A new system property named org.jcp.xml.dsig.secureValidation
has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the XMLCryptoContext
property value.
Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.
A new JDK Flight Recorder (JFR) event has been added to monitor deserialization of objects. When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named java/deserialization
, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object.
The new Deserialization Event captures:
Refer to Context-Specific Deserialization Filter and Serialization Filtering Guide for details.
When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.
This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine
or -XX:TieredStopAtLevel=[1,2,3]
.
In a rare case, the C2 compiler attempts to apply the split-if loop optimization indefinitely. This regression manifests as continued high CPU use by C2 compiler threads.
The issue is fixed in 8u431. If the issue is encountered in 8u401, 8u411 or 8u421, the VM flag ``-XX:-SplitIfBlocks``, which disables this optimization, can be used as a workaround.
jdk.jar.maxSignatureFileSize
(JDK-8312489)
The system property, jdk.jar.maxSignatureFileSize
, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).
The following root certificates have been added to the cacerts truststore:
+ DigiCert, Inc.
+ digicertcseccrootg5
DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicertcsrsarootg5
DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicerttlseccrootg5
DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
+ DigiCert, Inc.
+ digicerttlsrsarootg5
DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
The following root certificates have been added to the cacerts truststore:
+ eMudhra Technologies Limited
+ emsignrootcag1
DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
+ eMudhra Technologies Limited
+ emsigneccrootcag3
DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
+ eMudhra Technologies Limited
+ emsignrootcag2
DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
The following root certificate has been added to the cacerts truststore:
+ Telia Root CA v2
+ teliarootcav2
DN: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI
The following root certificate has been added to the cacerts truststore:
+ Let's Encrypt
+ letsencryptisrgx2
DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US
X509KeyManager.chooseClientAlias
Once for All Key Types
(JDK-8262186)
The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias()
only once during handshaking for client authentication, even if there are multiple algorithms requested .
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u401 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8286481 | client-libs/java.awt | Exception printed to stdout on Windows when storing transparent image in clipboard |
2 | JDK-6176679 | client-libs/java.awt | Application freezes when copying an animated gif image to the system clipboard |
3 | JDK-8153090 | client-libs/javax.swing | TAB key cannot change input focus after the radio button in the Color Selection dialog |
4 | JDK-8313657 | core-libs/javax.naming | com.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors |
5 | JDK-8314063 | core-libs/javax.naming | The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection |
6 | JDK-8302577 | docs/guides | Update JSSE Guide for JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit |
7 | JDK-8283441 | hotspot/compiler | C2: segmentation fault in ciMethodBlocks::make_block_at(int) |
8 | JDK-8059735 | hotspot/compiler | make_not_entrant_or_zombie sees zombies |
9 | JDK-8075922 | hotspot/compiler | assert(t == t_no_spec) fails in phaseX.cpp |
10 | JDK-8067247 | hotspot/compiler | Crash: assert(method_holder->data() == 0 ...) failed: a) MT-unsafe modification of inline cache |
11 | JDK-8086053 | hotspot/compiler | Address inconsistencies regarding ZeroTLAB |
12 | JDK-8169177 | hotspot/gc | aarch64: SIGSEGV when "-XX:+ZeroTLAB" is specified along with GC options |
13 | JDK-8149343 | hotspot/gc | assert(rp->num_q() == no_of_gc_workers) failed: sanity |
14 | JDK-8316906 | hotspot/gc | Clarify TLABWasteTargetPercent flag |
15 | JDK-8032223 | hotspot/jvmti | nsk/regression/b4663146 gets assert(SafepointSynchronize::is_at_safepoint() || JvmtiEnv::is_thread_fully_suspended(get_thread(), false, &debug_bits)) |
16 | JDK-8165496 | hotspot/jvmti | assert(_exception_caught == false) failed: _exception_caught is out of phase |
17 | JDK-8193386 | hotspot/runtime | CompressedClassSize too large with MaxMetaspace |
18 | JDK-8194246 | hotspot/runtime | JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class |
19 | JDK-8163146 | hotspot/runtime | Remove os::check_heap on Windows |
20 | JDK-8227815 | hotspot/svc | Minimal VM: set_state is not a member of AttachListener |
21 | JDK-8313856 | javafx/graphics | Replace VLA with malloc in pango |
22 | JDK-8317508 | javafx/media | Provide media support for libavcodec version 60 |
23 | JDK-8313900 | javafx/media | Possible NULL pointer access in NativeAudioSpectrum and NativeVideoBuffer |
24 | JDK-8311097 | javafx/web | Synchron XMLHttpRequest not receiving data |
25 | JDK-8315074 | javafx/window-toolkit | Possible null pointer access in native glass |
26 | JDK-8315958 | javafx/window-toolkit | Missing range checks in GlassPasteboard |
27 | JDK-8315657 | javafx/window-toolkit | Application window not activated in macOS 14 Sonoma |
28 | JDK-8319066 | javafx/window-toolkit | Application window not always activated in macOS 14 Sonoma |
29 | JDK-8320597 | security-libs/java.security | RSA signature verification fails on signed data that does not encode params correctly |
30 | JDK-8302017 | security-libs/java.security | Allocate BadPaddingException only if it will be thrown |
31 | JDK-8284910 | security-libs/javax.security | Buffer clean in PasswordCallback |
The following sections summarize changes made in all Java SE 8u391 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8054022 | core-libs | java.net | HttpURLConnection timeouts with Expect: 100-Continue and no chunking |
JDK-8306784 | install | install | No default java after 8u371 upgrade |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8312489 | security-libs | java.security | Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar |
Fixes from the prior BPR are included in this version.
The following sections summarize changes made in Java SE 8u391 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
This BPR contains all of the fixes included in the previous JDK 8 Enterprise Performance Pack BPR.
October 17, 2023
The full version string for this update release is 8u391-perf-b13 (where "b" means "build"). The version number is 8u391-perf.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u391 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u391-perf-b13 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u391) be used after the next critical patch update scheduled for January 16, 2024.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u391) on 2024-02-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A virtual machine crash was observed in JDK 11.0.19 and 17.0.7 when executing the GregorianCalender.computeTime()
method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and 17.0.8 and will be reapplied once JDK-8307683 is resolved.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8274243 | hotspot | compiler | Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 |
2 | JDK-8299544 | hotspot | compiler | Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs |
3 | JDK-8153837 | hotspot | compiler | AArch64: Handle special cases for MaxINode & MinINode |
4 | JDK-8272586 | hotspot | compiler | emit abstract machine code in hs-err logs |
5 | JDK-8308192 | hotspot | compiler | Error in parsing replay file when staticfield is an array of single dimension |
6 | JDK-8309266 | hotspot | compiler | C2: assert(final_con == (jlong)final_int) failed: final value should be integer |
7 | JDK-8300584 | hotspot | compiler | Accelerate AVX-512 CRC32C for small buffers |
8 | JDK-8274986 | hotspot | compiler | max code printed in hs-err logs should be configurable |
9 | JDK-8310126 | hotspot | compiler | C1: Missing receiver null check in Reference::get intrinsic |
10 | JDK-8284760 | hotspot | compiler | Correct type/array element offset in LibraryCallKit::get_state_from_digest_object() |
11 | JDK-8299158 | hotspot | compiler | Improve MD5 intrinsic on AArch64 |
12 | JDK-8303154 | hotspot | compiler | Investigate and improve instruction cache flushing during compilation |
13 | JDK-8252990 | hotspot | compiler | Intrinsify Unsafe.storeStoreFence |
14 | JDK-8305088 | hotspot | compiler | SIGSEGV in Method::is_method_handle_intrinsic |
15 | JDK-8296545 | hotspot | compiler | C2 Blackholes should allow load optimizations |
16 | JDK-8292713 | hotspot | compiler | Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses |
17 | JDK-8302736 | hotspot | compiler | Major performance regression in Math.log on aarch64 |
18 | JDK-8307572 | hotspot | compiler | AArch64: Vector registers are clobbered by some macroassemblers |
19 | JDK-8280396 | hotspot | gc | G1: Full gc mark stack draining should prefer to make work available to other threads |
20 | JDK-8308643 | hotspot | gc | Incorrect value of 'used' jvmstat counter |
21 | JDK-8284532 | hotspot | jfr | Memory leak in BitSet::BitMapFragmentTable in JFR leak profiler |
22 | JDK-8283520 | hotspot | jfr | JFR: Memory leak in dcmd_arena |
23 | JDK-8307526 | hotspot | jfr | [JFR] Better handling of tampered JFR repository |
24 | JDK-8309862 | hotspot | jfr | Unsafe list operations in JfrStringPool |
25 | JDK-8307331 | hotspot | jvmti | Correctly update line maps when class redefine rewrites bytecodes |
26 | JDK-8306428 | hotspot | runtime | RunThese30M.java crashed with assert(early->flag() == current->flag() || early->flag() == mtNone) |
27 | JDK-8297887 | hotspot | runtime | Update Siphash |
28 | JDK-8305425 | hotspot | runtime | Thread.isAlive0 doesn't need to call into the VM |
29 | JDK-8269466 | hotspot | runtime | Factor out the common code for initializing and starting internal VM JavaThreads |
30 | JDK-8287854 | hotspot | runtime | Dangling reference in ClassVerifier::verify_class |
31 | JDK-8303215 | hotspot | runtime | Make thread stacks not use huge pages |
32 | JDK-8290067 | hotspot | runtime | Show stack dimensions in UL logging when attaching threads |
33 | JDK-8283849 | hotspot | svc | AsyncGetCallTrace may crash JVM on guarantee |
34 | JDK-8301170 | hotspot | svc | perfMemory_windows.cpp add free_security_attr to early returns |
35 | JDK-8295657 | hotspot | svc-agent | SA: Allow larger object alignments |
October 17, 2023
The full version string for this update release is 8u391-b13 (where "b" means "build"). The version number is 8u391.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u391 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u391-b13 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u391) be used after the next critical patch update scheduled for January 16, 2024.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u391) on 2024-02-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
jdk.SecurityProviderService
(JDK-8254711)
A new Java Flight Recorder (JFR) event has been added to record details of java.security.Provider.getService(String type, String algorithm)
calls.
The new event name is jdk.SecurityProviderService
and contains the following fields:
Field name | Field Description |
---|---|
type | Type of Service |
algorithm | Algorithm Name |
provider | Security Provider |
This event is disabled by default and can be enabled via the JFR configuration files or via standard JFR options.
-XshowSettings:locale
Output Now Includes Tzdata Version
(JDK-8305950)
The -XshowSettings
launcher option has been enhanced to print the tzdata version configured with the JDK. The tzdata version is displayed as part of the locale
showSettings option.
Example output using -X:showSettings:locale
:
.....
Locale settings:
default locale = English
default display locale = English
default format locale = English
tzdata version = 2023c
.....
Media playback does not work on Ubuntu 23.10. This affects most media formats such as MP4 with H.264/H.265, MP3, AAC, and HTTP Live Streaming. This is because JavaFX Media does not support libavcodec version 60. Support for libavcodec version 60 will be added with JDK-8317508. As a workaround, install libavcodec version 59 compiled with support for at least the following:
The following root certificate from SECOM Trust System has been removed from the cacerts
keystore:
+ alias name "secomscrootca1 [jdk]"
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Platform support for Linux ARM32 in JDK 8 has been removed. As a result, the ARM32 Hard Float ABI download will not be available. Operating Systems that supported ARM32 have reached their End of Life, thus there is no known OS support available.
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignarootca
DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
java.security.manager
System Property
(JDK-8301118)
In JDK 12, two new token options for the java.security.manager
system property, "allow" and "disallow", were introduced.
Many applications and frameworks are designed to run on multiple JDKs. For those that enable the SecurityManager at runtime via System.setSecurityManager
, they have to specify the "allow" option as of JDK 18 (see JDK-8203316). However, these applications would also prefer to use the same command line across multiple versions of the JDK, especially if it is not known what JDK version a user will use.
Currently, if these options are specified in JDK 12 or earlier, the runtime attempts to load a SecurityManager implementation with the classname "allow" or "disallow", which results in a Could not create SecurityManager
Error and the application will not start up.
From this release onward, the "allow" and "disallow" options for the java.security.manager
system property will be ignored.
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.
As a workaround, users can revert to the previous size by setting the jdk.tls.ephemeralDHKeySize
system property to 1024 (at their own risk).
This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
In 8u371, the behavior of the JRE installer was changed from installing the JRE in a full-version-specific directory to installing the JRE into a common shared directory. It also removed all older JRE versions in that same family.
In JDK 8u391, a new argument, RETAIN_ALL_VERSIONS=1
, was introduced for the MSI installer. If the argument is used, the JRE will install into a jre$fullversion
directory. Other JREs of the Java SE 8 family will not be automatically removed. More information can be found in the MSI Enterprise JRE Installer Guide for Windows.
CORBA _DynAnyStub
and Associated Subclasses readObject
Accepts Only Stringified IORs in IOR: URI format
(JDK-8303384 (not public))
The readObject
method changes made to _DynAnyFactoryStub
in JDK-8285021, have been extended to a set of stub classes that have been categoriezed as pseudo IDL interfaces. These include:
org.omg.DynamicAny._DynArrayStub,
org.omg.DynamicAny._DynEnumStub,
org.omg.DynamicAny._DynFixedStub,
org.omg.DynamicAny._DynSequenceStub,
org.omg.DynamicAny._DynStructStub,
org.omg.DynamicAny._DynUnionStub,
org.omg.DynamicAny._DynValueStub,
org.omg.DynamicAny._DynAnyStub,
For each of these stub classes, the readObject
method has been amended such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI
format only. As the above stub classes are termed, locally or as ORB constrained types, it is not useful that serialized data should contain corbaname
or corbaloc
URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to an IOR of these stub classes. As such, using a corbaname
to reference an instance of these locally constrained stub classes is not meaningful.
A system property is introduced, com.sun.CORBA.DynamicAny.Stubs.allowCorbanameInIOR
, which when set to true, will revert the readObject
method to its current behavior and disable the additional IOR checks. The default value of this system property is false. This system property can also be used to disable the IOR check performed in the org.omg.DynamicAny._DynAnyFactoryStub readObject
method. As such, with respect to _DynAnyFactory
, it complements the system property org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck
introduced in JDK-8285021.
Additionally, the readObject
method of the remote CORBA service stub classes:
org.omg.CosNaming._NamingContextStub.java,
org.omg.CosNaming._BindingIteratorStub.java,
org.omg.CosNaming._NamingContextExtStub.java,
org.omg.PortableServer._ServantActivatorStub.java,
org.omg.PortableServer._ServantLocatorStub.java,
com.sun.corba.se.spi.activation._ServerManagerStub.java,
com.sun.corba.se.spi.activation._ActivatorStub.java,
com.sun.corba.se.spi.activation._RepositoryStub.java,
com.sun.corba.se.spi.activation._InitialNameServiceStub.java,
com.sun.corba.se.spi.activation._LocatorStub.java,
com.sun.corba.se.spi.activation._ServerStub.java,
included in the JDK, have been similarly amended to include an IOR check when reading a stringified IOR from serialised data. To enable the IOR check, and prohibit corbaname
or corbaloc
URLs in a stringified IOR, the setting of the com.sun.CORBA.DynamicAny.Stubs.allowCorbanameInIOR
system property to true is required.
A system property is introduced, com.sun.CORBA.IDL.Stubs.allowCorbanameInIOR
, which when set to false, will activate an IOR check when reading a stringified IOR from serialised data and constrain a stringified IOR to that of IOR: URI
format. Thus, prohibiting corbaname
or corbaloc
as a valid stringified IOR format. The default value of this system property is true. That is, corbaname
or corbaloc
are allowed in stringified IORs.
For TLS connections, the cipher suite selection, by default, is updated to use the server cipher suites preference. Applications can configure the behavior by using the SSLParameters.setUseCipherSuitesOrder()
method.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u391 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8311689 | client-libs/java.awt | Wrong visible amount in Adjustable of ScrollPane |
2 | JDK-8310054 | client-libs/java.awt | ScrollPane insets are incorrect |
3 | JDK-8297923 | client-libs/java.awt | java.awt.ScrollPane broken after multiple scroll up/down |
4 | JDK-8305815 | client-libs/java.awt | Update Libpng to 1.6.39 |
5 | JDK-8305517 | core-libs/java.net | Memory leak in Java Solaris native code when calling NetworkInterface.getHardwareAddress() |
6 | JDK-8300098 | core-libs/java.util.concurrent | java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3 |
7 | JDK-8234808 | core-svc/debugger | jdb quoted option parsing broken |
8 | JDK-8290451 | hotspot/compiler | Incorrect result when switching to C2 OSR compilation from C1 |
9 | JDK-8213419 | hotspot/compiler | C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1 |
10 | JDK-8183910 | hotspot/gc | gc/arguments/TestAggressiveHeap.java fails intermittently |
11 | JDK-8257239 | hotspot/gc | [8u] G1: guarantee(!obj->is_forwarded()) failed: Object must not be forwarded |
12 | JDK-8182703 | hotspot/gc | Correct G1 barrier queue lock orderings |
13 | JDK-8207011 | hotspot/runtime | Remove uses of the register storage class specifier |
14 | JDK-8297887 | hotspot/runtime | Update Siphash |
15 | JDK-8284542 | javafx/accessibility | [Accessibility] [Win] Missing attribute for toggle state of CheckBox in CheckBoxTreeItem |
16 | JDK-8309508 | javafx/graphics | Possible memory leak in JPEG image loader |
17 | JDK-8306328 | javafx/media | Update libFFI to 3.4.4 |
18 | JDK-8306918 | javafx/web | WebView: Update Public Suffix List to 88467c9 |
19 | JDK-8303748 | javafx/web | WebKit build fails with Visual Studio 2022 17.5.0 |
20 | JDK-8306329 | javafx/web | Update ICU4C to 73.1 |
21 | JDK-8310681 | javafx/web | Update WebKit to 616.1 |
22 | JDK-8313177 | javafx/web | Web Workers timeout with Webkit 616.1 |
23 | JDK-8314212 | javafx/web | Crash when loading cnn.com in WebView |
24 | JDK-8313711 | javafx/web | Cherry-pick WebKit 616.1 stabilization fixes |
25 | JDK-8313181 | javafx/web | Enabling modern media controls on webkit 616.1 does not load button images on HTML5 video Element |
26 | JDK-8144781 | javafx/window-toolkit | Assertion failure in debug build running any JavaFX program on Mac |
27 | JDK-8296452 | security-libs/javax.crypto | Solaris Ucrypto context memory leak on CRYPTO_BUFFER_TOO_SMALL error |
28 | JDK-8236671 | security-libs/javax.crypto | NullPointerException in JKS keystore |
29 | JDK-8232950 | security-libs/javax.crypto:pkcs11 | SUNPKCS11 Provider incorrectly check key length for PSS Signatures. |
30 | JDK-8183107 | security-libs/javax.crypto:pkcs11 | PKCS11 regression regarding checkKeySize |
The following sections summarize changes made in all Java SE 8u381 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-6176679 | client-libs | java.awt | Application freezes when copying an animated gif image to the system clipboard |
JDK-8286481 | client-libs | java.awt | Exception printed to stdout on Windows when storing transparent image in clipboard |
JDK-8314188 (not public) | install | install | [macOS] Installation complete confirmation message not displayed |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8306899 (not public) | install | install | JRE 8u371 MSI unable to install side-by-side JREs |
JDK-8311244 (not public) | hotspot | gc | frequent crashes at g1CollectedHeap.cpp:5923 after updating to JDK8u371 |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8284542 | jfx | accessibility | Missing attribute for toggle state of CheckBox in CheckBoxTreeItem |
JDK-8309557 (not public) | install | Update the JRE 8 Description in RPM packages |
The following sections summarize changes made in Java SE 8u381 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
This BPR contains all of the fixes included in the corresponding JDK 8 BPR.
Starting with the July 2023 CPU, on operating systems where ASLR (Address Space Layout Randomization) is enabled, the CDS archive will be placed at a random address picked by the operating system.
This change may have a minor performance impact: (a) Start-up time may increase because the JVM needs to patch pointers inside the CDS archive; (b) Memory usage may increase because the memory used by the CDS archive is no longer shareable across processes. We expect the impact to be small because such increases should be only a small fraction of the overall application usage.
In the unlikely event that you must disable ASLR for CDS, you can use the JVM flags -XX:+UnlockDiagnosticVMOptions -XX:ArchiveRelocationMode=0
. The usage of such flags is not recommended.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8280007 | hotspot | compiler | Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 |
2 | JDK-8299179 | hotspot | compiler | ArrayFill with store on backedge needs to reduce length by 1 |
3 | JDK-8302595 | hotspot | compiler | use-after-free related to GraphKit::clone_map |
4 | JDK-8299959 | hotspot | compiler | C2: CmpU::Value must filter overflow computation against local sub computation |
5 | JDK-8303564 | hotspot | compiler | C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi |
6 | JDK-8303508 | hotspot | compiler | Vector.lane() gets wrong value on x86 |
7 | JDK-8299570 | hotspot | compiler | [JVMCI] Insufficient error handling when CodeBuffer is exhausted |
8 | JDK-8300079 | hotspot | compiler | SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument |
9 | JDK-8299259 | hotspot | compiler | C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE |
10 | JDK-8296318 | hotspot | compiler | use-def assert: special case undetected loops nested in infinite loops |
11 | JDK-8296412 | hotspot | compiler | Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts |
12 | JDK-8297730 | hotspot | compiler | C2: Arraycopy intrinsic throws incorrect exception |
13 | JDK-8301491 | hotspot | compiler | C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument |
14 | JDK-8303588 | hotspot | compiler | [JVMCI] make JVMCI source directories conform with standard layout |
15 | JDK-8201516 | hotspot | compiler | DebugNonSafepoints generates incorrect information |
16 | JDK-8302508 | hotspot | compiler | Add timestamp to the output TraceCompilerThreads |
17 | JDK-8289748 | hotspot | compiler | C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM |
18 | JDK-8308884 | hotspot | compiler | [17u/11u] Backout JDK-8297951 |
19 | JDK-8303511 | hotspot | compiler | C2: assert(get_ctrl(n) == cle_out) during unrolling |
20 | JDK-8291456 | hotspot | jvmti | com/sun/jdi/ClassUnloadEventTest.java failed with: Wrong number of class unload events: expected 10 got 4 |
21 | JDK-8280784 | hotspot | runtime | VM_Cleanup unnecessarily processes all thread oops |
22 | JDK-8294677 | hotspot | runtime | chunklevel::MAX_CHUNK_WORD_SIZE too small for some applications |
23 | JDK-8277946 | hotspot | runtime | NMT: Remove VM.native_memory shutdown jcmd command option |
24 | JDK-8301123 | hotspot | runtime | Enable Symbol refcounting underflow checks in PRODUCT |
25 | JDK-8295974 | hotspot | runtime | jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames |
26 | JDK-8287007 | hotspot | runtime | [cgroups] Consistently use stringStream throughout parsing code |
27 | JDK-8278965 | hotspot | runtime | crash in SymbolTable::do_lookup |
28 | JDK-8301749 | hotspot | runtime | Tracking malloc pooled memory size |
July 18, 2023
The full version string for this update release is 8u381-b09 (where "b" means "build"). The version number is 8u381.
JDK 8u381 contains IANA time zone data 2023c which contains the following changes since the previous update.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u381 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u381-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u381) be used after the next critical patch update scheduled for October 17, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u381) on 2023-11-17. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The China National Standard body (CESI) has recently published GB18030-2022. This is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The purpose of this enhancement is to incorporate 35 code points (U+9FCD
- U+9FEF
) from Unicode 11.0 into Java SE 8 to allow implementations to comply with their Implementation Level 1
requirements.
The China National Standard body (CESI) has recently published GB18030-2022, which is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The Charset
implementation for this new standard has now replaced the prior 2000
standard. However, this new standard has some incompatible changes from the prior implementation. For those who need to use the old mappings, a new system property, jdk.charset.GB18030
, is introduced. By setting its value to 2000
, the previous JDK releases' mappings for the GB18030 Charset
are used, which are based on the 2000
standard.
The China National Standard body (CESI) has recently published GB18030-2022. This is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The purpose of this enhancement is to incorporate 108 code points from CJK Unified Ideographs Extension E
block from Unicode 11.0 into Java SE 8 to allow implementations to comply with their Implementation Level 2
requirements.
RSA private and public keys in PKCS#1 format can now be accepted by JDK providers, such as the RSA KeyFactory.impl
from the SunRsaSign provider. The RSA private or public key object should have the PKCS#1 format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA private key and public key.
Installing into the same, shared jdk-(family)
directory is the default behavior for the JDK starting with the July 2023 CPU. It could lead to FilesInUse
issues if JDK files are locked by the "System User". We recommend shutting down any apps using the JDK as the "System User" before upgrading.
Internal Error (g1CollectedHeap.cpp:5923)
after Upgrading to JDK 8u371 or JDK 8u381
(JDK-8311244 (not public))
There is the possibility of an application crash with the following error:
# Internal Error (g1CollectedHeap.cpp:5923), pid=xxxxx, tid=xxxxxx # guarantee(!dcqs.completed_buffers_exist_dirty()) failed: must be
This affects JDK 8u371 and JDK 8u381 runtimes using G1 GC on all supported platforms.
The failure is now corrected in the JDK 8u381 b32 Bundle Patch Release available via My Oracle Support.
Upgrading from an 8u361 (or earlier) 32-bit JRE to an 8u371 (or later) 32-bit JRE when an 8u371 (or later) 64-bit JRE is already installed will cause the java.exe
command to not be found. For example:
java.exe
will now not work from all places. It will only work directly from the bin
directory.
java.exe
will not work unless you specify the full path to the bin directory of your JRE.
There are 2 workarounds:
java.exe
in the \bin
directory of the JRE, for example: C:\Program Files\Java\jre-1.8\bin\java.exe
JDK 8u381 includes several enhancements and fixes to improve the cgroup v1 and v2 support for containers. The improvements include accurately detecting the resource limits of containers, correctly reporting the collected container metrics, printing additional container information, and improving application stability in containerized environments.
Some of the notable stability enhancements are:
JDK-8292083: Java applications may experience out-of-memory errors and run the risk of being killed by the OOM killer when running in a containerized environment where the container is configured with a higher memory limit than the available physical memory on the host system. JDK 8u381 addresses this stability issue. In the previous release, this situation can be avoided by using either -XX:-UseContainerSupport
, or -XX:MaxRAM=<physical memory>
, or by setting a memory limit for your container that is lower than the physical memory.
JDK-8286030: This release addresses an issue where Java applications may encounter a fatal error when the same /tmp
directory is shared across multiple containers. In earlier releases, this crash can be avoided by mounting /tmp
to different locations for different containers. Alternatively, the '-XX:-UsePerfData' JVM option can be used to prevent JVMs running within different containers from writing performance data to the shared /tmp
folder and thus avoid this issue.
Added an "Obsoletes" tag to JDK 8 RPM packages to allow automatic upgrades from older JDK 8 RPM packages.
jdk-1.8
package obsoletes jdk1.8
package.jre-1.8
package obsoletes jre1.8
package.jdk-1.8-headful
package obsoletes jdk1.8
package.jre-1.8-headful
package obsoletes jre1.8
package.No "Obsoletes" tag was added to the jdk-1.8-headless
package to prevent upgrading from the full to headless JDK.
The changes allow automatic upgrades for JDK 8 RPM packages starting from the 8u151 update when jdk1.8
and jre1.8
package names were first introduced. Older JDK 8 updates will not be eligible for automatic upgrades to 8u381 and newer updates.
Due to the limitations of "Obsoletes" tag downgrades from 8u381 to older versions are not supported.
/usr/java/default
Symlink on Linux Restored
(JDK-8306690)
A regression where the /usr/java/default
symlink is not created by RPM installers on Linux platforms has been fixed. Installers will create the /usr/java/default
symlink if it doesn't exist, targeting the /usr/java/latest
symlink.
The JDK RPM installer will remove incorrectly constructed entries of "java" and "javac" groups registered by older Oracle JDK RPM installers from the alternatives before registering new "java" and "javac" entries.
An incorrectly constructed entry of the "java" group contains commands that are supposed to belong to the "javac" group.
An incorrectly constructed entry of the "javac" group contains commands that are supposed to belong to the "java" group.
All incorrectly constructed entries belonging to Oracle JDK RPM packages will be removed from the alternatives to avoid corruption of the alternatives internal data.
The removal has a potential side effect for users who have installed multiple JDK versions that are not updated to the latest release. Commands from a removed "java" or "javac" group are now unavailable for system Java switch, which potentially changes the current system Java without a warning. For example, if there is an out-of-date JDK RPM from an 11+ release, say 11.0.17, with an incorrectly constructed single "java" group installed and 8u381 RPM with this patch is installed, it will remove an entry from the "java" group belonging to the 11.0.17 RPM and thus will switch the current system Java from 11.0.17 to 8u381. The side effect will only happen when you install a lower JDK family with the fix, such as 8u381, and there is an out-of-date JDK from a higher family, such as 11.0.17, installed on the system. In that case, 8u381 will replace the older 11.0.17 as the latest. The remedy for the user is to install the latest JDK 11.
The following root certificate has been added to the cacerts truststore:
+ TWCA
+ twcaglobalrootca
DN: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
The following root certificates have been added to the cacerts truststore:
+ Google Trust Services LLC
+ gtsrootcar1
DN: CN=GTS Root R1, O=Google Trust Services LLC, C=US
+ Google Trust Services LLC
+ gtsrootcar2
DN: CN=GTS Root R2, O=Google Trust Services LLC, C=US
+ Google Trust Services LLC
+ gtsrootecccar3
DN: CN=GTS Root R3, O=Google Trust Services LLC, C=US
+ Google Trust Services LLC
+ gtsrootecccar4
DN: CN=GTS Root R4, O=Google Trust Services LLC, C=US
The following root certificates have been added to the cacerts truststore:
+ Microsoft Corporation
+ microsoftecc2017
DN: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
+ Microsoft Corporation
+ microsoftrsa2017
DN: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
java.specification.maintenance.version
Set to 5
(JDK-8303028)
This JDK implements Maintenance Release 5 of the Java SE 8 specification (JSR 337). This is indicated by the system property java.specification.maintenance.version
having the value of "5"
.
Starting with the July 2023 CPU, on operating systems where ASLR (Address Space Layout Randomization) is enabled, the CDS archive will be placed at a random address picked by the operating system.
This change may have a minor performance impact: (a) Start-up time may increase because the JVM needs to patch pointers inside the CDS archive; (b) Memory usage may increase because the memory used by the CDS archive is no longer shareable across processes. We expect the impact to be small because such increases should be only a small fraction of the overall application usage.
In the unlikely event that you must disable ASLR for CDS, you can use the JVM flags -XX:+UnlockDiagnosticVMOptions -XX:ArchiveRelocationMode=0
. The usage of such flags is not recommended.
A behavioral change has been made when the default conf/security/java.security
security configuration file fails to load. In such a scenario, the JDK will now throw an InternalError
.
Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded.
A new system property, jdk.jar.maxSignatureFileSize
, has been added to allow applications to control the maximum size of signature files in a signed JAR. The value of the system property is the desired size in bytes. The default value is 8000000 bytes.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u381 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8304636 | client-libs/java.awt | java/awt/Mouse/EnterExitEvents/DragWindowTest.java fails with Compilation Error on JDK 8u |
2 | JDK-8189604 | client-libs/java.awt | possible hang in sun.awt.shell.Win32ShellFolder2$KnownFolderDefinition::<clinit> |
3 | JDK-8159956 | client-libs/java.awt | EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins |
4 | JDK-8302151 | client-libs/javax.imageio | BMPImageReader throws an exception reading BMP images |
5 | JDK-8003399 | client-libs/javax.swing | JFileChooser gives wrong path to selected file when saving to Libraries folder on Windows 7 |
6 | JDK-8017487 | client-libs/javax.swing | filechooser in Windows-Libraries folder: columns are mixed up |
7 | JDK-8284756 | core-libs | [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem |
8 | JDK-8212528 | core-libs | Wrong cgroup subsystem being used for some CPU Container Metrics |
9 | JDK-8275735 | core-libs | [linux] Remove deprecated Metrics api (kernel memory limit) |
10 | JDK-8305681 | core-libs/java.lang | Allow additional characters for GB18030-2022 (Level 2) support |
11 | JDK-8241786 | core-libs/java.net | Improve heuristic to determine default network interface on macOS |
12 | JDK-8211382 | core-libs/java.nio.charsets | ISO2022JP and GB18030 NIO converter issues |
13 | JDK-8301119 | core-libs/java.nio.charsets | Support for GB18030-2022 |
14 | JDK-8172347 | core-libs/java.rmi | Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry |
15 | JDK-8212970 | core-libs/java.time | TZ database in "vanguard" format support |
16 | JDK-8305400 | core-libs/java.util:i18n | ISO 4217 Amendment 175 Update |
17 | JDK-8254001 | core-svc | [Metrics] Enhance parsing of cgroup interface files for version detection |
18 | JDK-8293540 | core-svc | [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts |
19 | JDK-8292541 | core-svc/java.lang.management | [Metrics] Reported memory limit may exceed physical machine memory |
20 | JDK-8301282 | docs/guides | JMX simple and delegation security samples don't work because of missing access control entries |
21 | JDK-8293821 | docs/guides | JDK LTS backports for Doc Tasks for JEP C206/C208: Modernize Oracle JDK Linux RPMs and installers on Windows and macOS |
22 | JDK-8233023 | hotspot/compiler | assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory |
23 | JDK-8210389 | hotspot/compiler | C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc |
24 | JDK-8217230 | hotspot/compiler | assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() |
25 | JDK-8062258 | hotspot/compiler | compiler/debug/TraceIterativeGVN.java segfaults in trace_PhaseIterGVN |
26 | JDK-8281297 | hotspot/gc | TestStressG1Humongous fails with guarantee(is_range_uncommitted) |
27 | JDK-8167196 | hotspot/gc | WhiteBox methods should throw an exception if used with inappropriate collector. |
28 | JDK-8264593 | hotspot/runtime | debug.cpp utilities should be available in product builds. |
29 | JDK-8281274 | hotspot/runtime | deal with ActiveProcessorCount in os::Linux::print_container_info |
30 | JDK-8266490 | hotspot/runtime | Extend the OSContainer API to support the pids controller of cgroups |
31 | JDK-8273526 | hotspot/runtime | Extend the OSContainer API pids controller with pids.current |
32 | JDK-8231610 | hotspot/runtime | Relocate the CDS archive if it cannot be mapped to the requested address |
33 | JDK-8287741 | hotspot/runtime | Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete |
34 | JDK-8287107 | hotspot/runtime | CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller |
35 | JDK-8286030 | hotspot/runtime | Avoid JVM crash when containers share the same /tmp dir |
36 | JDK-8287011 | hotspot/runtime | Improve container information |
37 | JDK-8293472 | hotspot/runtime | Incorrect container resource limit detection if manual cgroup fs mounts present |
38 | JDK-8292083 | hotspot/runtime | Detected container memory limit may exceed physical machine memory |
39 | JDK-8272124 | hotspot/runtime | Cgroup v1 initialization causes NullPointerException when cgroup path contains colon |
40 | JDK-8281517 | install/install | Improve the error message shown when a user tries to install the aarch64 bundle on an intel mac |
41 | JDK-8284662 | javafx/accessibility | [Win][Accessibility][ListCell] Screen reader fails to read ListView/ComboBox item count if > 100 |
42 | JDK-8251862 | javafx/graphics | Wrong position of Popup windows at the intersection of 2 screens |
43 | JDK-8301009 | javafx/web | Update libxml2 to 2.10.3 |
44 | JDK-8306115 | javafx/web | Update libxml2 to 2.10.4 |
45 | JDK-8304441 | javafx/window-toolkit | [macos] Crash when putting invalid unicode char on clipboard |
46 | JDK-8296654 | javafx/window-toolkit | [macos] Crash when launching JavaFX app with JDK that targets SDK 13 |
47 | JDK-8292297 | security-libs/java.security | Fix up loading of override java.security properties file |
48 | JDK-8173181 | security-libs/java.security | Empty string alias in KeyStore throws StringIndexOutOfBoundsException for getEntry() |
49 | JDK-8293858 | security-libs/java.security | Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG |
50 | JDK-8294906 | security-libs/javax.crypto:pkcs11 | Memory leak in PKCS11 NSS TLS server |
51 | JDK-8274205 | security-libs/org.ietf.jgss:krb5 | Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC |
52 | JDK-8301269 | xml/jaxp | Update Commons BCEL to Version 6.7.0 |
The following sections summarize changes made in all Java SE 8u371 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8307400 (not public) | install | install | The new Java 8u371 RPMs break the standard RHEL OS update mechanism |
JDK-8307777 (not public) | install | install | JDK rpm packages have wrong license |
JDK-8307831 (not public) | install | install | Move dependency on libfreetype.so.6 from JDK8 headless to headful jdk |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8159956 | client-libs | java.awt | EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins |
JDK-8305113 | core-libs | java.time | (tz) Update Timezone Data to 2023c |
JDK-8212970 | core-libs | java.time | TZ database in "vanguard" format support |
JDK-8306690 | install | install | Restore missing /usr/java/default symlink on Linux |
JDK-8305976 | install | install | Installation of OL-specific x64 jdk rpms pulls in i686 dependencies |
JDK-8305177 (not public) | infrastructure | build | Perf and milestone suffix missing in rpm bundle names |
JDK-8302112 (not public) | hotspot | test | remove windows 2012 from task definitions |
Fixes from the prior BPR are included in this version.
The following sections summarize changes made in Java SE 8u371 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8159956 | client-libs | java.awt | EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins |
JDK-8305113 | core-libs | java.time | (tz) Update Timezone Data to 2023c |
JDK-8212970 | core-libs | java.time | TZ database in "vanguard" format support |
JDK-8306690 | install | install | Restore missing /usr/java/default symlink on Linux |
JDK-8305976 | install | install | Installation of OL-specific x64 jdk rpms pulls in i686 dependencies |
JDK-8305177 (not public) | infrastructure | build | Perf and milestone suffix missing in rpm bundle names |
JDK-8302112 (not public) | hotspot | test | remove windows 2012 from task definitions |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8303452 (not public) | hotspot | jfr | [JFR] Larger strings arent added to string pool |
# | BugId | Component/Subcomponent | Summary |
---|---|---|---|
1 | JDK-8297656 | performance/hotspot | AArch64: Enable AES/GCM Intrinsics |
2 | JDK-8268276 | hotspot/compiler | Base64 Decoding optimization for x86 using AVX-512 |
3 | JDK-8269404 | hotspot/compiler | Base64 Encoding optimization enhancements for x86 using AVX-512 |
4 | JDK-8273108 | hotspot/compiler | RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276 |
5 | JDK-8273459 | hotspot/compiler | Update code segment alignment to 64 bytes |
6 | JDK-8296958 | hotspot/compiler | [JVMCI] add API for retrieving ConstantValue attributes |
7 | JDK-8296961 | hotspot/compiler | [JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField |
8 | JDK-8296960 | hotspot/compiler | [JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool |
9 | JDK-8296967 | hotspot/compiler | [JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod |
10 | JDK-8282528 | hotspot/compiler | AArch64: Incorrect replicate2L_zero rule |
11 | JDK-8277137 | hotspot/compiler | Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1 |
12 | JDK-8294902 | hotspot/compiler | Undefined Behavior in C2 regalloc with null references |
13 | JDK-8290322 | hotspot/compiler | Optimize Vector.rearrange over byte vectors for AVX512BW targets. |
14 | JDK-8295066 | hotspot/compiler | Folding of loads is broken in C2 after JDK-8242115 |
15 | JDK-8296912 | hotspot/compiler | C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 |
16 | JDK-8294538 | hotspot/compiler | missing is_unloading() check in SharedRuntime::fixup_callers_callsite() |
17 | JDK-8292602 | hotspot/compiler | ZGC: C2 late barrier analysis uses invalid dominator information |
18 | JDK-8292660 | hotspot/compiler | C2: blocks made unreachable by NeverBranch-to-Goto conversion are removed incorrectly |
19 | JDK-8292285 | hotspot/compiler | C2: remove unreachable block after NeverBranch-to-Goto conversion |
20 | JDK-8290964 | hotspot/compiler | C2 compilation fails with assert "non-reduction loop contains reduction nodes" |
21 | JDK-8281122 | hotspot/compiler | [IR Framework] Cleanup IR matching code in preparation for JDK-8280378 |
22 | JDK-8276064 | hotspot/compiler | CheckCastPP with raw oop input floats below a safepoint |
23 | JDK-8296924 | hotspot/compiler | C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address |
24 | JDK-8290850 | hotspot/compiler | C2: create_new_if_for_predicate() does not clone pinned phi input nodes resulting in a broken graph |
25 | JDK-8297431 | hotspot/compiler | [JVMCI] HotSpotJVMCIRuntime.encodeThrowable should not throw an exception |
26 | JDK-8296136 | hotspot/compiler | Use correct register in aarch64_enc_fast_unlock() |
27 | JDK-8285835 | hotspot/compiler | SIGSEGV in PhaseIdealLoop::build_loop_late_post_work |
28 | JDK-8295788 | hotspot/compiler | C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" |
29 | JDK-8297951 | hotspot/compiler | C2: Create skeleton predicates for all If nodes in loop predication |
30 | JDK-8297264 | hotspot/compiler | C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top |
31 | JDK-8295116 | hotspot/compiler | C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead |
32 | JDK-8296389 | hotspot/compiler | C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors |
33 | JDK-8242115 | hotspot/compiler | C2 SATB barriers are not safepoint-safe |
34 | JDK-8292301 | hotspot/compiler | [REDO v2] C2 crash when allocating array of size too large |
35 | JDK-8272985 | hotspot/gc | Reference discovery is confused about atomicity and degree of parallelism |
36 | JDK-8296733 | hotspot/jfr | JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect |
37 | JDK-8283199 | hotspot/runtime | Linux os::cpu_microcode_revision() stalls cold startup |
38 | JDK-8287011 | hotspot/runtime | Improve container information |
39 | JDK-8271506 | hotspot/runtime | Add ResourceHashtable support for deleting selected entries |
40 | JDK-8294160 | hotspot/runtime | misc crash dump improvements |
41 | JDK-8286030 | hotspot/runtime | Avoid JVM crash when containers share the same /tmp dir |
42 | JDK-8048190 | hotspot/runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
43 | JDK-8293472 | hotspot/runtime | Incorrect container resource limit detection if manual cgroup fs mounts present |
44 | JDK-8262386 | hotspot/svc-agent | resourcehogs/serviceability/sa/TestHeapDumpForLargeArray.java timed out |
April 18, 2023
The full version string for this update release is 8u371-b11 (where "b" means "build"). The version number is 8u371.
JDK 8u371 contains IANA time zone data 2022g which contains the following changes since the previous update.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u371 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u371-b11 |
Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 8u371) after the next critical patch update release, scheduled for July 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u371) on 2023-08-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A native GSS-API library named sspi_bridge.dll
has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native
system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib
system property to its path.
Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly
system property should be set to false.
com.sun.security.auth.module.Krb5LoginModule
does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule
from JAAS config.
The AppleScript engine implementing the javax.script engine API has been removed without replacement. The AppleScript engine has worked inconsistently. The services configuration (META-INF/services)
file was missing and only worked by accident when installing JDK 7 or JDK 8 on systems that had Apple's version of AppleScriptEngine.jar already on the system.
The com.apple.concurrent.Dispatch
API was a Mac-only API. It was carried into JDK 7u4 with the port of Apple's JDK 6 code. Developers are encouraged to use the standard java.util.concurrent.Executor
and java.util.concurrent.ExecutorService
APIs instead.
This issue prevents yum
from automatically installing the correct packages required by Oracle Linux specific x86_64 headless and headful JDK packages. Instead of x86_64 packages, it will install i686 packages. To workaround the issue, you may manually install packages with the same names as indicated by yum
but with the x86_64 architecture.
After you have the x86_64 headless and/or headful jdk packages installed, you can get the list of required x86_64 packages by running the following script:
rpm -qa | grep -E -e '^jdk-.*-headful-.*\.x86_64$' -e '^jdk-.*-headless-.*\.x86_64$' | xargs -r rpm -q --requires | sort -u | cut -d ' ' -f 1 | grep -v '^rpmlib' | xargs -r rpm -q --whatprovides | sort -u | grep -e '.i[3456]86$' | xargs -r rpm -q --queryformat '%{name}.x86_64\n' | xargs -r echo
It will output a space-separated list of names of required x86_64 packages to stdout. You can pass this list to a sudo yum install
command to ensure the installation of the required packages.
Fixed a regression where the /usr/java/default
symlink is not created by RPM installers on Linux platforms. Now, installers will create the /usr/java/default
symlink if it doesn't exist, targeting the /usr/java/latest
symlink.
After upgrading to JDK 8u371 or later, there is the possibility of an application crash. The error log has a stack trace that starts with the following:
# Internal Error (g1CollectedHeap.cpp:5923), pid=xxxxx, tid=xxxxxx # guarantee(!dcqs.completed_buffers_exist_dirty()) failed: must be
The above error may impact applications using G1 GC on all supported platforms.
Those who encounter the above error are encouraged to create a Service Request through My Oracle Support so that we can provide an interim solution to resolve the error.
Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object>
tag which allows for subclasses of java.awt.Component
to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true
.
The installation directory name of the Oracle JRE in an RPM package has changed from /usr/java/jre-1.8.0_${UPDATE}-${ARCH}
to /usr/lib/jvm/jre-1.8-oracle-${ARCH}
. The installation directory name of the Oracle JDK in an RPM package has changed from /usr/java/jdk-1.8.0_${UPDATE}-${ARCH}
to /usr/lib/jvm/jdk-1.8-oracle-${ARCH}
. Thus the 8u371 and 8u381 releases of JDK for x64 will both be installed in the /usr/lib/jvm/jdk-1.8-oracle-x64
directory and the JRE for x64 will both be installed in the /usr/lib/jvm/jre-1.8-oracle-x64
directory. Both JDK and JRE RPM packages will create /usr/java/jdk-1.8.0-${ARCH}
and /usr/java/jre-1.8.0-${ARCH}
links respectively pointing to the installation directories for backward compatibility.
For the x86_64
platform, the value of the ${ARCH}
suffix has changed from amd64
to x64
. For the x86_32
platform, the value of the ${ARCH}
has changed from i586
to x86
.
The JRE RPM package name has changed from jre1.8
to jre-1.8
to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JRE and then install the new JRE. For example, sudo rpm -e jre1.8; sudo rpm -i jre-8u371-linux-x64.rpm
. The JDK RPM package name has changed from jdk1.8
to jdk-1.8
to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JDK and then install the new JDK. For example, sudo rpm -e jdk1.8; sudo rpm -i jdk-8u371-linux-x64.rpm
.
Communication with the alternatives framework for the JDK RPM package has changed. JDK RPM packages of prior versions registered a single java
group of commands with the alternatives framework. The JDK 1.8 RPM package registers java
and javac
groups with the alternatives framework. The java
group is for commands used to run applications: java
, javaws
, jcontrol
, jjs
, keytool
, orbd
, pack200
, policytool
, rmic
, rmid
, rmiregistry
, servertool
, tnameserv
, unpack200
. The javac
group is used for all other commands. The set of commands registered by the package has not changed.
Three new Oracle Linux (OL)-specific JDK RPM packages have been added: jdk-1.8-headless
, jdk-1.8-headful
, and jre-1.8-headful
. These packages are available in OL7, OL8, and OL9 repositories. They are not available for download from oracle.com.
jdk-1.8-headless
is a Headless Java Runtime for running non-GUI applications.jdk-1.8-headful
is a Headful Java Runtime with Development Tools for developing and running applications of all types.jre-1.8-headful
is a Headful Java Runtime for running applications of all types.The combination of the OL-specific jdk-1.8-headless
and jdk-1.8-headful
packages provides the same JDK image and the same capabilities as the jdk-1.8
oracle.com package. The jre-1.8-headful
package provides the same JRE image and the same capabilities as the jre-1.8
oracle.com package. OL-specific JDK and JRE RPM packages specify required capabilities, and the "Release" property of these packages has a %{dist}
suffix. The value of the Release property of all RPM packages contains the value of the build number instead of the milestone.
Windows JDK installers must install the Oracle JDK in %Program Files%\Java\jdk-%FEATURE%
instead of %Program Files%\Java\jdk-%VNUM%
. That is, all updates of the same release must share one installation directory. It will not be possible to install older versions of a family if there is a newer JRE of that family already installed.
Thus the JDK 8u371 and JDK 8u381 releases will both install into %Program Files%\Java\jdk-1.8
by default, and they both cannot be installed at the same time.
Note: The Java 8u371 feature JDK-8293762 will now only allow one JRE of each family to be installed at one time. The REMOVEOLDERJRES=1
feature will no longer be supported with the standalone MSI. This is by design, as we only allow one JRE of each family of Java. The newer JREs will auto-upgrade older JREs of the same family.
The Oracle JDK installation directory name will be changed from /Library/Java/JavaVirtualMachines/jdk1.8.0_${UPDATE}.jdk
to /Library/Java/JavaVirtualMachines/jdk-1.8.jdk
. Thus the 8u371 and 8u381 releases will both install into the /Library/Java/JavaVirtualMachines/jdk-1.8.jdk
installation directory. Installing an older JDK update release will log an error, and not install the JDK, if a newer version of the same feature release already exists. An error dialog will be shown except in the case of a silent installation. JDK 8 update releases shipped prior to this release, JDK 8u371, will not be uninstalled during installation of JDK 8u371 or later.
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignaca
DN: CN=Certigna, O=Dhimyotis, C=FR
SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.
After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms
security property, the SSLSocket.getEnabledProtocols()
, SSLServerSocket.getEnabledProtocols()
, SSLEngine.getEnabledProtocols()
and SSLParameters.getProtocols()
APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols
or jdk.tls.server.protocols
system properties or with the SSLSocket.setEnabledProtocols()
, SSLServerSocket.setEnabledProtocols()
and SSLEngine.setEnabledProtocols()
APIs.
After updating to JDK 8u361, applications failed to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException
occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem
.
The JVM sometimes failed to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroup.
For background information, see also My Oracle Support see KM Doc ID 2923131.1.
As part of ongoing maintenance, the JDK for Windows is built using the Microsoft Visual Studio 2022 toolchain starting with this release.
If you have issues with a Java application and if you have native or JNI libraries that are compiled with a different release of the compiler, then you must consider compatibility issues between the runtimes. Specifically, your environment is supported only if you follow the Microsoft guidelines when dealing with multiple runtimes. More information can be found in “C++ binary compatibility between Visual Studio versions”.
Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:
Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.
Upgrading from an 8u361 (or earlier) 32-bit JRE to an 8u371 (or later) 32-bit JRE when an 8u371 (or later) 64-bit JRE is already installed will cause the java.exe
command to not be found. For example:
java.exe
will now not work from all places. It will only work directly from the bin
directory.
java.exe
will not work unless you specify the full path to the bin directory of your JRE.
There are 2 workarounds:
java.exe
in the \bin
directory of the JRE, for example: C:\Program Files\Java\jre-1.8\bin\java.exe
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u371 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8285399 | client-libs/2d | JNI exception pending in awt_GraphicsEnv.c:1432 |
2 | JDK-8284023 | client-libs/java.awt | java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo |
3 | JDK-8296496 | client-libs/java.awt | Overzealous check in sizecalc.h prevents large memory allocation |
4 | JDK-8295685 | client-libs/java.awt | Update Libpng to 1.6.38 |
5 | JDK-8294378 | core-libs/java.net | URLPermission constructor exception when using tr locale |
6 | JDK-8297569 | core-libs/java.net | URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 |
7 | JDK-8299439 | core-libs/java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
8 | JDK-8295530 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.2.13 |
9 | JDK-8287180 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-08-08 |
10 | JDK-8267038 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-03-02 |
11 | JDK-8296239 | core-libs/java.util:i18n | ISO 4217 Amendment 174 Update |
12 | JDK-8241900 | hotspot/compiler | Loop unswitching may cause dependence on null check to be lost |
13 | JDK-8179954 | hotspot/compiler | AArch64: C1 and C2 volatile accesses are not sequentially consistent |
14 | JDK-8210387 | hotspot/compiler | C2 compilation fails with "assert(node->_last_del == _last) failed: must have deleted the edge just produced" |
15 | JDK-8248552 | hotspot/compiler | C2 crashes with SIGFPE due to division by zero |
16 | JDK-8069191 | hotspot/compiler | moving predicate out of loops may cause array accesses to bypass null check |
17 | JDK-8250825 | hotspot/compiler | C2 crashes with assert(field != __null) failed: missing field |
18 | JDK-8255466 | hotspot/compiler | C2 crashes at ciObject::get_oop() const+0x0 |
19 | JDK-8272985 | hotspot/gc | Reference discovery is confused about atomicity and degree of parallelism |
20 | JDK-8005165 | hotspot/runtime | Remove CPU-dependent code in self-patching vtables |
21 | JDK-8271506 | hotspot/runtime | Add ResourceHashtable support for deleting selected entries |
22 | JDK-8253797 | hotspot/runtime | [cgroups v2] Account for the fact that swap accounting is disabled on some systems |
23 | JDK-8239785 | hotspot/runtime | Cgroups: Incorrect detection logic on old systems in hotspot |
24 | JDK-8239559 | hotspot/runtime | Cgroups: Incorrect detection logic on some systems |
25 | JDK-8048190 | hotspot/runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
26 | JDK-8197859 | hotspot/runtime | VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp |
27 | JDK-8254997 | hotspot/runtime | Remove unimplemented OSContainer::read_memory_limit_in_bytes |
28 | JDK-8252359 | hotspot/runtime | HotSpot Not Identifying it is Running in a Container |
29 | JDK-8253435 | hotspot/runtime | Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist |
30 | JDK-8284633 | hotspot/runtime | CompressedClassPointers.java fails on macos-aarch64 |
31 | JDK-8220658 | hotspot/runtime | Improve the readability of container information in the error log |
32 | JDK-8291763 | hotspot/runtime | Include virtualization information in hs_err crash log on Solaris |
33 | JDK-8289424 | hotspot/runtime | Include LD_HWCAP in hs_err log output |
34 | JDK-8298349 | install/install | /usr/java/latest points to wrong JDK |
35 | JDK-8298330 | install/install | /usr/java/latest is missing after one of JDK rpms is uninstalled |
36 | JDK-8149508 | javafx/controls | Performance issue when scrolling ListView due to excess CSS processing |
37 | JDK-8294400 | javafx/media | Provide media support for libavcodec version 59 |
38 | JDK-8257895 | javafx/media | Allow building of JavaFX media libs for Apple Silicon |
39 | JDK-8298167 | javafx/web | Opacity in WebView not working anymore |
40 | JDK-8295755 | javafx/web | Update SQLite to 3.39.4 |
41 | JDK-8303217 | javafx/web | Webview loaded webpage is not showing play, volume related buttons for embeded Audio/Video elements |
42 | JDK-8301022 | javafx/web | Video distortion is observed while playing youtube video |
43 | JDK-8300954 | javafx/web | HTML default Range input control not rendered |
44 | JDK-8301712 | javafx/web | [linux] Crash on exit from WebKit 615.1 |
45 | JDK-8302684 | javafx/web | Cherry-pick WebKit 615.1 stabilization fixes (2) |
46 | JDK-8302294 | javafx/web | Cherry-pick WebKit 615.1 stabilization fixes |
47 | JDK-8299977 | javafx/web | Update WebKit to 615.1 |
48 | JDK-8242151 | security-libs/java.security | Improve OID mapping and reuse among JDK security providers for aliases registration |
49 | JDK-8242897 | security-libs/java.security | KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException |
50 | JDK-8280890 | security-libs/java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
51 | JDK-8200468 | security-libs/org.ietf.jgss | Port the native GSS-API bridge to Windows |
52 | JDK-8253829 | security-libs/org.ietf.jgss | Wrong length compared in SSPI bridge |
53 | JDK-8225687 | security-libs/org.ietf.jgss | Newly added sspi.cpp in JDK-6722928 still contains some small errors |
54 | JDK-8175000 | tools/launcher | jexec fails to execute simple helloworld.jar |
The following sections summarize changes made in all Java SE 8u361 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8299439 | core-libs | java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
JDK-8017487 | client-libs | javax.swing | filechooser in Windows-Libraries folder: columns are mixed up |
JDK-8301318 (Confidential) | deploy | webstart | Few JVM arguments are not supported in JAVAWS/JNLP |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8274205 | security-libs | org.ietf.jgss:krb5 | Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC |
JDK-8284662 | javafx | accessibility | Screen reader fails to read ListView/ComboBox item count if > 100 |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8251862 | javafx | graphics | Wrong position of Popup windows at the intersection of 2 screens |
JDK-8149508 | javafx | controls | Performance issue when scrolling ListView due to excess CSS processing |
JDK-8299741 | install | autoupdate | A temporary file is left in 'locallow' temp directory after Java Update |
The JVM will fail to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.
A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8089986 | javafx | controls | Menu beeps when mnemonics is used |
JDK-7131823 | client-libs | javax.imageio | bug in GIFImageReader |
JDK-6357887 | client-libs | 2d | selected printertray is ignored under linux |
JDK-8239559 | hotspot | runtime | Cgroups: Incorrect detection logic on some systems |
JDK-8239785 | hotspot | runtime | Cgroups: Incorrect detection logic on old systems in hotspot |
JDK-8048190 | hotspot | runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
JDK-8271506 | hotspot | runtime | Add ResourceHashtable support for deleting selected entries |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8205959 | core-libs | java.net | Do not restart close if errno is EINTR |
JDK-8280890 | security-libs | java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
JDK-8299628 (Confidential) | javafx | graphics | BMP top-down images fail to load after JDK-8289336 |
JDK-8297804 | core-libs | java.time | (tz) Update Timezone Data to 2022g |
The following sections summarize changes made in Java SE 8u361 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
This BPR contains all of the fixes included in the corresponding JDK 8 BPR.
This BPR contains all of the fixes included in the corresponding JDK 8 BPR.
This BPR contains all of the fixes included in the corresponding JDK 8 BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-6357887 | client-libs | 2d | selected printertray is ignored under linux |
JDK-7131823 | client-libs | javax.imageio | bug in GIFImageReader |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8205959 | core-libs | java.net | Do not restart close if errno is EINTR |
JDK-8280890 | security-libs | java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
JDK-8297804 | core-libs | java.time | (tz) Update Timezone Data to 2022g |
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8293319 | hotspot | compiler | [C2 cleanup] Remove unused other_path arg in Parse::adjust_map_after_if |
2 | JDK-8280511 | hotspot | compiler | AArch64: Combine shift and negate to a single instruction |
3 | JDK-8276108 | hotspot | compiler | Wrong instruction generation in aarch64 backend |
4 | JDK-8251216 | hotspot | compiler | Implement MD5 intrinsics on AArch64 |
5 | JDK-8186670 | hotspot | compiler | Implement _onSpinWait() intrinsic for AArch64 |
6 | JDK-8290781 | hotspot | compiler | Segfault at PhaseIdealLoop::clone_loop_handle_data_uses |
7 | JDK-8282347 | hotspot | compiler | AARCH64: Untaken branch in has_negatives stub |
8 | JDK-8282049 | hotspot | compiler | AArch64: Use ZR for integer zero immediate volatile stores |
9 | JDK-8291775 | hotspot | compiler | C2: assert(r != __null && r->is_Region()) failed: this phi must have a region |
10 | JDK-8290711 | hotspot | compiler | assert(false) failed: infinite loop in PhaseIterGVN::optimize |
11 | JDK-8287349 | hotspot | compiler | AArch64: Merge LDR instructions to improve C1 OSR performance |
12 | JDK-8277411 | hotspot | compiler | C2 fast_unlock intrinsic on AArch64 has unnecessary ownership check |
13 | JDK-8277358 | hotspot | compiler | Accelerate CRC32-C |
14 | JDK-8291599 | hotspot | compiler | Assertion in PhaseIdealLoop::skeleton_predicate_has_opaque after JDK-8289127 |
15 | JDK-8290705 | hotspot | compiler | StringConcat::validate_mem_flow asserts with "unexpected user: StoreI" |
16 | JDK-8290529 | hotspot | compiler | C2: assert(BoolTest(btest).is_canonical()) failure |
17 | JDK-8288445 | hotspot | compiler | AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding |
18 | JDK-8280872 | hotspot | compiler | Reorder code cache segments to improve code density |
19 | JDK-8272094 | hotspot | compiler | compiler/codecache/TestStressCodeBuffers.java crashes with "failed to allocate space for trampoline" |
20 | JDK-8293816 | hotspot | compiler | CI: ciBytecodeStream::get_klass() is not consistent |
21 | JDK-8293044 | hotspot | compiler | C1: Missing access check on non-accessible class |
22 | JDK-8292158 | hotspot | compiler | AES-CTR cipher state corruption with AVX-512 |
23 | JDK-8270947 | hotspot | compiler | AArch64: C1: use zero_words to initialize all objects |
24 | JDK-8287425 | hotspot | compiler | Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path |
25 | JDK-8290451 | hotspot | compiler | Incorrect result when switching to C2 OSR compilation from C1 |
26 | JDK-8268779 | hotspot | gc | ZGC: runtime/InternalApi/ThreadCpuTimesDeadlock.java#id1 failed with "OutOfMemoryError: Java heap space" |
27 | JDK-8278389 | hotspot | gc | SuspendibleThreadSet::_suspend_all should be volatile/atomic |
28 | JDK-8288754 | hotspot | gc | GCC 12 fails to build zReferenceProcessor.cpp |
29 | JDK-8279398 | hotspot | jfr | jdk/jfr/api/recording/time/TestTimeMultiple.java failed with "RuntimeException: getStopTime() > afterStop" |
30 | JDK-8268297 | hotspot | jfr | jdk/jfr/api/consumer/streaming/TestLatestEvent.java times out |
31 | JDK-8291459 | hotspot | runtime | JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*) |
32 | JDK-8292083 | hotspot | runtime | Detected container memory limit may exceed physical machine memory |
33 | JDK-8293156 | hotspot | svc | Dcmd VM.classloaders fails to print the full hierarchy |
January 17, 2023
The full version string for this update release is 8u361-b09 (where "b" means "build"). The version number is 8u361.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u361 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u361-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u361) be used after the next critical patch update scheduled for April 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u361) on 2023-05-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
An OCSP response signed with the RSASSA-PSS algorithm is now supported.
After updating to JDK 8u361, applications may fail to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException
occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem
.
The JVM will fail to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.
A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).
Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.
Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares
command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.
The “JavaScript script engine” for FXML is now disabled by default. Any .fxml file that has a "javascript" Processing Instruction (PI) will no longer load by default, and an exception will be thrown.
It can be enabled by setting the system property: -Djavafx.allowjs=true
ProcessBuilder on Windows is restored to address a regression caused by JDK-8250568. Previously, an argument to ProcessBuilder that started with a double-quote and ended with a backslash followed by a double-quote was passed to a command incorrectly and may cause the command to fail. For example the argument "C:\\Program Files\"
, would be seen by the command with extra double-quotes. This update restores the long standing behavior that does not treat the backslash before the final double-quote specially.
Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server
and http.keepAlive.time.proxy
respectively. More information about them can be found in Networking Properties.
This version of the JDK no longer includes a copy of Java VisualVM. VisualVM is now available as a separate download from https://visualvm.github.io.
The readObject
method of _DynAnyFactoryStub
has been amended, such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format, only. As DynAnyFactory
is a locally or ORB constrained type, it is not useful that serialized data should contain corbaname or corbaloc URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to a DynAnyFactory
IOR, as such, using a corbaname to reference an instance of DynAnyFactory
is not meaningful.
A system property is introduced, org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck
, which when set to true, will revert the _DynAnyFactoryStub::readObject
to its current behavior and bypass the additional IOR checks.
The SunJSSE close notification checks for SSLEngine
to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also JDK-8253368.
Specifically, if an application tries to close its SSLEngine
inbound side using SSLEngine.closeInbound()
without having received a close notification message from its peer, the SSLEngine
will no longer:
The new behavior will still consider this condition an error and will throw a local javax.net.ssl.SSLException
. But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid.
In addition, the internal transport context for the SSLEngine
will also now be closed. This may result in a different SSLEngineResult.HandshakeStatus
value on the SSLEngine
. Any outstanding outbound data must still be obtained (SSLEngine.wrap()
) and sent in order to gracefully close the connection.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u361 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8240756 | client-libs/2d | [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled |
2 | JDK-8212677 | client-libs/java.awt | X11 default visual support for IM status window on VNC |
3 | JDK-8231445 | client-libs/java.awt | check ZALLOC return values in awt coding |
4 | JDK-8284033 | client-libs/java.awt | Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c |
5 | JDK-8277497 | client-libs/javax.accessibility | Last column cell in the JTable row is read as empty cell |
6 | JDK-8280950 | core-libs/java.util | RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix |
7 | JDK-8281183 | core-libs/java.util | RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950 |
8 | JDK-8294307 | core-libs/java.util:i18n | ISO 4217 Amendment 173 Update |
9 | JDK-8215571 | core-svc/debugger | jdb does not include jdk.* in the default class filter |
10 | JDK-8197387 | core-svc/tools | jcmd started by "root" must be allowed to access all VM processes |
11 | JDK-8294294 | docs/guides | Document jdk.xml.xpathExprGrpLimit, jdk.xml.xpathExprOpLimit, and jdk.xml.xpathTotalOpLimit in the JAXP Security Guide |
12 | JDK-8145458 | docs/hotspot | JDK 8 man page incorrectly states -XX:ThreadStackSize=size sets the thread stack size (in bytes). |
13 | JDK-8217359 | hotspot/compiler | C2 compiler triggers SIGSEGV after transformation in ConvI2LNode::Ideal |
14 | JDK-8255058 | hotspot/compiler | C1: assert(is_virtual()) failed: type check |
15 | JDK-8253816 | hotspot/compiler | Support macOS W^X |
16 | JDK-8253795 | hotspot/compiler | Implementation of JEP 391: macOS/AArch64 Port |
17 | JDK-8168712 | hotspot/compiler | [AOT] assert(false) failed: DEBUG MESSAGE: InterpreterMacroAssembler::call_VM_base: last_sp != NULL |
18 | JDK-8261336 | hotspot/compiler | IGV: enhance default filters |
19 | JDK-8253817 | hotspot/runtime | Support macOS Aarch64 ABI in Interpreter |
20 | JDK-8200109 | hotspot/runtime | NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type") |
21 | JDK-8238676 | hotspot/runtime | jni crashes on accessing it from process exit hook |
22 | JDK-8230305 | hotspot/runtime | Cgroups v2: Container awareness |
23 | JDK-8027429 | hotspot/runtime | Add diagnostic command VM.info to get hs_err print-out |
24 | JDK-8253714 | hotspot/runtime | [cgroups v2] Soft memory limit incorrectly using memory.high |
25 | JDK-8253727 | hotspot/runtime | [cgroups v2] Memory and swap limits reported incorrectly |
26 | JDK-8255716 | hotspot/runtime | AArch64: Regression: JVM crashes if manually offline a core |
27 | JDK-8191846 | hotspot/svc | jstat prints debug message when debugging is disabled |
28 | JDK-8038392 | hotspot/svc | Generating prelink cache breaks JAVA 'jinfo' utility normal behaviour |
29 | JDK-8087557 | javafx/accessibility | [Win] [Accessibility, Dialogs] Alert Dialog content is not fully read by Screen Reader |
30 | JDK-8284281 | javafx/accessibility | [Accessibility] [Win] [Narrator] Exceptions with TextArea & TextField when deleted last char |
31 | JDK-8291087 | javafx/accessibility | Wrong position of focus of screen reader on Windows with screen scale > 1 |
32 | JDK-8293795 | javafx/accessibility | [Accessibility] [Win] [Narrator] Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField |
33 | JDK-8289542 | javafx/graphics | Update JPEG Image Decoding Software to 9e |
34 | JDK-8293971 | javafx/media | Loading new Media from resources can sometimes fail when loading from FXML |
35 | JDK-8289541 | javafx/web | Update ICU4C to 71.1 |
36 | JDK-8257722 | security-libs/java.security | Improve "keytool -printcert -jarfile" output |
37 | JDK-8273553 | security-libs/javax.net.ssl | sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 |
The following sections summarize changes made in all Java SE 8u351 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8294307 | core-libs | java.util:i18n | ISO 4217 Amendment 173 Update |
JDK-8296239 | core-libs | java.util:i18n | ISO 4217 Amendment 174 Update |
JDK-8295173 | core-libs | java.time | (tz) Update Timezone Data to 2022e |
JDK-8296108 | core-libs | java.time | (tz) Update Timezone Data to 2022f |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8278027 | security-libs | javax.crypto | X509Key.decode exception while using JSafeJCE FIPS provider |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8224671 | hotspot | compiler | AArch64: mauve System.arraycopy test failure |
JDK-8292695 | hotspot | runtime | SIGQUIT and jcmd attaching mechanism does not work with signal chaining library |
JDK-8202014 | hotspot | runtime | Possible to receive signal before signal semaphore created |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8291973 | install | install | Java RPMs Are Built with Older RPM and Thus Do Not Contain Some Necessary Hash |
JDK-8294357 | core-libs | java.time | (tz) Update Timezone Data to 2022d |
JDK-8293795 | javafx | accessibility | Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField |
The following sections summarize changes made in Java SE 8u351 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.
JBS | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8294307 | core-libs | java.util:i18n | ISO 4217 Amendment 173 Update |
JDK-8296239 | core-libs | java.util:i18n | ISO 4217 Amendment 174 Update |
JDK-8294357 | core-libs | java.time | (tz) Update Timezone Data to 2022d |
JDK-8295173 | core-libs | java.time | (tz) Update Timezone Data to 2022e |
JDK-8296108 | core-libs | java.time | (tz) Update Timezone Data to 2022f |
JBS | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8278027 | security-libs | javax.crypto | X509Key.decode exception while using JSafeJCE FIPS provider |
Enterprise Performance Pack supports JDK Flight Recorder (JFR).
JFR is a low-overhead data collection framework for troubleshooting Java applications and the HotSpot JVM in production. Recorded data can be opened in JDK Mission Control (JMC). To start recordings from within JMC, a new version of JMC is required. Currently, it is not released as part of the JDK but is available as a downloadable patch from Supported Java SE Downloads on MOS or from JDK Mission Control 8 Downloads. JFR comes with a supported API to produce and consume data programmatically.
Relevant Changes for JFR include JEP 328: Flight Recorder, JEP 349: JFR Event Streaming
# | JBS | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8282467 | hotspot | compiler | add extra diagnostics for JDK-8268184 |
2 | JDK-8284883 | hotspot | compiler | JVM crash: guarantee(sect->end() <= sect->limit()) failed: sanity on AVX512 |
3 | JDK-8285923 | hotspot | compiler | [REDO] JDK-8285802 AArch64: Consistently handle offsets in MacroAssembler as 64-bit quantities |
4 | JDK-8282555 | hotspot | compiler | Missing memory edge when spilling MoveF2I, MoveD2L etc |
5 | JDK-8286638 | hotspot | compiler | C2: CmpU needs to do more precise over/underflow analysis |
6 | JDK-8288303 | hotspot | compiler | C1: Miscompilation due to broken Class.getModifiers intrinsic |
7 | JDK-8270090 | hotspot | compiler | C2: LCM may prioritize CheckCastPP nodes over projections |
8 | JDK-8280696 | hotspot | compiler | C2 compilation hits assert(is_dominator(c, n_ctrl)) failed |
9 | JDK-8285820 | hotspot | compiler | C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090 |
10 | JDK-8287091 | hotspot | compiler | aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn |
11 | JDK-8287396 | hotspot | compiler | LIR_Opr::vreg_number() and data() can return negative number |
12 | JDK-8286625 | hotspot | compiler | C2 fails with assert(!n->is_Store() && !n->is_LoadStore()) failed: no node with a side effect |
13 | JDK-8288467 | hotspot | compiler | remove memory_operand assert for spilled instructions |
14 | JDK-8276546 | hotspot | compiler | [IR Framework] Whitelist and ignore CompileThreshold |
15 | JDK-8279622 | hotspot | compiler | C2: miscompilation of map pattern as a vector reduction |
16 | JDK-8286177 | hotspot | compiler | C2: "failed: non-reduction loop contains reduction nodes" assert failure |
17 | JDK-8284944 | hotspot | compiler | assert(cnt++ < 40) failed: infinite cycle in loop optimization |
18 | JDK-8287223 | hotspot | compiler | C1: Inlining attempt through MH::invokeBasic() with null receiver |
19 | JDK-8272736 | hotspot | compiler | [JVMCI] Add API for reading and writing JVMCI thread locals |
20 | JDK-8284358 | hotspot | compiler | Unreachable loop is not removed from C2 IR, leading to a broken graph |
21 | JDK-8288360 | hotspot | compiler | CI: ciInstanceKlass::implementor() is not consistent for well-known classes |
22 | JDK-8286314 | hotspot | compiler | Trampoline not created for far runtime targets outside small CodeCache |
23 | JDK-8288781 | hotspot | compiler | C1: LIR_OpVisitState::maxNumberOfOperands too small |
24 | JDK-8289127 | hotspot | compiler | Apache Lucene triggers: DEBUG MESSAGE: duplicated predicate failed which is impossible |
25 | JDK-8283441 | hotspot | compiler | C2: segmentation fault in ciMethodBlocks::make_block_at(int) |
26 | JDK-8287432 | hotspot | compiler | C2: assert(tn->in(0) != __null) failed: must have live top node |
27 | JDK-8281297 | hotspot | gc | TestStressG1Humongous fails with guarantee(is_range_uncommitted) |
28 | JDK-8283597 | hotspot | jvmti | [REDO] Invalid generic signature for redefined classes |
29 | JDK-8278753 | hotspot | runtime | Runtime crashes with access violation during JNI_CreateJavaVM call |
30 | JDK-8283469 | hotspot | runtime | Don't use memset to initialize members in FileMapInfo and fix memory leak |
31 | JDK-8268773 | hotspot | runtime | Improvements related to: Failed to start thread - pthread_create failed (EAGAIN) |
32 | JDK-8289477 | hotspot | runtime | Memory corruption with CPU_ALLOC, CPU_FREE on muslc |
33 | JDK-8289799 | hotspot | runtime | Build warning in methodData.cpp memset zero-length parameter |
34 | JDK-8290417 | hotspot | runtime | CDS cannot archive lamda proxy with useImplMethodHandle |
35 | JDK-8287107 | hotspot | runtime | CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller |
36 | JDK-8287741 | hotspot | runtime | Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete |
October 18, 2022
The full version string for this update release is 8u351-b10 (where "b" means "build"). The version number is 8u351.
JDK 8u351 contains IANA time zone data 2022b, 2022c.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u351 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u351-b10 |
7 | 7u361-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u351) be used after the next critical patch update scheduled for January 17, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u351) on 2023-02-17. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12
in the java.security
file for detailed information.
The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.
For compatibility, use the keystore.pkcs12.legacy
system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
On platforms that support the concept of a thread name on their native threads, the java.lang.Thread.setName()
method will also set that native thread name. However, this will only occur when called by the current thread, and only for threads started through the java.lang.Thread
class (not for native threads that have attached via JNI). The presence of a native thread name can be useful for debugging and monitoring purposes. Some platforms may limit the native thread name to a length much shorter than that used by the java.lang.Thread
, which may result in some threads having the same native name.
The Java Access Bridge checkbox in the Windows Control Panel is not available in JDK11. This registration was part of the public JRE installation.
However, Java Access Bridge can still be enabled and disabled by following these steps:
%JAVAHOME%\bin\windowsaccessbridge-64.dll
to %WINDOWSHOME%\SYSTEM32
. A reboot might be required after this step.%JAVAHOME%\bin\jabswitch /enable
and %JAVAHOME%\bin\jabswitch /disable
.Note: %WINDOWSHOME%
is the directory where Microsoft Windows is installed (for example, C:\WINDOWS
) %JAVAHOME%
is the directory where your JDK is installed (for example, C:\Program Files\Java\jdk-11
)
JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.
To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs
on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.
For example:
- Signed by "CN="Signer""
Digest algorithm: SHA-1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 2048-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.
Users can, at their own risk, remove these restrictions by modifying the java.security
configuration file (or override it by using the java.security.properties
system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms
security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms
security property.
The des3-hmac-sha1
and rc4-hmac
Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true
in the krb5.conf
configuration file to re-enable them (along with other weak etypes including des-cbc-crc
and des-cbc-md5
) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes
, default_tgs_enctypes
, or permitted_enctypes
settings.
This enhancement changes phantom references to be automatically cleared by the garbage collector as soft and weak references.
An object becomes phantom reachable after it has been finalized. This change may cause the phantom reachable objects to be GC'ed earlier - previously the referent is kept alive until PhantomReference objects are GC'ed or cleared by the application. This potential behavioral change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap.
java.lang.ref.Reference.enqueue
method clears the reference object before it is added to the registered queue. When the enqueue
method is called, the reference object is cleared and get()
method will return null in JDK 9.
Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the clear
method to avoid memory leak because its referent is no longer referenced. In other words the get
method is expected not to be called in common cases once the enqueue
method is called. In the case when the get
method from an enqueued reference object and existing code attempts to access members of the referent, NullPointerException
may be thrown. Such code will need to be updated.
java.lang.ref.Reference::clone
method always throws CloneNotSupportedException
. Reference
objects cannot be meaningfully cloned. To create a new Reference object, call the constructor to create a Reference
object with the same referent and reference queue instead.
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone data. All time zone IDs remain the same but the merged time zones will point to a shared zone data.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b.
This JDK implements Maintenance Release 4 of the Java SE 8 specification (JSR 337). Implementing this maintenance release is indicated by the new system property java.specification.maintenance.version
having the value of "4"
.
A new system property named jdk.httpserver.maxConnections
has been introduced to allow users to configure the com.sun.net.httpserver.HttpServer
to limit the maximum number of open connections to the server at any given time. This system property takes an integer value and can be configured to be a positive integer. If the property is absent, set to 0, or a negative value, the server will not limit the number of open connections. By default, this system property is not set.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u351 release:
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8260616 | client-libs | Removing remaining JNF dependencies in the java.desktop module | |
2 | JDK-8270216 | client-libs | java.awt | [macOS] Update named used for Java run loop mode |
3 | JDK-8272602 | client-libs | java.awt | [macOS] not all KEY_PRESSED events sent when control modifier is used |
4 | JDK-8261352 | client-libs | javax.accessibility | Create implementation for component peer for all the components who should be ignored in a11y interactions |
5 | JDK-8263420 | client-libs | javax.accessibility | Incorrect function name in NSAccessibilityStaticText native peer implementation |
6 | JDK-8261198 | client-libs | javax.accessibility | [macOS] Incorrect JNI parameters in number conversion in A11Y code |
7 | JDK-8262981 | client-libs | javax.accessibility | Create implementation for NSAccessibilitySlider protocol |
8 | JDK-8287740 | client-libs | javax.accessibility | NSAccessibilityShowMenuAction not working for text editors |
9 | JDK-8275071 | client-libs | javax.accessibility | [macos] A11y cursor gets stuck when combobox is closed |
10 | JDK-8274383 | client-libs | javax.accessibility | JNI call of getAccessibleSelection on a wrong thread |
11 | JDK-8267387 | client-libs | javax.accessibility | Create implementation for NSAccessibilityOutline protocol |
12 | JDK-8267388 | client-libs | javax.accessibility | Create implementation for NSAccessibilityTable protocol |
13 | JDK-8262031 | client-libs | javax.accessibility | Create implementation for NSAccessibilityNavigableStaticText protocol |
14 | JDK-8275809 | client-libs | javax.accessibility | crash in [CommonComponentAccessibility getCAccessible:withEnv:] |
15 | JDK-8273678 | client-libs | javax.accessibility | TableAccessibility and TableRowAccessibility miss autorelease |
16 | JDK-8271071 | client-libs | javax.accessibility | accessibility of a table on macOS lacks cell navigation |
17 | JDK-8267066 | client-libs | javax.accessibility | New NSAccessibility peers should return they roles and subroles directly |
18 | JDK-8275720 | client-libs | javax.accessibility | CommonComponentAccessibility.createWithParent isWrapped causes mem leak |
19 | JDK-8267385 | client-libs | javax.accessibility | Create NSAccessibilityElement implementation for JavaComponentAccessibility |
20 | JDK-8275819 | client-libs | javax.accessibility | [TableRowAccessibility accessibilityChildren] method is ineffective |
21 | JDK-8284690 | client-libs | javax.accessibility | [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox |
22 | JDK-8286266 | client-libs | javax.accessibility | [macos] Voice over moving JTable column to be the first column JVM crashes |
23 | JDK-8284014 | client-libs | javax.accessibility | Menu items with submenus in JPopupMenu are not spoken on macOS |
24 | JDK-8283383 | client-libs | javax.accessibility | [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name |
25 | JDK-8278609 | client-libs | javax.accessibility | [macos] accessibility frame is misplaced on a secondary monitor on macOS |
26 | JDK-8274735 | client-libs | javax.imageio | javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image |
27 | JDK-8256109 | client-libs | javax.swing | Create implementation for NSAccessibilityButton protocol |
28 | JDK-8256108 | client-libs | javax.swing | Create implementation for NSAccessibilityElement protocol peer |
29 | JDK-8256126 | client-libs | javax.swing | Create implementation for NSAccessibilityImage protocol peer |
30 | JDK-8256110 | client-libs | javax.swing | Create implementation for NSAccessibilityStepper protocol |
31 | JDK-8256111 | client-libs | javax.swing | Create implementation for NSAccessibilityStaticText protocol |
32 | JDK-8261350 | client-libs | javax.swing | Create implementation for NSAccessibilityCheckBox protocol peer |
33 | JDK-8261351 | client-libs | javax.swing | Create implementation for NSAccessibilityRadioButton protocol |
34 | JDK-8264299 | client-libs | javax.swing | Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles |
35 | JDK-8264300 | client-libs | javax.swing | Create implementation for NSAccessibilityScrollBar protocol peer |
36 | JDK-8264290 | client-libs | javax.swing | Create implementation for NSAccessibilityComponentGroup protocol peer |
37 | JDK-8264304 | client-libs | javax.swing | Create implementation for NSAccessibilityToolbar protocol peer |
38 | JDK-8264302 | client-libs | javax.swing | Create implementation for Accessibility native peer for Splitpane java role |
39 | JDK-8264305 | client-libs | javax.swing | Create implementation for native accessibility peer for Statusbar java role |
40 | JDK-8264287 | client-libs | javax.swing | Create implementation for NSAccessibilityComboBox protocol peer |
41 | JDK-8264303 | client-libs | javax.swing | Create implementation for NSAccessibilityTabGroup protocol peer |
42 | JDK-8264297 | client-libs | javax.swing | Create implementation for NSAccessibilityProgressIndicator protocol peer |
43 | JDK-8264294 | client-libs | javax.swing | Create implementation for NSAccessibilityMenuBar protocol peer |
44 | JDK-8264298 | client-libs | javax.swing | Create implementation for NSAccessibilityRow protocol peer |
45 | JDK-8264286 | client-libs | javax.swing | Create implementation for NSAccessibilityColumn protocol peer |
46 | JDK-8264291 | client-libs | javax.swing | Create implementation for NSAccessibilityCell protocol peer |
47 | JDK-8264292 | client-libs | javax.swing | Create implementation for NSAccessibilityList protocol peer |
48 | JDK-8264293 | client-libs | javax.swing | Create implementation for NSAccessibilityMenu protocol peer |
49 | JDK-8264295 | client-libs | javax.swing | Create implementation for NSAccessibilityMenuItem protocol peer |
50 | JDK-8264296 | client-libs | javax.swing | Create implementation for NSAccessibilityPopUpButton protocol peer |
51 | JDK-8257620 | core-libs | Do not use objc_msgSend_stret to get macOS version | |
52 | JDK-8071507 | core-libs | java.lang | (ref) Clear phantom reference as soft and weak references do |
53 | JDK-8287132 | core-libs | java.lang | Retire Runtime.runFinalizersOnExit so that it always throws UOE |
54 | JDK-8178832 | core-libs | java.lang | (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored |
55 | JDK-8175797 | core-libs | java.lang | (ref) Reference::enqueue method should clear the reference object before enqueuing |
56 | JDK-8193780 | core-libs | java.lang | (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property |
57 | JDK-8285497 | core-libs | java.lang | Add system property for Java SE specification maintenance version |
58 | JDK-8201793 | core-libs | java.lang | (ref) Reference object should not support cloning |
59 | JDK-8287917 | core-libs | java.lang:class_loading | System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier |
60 | JDK-8288769 | core-libs | java.util.jar | Revert unintentional change to deflate.c |
61 | JDK-8283277 | core-libs | java.util:i18n | ISO 4217 Amendment 171 Update |
62 | JDK-8289549 | core-libs | java.util:i18n | ISO 4217 Amendment 172 Update |
63 | JDK-8277368 | core-libs | javax.script | Metaspace OOM thrown due to the leak of Nashorn ScriptEngine |
64 | JDK-6447817 | docs | Add additional Service Attributes to Standard Algorithm Names guide | |
65 | JDK-8291414 | docs | guides | Fix the incorrect wording about delayed provider selection in the PKCS11 documentation |
66 | JDK-8261071 | hotspot | compiler | AArch64: Refactor interpreter native wrappers |
67 | JDK-8234930 | hotspot | compiler | Use MAP_JIT when allocating pages for code cache on macOS |
68 | JDK-8253015 | hotspot | compiler | Aarch64: Move linux code out from generic CPU feature detection |
69 | JDK-8188066 | hotspot | gc | (ref) Examine the reachability of JNI WeakGlobalRef and interaction with phantom refs |
70 | JDK-8143847 | hotspot | gc | Remove REF_CLEANER reference category |
71 | JDK-8285621 | hotspot | jfr | Xcheck:jni warnings during JFR initialization |
72 | JDK-6885993 | hotspot | runtime | Named Thread: introduce print() and print_on(outputStream* st) methods |
73 | JDK-7102541 | hotspot | runtime | RFE: os::set_native_thread_name() cleanups |
74 | JDK-8261075 | hotspot | runtime | Create stubRoutines.inline.hpp with SafeFetch implementation |
75 | JDK-8151322 | hotspot | runtime | Implement os::set_native_thread_name() on Solaris |
76 | JDK-8061999 | hotspot | runtime | Enhance VM option parsing to allow options to be specified in a file |
77 | JDK-8078521 | hotspot | svc | AARCH64: Add AArch64 SA support |
78 | JDK-8289587 | javafx | web | IllegalArgumentException: Color.rgb's red parameter (-16776961) expects color values 0-255 |
79 | JDK-8088420 | javafx | web | JavaFX WebView memory leak via EventListener |
80 | JDK-8285881 | javafx | web | Update WebKit to 614.1 |
81 | JDK-8292609 | javafx | web | Cherry-pick WebKit 614.1 stabilization fixes |
82 | JDK-8268427 | security-libs | java.security | Improve AlgorithmConstraints:checkAlgorithm performance |
83 | JDK-8186143 | security-libs | java.security | keytool -ext option doesn't accept wildcards for DNS subject alternative names |
84 | JDK-8267880 | security-libs | java.security | Upgrade the default PKCS12 MAC algorithm |
85 | JDK-8263404 | security-libs | java.security | RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec |
86 | JDK-8269039 | security-libs | java.security | Disable SHA-1 Signed JARs |
87 | JDK-8275887 | security-libs | java.security | jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled |
88 | JDK-8270317 | security-libs | javax.net.ssl | Large Allocation in CipherSuite |
89 | JDK-8284694 | security-libs | javax.net.ssl | Avoid evaluating SSLAlgorithmConstraints twice |
90 | JDK-8286211 | security-libs | javax.smartcardio | Update PCSC-Lite for Suse Linux to 1.9.5 |
91 | JDK-8285398 | security-libs | jdk.security | Cache the results of constraint checks |
92 | JDK-8074835 | security-libs | org.ietf.jgss | Resolve disabled warnings for libj2gss |
93 | JDK-8074836 | security-libs | org.ietf.jgss:krb5 | Resolve disabled warnings for libosxkrb5 |
94 | JDK-8139348 | security-libs | org.ietf.jgss:krb5 | Deprecate 3DES and RC4 in Kerberos |
95 | JDK-8289486 | xml | jaxp | Improve XSLT XPath operators count efficiency |
The following sections summarize changes made in all Enterprise Performance Pack BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8292260 | hotspot | compiler | C2 Compilation Errors Unpredictably Crashes |
The Java SE Subscription Enterprise Performance Pack (EPP) is a commercial feature release of the Java SE platform. It contains new features and enhancements in many functional areas. It is currently available only through My Oracle Support. It is available as part of an Oracle Java SE Subscription and Oracle Cloud Infrastructure (OCI) Subscription. The Release Notes below describe the features, important changes, enhancements, and other information about the Enterprise Performance Pack.
Enterprise Performance Pack runtime brings improved performance, new features, and enhancements from the Java Virtual Machine from JDK 17 to JDK 8. It reduces the memory footprint for Java SE 8 workloads. It is ideal if you want or need to use Java SE 8 and you are running those workloads at scale. If you need to develop applications, Oracle recommends that you use the full JDK.
Enterprise Performance Pack is for server-side, headless systems (systems that operate without a graphical user interface or peripheral devices like a keyboard or a mouse) running 64-bit Linux on Intel or ARM.
Links to other sources of information about the Enterprise Performance Pack are also provided below:
The full version string for this update release is 1.8.0_345-perf-97-b06 (where "b" means "build"). The version number is 8u345.
IANA Data 2022a
The Enterprise Performance Pack contains IANA time zone data version 2022a. For more information, refer to Timezone Data Versions in the JRE Software.
This section describes Enterprise Performance Pack features and important information. In some cases, the descriptions provide links to additional detailed information about an issue or a change.
New Garbage Collector
Enterprise Performance Pack supports the latest garbage collector, ZGC.
The Z Garbage Collector, also known as ZGC, is a scalable low latency garbage collector (JEP 333). At its core, ZGC is a concurrent garbage collector, meaning that all heavy lifting work (marking, compaction, reference processing, string table cleaning, etc) is done while Java threads continue to execute. This greatly limits the negative impact that garbage collection has on application response times.
Applications moving from Parallel GC, CMS GC, or G1 GC to ZGC might observe higher CPU utilization and might require an increase in Java heap space. The tuning options for ZGC in the presence of observing allocation stalls are: increasing the max Java heap size (-Xmx), or setting -XX:SoftMaxHeapSize to a value less than -Xmx, or increasing the number of concurrent GC threads and disabling dynamic GC threads (-XX:ConcGCThreads=n -XX:-UseDynamicGCThreads), or some combination of those three.
See Enterprise Performance Pack documentation for more information about JVM options and Enterprise Performance Pack configuration.
Unified Logging
Enterprise Performance Pack supports a common logging system for all components of the JVM. This provides line-at-a-time, human readable log messages enabled at the command line through the -Xlog
flag. See Printing JVM Information in the Enterprise Performance Pack User's Guide for more details.
Relevant Changes for Unified Logging: ➜ Use Unified Logging for GC logging (JDK-8145092) ➜ print_tracing_info Uses Unified Logging (JDK-8184286) ➜ Deprecated Tracing Flags Are Obsolete and Must Be Replaced With Unified Logging Equivalents (JDK-8256718)
Compact Strings
This is a space-efficient internal representation of strings, which reduces memory footprint and garbage collection activity. See Compact Strings in the Java Virtual Machine Guide of JDK 17 for more details.
Relevant Changes for Compact Strings: ➜ JEP 254: Compact Strings (JDK-8054307)
A new Class Hierarchy Analysis implementation is introduced in the HotSpot JVM. It features enhanced handling of abstract and default methods which improves inlining decisions made by the JIT-compilers. The new implementation supersedes the original one and is turned on by default.
To help diagnose possible issues related to the new implementation, the original implementation can be turned on by specifying the -XX:+UnlockDiagnosticVMOptions -XX:-UseVtableBasedCHA
command-line flags.
The original implementation may be removed in a future release.
This section describes Enterprise Performance Pack enhancements. In some cases, the descriptions provide links to additional detailed information about an issue or a change.
Garbage Collectors
Enterprise Performance Pack's Garbage First (G1) collector should not require additional tuning or re-tuning; it's the default garbage collector. Moving from CMS GC to G1 should follow the guidance suggested in the Enterprise Performance Pack User's Guide. Only G1 supports String Deduplication. This feature continuously checks for duplicate String objects during garbage collection thus reducing overall heap size.
Since Enterprise Performance Pack has the Compact Strings feature which reduces the amount of Java heap space occupied by Java Strings, improved performance with Parallel GC may be realized by re-tuning Java heap sizes.
Relevant Changes for Garbage Collectors: ➜ Parallel GC Enables Adaptive Parallel Reference Processing by Default (JDK-8204686) ➜ G1 Enables Adaptive Parallel Reference Processing by Default (JDK-8205043) ➜ JEP 345: NUMA-Aware Memory Allocation for G1 (JDK-8210473) ➜ Parallel GC Improvements (JDK-8224666) ➜ Improvements in Serial GC Young pause time report (JDK-8215221) ➜ JEP 307: Parallel Full GC for G1 (JDK-8172890) ➜ Concurrently Uncommit Memory in G1 (JDK-8236926) ➜ Improved Ergonomics for G1 Heap Region Size (JDK-8241670) ➜ Improve Ergonomics for Sparse PRT Entry Size (JDK-8223162) ➜ New PerfCounters for STW Phases on Concurrent GC Are Available (JDK-8153333) ➜ G1 May Uncommit Memory During Marking Cycle (JDK-6490394) ➜ Garbage Collectors Adaptively Scale the Number of Threads by Default (JDK-8198510) ➜ JEP 363: Remove the Concurrent Mark and Sweep (CMS) Garbage Collector (JDK-8229049) ➜ Various GC combinations have now been removed (JDK-8044022) ➜ JEP 366: Deprecate the ParallelScavenge + SerialOld GC Combination (JDK-8233301) ➜ UseAutoGCSelectPolicy has been deprecated (JDK-8166461)
The java
Command
Enterprise Performance Pack includes several runtime options from JDK 17. However, some options from JDK 8 are not available in Enterprise Performance Pack. For example, Enterprise Performance Pack uses Unified JVM Logging, which replaces options that print details about the JVM with -Xlog:gc options. See the Enterprise Performance Pack documentation for more information about the changes made to the JVM options.
Runtime Options
A number of runtime options have been added or removed from the Enterprise Performance Pack. See the Changes to JVM Runtime Options section of the Enterprise Performance Pack User's Guide.
Relevant Changes for Runtime Options: ➜ Flags Controlling C1 Inlining Have New Names (JDK-8235673) ➜ Improved CompileCommand Flag (JDK-8256508) ➜ Improve the Behavior of MaxRAM Settings and UseCompressedOops (JDK-8222252) ➜ VM Options AdaptiveSizePausePolicy and ParallelGCRetainPLAB are obsolete (JDK-8073861) ➜ Added -XX:+AdjustStackSizeForTLS Flag (JDK-8225035) ➜ Obsolete -XX:UseAdaptiveGCBoundary (JDK-8228991) ➜ Removal of Obsolete -X Options (JDK-8179018) ➜ Obsolete Support for Commercial Features (JDK-8202331) ➜ Obsoleted -XX:+/-MonitorInUseLists (JDK-8211384) ➜ Deprecated Java Options -Xverify:none and -noverify (JDK-8214719) ➜ Command-Line Flag -XX:+ExtensiveErrorReports (JDK-8211845)
Class Data Sharing
This feature helps reduce the startup time and memory footprint between multiple Java Virtual Machines. See the Class Data Sharing section of the Java Virtual Machine Guide of JDK 17 for more information.
Relevant Changes for Class Data Sharing: ➜ CDS Behavior Change With Non-existent Files During Archive Creation (JDK-8227370)
This enhancement causes phantom references to be automatically cleared by the garbage collector just as soft and weak references are.
An object becomes phantom reachable after it has been finalized. This change may cause phantom reachable objects to be garbage collected earlier. Previously, the referent was kept alive until the associated PhantomReference
objects were collected or cleared by the application. This behavioral change should only impact existing code that depends on a PhantomReference
being enqueued rather than when the referent is freed from the heap.
The java.lang.ref.Reference.enqueue
method clears the reference object before it is added to the registered queue. When the enqueue
method is called, the reference object is cleared and the get()
method will return null in Enterprise Performance Pack and later releases.
Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the clear
method to avoid a memory leak because its referent is no longer referenced. In other words, the get
method is not expected to be called in common cases once the enqueue
method has been called. In the case when the get
method from an enqueued reference object and existing code attempts to access members of the referent, a NullPointerException
may be thrown. Such code will need to be updated.
The java.lang.ref.Reference::clone
method always throws a CloneNotSupportedException
. Therefore, Reference
objects cannot be meaningfully cloned. To copy a Reference
object, call the constructor to create a new Reference
object with the same referent and reference queue instead.
In Java SE Subscription Enterprise Performance Pack, constant pool patching of classes created by calling the unsupported sun.misc.Unsafe.defineAnonymousClass
method is not enabled and could cause your application to crash. The cpPatches
argument to defineAnonymousClass
should be null.
In Java SE Subscription Enterprise Performance Pack, the methods monitorEnter
, monitorExit
, and tryMonitorEnter
have been removed from the unsupported sun.misc.Unsafe
class. These methods are not used within the JDK itself and are very rarely used outside of the JDK.
The Java SE 8 Enterprise Performance Pack follows the versioning format defined by JEP 322, and reports the actual VM version of 17.x, when, for example, java -version
is invoked. However, for compatibility purposes, the sun.misc.Version
methods jvmMajorVersion()
and jvmMinorVersion()
instead report the same VM version as Java SE 8 i.e. 25.x. This ensures that application code checking for a Java 8 runtime by looking for a major version greater than, or equal to, 25, will work correctly even though the actual VM version is 17.
The following notes describe additional changes and information about this release. In some cases, the following descriptions provide links to additional detailed information about an issue or a change.
Monitoring Tools
See Running Tools and Using Libraries on Enterprise Performance Pack for more information.
Application Class Data Sharing (AppCDS)
Application Class Data Sharing (AppCDS) extends class data sharing (CDS) to enable application classes to be placed in a shared archive. See the Application Class Data Sharing section of the java
command page.
Relevant Changes for AppCDS: ➜ JEP 310: Application Class-Data Sharing (JEP 310)
Some linux kernel versions (including, but not limited to 3.13.0-121-generic and 4.4.0-81-generic) are known to contain an incorrect fix for a linux kernel stack overflow issue (See CVE-2017-1000364). The incorrect fix can trigger crashes in the Java Virtual Machine. Upgrading the kernel to a version that includes the corrected fix addresses the problem.
This change enforces the unqualified name format checks for NameAndType
strings as outlined in the JVM specification sections 4.4.6 and 4.2.2, meaning that some illegal names and descriptors that users may be utilizing in their classfiles will now be caught with a Class Format Error. This includes format checking for all strings under non-referenced NameAndType
's. Users will see a change if they (A) are using Java classfile version 6 or below and have an illegal NameAndType descriptor with no Methodref or Fieldref reference to it; or (B) are using any Java classfile version and have an illegal NameAndType name with no Methodref or Fieldref reference to it.
In both (A) and (B) the users will now receive a ClassFormatError for those illegal strings, which is an enforcement of unqualified name formats as delineated in JVMS 4.2.2.
When dumping the heap in binary format, HPROF format 1.0.2 is always used now. Previously, format 1.0.1 was used for heaps smaller than 2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the serviceability agent.
When running with compressed references on x86_64, one of the CPU registers holds the heap base pointer to be used for references encoding/decoding. This register is not available for register allocation.
Simple implementations before this release made this register unavailable (and thus unused) even if compressed references were disabled. In this release, the implementation was revised to put this unused register back into the available registers pool. Configurations with large heaps and/or -XX:-UseCompressedOops
benefit from this improvement.
In the previous release, a NotifyFramePop request was only cleared when the JVMTI_EVENT_FRAME_POP
was enabled. Now it is always cleared when the corresponding frame is popped, regardless of whether the JVMTI_EVENT_FRAME_POP
is enabled or not.
For improved performance, JVM/TI ObjectFree events are no longer posted within GC pauses. The events are still posted as requested, and will be posted before ObjectFree events are enabled or disabled with SetNotificationMode. SetNotificationMode can be used to explicitly flush ObjectFree events, if needed.
The default value for BiasedLockingStartupDelay
has been changed to 0. The flag BiasedLockingStartupDelay
previously had the default value 4000 which delayed the use of biased locking with 4 s (4000 ms). The reason for this delay was performance but recent performance runs show no difference between the 4000 ms delay and no delay. Since having the delay will cause other parts of the VM to do extra work, having the default set to 0 makes more sense.
The JNI function DetachCurrentThread
has been added to the list of JNI functions that can safely be called with an exception pending. The HotSpot Virtual Machine has always supported this as it reports that the exception occurred in a similar manner to the default handling of uncaught exceptions at the Java level. Other implementations are not obligated to do anything with the pending exception.
The -XX:-JNIDetachReleasesMonitors
flag requested that the VM run in a pre-JDK 6 compatibility mode with regard to not releasing monitors when a JNI attached thread detaches. This option is obsolete in JDK 9, and is ignored, as the VM always conforms to the JNI Specification and releases monitors. Use of this option will result in a warning being issued in JDK 9 and it may be removed completely in a future release.
When synchronization is performed on an object, an association is established between the object and the object monitor that implements the synchronization. In the past, the reference from a monitor to its associated object was a strong reference. These strong references would be observable through JVM TI functions that walk the heap (reported as JVMTI_HEAP_ROOT_MONITOR
or JVMTI_HEAP_REFERENCE_MONITOR
) and in heap dumps (reported as HPROF_GC_ROOT_MONITOR_USED
). As of this release, a weak reference is used. These are not observable to JVM TI or heap dumps. Consequently, JVMTI_HEAP_ROOT_MONITOR
, JVMTI_HEAP_REFERENCE_MONITOR
and HPROF_GC_ROOT_MONITOR_USED
are longer reported.
The FlatProfiler, deprecated in JDK 9, has been made obsolete by removing the implementation code. The FlatProfiler was enabled by setting the -Xprof
VM argument. The -Xprof
flag remains recognized in this release; however, setting it will print out a warning message.
The signal-chaining facility was introduced in JDK 1.4 and supported three different Linux signal-handling API's: sigset
, signal
and sigaction
. Only sigaction
is a cross-platform, supported, API for multi-threaded processes. Both signal
and sigset
are considered obsolete on those platforms that still define them. Consequently, the use of signal
and sigset
with the signal-chaining facility are now deprecated, and support for their use will be removed in a future release.
The following sections summarize changes made in all Java SE 8u341 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8291973 | install | install | JavaSE 8 RPMs Are Built with Older RPM and Thus Do Not Contain Some Necessary Hash |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8197387 | core-svc | tools | jcmd Started by "root" Must Be Allowed to Access All VM Processes |
JDK-8072439 | hotspot | runtime | Further refinement of the fix JDK-8047720 - Xprof hangs on Solaris |
JDK-8087557 | javafx | accessibility | Alert Dialog Content Is Not Fully Read by Screen Reader |
JDK-8291087 | javafx | accessibility | Wrong Position of Focus of Screen Reader on Windows with Screen Scale > 1 |
JDK-8197387 | javafx | accessibility | Exceptions with TextArea & TextField when Deleted Last Char |
Fixes from the prior BPR are included in this version.
July 19, 2022
The full version string for this update release is 8u341-b10 (where "b" means "build"). The version number is 8u341.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u341 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u341-b10 |
7 | 7u351-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u341) be used after the next critical patch update scheduled for October 18, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u341) on 2022-11-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The TLSv1.3 implementation is available in JDK 8u from 8u261 and enabled by default for server roles but disabled by default for client roles. From this release onwards, TLSv1.3 is now also enabled by default for client roles. You can find more details in the Additional Information section of the Oracle JRE and JDK Cryptographic Roadmap.
Note that TLS 1.3 is not directly compatible with previous versions. Enabling it on the client may introduce compatibility issues on either the server or the client side. Here are some more details on potential compatibility issues that you should be aware of:
signature_algorithms_cert
extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application may use non-supported signature algorithms.TLS_AES_128_GCM_SHA256
(1.3 and later) versus TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(1.2 and earlier).
Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully as below:
jdk.https.negotiate.cbt
(default: "never")
This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos or the Negotiate authentication scheme using Kerberos are employed over HTTPS with HttpsURLConnection. There are three possible settings:
The channel binding tokens generated are of the type "tls-server-end-point" as defined in RFC 5929.
The java.net.InetAddress
class has been updated to strictly accept IPv4 address literals in decimal quad notation. The InetAddress
class methods are updated to throw an java.net.UnknownHostException
for invalid IPv4 address literals. To disable this check, the new "jdk.net.allowAmbiguousIPAddressLiterals" system property can be set to "true".
On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like ".exe", ".rpm", ".deb". If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
java.util.Vector
is updated to correctly report ClassNotFoundException
that occurs during deserialization using java.io.ObjectInputStream.GetField.get(name, object)
when the class of an element of the Vector is not found. Without this fix, a StreamCorruptedException
is thrown that does not provide information about the missing class.
DeflaterOutputStream.close()
and GZIPOutputStream.finish()
methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry()
method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.
For JVMs running in a container, OperatingSystemMXBean.getProcessCpuLoad
now considers only the CPU resources available to the container when calculating CPU load. Prior to this change, the calculation included all CPUs on a host. After this change, management agents may report higher CPU usage by JVMs in containers that are constrained to a limited set of CPUs.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u341 release:
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8259869 | client-libs | [macOS] Remove desktop module dependencies on JNF Reference APIs | |
2 | JDK-8274751 | client-libs | java.awt | Drag And Drop hangs on Windows |
3 | JDK-8272806 | client-libs | java.awt | [macOS] "Apple AWT Internal Exception" when input method is changed |
4 | JDK-8133713 | client-libs | javax.accessibility | [macosx] Accessible JTables always reported as empty |
5 | JDK-8277922 | client-libs | javax.accessibility | Unable to click JCheckBox in JTable through Java Access Bridge |
6 | JDK-7124301 | client-libs | javax.accessibility | [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements. |
7 | JDK-7124298 | client-libs | javax.accessibility | [macosx] Nothing heard from VoiceOver when tabbing between a nested tab group and a parent tab group |
8 | JDK-7124293 | client-libs | javax.accessibility | [macosx] VoiceOver reads percentages rather than the actual values for sliders. |
9 | JDK-8277093 | core-libs | java.io:serialization | Vector should throw ClassNotFoundException for a missing class of an element |
10 | JDK-8279842 | core-libs | java.net | HTTPS Channel Binding support for Java GSS/Kerberos |
11 | JDK-8282293 | core-libs | java.net | Domain value for system property jdk.https.negotiate.cbt should be case-insensitive |
12 | JDK-8288033 | core-libs | java.nio | (dc) DatagramChannel.disconnect uses disconnectx which is not supported on macOS 10.8.3 |
13 | JDK-8285515 | core-libs | java.nio | (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4 |
14 | JDK-8258795 | core-libs | java.util:i18n | Update IANA Language Subtag Registry to Version 2021-05-11 |
15 | JDK-8247469 | core-svc | javax.management | getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available |
16 | JDK-8273747 | deploy | webstart | Grant JWS JavaFX apps access to Windows trust store |
17 | JDK-8283886 | docs | guides | Fix broken links in the security guide of JDK 8u docs |
18 | JDK-6584403 | docs | guides | Request to add a CA/CSR certificate cookbook to JSSE Reference Guide |
19 | JDK-8173625 | install | install | JRE 8u121 fails to install with blank dialog box (username with character #) |
20 | JDK-8090477 | javafx | controls | Customizable visibility timing for Tooltip |
21 | JDK-8205915 | javafx | controls | [macOS] Accelerator assigned to button in dialog fires menuItem in owning stage |
22 | JDK-8222211 | javafx | graphics | Creating animated gif image from non FX App thread causes exception |
23 | JDK-8280840 | javafx | media | Update libFFI to 3.4.2 |
24 | JDK-8283403 | javafx | media | Update Glib to 2.72.0 |
25 | JDK-8283218 | javafx | media | Update GStreamer to 1.20.1 |
26 | JDK-8282054 | javafx | media | Mediaplayer not working with HTTP Live Stream link with query parameter appended with file extension m3u8 |
27 | JDK-8286256 | javafx | web | Update libxml2 to 2.9.14 |
28 | JDK-8283328 | javafx | web | Update libxml2 to 2.9.13 |
29 | JDK-8286257 | javafx | web | Update libxslt to 1.1.35 |
30 | JDK-8282134 | javafx | web | Certain regex can cause a JS trap in WebView |
31 | JDK-8281459 | javafx | web | WebKit 613.1 build broken on M1 |
32 | JDK-8280841 | javafx | web | Update SQLite to 3.37.2 |
33 | JDK-8284184 | javafx | web | Crash in GraphicsContextJava::drawLinesForText on https://us.yahoo.com/ |
34 | JDK-8278759 | javafx | web | PointerEvent: buttons property set to 0 when mouse down |
35 | JDK-8277734 | javafx | web | WebView: Update Public Suffix List to 3c213aa |
36 | JDK-8278851 | security-libs | java.security | Correct signer logic for jars signed with multiple digest algorithms |
37 | JDK-8245263 | security-libs | javax.net.ssl | Enable TLSv1.3 by default on JDK 8u for Client roles |
38 | JDK-8274524 | security-libs | javax.net.ssl | SSLSocket.close() hangs if it is called during the ssl handshake |
39 | JDK-8275082 | security-libs | javax.xml.crypto | Update XML Security for Java to 2.3.0 |
40 | JDK-8279520 | security-libs | org.ietf.jgss | SPNEGO has not passed channel binding info into the underlying mechanism |
41 | JDK-8157391 | tools | jdeps left JarFile open | |
42 | JDK-8284132 | tools | FXLauncherTest.java fails on headless macos |
The following sections summarize changes made in all Java SE 8u333 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8288212 | core-libs | java.net | WLS12.2.1.3/JDK8u281 high throughput servlet performance |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8279842 | core-libs | java.net | HTTPS Channel Binding support for Java GSS/Kerberos |
JDK-8088420 | javafx | web | JavaFX WebView memory leak via EventListener |
May 2, 2022
The full version string for this update release is 8u333-b02 (where "b" means "build"). The version number is 8u333.
The security baselines are unchanged from the release of JDK 8u331.
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u331-b09 |
7 | 7u341-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u333) be used after the next critical patch update scheduled for July 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u333) on 2022-08-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The Windows implementation of java.io.File
allows access to NTFS Alternate Data Streams (ADS) by default. Such streams have a structure like “filename:streamname”. A system property jdk.io.File.enableADS
has been added to control this behavior. To disable ADS support in java.io.File
, the system property jdk.io.File.enableADS
should be set to false
(case ignored). Stricter path checking however prevents the use of special devices such as NUL:
This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8284920 | xml | javax.xml.path | Incorrect Token type causes XPath expression to return incorrect results |
JDK-8284548 | xml | jaxp | Invalid XPath expression causes StringIndexOutOfBoundsException |
The following sections summarize changes made in all Java SE 8u331 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8277922 | client-libs | javax.accessibility | Unable to click JCheckBox in JTable through Java Access Bridge |
JDK-8282583 | xml | jaxp | Update BCEL md to include the copyright notice |
JDK-8283350 | core-libs | java.time | (tz) Update Timezone Data to 2022a |
April 19, 2022
The full version string for this update release is 8u331-b09 (where "b" means "build"). The version number is 8u331.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u331 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u331-b09 |
7 | 7u341-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u331) be used after the next critical patch update scheduled for July 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u331) on 2022-08-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Three processing limits have been added. These are:
jdk.xml.xpathExprGrpLimit
Description: Limits the number of groups an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 10.
jdk.xml.xpathExprOpLimit
Description: Limits the number of operators an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 100.
jdk.xml.xpathTotalOpLimit
Description: Limits the total number of XPath operators in an XSL Stylesheet.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 10000.
Supported processors
jdk.xml.xpathExprGrpLimit
and jdk.xml.xpathExprOpLimit
are supported by the XPath processor.
All three limits are supported by the XSLT processor.
Setting properties
For the XSLT processor, the properties can be changed through the TransformerFactory
. For example,
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");
For both the XPath and XSLT processors, the properties can be set through the system property and jaxp.properties
configuration file located in the conf
directory of the Java installation. For example,
System.setProperty("jdk.xml.xpathExprGrpLimit", "20");
or in the jaxp.properties
file,
jdk.xml.xpathExprGrpLimit=20
There are two known issues:
On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling the KeyStore::setCertificateEntry
method or the keytool -importcert
command on a KeychainStore keystore now fails with a KeyStoreException
. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.
The gencert
command of the keytool
utility has been updated to create AKID from the SKID of the issuing certificate as specified by RFC 5280.
The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers has been made more strict. The strength of the parsing can be controlled by system properties:
-Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control "ldap:" URLs)
-Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control "dns:" URLs)
-Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control "rmi:" URLs)
-Dcom.sun.jndi.corbaURLParsing="legacy" | "compat" | "strict" (to control "iiop:" and "iiopname:" URLs)
The default value is "compat" for all of the three providers.
In "compat" and "strict" mode, more validation is performed. As an example, in the URL authority component, the new parsing only accepts brackets around IPv6 literal addresses. Developers are encouraged to use java.net.URI
constructors or its factory method to build URLs rather than handcrafting URL strings.
If an illegal URL string is found, a java.lang.IllegalArgumentException
or a javax.naming.NamingException
(or a subclass of it) is raised.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8259343 | client-libs | [macOS] Update JNI error handling in Cocoa code. | |
2 | JDK-8251840 | client-libs | java.awt | Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers |
3 | JDK-8259237 | client-libs | javax.swing | Demo selection changes with left/right arrow key. No need to press space for selection. |
4 | JDK-8074883 | client-libs | javax.swing | Tab key should move to focused button in a button group |
5 | JDK-8258554 | client-libs | javax.swing | javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F |
6 | JDK-8272105 | client-libs | javax.swing | TestButtonGroupFocusTraversal.java fails in 8u |
7 | JDK-8275703 | core-libs | java.lang | System.loadLibrary fails on Big Sur for libraries hidden from filesystem |
8 | JDK-8274779 | core-libs | java.net | HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST |
9 | JDK-8209178 | core-libs | java.net | Proxied HttpsURLConnection doesn't send BODY when retrying POST request |
10 | JDK-8272473 | core-libs | java.time | Parsing epoch seconds at a DST transition with a non-UTC parser is wrong |
11 | JDK-8279618 | core-libs | java.util | Deserializing HashMap throws access denied suppressAccessChecks |
12 | JDK-8274658 | core-libs | java.util:i18n | ISO 4217 Amendment 170 Update |
13 | JDK-8277795 | core-libs | javax.naming | ldap connection timeout not honoured under contention |
14 | JDK-8266187 | core-svc | java.lang.instrument | Memory leak in appendBootClassPath() |
15 | JDK-8273575 | core-svc | java.lang.instrument | memory leak in appendBootClassPath(), paths must be deallocated |
16 | JDK-8276957 | docs | guides | Fix broken JDK8 documentation links |
17 | JDK-8166140 | hotspot | compiler | C1: Possible integer overflow in LIRGenerator::generate_address on several platforms |
18 | JDK-8183543 | hotspot | compiler | Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" |
19 | JDK-8132306 | hotspot | gc | java/lang/ref/ReferenceEnqueue.java fails with "RuntimeException: Error: poll() returned null; expected ref object" |
20 | JDK-8273341 | hotspot | runtime | Update Siphash to version 1.0 |
21 | JDK-8189641 | javafx | accessibility | [Accessibility, windows] NPE when navigating to ComboBox with empty string |
22 | JDK-8151974 | javafx | accessibility | Invisible controls are still accessible by screen readers. |
23 | JDK-8089884 | javafx | controls | TextInputControls capturing function key events |
24 | JDK-8274022 | javafx | controls | Additional Memory Leak in ControlAcceleratorSupport |
25 | JDK-8244075 | javafx | controls | Accelerator of ContextMenu's MenuItem is not removed when ContextMenu is removed from Scene |
26 | JDK-8276847 | javafx | web | JSException: ReferenceError: Can't find variable: IntersectionObserver |
27 | JDK-8278980 | javafx | web | Update WebKit to 613.1 |
28 | JDK-8281711 | javafx | web | Cherry-pick WebKit 613.1 stabilization fixes |
29 | JDK-8282099 | javafx | web | Cherry-pick WebKit 613.1 stabilization fixes (2) |
30 | JDK-8242544 | javafx | window-toolkit | CMD+ENTER key event crashes the application when invoked on dialog |
31 | JDK-8257497 | security-libs | java.security | Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280 |
32 | JDK-8274736 | security-libs | java.security | Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily |
33 | JDK-8241248 | security-libs | javax.net.ssl | NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) |
34 | JDK-8275811 | security-libs | javax.net.ssl | Incorrect instance to dispose |
35 | JDK-8141508 | tools | javac | java.lang.invoke.LambdaConversionException: Invalid receiver type ... |
36 | JDK-8255035 | xml | jaxp | Update BCEL to Version 6.5.0 |
37 | JDK-8276141 | xml | jaxp | XPathFactory set/getProperty method |
The following sections summarize changes made in all Java SE 8u321 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8278472 | client-libs | java.awt:i18n | Invalid value set to CANDIDATEFORM structure |
JDK-8278186 | security-libs | javax.xml.crypto | org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method |
JDK-8255199 | security-libs | javax.xml.crypto | Catching a few NumberFormatExceptions in xmldsig |
JDK-8275082 | security-libs | javax.xml.crypto | Update XML Security for Java to 2.3.0 |
JDK-8090477 | javafx | controls | Customizable visibility timing for Tooltip |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8247469 | core-svc | javax.management | getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available |
JDK-8265836 | core-svc | java.lang.management | OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container |
JDK-8268103 | core-svc | java.lang.management | JNI functions incorrectly return a double after JDK-8265836 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8141508 | tools | javac | java.lang.invoke.LambdaConversionException: Invalid receiver type |
JDK-8209178 | core-libs | java.net | Proxied HttpsURLConnection doesn't send BODY when retrying POST request |
JDK-8279618 | core-libs | java.util | Deserializing HashMap throws access denied suppressAccessChecks |
JDK-8273747 | deploy | webstart | Grant JWS JavaFX apps access to Windows trust store |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8279118 | core-libs | java.net | ServerSocket.close bind exception with ResourceManagement |
JDK-8151974 | javafx | accessibility | Invisible controls are still accessible by screen readers. |
January 18, 2022
The full version string for this update release is 8u321-b07 (where "b" means "build"). The version number is 8u321.
This release is intended as a bugfix release, to fix compatibility problems and typos reported since 2021b was released.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u321 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u321-b07 |
7 | 7u331-b06 |
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u321) be used after the next critical patch update scheduled for April 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u321) on 2022-05-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy the underlying PKCS11 Token after logout.
The 3 new attributes for SunPKCS11 provider configuration file are:
destroyTokenAfterLogout
(boolean, defaults to false) If set to true, when java.security.AuthProvider.logout()
is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout()
calls. Note that a PKCS11 provider with this attribute set to true
should not be added to the system provider list since the provider object is not usable after a logout()
method call.
cleaner.shortInterval
(integer, defaults to 2000, in milliseconds) This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).
cleaner.longInterval
(integer, defaults to 60000, in milliseconds) This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.
Two new system properties have been added. The system property, jdk.tls.client.disableExtensions
, is used to disable TLS extensions used in the client. The system property, jdk.tls.server.disableExtensions
, is used to disable TLS extensions used in the server. If an extension is disabled, it will be neither produced nor processed in the handshake messages.
The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.
Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.
The following root certificate from Google has been removed from the cacerts
keystore:
+ alias name "globalsignr2ca [jdk]"
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b
This release reverts the behavior of SSLSocketImpl and SSLTransport introduced by JDK-8196584. SocketException will now be thrown as is instead of being suppressed into an SSLException.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8263846 | client-libs | Bad JNI lookup getFocusOwner in accessibility code on Mac OS X | |
2 | JDK-8155742 | client-libs | [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows | |
3 | JDK-8249548 | client-libs | backward focus traversal gets stuck in button group | |
4 | JDK-8259232 | client-libs | 2d | Bad JNI lookup during printing |
5 | JDK-6801613 | client-libs | 2d | Cross-platform pageDialog and printDialog top margin entry broken |
6 | JDK-8042713 | client-libs | 2d | [macosx] Print dialog does not update attribute set with page range |
7 | JDK-8257853 | client-libs | java.awt | Remove dependencies on JNF's JNI utility functions in AWT and 2D code |
8 | JDK-8259585 | client-libs | java.awt | [macOS] Bad JNI lookup error : Accessible actions do not work on macOS |
9 | JDK-8038631 | client-libs | java.awt | Create wrapper for awt.Robot with additional functionality |
10 | JDK-6722236 | client-libs | java.awt | 3 Choice regression testcases are failing from 6u10_b26 build onwards |
11 | JDK-8041928 | client-libs | java.awt | MouseEvent.getModifiersEx gives wrong result |
12 | JDK-8275131 | client-libs | java.awt | Exceptions after a touchpad gesture on macOS |
13 | JDK-8263490 | client-libs | java.awt:i18n | [macos] Crash occurs on JPasswordField with activated InputMethod |
14 | JDK-8274326 | client-libs | javax.accessibility | [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m |
15 | JDK-8274056 | client-libs | javax.accessibility | JavaAccessibilityUtilities leaks JNI objects |
16 | JDK-8274381 | client-libs | javax.accessibility | missing CAccessibility definitions in JNI code |
17 | JDK-8259729 | client-libs | javax.accessibility | Missed JNFInstanceOf -> IsInstanceOf conversion |
18 | JDK-8208640 | client-libs | javax.accessibility | [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard. |
19 | JDK-8208747 | client-libs | javax.accessibility | [a11y] [macos] In Optionpane Demo, inside ComponentDialog Example, unable to navigate to all items, with VO on |
20 | JDK-8194873 | client-libs | javax.swing | right ALT key hotkeys no longer work in Swing components |
21 | JDK-8182577 | client-libs | javax.swing | Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel |
22 | JDK-8269850 | core-libs | Most JDK releases report macOS version 12 as 10.16 instead of 12.0 | |
23 | JDK-8190482 | core-libs | InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride | |
24 | JDK-8143317 | core-libs | jdk/lambda/vm/InterfaceAccessFlagsTest.java fails with IncompatibleClassChangeError | |
25 | JDK-8253702 | core-libs | java.lang | BigSur version number reported as 10.16, should be 11.nn |
26 | JDK-8202788 | core-libs | java.nio | Explicitly reclaim cached thread-local direct buffers at thread exit |
27 | JDK-8276536 | core-libs | java.time | Update TimeZoneNames files to follow the changes made by JDK-8275766 |
28 | JDK-8273924 | core-libs | java.util:i18n | ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add() |
29 | JDK-8187649 | core-libs | java.util:i18n | ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar |
30 | JDK-8273819 | docs | guides | Update JSSE Reference Guide with new properties to disable TLS extensions |
31 | JDK-8139247 | hotspot | compiler | Improper locking of MethodData::_extra_data_lock |
32 | JDK-8057038 | hotspot | compiler | Speculative traps not robust when compilation and class unloading are concurrent |
33 | JDK-8253353 | hotspot | compiler | Crash in C2: guarantee(n != NULL) failed: No Node |
34 | JDK-8069034 | hotspot | gc | gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure |
35 | JDK-8071530 | hotspot | runtime | Update OS detection code to reflect Windows 10 version change |
36 | JDK-8273229 | hotspot | runtime | Update OS detection code to recognize Windows Server 2022 |
37 | JDK-8274840 | hotspot | runtime | Update OS detection code to recognize Windows 11 |
38 | JDK-8273342 | hotspot | runtime | Null pointer dereference in classFileParser.cpp:2817 |
39 | JDK-8266404 | hotspot | runtime | Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report |
40 | JDK-8219562 | hotspot | runtime | Line of code in osContainer_linux.cpp#L102 appears unreachable |
41 | JDK-8186902 | hotspot | svc | jcmd GC.run should not be blocked by DisableExplicitGC |
42 | JDK-8263807 | javafx | controls | Button types of a DialogPane are set twice, returns a wrong button |
43 | JDK-8261460 | javafx | controls | Incorrect CSS applied to ContextMenu on DialogPane |
44 | JDK-8178297 | javafx | controls | TableView scrolls slightly when adding new elements |
45 | JDK-8269538 | javafx | controls | StackOverflowError when pressing F10 within SpinnerSkin |
46 | JDK-8208088 | javafx | controls | Memory Leak in ControlAcceleratorSupport |
47 | JDK-8275138 | javafx | web | WebView: UserAgent string is empty for first request |
48 | JDK-8274929 | javafx | window-toolkit | Crash while reading specific clipboard content |
49 | JDK-8275723 | javafx | window-toolkit | Crash on macOS 12 in GlassRunnable::dealloc |
50 | JDK-8192988 | security-libs | java.security | keytool should support -storepasswd for pkcs12 keystores |
51 | JDK-8225083 | security-libs | java.security | Remove Google certificate that is expiring in December 2021 |
52 | JDK-8273826 | security-libs | java.security | Correct Manifest file name and NPE checks |
53 | JDK-8277224 | security-libs | java.security | sun.security.pkcs.PKCS9Attributes.toString() throws NPE |
54 | JDK-8269034 | security-libs | javax.crypto:pkcs11 | AccessControlException for SunPKCS11 daemon threads |
55 | JDK-8240256 | security-libs | javax.crypto:pkcs11 | Better resource cleaning for SunPKCS11 Provider |
56 | JDK-8098580 | security-libs | javax.crypto:pkcs11 | drainRefQueueBounds() puts pressure on pool.size() |
57 | JDK-8270344 | security-libs | javax.net.ssl | Session resumption errors |
58 | JDK-8217633 | security-libs | javax.net.ssl | Configurable extensions with system properties |
59 | JDK-8268965 | security-libs | javax.net.ssl | TCP Connection Reset when connecting simple socket to SSL server |
60 | JDK-8259662 | security-libs | javax.net.ssl | Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl |
61 | JDK-8169416 | security-libs | javax.net.ssl | SSLSessionImpl finalize overhead |
62 | JDK-8147051 | xml | javax.xml.stream | StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator |
The following sections summarize changes made in all Java SE 8u311 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8182577 | client-libs | javax.swing | Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel |
JDK-8241248 | security-libs | javax.net.ssl | NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8274929 | javafx | window-toolkit | Crash while reading specific clipboard content |
JDK-8089884 | javafx | controls | TextInputControls capturing function key events |
JDK-8253353 | hotspot | compiler | Crash in C2: guarantee(n != NULL) failed: No Node |
JDK-8275766 | core-libs | java.time | (tz) Update Timezone Data to 2021e |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8275138 | javafx | web | WebView: UserAgent string is empty for first request |
JDK-8274779 | core-libs | java.net | HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST |
JDK-8273229 | hotspot | runtime | Update OS detection code to recognize Windows Server 2022 |
JDK-8274840 | hotspot | runtime | Update OS detection code to recognize Windows 11 |
JDK-8041928 | client-libs | java.awt | MouseEvent.getModifiersEx gives wrong result |
JDK-8275723 | javafx | window-toolkit | Crash on macOS 12 in GlassRunnable::dealloc |
JDK-8274407 | core-libs | java.time | (tz) Update Timezone Data to 2021c |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8269538 | javafx | controls | StackOverflowError when pressing F10 within SpinnerSkin |
JDK-8240256 | security-libs | javax.crypto:pkcs11 | Better resource cleaning for SunPKCS11 Provider |
JDK-8098580 | security-libs | javax.crypto:pkcs11 | drainRefQueueBounds() puts pressure on pool.size() |
JDK-8190482 | core-libs | InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride | |
JDK-8169416 | security-libs | javax.net.ssl | SSLSessionImpl finalize overhead |
October 19, 2021
The full version string for this update release is 8u311-b11 (where "b" means "build"). The version number is 8u311.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u311 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u311-b11 |
7 | 7u321-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u311) be used after the next critical patch update scheduled for January 18, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u311) on 2022-02-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Starting from version 8u311, the Marlin graphics rasterizer and its artifacts will be built and distributed as a part of the JDK/JRE bundles. It is not the default rendering engine, however there is an option to enable it by setting the following system property:
sun.java2d.renderer=sun.java2d.marlin.MarlinRenderingEngine
Allow applications to configure context-specific and dynamically-selected deserialization filters via a JVM-wide filter factory that is invoked to select a filter for each deserialization stream. The behavior is a strict subset of JEP 415: Context-Specific Deserialization Filters to allow a filter factory to be configured using a property configured on the command line or in the security properties file.
The behavior is opt-in based on the presence of the jdk.serialFilterFactory
system property on the command line or the jdk.serialFilterFactory
security property. If set, the JVM-wide filter factory selects the filter for each stream when the stream is constructed and when a stream-specific filter is set.
The JVM-wide filter factory is a java.util.function.BinaryOperator<sun.misc.ObjectInputFilter>
function invoked when each ObjectInputStream
is constructed and when the stream-specific filter is set using sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter)
. The parameters are the current filter and a requested filter and the function returns the filter to be used for the stream. When invoked from the ObjectInputStream
constructors, the first parameter is null
and the second parameter is the static JVM-wide filter
. When invoked from sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter)
, the first parameter is the filter currently set on the stream (which was set in the constructor), and the second parameter is the filter requested.
A typical filter factory should use or merge the static JVM-wide filter with other application and context specific filters and the stream-specific filter, if one is set on the stream. The filter factory implementation can also use any contextual information at its disposal, for example, extracted from the application thread context, or its call stack, to compose and combine a new filter. It is not restricted to only use its two parameters.
Refer to Context-Specific Deserialization Filter and Serialization Filtering Guide for details.
The following root certificate from IdenTrust has been removed from the cacerts
keystore:
+ alias name "identrustdstx3 [jdk]"
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
This release doesn't correctly identify Windows 11. The property os.name
is set to Windows 10
on Windows 11. In HotSpot error logs, the OS is identified as Windows 10
; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.
The default priority order of the cipher suites for TLS 1.0 to TLS 1.3 has been adjusted.
For TLS 1.3, TLS_AES_256_GCM_SHA384 is now preferred over TLS_AES_128_GCM_SHA256.
For TLS 1.0 to TLS 1.2, some of the intermediate suites have been lowered in priority as follows:
The behavior of HttpURLConnection
when using ProxySelector
has been modified in this JDK release. HttpURLConnection
used to fall back to a direct connection attempt if the configured proxy(s) failed to make a connection. Beginning with this release, the default behavior has been changed to no longer use a direct connection when the first proxy connection attempt fails.
A new system property, sun.net.http.fallbackToDirect
, can be set to a value of "true" should an application need to fall back to the old behavior (fall back to a direct connection when the first proxy connection attempt fails).
The scope of the com.sun.jndi.ldap.object.trustSerialData
system property has been extended to control the deserialization of java objects from the javaReferenceAddress
LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData
and javaReferenceAddress
LDAP attributes.
To prevent deserialization of java objects from these attributes, the system property can be set to false
. By default, the deserialization of java objects from javaSerializedData
and javaReferenceAddress
attributes is allowed.
This release doesn't correctly identify Windows Server. The property os.name
is set to Windows 2019
on Windows Server 2022. In HotSpot error logs, the OS is identified as Windows 10.0
for Windows Server releases 2016, 2019, and 2022; however, the HotSpot error log does show the Build number. Windows Server 2016 has Build 14393 or above, Windows Server 2019 has Build 17763 or above, and Windows Server 2022 has Build 20348 or above.
The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module".
This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8148886 | client-libs | SEGV in sun.java2d.marlin.Renderer._endRendering | |
2 | JDK-8149338 | client-libs | 2d | JVM Crash caused by Marlin renderer not handling NaN coordinates |
3 | JDK-8144938 | client-libs | 2d | Handle properly coordinate overflow in Marlin Renderer |
4 | JDK-8180055 | client-libs | 2d | Upgrade the Marlin renderer in Java2D |
5 | JDK-8202580 | client-libs | 2d | Dashed BasicStroke randomly painted incorrectly, may freeze application |
6 | JDK-8210335 | client-libs | 2d | Clipping problems with complex affine transforms: negative scaling factors or small scaling factors |
7 | JDK-8228711 | client-libs | 2d | Path rendered incorrectly when it goes outside the clipping region |
8 | JDK-8230728 | client-libs | 2d | Thin stroked shapes are not rendered if affine transform has flip bit |
9 | JDK-8145055 | client-libs | 2d | Marlin renderer causes unaligned write accesses |
10 | JDK-8244088 | client-libs | 2d | [Regression] Switch of Gnome theme ends up in deadlocked UI |
11 | JDK-8262392 | client-libs | 2d | Update Mesa 3-D Headers to version 21.0.3 |
12 | JDK-8262731 | client-libs | 2d | [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" |
13 | JDK-8198885 | client-libs | 2d | Upgrade Marlin (java2d) to 0.9.1 |
14 | JDK-8273358 | client-libs | 2d | macOS Monterey does not have the font Times needed by Serif |
15 | JDK-8269984 | client-libs | java.awt | [macos] JTabbedPane title looks like disabled |
16 | JDK-8129940 | client-libs | javax.swing | JRadioButton does not honor non-standard FocusTraversalKeys |
17 | JDK-8251377 | client-libs | javax.swing | [macos11] JTabbedPane selected tab text is barely legible |
18 | JDK-8269931 | client-libs | javax.swing | ButtonGroupLayoutTraversalTest.java fails on macOS |
19 | JDK-8268518 | client-libs | javax.swing | Add headful keyword to LayoutFocusTraversalPolicy.java |
20 | JDK-8154043 | client-libs | javax.swing | Fields not reachable anymore by tab-key, because of new tabbing behaviour of radio button groups. |
21 | JDK-8035424 | core-libs | java.lang:reflect | Performance problem in sun.reflect.generics.parser.SignatureParser |
22 | JDK-8161016 | core-libs | java.net | Strange behavior of URLConnection with proxy |
23 | JDK-8183369 | core-libs | java.net | RFC unconformity of HttpURLConnection with proxy |
24 | JDK-8067744 | hotspot | compiler | XMM/SSE float register values corrupted by JNI_CreateVM call in JRE 8 (Windows) |
25 | JDK-8268366 | hotspot | compiler | Incorrect calculation of has_fpu_registers in C1 linear scan |
26 | JDK-8268347 | hotspot | compiler | C2: nested locks optimization may create unbalanced monitor enter/exit code |
27 | JDK-8269304 | hotspot | compiler | Regression ~5% in spec2005 in b27 |
28 | JDK-8065895 | hotspot | runtime | Synchronous signals during error reporting may terminate or hang VM process |
29 | JDK-8261397 | hotspot | runtime | try catch Method failing to work when dividing an integer by 0 |
30 | JDK-8262396 | javafx | graphics | Update Mesa 3-D Headers to version 21.0.3 |
31 | JDK-8266860 | javafx | media | [macos] Incorrect duration reported for HLS live streams |
32 | JDK-8264737 | javafx | media | JavaFX media stream stops playing after reconnecting via Remote Desktop |
33 | JDK-8267819 | javafx | media | CoInitialize/CoUninitialize should be called on same thread |
34 | JDK-8268219 | javafx | media | hlsprogressbuffer should provide PTS after GStreamer update |
35 | JDK-8269147 | javafx | media | Update GStreamer to version 1.18.4 |
36 | JDK-8268718 | javafx | media | [macos] Video stops, but audio continues to play when stopTime is reached |
37 | JDK-8269131 | javafx | web | Update libxml2 to version 2.9.12 |
38 | JDK-8270479 | javafx | web | WebKit 612.1 build fails with Visual Studio 2017 |
39 | JDK-8272329 | javafx | web | Cherry pick GTK WebKit 2.32.3 changes |
40 | JDK-8268849 | javafx | web | Update to 612.1 version of WebKit |
41 | JDK-8274107 | javafx | web | Cherry pick GTK WebKit 2.32.4 changes |
42 | JDK-8231558 | javafx | window-toolkit | [macos] Platform.exit causes assertion error on macOS 10.15 or later |
43 | JDK-8268158 | security-libs | Partial backport of JDK-8214074 | |
44 | JDK-8156584 | security-libs | java.security | Initialization race in sun.security.x509.AlgorithmId.get |
45 | JDK-8268128 | security-libs | java.security | ProviderConfig deadlock in JDK 8u291 |
46 | JDK-8225082 | security-libs | java.security | Remove IdenTrust certificate that is expiring in September 2021 |
47 | JDK-8238555 | security-libs | javax.crypto:pkcs11 | Allow initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB |
48 | JDK-8163326 | security-libs | javax.net.ssl | Update the default enabled cipher suites preference |
49 | JDK-8259886 | security-libs | javax.net.ssl | Improve SSL session cache performance and scalability |
50 | JDK-8255255 | security-libs | javax.xml.crypto | Update Apache Santuario (XML Signature) to version 2.2.1 |
51 | JDK-8260690 | tools | jconsole | JConsole User Guide Link from the Help menu is not accessible by keyboard |
52 | JDK-8268213 | xml | jax-ws | Racecondition at ContextClassloaderLocal.java:45 |
The following sections summarize changes made in all Java SE 8u301 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-6801613 | client-libs | 2d | Cross-platform pageDialog and printDialog top margin entry broken |
JDK-8268965 | security-libs | javax.net.ssl | TCP Connection Reset when connecting simple socket to SSL server |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8261287 (Confidential) | client-libs | 2d | Ductus renderer does not work properly on aarch64, all graphics primitives appear broken |
JDK-8271206 (Confidential) | deploy | webstart | Passing system property jnlp.sis.session requires multi-clicks |
JDK-8271087 (Confidential) | install | install | [macos] postinstall script should provide verbose output |
JDK-8271854 | core-libs | java.nio | Explicitly reclaim cached thread-local direct buffers at thread exit |
JDK-8205540 | core-svc | debugger | test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8268213 | xml | jax-ws | Racecondition at ContextClassloaderLocal.java:45 |
July 20, 2021
The full version string for this update release is 8u301-b09 (where "b" means "build"). The version number is 8u301.
JDK 8u301 contains IANA time zone data 2021a.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u301 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u301-b09 |
7 | 7u311-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u301) be used after the next critical patch update scheduled for October 19, 2021.
Java SE Subscription customers managing JRE updates/installs for large numbers of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u301) on 2021-11-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
The support for the Kerberos MSSFU extensions [1] is now extended to cross-realm environments.
By leveraging the Kerberos cross-realm referrals enhancement introduced in the context of JDK-8215032, the 'S4U2Self' and 'S4U2Proxy' extensions may be used to impersonate user and service principals located on different realms.
New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores. This includes algorithms and parameters for key protection, certificate protection, and MacData. The detailed explanation and possible values for these properties can be found in the "PKCS12 KeyStore properties" section of the java.security
file.
Also, support for the following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider: HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512, HmacPBESHA512/224, HmacPBESHA512/256
The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts
keystore:
+ alias name "thawtepremiumserverca [jdk]"
Distinguished Name: EMAILADDRESS=premium-server@thawte.com,
CN=Thawte Premium Server CA, OU=Certification Services Division,
O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
+ alias name "verisignclass2g2ca [jdk]"
Distinguished Name: OU=VeriSign Trust Network,
OU="(c) 1998 VeriSign, Inc. - For authorized use only",
OU=Class 2 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
+ alias name "verisignclass3ca [jdk]"
Distinguished Name: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
+ alias name "verisignclass3g2ca [jdk]"
Distinguished Name: OU=VeriSign Trust Network,
OU="(c) 1998 VeriSign, Inc. - For authorized use only",
OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
+ alias name "verisigntsaca [jdk]"
Distinguished Name: CN=Thawte Timestamping CA,
OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
+ alias name "gtecybertrustglobalca [jdk]"
Distinguished Name:CN=GTE CyberTrust Global Root,
OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
The following root certificate has been removed from the cacerts truststore:
+ Telia Company
+ soneraclass2ca
DN: CN=Sonera Class2 CA, O=Sonera, C=FI
The JarFile
class now treats a signed JAR as unsigned if it detects a second manifest in the JAR file. A warning message, "WARNING: Multiple MANIFEST.MF found. Treat JAR file as unsigned."
, is logged if the system property -Djava.security.debug=jar
is set.
The following capabilities have been removed from the list of what OracleJDK/OracleJRE RPMs provide: xml-commons-api
, jaxp_parser_impl
, and java-fonts
. This clean-up of the list resolves existing and potential conflicts with modular RPMs.
There are other rpms providing these capabilities, so there should be no impact on packages that depend on them. Package managers can use other RPMs to satisfy the dependencies provided by the OracleJDK/OracleJRE RPMs before this change.
Client-side FTP support in the Java platform is available through the FTP URL stream protocol handler, now referred to as the FTP Client.
The following system property has been added for validation of server addresses in FTP
passive mode.
jdk.net.ftp.trustPasvAddress
.In this release, the FTP Client has been enhanced to reject an address sent by a server, in response to a PASV
command from the FTP Client, when that address differs from the address which the FTP Client initially connected.
To revert to the prior behavior, the jdk.net.ftp.trustPasvAddress
system property can be set to true
. The affect of setting this property is that the FTP Client accepts and uses the address value returned in reply to a PASV
command
On the macOS platform, custom URL protocol handlers such as Java WebStart (jnlp and jnlps URI schemes) are deregistered after an OS upgrade. If the Java WebStart application uses jnlp or jnlps URI scheme(s), it is recommended that you check their registration status after the OS upgrade. The registration status of the custom URL protocol handlers can be obtained via the 'lsregister'
command.
For example:
lsregister -dump URLSchemeBinding | sort | grep 'jnlp|java|jar'
The Java WebStart protocol handler is registered and no-further action is required if the output of the above command contains the following lines:
jnlp: Java Network Launch Protocol (0x4680) (0x4682)
jnlps: Secure Java Network Launch Protocol (0x4684) (0x4686)
Otherwise, it is necessary to upgrade or reinstall the JRE in order to register the Java WebStart protocol.
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with keystore.pkcs12
in the java.security
file for detailed information.
For compatibility, a new system property named keystore.pkcs12.legacy
is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked.
In order to reduce the compatibility risk for applications that have been previously timestamped or use private CAs, there are two exceptions to this policy:
cacerts
keystore will not be restricted.These exceptions may be removed in a future JDK release.
Users can, at their own risk, remove these restrictions by modifying the java.security
configuration file (or overriding it using the java.security.properties
system property) and removing "SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms
security property and "SHA1 jdkCA & denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms
security property.
Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 character set which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays that may not be expected by a peer.
SunJSSE now encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 characters. This means applications that used characters above U+000007F that were previously encoded using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security property jdk.tls.alpnCharset
to "UTF-8" revert the behavior.
See the updated guide at https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html for more information.
Client-side FTP support in the Java platform is available through the FTP URL stream protocol handler, henceforth referred to as the FTP Client.
The following system property has been added for validation of server addresses in FTP
passive mode.
jdk.net.ftp.trustPasvAddress
.In this release, the FTP Client has been enhanced to reject an address sent by a server, in response to a PASV
command from the FTP Client, when that address differs from the address which the FTP Client initially connected.
To revert to the prior behavior, the jdk.net.ftp.trustPasvAddress
system property can be set to true
. The affect of setting this property is that the FTP Client accepts and uses the address value returned in reply to a PASV
command
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8249142 | client-libs | java/awt/FontClass/CreateFont/DeleteFont.sh is unstable | |
2 | JDK-8166673 | client-libs | The new implementation of Robot.waitForIdle() may hang | |
3 | JDK-8263311 | client-libs | 2d | Watch registry changes for remote printers update instead of polling |
4 | JDK-8262829 | client-libs | 2d | Native crash in Win32PrintServiceLookup.getAllPrinterNames() |
5 | JDK-8260380 | client-libs | 2d | Upgrade to LittleCMS 2.12 |
6 | JDK-6847157 | client-libs | 2d | java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit |
7 | JDK-8225105 | client-libs | java.awt | java/awt/Focus/ShowFrameCheckForegroundTest/ShowFrameCheckForegroundTest.java fails in Windows 10 |
8 | JDK-8198335 | client-libs | java.awt | java/awt/FullScreen/UninitializedDisplayModeChangeTest/UninitializedDisplayModeChangeTest.java fails in headless mode |
9 | JDK-6544871 | client-libs | java.awt | java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows. |
10 | JDK-8196019 | client-libs | java.awt | java/awt/Window/Grab/GrabTest.java fails on Windows |
11 | JDK-8224821 | client-libs | java.awt | java/awt/Focus/NoAutotransferToDisabledCompTest/NoAutotransferToDisabledCompTest.java fails linux-x64 |
12 | JDK-8215105 | client-libs | java.awt | java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color |
13 | JDK-8261231 | client-libs | java.awt | Windows IME was disabled after DnD operation |
14 | JDK-7185258 | client-libs | java.awt | [macOS] Deadlock in SunToolKit.realSync() |
15 | JDK-8240518 | client-libs | java.awt | Incorrect JNU_ReleaseStringPlatformChars in Windows Print |
16 | JDK-8004148 | client-libs | java.awt | NPE in sun.awt.SunToolkit.getWindowDeactivationTime |
17 | JDK-8262446 | client-libs | java.awt | DragAndDrop hangs on Windows |
18 | JDK-8159898 | client-libs | java.beans | Negative array size in java/beans/Introspector/Test8027905.java |
19 | JDK-8178403 | client-libs | javax.sound | DirectAudio in JavaSound may hang and leak |
20 | JDK-8159135 | client-libs | javax.swing | [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail |
21 | JDK-8264328 | client-libs | javax.swing | Broken license in javax/swing/JComboBox/8072767/bug8072767.java |
22 | JDK-8240690 | client-libs | javax.swing | Race condition between EDT and BasicDirectoryModel.FilesLoader.run0() |
23 | JDK-8239312 | client-libs | javax.swing | [macOS] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java |
24 | JDK-8196100 | client-libs | javax.swing | javax/swing/text/JTextComponent/5074573/bug5074573.java fails |
25 | JDK-8177809 | core-libs | java.io | File.lastModified() is losing milliseconds (always ends in 000) |
26 | JDK-8178161 | core-libs | java.net | Default multicast interface on Mac |
27 | JDK-8263917 | core-libs | java.rmi | Backout of 8049202 in 8u |
28 | JDK-8252883 | core-libs | java.util.logging | AccessDeniedException caused by delayed file deletion on Windows |
29 | JDK-8262110 | core-libs | java.util:i18n | DST starts from incorrect time in 2038 |
30 | JDK-8255086 | core-libs | java.util:i18n | Update the root locale display names |
31 | JDK-8247432 | core-libs | java.util:i18n | Update IANA Language Subtag Registry to Version 2020-09-29 |
32 | JDK-8241082 | core-libs | java.util:i18n | Upgrade IANA Language Subtag Registry data to 03-16-2020 version |
33 | JDK-8242010 | core-libs | java.util:i18n | Update IANA Language Subtag Registry to Version 2020-04-01 |
34 | JDK-8073446 | core-libs | java.util:i18n | TimeZone getOffset API does not return a DST offset between years 2038-2137 |
35 | JDK-8258753 | core-libs | javax.naming | StartTlsResponse.close() hangs due to synchronization issues |
36 | JDK-8247707 | deploy | plugin | UAC prompt of unknown publisher after upgrading java 8u241 |
37 | JDK-7123987 | docs | Request Documentation on JNLP/JNI with in 32-bit and 64-bit windows | |
38 | JDK-8216154 | hotspot | compiler | C4819 warnings at HotSpot sources on Windows |
39 | JDK-8211233 | hotspot | compiler | MemBarNode::trailing_membar() and MemBarNode::leading_membar() need to handle dying subgraphs better |
40 | JDK-8209420 | hotspot | compiler | Track membars for volatile accesses so they can be properly optimized |
41 | JDK-8132148 | hotspot | gc | G1 hs_err region dump legend out of sync with region values |
42 | JDK-8166607 | hotspot | gc | G1 needs klass_or_null_acquire |
43 | JDK-8166862 | hotspot | gc | CMS needs klass_or_null_acquire |
44 | JDK-8166229 | hotspot | gc | Eliminate ParNew's use of klass_or_null() |
45 | JDK-8166663 | hotspot | gc | Simplify oops_on_card_seq_iterate_careful |
46 | JDK-8166583 | hotspot | gc | Add oopDesc::klass_or_null_acquire() |
47 | JDK-8165808 | hotspot | gc | Add release barriers when allocating objects with concurrent collection |
48 | JDK-8260704 | hotspot | gc | ParallelGC: oldgen expansion needs release-store for _end |
49 | JDK-8259271 | hotspot | gc | gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" |
50 | JDK-8257746 | hotspot | runtime | Regression introduced with JDK-8250984 - memory might be null in some machines |
51 | JDK-8203345 | javafx | accessibility | Memory leak in VirtualFlow when screen reader is enabled |
52 | JDK-8160554 | javafx | controls | Wrong unit measure in CornerRadiiConverter |
53 | JDK-8185854 | javafx | controls | NPE on non-editable ComboBox in TabPane with custom Skin |
54 | JDK-8266966 | javafx | controls | Wrong CSS properties are applied to other nodes after fix for JDK-8204568 |
55 | JDK-8204568 | javafx | controls | Relative CSS-Attributes don't work all time |
56 | JDK-8239589 | javafx | graphics | JavaFX UI will not repaint after reconnecting via Remote Desktop |
57 | JDK-8259046 | javafx | graphics | ViewPainter.ROOT_PATHS holds reference to Scene causing memory leak |
58 | JDK-8258986 | javafx | graphics | getColor throws IOOBE when PixelReader reads the same pixel twice |
59 | JDK-8259356 | javafx | media | MediaPlayer's seek freezes video |
60 | JDK-8262365 | javafx | media | Update GStreamer to version 1.18.3 |
61 | JDK-8262366 | javafx | media | Update glib to version 2.66.7 |
62 | JDK-8268152 | javafx | media | gstmpegaudioparse does not provides timestamps for HLS MP3 streams |
63 | JDK-8260246 | javafx | samples | Ensemble: Update version of Lucene to 7.7.3 |
64 | JDK-8259680 | javafx | scenegraph | Need API to query states of CAPS LOCK and NUM LOCK keys |
65 | JDK-8264990 | javafx | web | WebEngine crashes with segfault when not loaded through system classloader |
66 | JDK-8259555 | javafx | web | Webkit crashes on Apple Silicon |
67 | JDK-8263788 | javafx | web | JavaFX application freezes completely after some time when using the WebView |
68 | JDK-8261927 | javafx | web | WebKit build fails with Visual Studio 2017 |
69 | JDK-8260245 | javafx | web | Update ICU4C to version 68.2 |
70 | JDK-8251555 | javafx | window-toolkit | Remove unused focusedWindow field in glass Window to avoid leak |
71 | JDK-8263169 | javafx | window-toolkit | [macOS] JavaFX windows open as tabs when system preference for documents is set |
72 | JDK-8266293 | security-libs | Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" | |
73 | JDK-8263817 | security-libs | java.security | java.util.MissingResourceException if add cert with GOST key in cacerts |
74 | JDK-8218553 | security-libs | java.security | Enhance keystore load debug output |
75 | JDK-8243559 | security-libs | java.security | Remove root certificates with 1024-bit keys |
76 | JDK-8225081 | security-libs | java.security | Remove Telia Company CA certificate expiring in April 2021 |
77 | JDK-8153005 | security-libs | java.security | Upgrade the default PKCS12 encryption/MAC algorithms |
78 | JDK-8267599 | security-libs | java.security | Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u |
79 | JDK-8214513 | security-libs | java.security | A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 |
80 | JDK-8202837 | security-libs | java.security | PBES2 AlgorithmId encoding error in PKCS12 KeyStore |
81 | JDK-8267100 | security-libs | java.security | [BACKOUT] JDK-8196415 Disable SHA-1 Signed JARs |
82 | JDK-8196415 | security-libs | java.security | Disable SHA-1 Signed JARs |
83 | JDK-8076190 | security-libs | java.security | Customizing the generation of a PKCS12 keystore |
84 | JDK-8260300 | security-libs | javax.net.ssl | Restrict TLS signature schemes in 8u |
85 | JDK-8254631 | security-libs | javax.net.ssl | Better support ALPN byte wire values in SunJSSE |
86 | JDK-8005819 | security-libs | org.ietf.jgss:krb5 | Support cross-realm MSSFU |
87 | JDK-8180478 | tools | tools/launcher/MultipleJRE.sh fails on Windows because of extra-'' | |
88 | JDK-8260568 | xml | Xerces version string output does not match actual version in JDK | |
89 | JDK-8235368 | xml | jaxp | Update BCEL to Version 6.4.1 |
90 | JDK-8213734 | xml | org.xml.sax | SAXParser.parse(File, ..) does not close resources when Exception occurs. |
The following sections summarize changes made in all Java SE 8u291 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8268128 | security-libs | java.security | ProviderConfig deadlock in JDK 8u291 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8259886 | security-libs | javax.net.ssl | Improve SSL session cache performance and scalability |
JDK-8266943 (Confidential) | install | install | Request to reinstate MacOS JRE pkg.dmg binary bundle |
JDK-8267429 (Confidential) | infrastructure | release_eng | MacOS JRE pkg.dmg binary bundle reinstated |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8258753 | core-libs | javax.naming | StartTlsResponse.close() hangs due to synchronization issues |
JDK-8263788 | javafx | web | JavaFX application freezes completely after some time when using the WebView |
JDK-8185854 | javafx | controls | NPE on non-editable ComboBox in TabPane with custom Skin |
JDK-8260300 | security-libs | javax.net.ssl | Restrict TLS signature schemes in 8u |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8239589 | javafx | graphics | JavaFX UI will not repaint after reconnecting via Remote Desktop |
April 20, 2021
The full version string for this update release is 1.8.0_291-b10 (where "b" means "build"). The version number is 8u291.
JDK 8u291 contains IANA time zone data 2020e, 2020f, 2021a.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u291 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_291-b10 |
7 | 1.7.0_301-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u291) be used after the next critical patch update scheduled for July 20, 2021.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u291) on 2021-08-20. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
jdk.jndi.object.factoriesFilter
: This system and security property allows a serial filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems. The factory class named by the reference instance is matched against this filter during remote reference reconstruction. The filter property supports pattern-based filter syntax with the format specified by JEP 290. This property applies both to the JNDI/RMI and the JNDI/LDAP built-in provider implementations. The default value allows any object factory class specified in the reference to recreate the referenced object.
com.sun.jndi.ldap.object.trustSerialData
: This system property allows control of the deserialization of java objects from the javaSerializedData
LDAP attribute. To prevent deserialization of java objects from the attribute, the system property can be set to false
value. By default, deserialization of java objects from the javaSerializedData
attribute is allowed.
The following root certificates have been added to the cacerts truststore:
+ HARICA
+ haricarootca2015
DN: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+ haricaeccrootca2015
DN: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
Oracle JRE installers will update the PATH environment variable with their directory behind any already put in place by other Oracle JDK installers.
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms
security property in the java.security
configuration file.
TLS 1.0 and 1.1 have been disabled. These protocols are NOT used by Java Plugin applets and Java Web Start applications by default. In case of any issues there is an option to re-enable the protocols via Java Control Panel.
In the java.lang.ProcessBuilder
implementation on Windows, the system property jdk.lang.Process.allowAmbiguousCommands=false
ensures, for each argument, that double-quotes are properly encoded in the command string passed to Windows CreateProcess
. An argument with a final trailing double-quote preceded by a backslash is encoded as a literal double-quote; previously, the argument including the double-quote would be joined with the next argument. An empty argument is encoded as a pair of double-quotes ("") resulting in a zero length string passed for the argument to the process; previously, it was silently ignored. An argument containing double-quotes, other than first and last, is encoded to preserve the double-quotes when passed to the process; previously, the embedded double-quotes would be dropped and not passed to the process. If a security manager is set, such as in WebStart applications, double-quotes are encoded as described. When there is no security manager, there is no change to existing behavior; the jdk.lang.Process.allowAmbiguousCommands
property can be set to true
: jdk.lang.Process.allowAmbiguousCommands=true
or false
. If left unset, it is the same as setting it to true
.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8244621 | client-libs | 2d | [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 |
2 | JDK-8258805 | client-libs | java.awt | Japanese characters not entered by mouse click on Windows 10 |
3 | JDK-8212678 | client-libs | java.awt | Windows IME related patch |
4 | JDK-8239137 | client-libs | javax.accessibility | JAWS does not always announce the value of JSliders in JColorChooser |
5 | JDK-8249588 | client-libs | javax.accessibility | libwindowsaccessbridge issues on 64bit Windows |
6 | JDK-8255880 | client-libs | javax.swing | UI of Swing components is not redrawn after their internal state changed |
7 | JDK-8250627 | core-libs | Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics | |
8 | JDK-8251397 | core-libs | java.lang | NPE on ClassValue.ClassValueMap.cacheArray |
9 | JDK-7146776 | core-libs | java.net | Deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection |
10 | JDK-8247766 | hotspot | compiler | AArch64: guarantee(val < (1U << nbits)) failed: Field too big for insn |
11 | JDK-8252482 | hotspot | compiler | disable cbcond instructions on SPARC64 |
12 | JDK-8243290 | hotspot | runtime | Improve diagnostic messages for class verification and redefinition failures |
13 | JDK-8257168 | hotspot | runtime | Use SkippedException instead of RuntimeException for docker not able to pull the repository |
14 | JDK-8260159 | install | install | Typo in Javapath.cpp |
15 | JDK-8260190 | install | install | Incomplete JDK-8259215 fix |
16 | JDK-8259215 | install | install | Default Java version is not updated for double click jar execution |
17 | JDK-8242565 | security-libs | java.security | Policy initialization issues when the denyAfter constraint is enabled |
18 | JDK-8244154 | security-libs | javax.crypto:pkcs11 | Update SunPKCS11 provider with PKCS11 v3.0 header files |
19 | JDK-8240871 | security-libs | javax.net.ssl | SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3 |
20 | JDK-8257997 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
21 | JDK-8253368 | security-libs | javax.net.ssl | TLS connection always receives close_notify exception |
22 | JDK-8202343 | security-libs | javax.net.ssl | Disable TLS 1.0 and 1.1 |
23 | JDK-8256818 | security-libs | javax.net.ssl | SSLSocket that is never bound or connected leaks socket resources |
24 | JDK-8257670 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
25 | JDK-8255559 | security-libs | javax.xml.crypto | Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() |
26 | JDK-8261970 | xml | reutilization of org.w3c.dom.ls.LSSerializer,produces unexpected result in 8u271 | |
27 | JDK-8256685 | xml | jaxp | Behavior change in XML since JDK 8u271 |
28 | JDK-8249867 | xml | jaxp | XML declaration is not followed by a newline |
The following sections summarize changes made in all Java SE 8u281 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8204568 | javafx | controls | Relative CSS-Attributes don't work all time |
JDK-8262829 | client-libs | 2d | Native crash in Win32PrintServiceLookup.getAllPrinterNames() |
JDK-8262940 (Confidential) | install | [macOS] Java Webstart protocol schemes not registered by JRE installer on macOS | |
JDK-8247707 | deploy | plugin | UAC prompt of unknown publisher after upgrading java 8u241 |
JDK-8263575 (Confidential) | install | install | Conflict between JDK rpms and OL8 Modularity prevents dnf install/updates |
JDK-8263842 (Confidential) | install | install | Clean up "Provides" tag of OracleJDK/JRE rpms |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8261970 | xml | reutilization of org.w3c.dom.ls.LSSerializer,produces unexpected result in 8u271 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8259680 | javafx | scenegraph | Need API to query states of CAPS LOCK and NUM LOCK keys |
JDK-8258803 | xml | WLS/Tuxedo error in encoding post JDK upgrade | |
JDK-8261209 | xml | jaxp | isStandalone property: remove dependency on pretty-print |
JDK-8249867 | xml | jaxp | xml declaration is not followed by a newline |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8259048 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2020f |
JDK-8259215 | install | install | default java version is not updated for double click jar execution |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8256925 (Confidential) | security-libs | java.security | Regression with JDK-8236464 in Oracle 8u271 |
JDK-8256818 | security-libs | javax.net.ssl | SSLSocket that is never bound or connected leaks socket resources |
JDK-8257670 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
JDK-8257884 | security-libs | javax.net.ssl | Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test |
JDK-8257997 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
JDK-8256004 (Confidential) | deploy | plugin | DRS: Can not run applet in DRS with java 6 after 8u261 upgrade |
JDK-8258373 | client-libs | javax.swing | Update the text handling in the JPasswordField |
JDK-8253368 | security-libs | javax.net.ssl | TLS connection always receives close_notify exception |
January 19, 2021
The full version string for this update release is 1.8.0_281-b09 (where "b" means "build"). The version number is 8u281.
JDK 8u281 contains IANA time zone data version 2020d. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u281 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_281-b09 |
7 | 1.7.0_291-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u281) be used after the next critical patch update scheduled for April 20, 2021.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u281) on May 15, 2021. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A new -groupname
option has been added to keytool -genkeypair
so that a user can specify a named group when generating a key pair. For example, keytool -genkeypair -keyalg EC -groupname secp384r1
will generate an EC key pair by using the secp384r1
curve. Because there might be multiple curves with the same size, using the -groupname
option is preferred over the -keysize
option.
The Apache Santuario library has been upgraded to version 2.1.4. As a result, a new system property com.sun.org.apache.xml.internal.security.parser.pool-size
has been introduced.
This new system property sets the pool size of the internal DocumentBuilder
cache used when processing XML Signatures. The function is equivalent to the org.apache.xml.security.parser.pool-size
system property used in Apache Santuario and has the same default value of 20.
The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.
With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.
Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension
system property to true
. The default value of the property is false
.
Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension
is set to true
and the client trusts more CAs than the server implementation limit.
Starting from macOS Catalina 10.15, applications do not have access to the Desktop, Documents and Downloads folders. So, if you use JavaControlPanel app to access files at the locations specified above, (such as load certificates from the Downloads folder) you must either move the files to another location or grant the required permissions to the JavaControlPanel app.
The steps to required to grant the permissions to JavaControlPanel are provided below:
1. On your Mac, open the Apple menu, click System Preferences, click Security & Privacy, then click Privacy.
2. Select Full Disk Access and click +.
3. In Applications, navigate to the System Preferences app (Applications > System Preferences), and click Open.
Note: You must grant permissions to the System Preferences app because the JavaControlPanel app is a part of that application on macOS.
The JDK update incorporates tzdata2020d. The main change is
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html for more information.
The JDK update incorporates tzdata2020c. The main change is
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000060.html for more information.
Following the JDK's update to tzdata2020b, the long-obsolete files named pacificnew
and systemv
have been removed. As a result, the "US/Pacific-New" Zone name declared in the pacificnew
data file is no longer available for use.
Information regarding this update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8209113 | client-libs | 2d | Use WeakReference for lastFontStrike for created Fonts |
2 | JDK-8245400 | client-libs | 2d | Upgrade to LittleCMS 2.11 |
3 | JDK-8198334 | client-libs | java.awt | java/awt/FileDialog/8003399/bug8003399.java fails in headless mode |
4 | JDK-8232114 | client-libs | java.awt | JVM crashed at imjpapi.dll in native code |
5 | JDK-8252470 | client-libs | java.awt | java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows |
6 | JDK-8240633 | client-libs | javax.swing | Memory leaks in the implementations of FileChooserUI |
7 | JDK-8253072 | core-libs | XERCES version is displayed incorrect | |
8 | JDK-8069211 | core-libs | java.nio | (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once |
9 | JDK-8242480 | core-svc | java.lang.management | Negative value may be returned by getFreeSwapSpaceSize() in the docker |
10 | JDK-8252789 | deploy | deployment_toolkit | Empty client certificate issue during TLS handshake |
11 | JDK-8253695 | docs | guides | JDK 8 Install Guide - 8u RPM Installer Failed to Install on SUSE When Updating Alternatives |
12 | JDK-8255558 | docs | guides | InstallGuide: Update documentation of JDK RPM installation steps |
13 | JDK-8250665 | globalization | locale-data | Wrong translation for the month of May in ar_JO, ar_LB and ar_SY |
14 | JDK-8146612 | hotspot | compiler | C2: Precedence edges specification violated |
15 | JDK-8160006 | hotspot | compiler | Fix AArch64 after changes made by 8151661 |
16 | JDK-8214862 | hotspot | compiler | assert(proj != __null) at compile.cpp:3251 |
17 | JDK-8248214 | hotspot | gc | Add paddings for TaskQueueSuper to reduce false-sharing cache contention |
18 | JDK-8185348 | hotspot | jvmti | Major performance regression in GetMethodDeclaringClass and other JVMTI Method functions |
19 | JDK-8140091 | hotspot | runtime | remove VMStructs cast_uint64_t workaround for GCC 4.1.1 bug |
20 | JDK-8148854 | hotspot | runtime | Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent |
21 | JDK-8217338 | hotspot | runtime | [Containers] Improve systemd slice memory limit support |
22 | JDK-8217766 | hotspot | runtime | Container Support doesn't work for some Join Controllers combinations |
23 | JDK-8221408 | hotspot | runtime | Windows 32bit build build errors/warnings in hotspot |
24 | JDK-8221725 | hotspot | runtime | AArch64 build failures after JDK-8221408 (Windows 32bit build build errors/warnings in hotspot) |
25 | JDK-8227006 | hotspot | runtime | [linux] Runtime.availableProcessors execution time increased by factor of 100 |
26 | JDK-8246648 | hotspot | runtime | issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 |
27 | JDK-8247839 | javafx | graphics | Wrong position of GUI elements using multiple HiDPI displays in JavaFX 8 |
28 | JDK-8252060 | javafx | media | gstreamer fails to build with gcc 10 |
29 | JDK-8254100 | javafx | other | FX: Update copyright year in docs, readme files to 2021 |
30 | JDK-8181775 | javafx | web | JavaFX WebView does not calculate border-radius properly |
31 | JDK-8234471 | javafx | web | Canvas in webview displayed with wrong scale on Windows |
32 | JDK-8251241 | javafx | window-toolkit | macOS: iconify property doesn't change after minimize when resizable is false |
33 | JDK-8244151 | security-libs | javax.smartcardio | Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 |
The following sections summarize changes made in all Java SE 8u271 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8256818 | security-libs | javax.net.ssl | SSLSocket that is never bound or connected leaks socket resources |
JDK-8257670 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
JDK-8257997 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
JDK-8255908 | core-libs | ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem | |
JDK-8250627 | core-libs | Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics | |
JDK-8256685 | xml | jaxp | Behavior change in XML since jdk1.8.0_271 |
JDK-8238579 | core-libs | java.net | HttpsURLConnection drops the timeout and hangs forever in read |
JDK-8254982 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2020c |
JDK-8255226 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2020d |
JDK-8250984 | hotspot | runtime | Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8255559 | security-libs | javax.xml.crypto | Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8253502 (Confidential) | hotspot | svc | No certificates in "Request Authentication" dialog after upgrading to 8u261 |
JDK-8252455 (Confidential) | core-libs | java.net | Performance issue caused by 8232854 |
JDK-8206925 | security-libs | javax.net.ssl | Support the certificate_authorities extension |
JDK-8250676 (Confidential) | hotspot | svc | JFR recording MonitorEnter events - Stack trace caching |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8254177 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2020b. |
October 20, 2020
The full version string for this update release is 1.8.0_271-b09 (where "b" means "build"). The version number is 8u271.
JDK 8u271 contains IANA time zone data version 2020a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u271 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_271-b09 |
7 | 1.7.0_281-b06 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u271) be used after the next critical patch update scheduled for January 19, 2021.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u271) on February 20, 2021. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Weak named curves are disabled by default by adding them to the following disabledAlgorithms
security properties: jdk.tls.disabledAlgorithms
, jdk.certpath.disabledAlgorithms
, and jdk.jar.disabledAlgorithms
. The named curves are listed below.
With 47 weak named curves to be disabled, adding individual named curves to each disabledAlgorithms
property would be overwhelming. To relieve this, a new security property, jdk.disabled.namedCurves
, is implemented that can list the named curves common to all of the disabledAlgorithms
properties. To use the new property in the disabledAlgorithms
properties, precede the full property name with the keyword include
. Users can still add individual named curves to disabledAlgorithms
properties separate from this new property. No other properties can be included in the disabledAlgorithms
properties.
To restore the named curves, remove the include jdk.disabled.namedCurves
either from specific or from all disabledAlgorithms
security properties.
To restore one or more curves, remove the specific named curve(s) from the jdk.disabled.namedCurves
property.
Curves that are disabled through jdk.disabled.namedCurves
include the following:
secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
Curves that remain enabled are: secp256r1, secp384r1, secp521r1, X25519, X448
The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.
As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).
Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the sun.security.krb5.disableReferrals
security or system property to false. To configure a custom maximum number of referral hops, set the sun.security.krb5.maxReferrals
security or system property to any positive value.
See further information in JDK-8223172.
A new system property, jdk.tls.maxHandshakeMessageSize
, has been added to set the maximum allowed size for the handshake message in TLS/DTLS handshaking. The default value of the system property is 32768 (32 kilobytes).
A new system property, jdk.tls.maxCertificateChainLength
, has been added to set the maximum allowed length of the certificate chain in TLS/DTLS handshaking. The default value of the system property is 10.
The keytool
and jarsigner
tools have been updated to warn users when weak cryptographic algorithms are used in keys, certificates, and signed JARs before they are disabled. The weak algorithms are set in the jdk.security.legacyAlgorithms
security property in the java.security
configuration file. In this release, the tools issue warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
The 'canonicalize' flag in the krb5.conf file is now supported by the JDK Kerberos implementation. When set to true, RFC 6806 name canonicalization is requested by clients in TGT requests to KDC services (AS protocol). Otherwise, and by default, it is not requested.
The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for RFC 6806 was not explicitly disabled with the sun.security.krb5.disableReferrals system or security properties).
NPAPI is considered to be a vulnerable plugin and has been disabled in many browsers. No browsers currently support Java Plugin, which is NPAPI-based, on Linux, Solaris, and MacOS platforms.
Starting from 8u271, the part of Java Plugin responsible for integration and interaction with a browser (in particular libnpjp2
library) and an associated artifact will not be built and is not part of the JRE distribution on Linux, Solaris, and MacOS platforms.
A new environment property,
jdk.jndi.ldap.mechsAllowedToSendCredentials
, has been added to
control which LDAP authentication mechanisms are allowed to send
credentials over clear
LDAP connections - a connection not secured
with TLS. An encrypted
LDAP connection is a connection opened
by using ldaps
scheme, or a connection opened by using ldap
scheme
and then upgraded to TLS with a STARTTLS extended operation.
The value of the property, which is by default not set, is a comma
separated list of the mechanism names that are permitted to authenticate
over a clear
connection. If a value is not specified for the property, then all mechanisms
are allowed. If the specified value is an empty list, then no mechanisms are
allowed (except for none
and anonymous
). The default value for this property is 'null'
( i.e. System.getProperty("jdk.jndi.ldap.mechsAllowedToSendCredentials")
returns 'null'). To explicitly permit all mechanisms to authenticate over a clear
connection, the property
value can be set to "all"
. If a connection is downgraded from
encrypted
to clear
, then only the mechanisms that are explicitly permitted are allowed.
The property can be supplied to the LDAP context environment map, or set globally as a system property. When both are supplied, the environment map takes precedence.
Note: none
and anonymous
authentication mechanisms are exempted
from these rules and are always allowed regardless of the property value.
The following root certificates have been added to the cacerts truststore:
+ SSL Corporation
+ sslrootrsaca
DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrootevrsaca
DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrooteccca
DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
The following root certificate has been added to the cacerts truststore:
+ Entrust
+ entrustrootcag4
DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only",
OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Communication with the alternatives framework of JDK RPM installer starting from 8u261 has changed. JDK RPM installers of prior versions registered two groups of symbolic links with alternatives framework, java
and javac
. Some names of links in these groups were duplicated, which resulted in installation failures for some versions of alternatives framework. The JDK RPM installer beginning with 8u261 doesn't register the javac
group with alternatives framework. All links unique to the javac
group have been moved into the java
group, but the set of symbolic links registered by the installer have not changed; only the duplicated links have been dropped.
The implication of this change is that if this version of JDK and 8u251 or older versions of the JDK are installed and the previous version is uninstalled, the symbolic links from the java
group that are managed by the alternatives framework will be deleted. To restore deleted links, run the command:
/usr/sbin/alternatives --auto java
Some text in the Installer window is hidden/invisible when using Dark mode on macOS. To workaround this issue, switch to Light mode when running the installer. This issue should be resolved by JDK-8249683.
The deserialization of java.lang.reflect.Proxy
objects can be limited by setting the system property jdk.serialProxyInterfaceLimit
.
The limit is the maximum number of interfaces allowed per Proxy in the stream.
Setting the limit to zero prevents any Proxies from being deserialized including Annotations, a limit of less than 2 might interfere with RMI operations.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8198406 | client-libs | 2d | Test TestAATMorxFont is unstable |
2 | JDK-8220150 | client-libs | 2d | [macos] macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs |
3 | JDK-8236996 | client-libs | 2d | Incorrect Roboto font rendering on Windows with subpixel antialiasing |
4 | JDK-8244818 | client-libs | 2d | [macos] Java2D Queue Flusher crash while moving application window to external monitor |
5 | JDK-6966205 | client-libs | java.awt | closed/sun/awt/font/DeriveFont.java failed with compilation error |
6 | JDK-8183286 | client-libs | java.awt | Some java/awt and javax/swing tests miss headful jtreg keyword |
7 | JDK-8198612 | client-libs | java.awt | Headful closed tests should not be run in headless mode |
8 | JDK-8030123 | client-libs | java.beans | java/beans/Introspector/Test8027648.java fails |
9 | JDK-8060027 | client-libs | java.beans | Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java |
10 | JDK-8156579 | client-libs | java.beans | Two JavaBeans tests failed |
11 | JDK-8156581 | client-libs | java.beans | Cleanup of ProblemList.txt |
12 | JDK-8249278 | client-libs | javax.accessibility | Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList |
13 | JDK-8183341 | client-libs | javax.imageio | Better cleanup for javax/imageio/AllowSearch.java |
14 | JDK-8183349 | client-libs | javax.imageio | Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java |
15 | JDK-8183351 | client-libs | javax.imageio | Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh |
16 | JDK-7109623 | client-libs | javax.sound | javax/sound/sampled/DirectAudio/bug6372428.java failed |
17 | JDK-8047222 | client-libs | javax.sound | Test closed/javax/sound/sampled/Clip/bug6251460.java fails if run with 32-bit java on Windows 64-bit host |
18 | JDK-8148983 | client-libs | javax.sound | Fix extra comma in changes for JDK-8148916 |
19 | JDK-8153725 | client-libs | javax.sound | Problem list javax/sound/sampled/DirectAudio/bug6400879.java for Linux |
20 | JDK-8156169 | client-libs | javax.sound | Some sound tests rarely hangs because of incorrect synchronization |
21 | JDK-8160217 | client-libs | javax.sound | JavaSound should clean up resources better |
22 | JDK-6962725 | client-libs | javax.swing | Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux |
23 | JDK-8198004 | client-libs | javax.swing | javax/swing/JFileChooser/6868611/bug6868611.java throws error |
24 | JDK-8198321 | client-libs | javax.swing | javax/swing/JEditorPane/5076514/bug5076514.java fails |
25 | JDK-8249251 | client-libs | javax.swing | [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel |
26 | JDK-8168517 | core-libs | java.lang | java/lang/ProcessBuilder/Basic.java failed with "java.lang.AssertionError: Some tests failed" |
27 | JDK-8151788 | core-libs | java.net | NullPointerException from ntlm.Client.type3 |
28 | JDK-8192953 | core-svc | java.lang.management | sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied |
29 | JDK-8242884 | deploy | plugin | 8u241 32 bit SSV Helper causes long load time and page load on IE11 |
30 | JDK-8145096 | hotspot | compiler | Undefined behaviour in HotSpot |
31 | JDK-8215265 | hotspot | compiler | C2: range check elimination may allow illegal out of bound access |
32 | JDK-8023697 | hotspot | runtime | failed class resolution reports different class name in detail message for the first and subsequent times |
33 | JDK-8048933 | hotspot | runtime | -XX:+TraceExceptions output should include the message |
34 | JDK-8064319 | hotspot | runtime | Need to enable -XX:+TraceExceptions in release builds |
35 | JDK-8235243 | hotspot | runtime | handle VS2017 15.9 and VS2019 in abstract_vm_version |
36 | JDK-8240295 | hotspot | runtime | hs_err elapsed time in seconds is not accurate enough |
37 | JDK-8193800 | javafx | controls | TreeTableView selection changes on sorting |
38 | JDK-8129582 | javafx | graphics | Controls slow considerably when displaying RTL-languages text on Linux |
39 | JDK-8246204 | javafx | graphics | No 3D support for newer Intel graphics drivers on Linux |
40 | JDK-8246348 | javafx | graphics | Crash in libpango on Ubuntu 20.04 with some unicode chars |
41 | JDK-8239095 | javafx | media | Upgrade libFFI to the latest 3.3 version |
42 | JDK-8248365 | javafx | media | Debug build crashes on Windows when playing media file |
43 | JDK-8252107 | javafx | media | Media pipeline initialization can crash if audio or video bin state change fails |
44 | JDK-8191758 | javafx | web | Match WebKit's font weight rendering with JavaFX |
45 | JDK-8208169 | javafx | web | can not print selected pages of web page |
46 | JDK-8245284 | javafx | web | Update to 610.1 version of WebKit |
47 | JDK-8246357 | javafx | web | Allow static build of webkit library on linux |
48 | JDK-8247963 | javafx | web | Update SQLite to version 3.32.3 |
49 | JDK-8249839 | javafx | web | Cherry pick GTK WebKit 2.28.3 changes |
50 | JDK-8252381 | javafx | web | Cherry pick GTK WebKit 2.28.4 changes |
51 | JDK-8248490 | javafx | window-toolkit | [macOS] Undecorated stage does not minimize |
52 | JDK-8141457 | security-libs | java.security | keytool default cert fingerprint algorithm should be SHA-256 |
53 | JDK-8211049 | security-libs | java.security | Second parameter of "initialize" method is not used |
54 | JDK-8242556 | security-libs | java.security | Cannot load RSASSA-PSS public key with non-null params from byte array |
55 | JDK-8245151 | security-libs | java.security | jarsigner should not raise duplicate warnings on verification |
56 | JDK-8205111 | security-libs | javax.net.ssl | Develop new Test to verify different key types for supported TLS protocols. |
57 | JDK-8215443 | security-libs | javax.net.ssl | The use of TransportContext.fatal() leads to bad coding style |
58 | JDK-8236464 | security-libs | javax.net.ssl | SO_LINGER option is ignored by SSLSocket in JDK 11 |
59 | JDK-8226719 | security-libs | org.ietf.jgss | Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message" |
60 | JDK-8227381 | security-libs | org.ietf.jgss | GSS login fails with PREAUTH_FAILED |
61 | JDK-8227437 | security-libs | org.ietf.jgss:krb5 | S4U2proxy cannot continue because server's TGT cannot be found |
62 | JDK-8246193 | security-libs | org.ietf.jgss:krb5 | Possible NPE in ENC-PA-REP search in AS-REQ |
63 | JDK-8250582 | security-libs | org.ietf.jgss:krb5 | Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets |
64 | JDK-8249717 | tools | javac | langtools tests are failing on Windows in jdk8u-cpu |
65 | JDK-8248348 | xml | jaxp | Regression caused by the update to BCEL 6.0 |
The following sections summarize changes made in all Java SE 8u261 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8252789 | deploy | deployment_toolkit | Empty client certificate issue during TLS handshake |
8249183 | client-libs | java.awt | JVM crash in "AwtFrame::WmSize" method |
8249846 | core-libs | java.util.concurrent | Change of behavior after JDK-8237117: Better ForkJoinPool behavior |
8252861 | deploy | Disable TLSv1.3 by default on deploy configurations |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8248505 | security-libs | java.security | Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider |
8248990 (Confidential) | docs | guides | Remove link to old license page from JDK 8 troubleshooting guide |
8248523 (Confidential) | docs | guides | In TLS overview page, change JDK 11 to JDK 8 |
8235932 (Confidential) | docs | guides | Backport TLS 1.3 documentation for JDK 8u MR3 |
8245624 (Confidential) | embedded | hotspot | Arm support missing for JDK-8176100 |
8062947 | core-libs | javax.naming | Fix exception message to correctly represent LDAP connection failure |
8217606 | core-libs | javax.naming | LdapContext#reconnect always opens a new connection |
8151678 | core-libs | javax.naming | com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect |
8243138 | core-libs | javax.naming | Enhance BaseLdapServer to support starttls extended request |
8247925 (Confidential) | xml | jaxp | JDK8u251- XSL transformer fails with TransformerConfigurationException |
July 14, 2020
The full version string for this update release is 1.8.0_261-b12 (where "b" means "build"). The version number is 8u261.
JDK 8u261 contains IANA time zone data version 2020a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u261 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_261-b12 |
7 | 1.7.0_271-b10 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u261) be used after the next critical patch update scheduled for October 20, 2020.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u261) on November 17, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
As part of ongoing maintenance, the Microsoft Visual Studio 2017 tool chain will be used to build JDK 7 and JDK 8 for Windows. JDK 8u261, in the July 2020 CPU, was built with Visual Studio 2017. With the release of the January 2021 CPU, JDK 7u291 will move to Visual Studio 2017.
Moving to Visual Studio 2017 for JDK 7 and JDK 8 requires changing the runtime library that the JDK/JRE depends on. Before this change, JDK/JRE implementations used and shipped the Microsoft Visual C++ 2010 SP1 Redistributable Package (x86/x64) that included MSVCR100.dll
[a][b]. Microsoft Visual Studio 2017 uses a different set of libraries/DLLs.
Native applications (including JNI) that have depended on and assumed the presence of MSCVR100.dll
in the JDK/JRE directory will fail to run. When this happens, users will see an error such as:
"The code execution cannot proceed because MSVCR100.dll was not found. Reinstalling the program may fix this problem."
These applications should be rebuilt and shipped with modern C++ runtime dependencies that use a later instance of Visual Studio. Applications should not depend on DLLs included with the JDK/JRE that are not documented in the product as offering support for the specification or other functionality in Java SE.
[a] http://support.microsoft.com/kb/2019667
[b] https://docs.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2020
Added support for RSASSA-PSS signature algorithms in JSSE implementation.
JDK 8u261 includes an implementation of the Transport Layer Security (TLS) 1.3 specification (RFC 8446). For more details including a list of the features that are supported, refer to the Java Secure Socket Extension (JSSE) Reference Guide documentation and JEP 332.
For TLS 1.3, the following new standard algorithm names are defined:
SSLContext
algorithm name: TLSv1.3TLS 1.3 is disabled for default SSLContext("SSL" or "TLS") for client end-point.
The TLS 1.3 protocol can be enabled using several mechanisms already available in the JDK. For example, TLS 1.3 protocol can be enabled on SSL/TLS connections using SSLSocket/SSLEngine/SSLServerSocket APIs and system properties by the following:
sslSocket.setEnabledProtocols(new String[] { "TLSv1.3", "TLSv1.2"});
SSLContext ctx = SSLContext.getInstance("TLSv1.3");
sslParameters.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
jdk.tls.client.protocols
system property can also be used to control the protocols in use for a TLS connection. One may launch their application with this property. For example, java -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2"
enables TLSv1.3 and TLSv1.2 on client SSLSockets.https.protocols
system property can also be used to control the protocols on connection obtained through use of the HttpsURLConnection
class or URL.openStream()
operations. For example, -Dhttps.protocols=TLSv1.3,TLSv1.2
.A new system property, jdk.tls.server.protocols
, has been added to configure the default enabled protocol suite in the server side of the SunJSSE provider.
A new security property, jdk.tls.keyLimits
, has been added for TLS 1.3. When the specified amount of data of a specific algorithm has been processed, a post-handshake Key and IV Update is triggered to derive new keys.
Note that TLS 1.3 is not directly compatible with previous versions. Although TLS 1.3 can be implemented with a backward-compatibility mode, there are still several compatibility risks to take into account when upgrading to TLS 1.3:
jdk.tls.acknowledgeCloseNotify
, is added. The default value of the system property is "false". If the system property is set to "true", a corresponding close_notify
alert will be sent when receiving a close_notify
alert, and the connection will be duplex closed.signature_algorithms_cert
extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application can use unsupported signature algorithms.com.sun.net.ssl.dhKeyExchangeFix
system property has been removed from the new TLS implementation.Improved JSSE debug logging format has been introduced to record the logger name, the logger level, the thread ID, the thread name, the time and the caller for each log item. Use the javax.net.debug=all
system property to get full debug logs.
Since January 2018 (8u161, 7u171) unlimited Java Cryptography Extension (JCE) Jurisdiction Policy files have been bundled with the JDK and enabled by default (see JDK Cryptographic Roadmap).
The certificate for the old stand alone jar has expired, and if used the following exception will be seen:
Caused By: java.lang.SecurityException: The jurisdiction policy files are not signed by the expected signer! (Policy files are specific per major JDK release.Ensure the correct version is installed.) at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:336) at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378) at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323) at javax.crypto.JceSecurity.access$000(JceSecurity.java:50) at javax.crypto.JceSecurity$1.run(JceSecurity.java:85) at java.security.AccessController.doPrivileged(Native Method) at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
If still required for older releases the re-signed files can be found at https://www.oracle.com/java/technologies/oracle-java-archive-downloads.html
Two new system properties have been added to customize the TLS signature schemes in JDK. jdk.tls.client.SignatureSchemes
has been added for the TLS client side, and jdk.tls.server.SignatureSchemes
has been added for the server side.
Each system property contains a comma-separated list of supported signature scheme names specifying the signature schemes that could be used for the TLS connections.
The names are described in the "Signature Schemes" section of the Java Security Standard Algorithm Names Specification.
The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the supported_groups
TLS extension or the named groups in the extension, applications can either customize the supported group names with jdk.tls.namedGroups
, or turn off the FFDHE mechanisms by setting the System Property jsse.enableFFDHE
to false
.
Build Environment Update for macOS Moved to Xcode 10.1 On macOS, the toolchain used to build the JDK has been upgraded from Xcode 4.5 to Xcode 10.1.
security-libs/java.security
➜ Removal of DocuSign Root CA Certificate
The following expired DocuSign root CA certificate was removed from the cacerts
keystore:
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
See JDK-8225068
Media playback does not work on Ubuntu 20.04. This affects all media formats (such as, mp4, mp3, wav, etc.). In some cases, an error will be thrown. In other cases, the media player will switch to the ready state, but playback will not start. There is no workaround for this issue. This issue should be resolved by JDK-8239095.
The preferred way to copy a collection is to use a "copy constructor." For example, to copy a collection into a new ArrayList, one would write new ArrayList<>(collection)
. In certain circumstances, an additional, temporary copy of the collection's contents might be made in order to improve robustness. If the collection being copied is exceptionally large, then the application should be (aware of/monitor) the significant resources required involved in making the copy.
Prior to JDK 8u261, the JSSE framework passed an array of Strings of all keytypes in one call to the (delegate) javax.net.ssl.X509KeyManager.chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) implementation when client authentication is present in an application. Since JDK 8u261, the internal JDK libraries may call the delegate javax.net.ssl.X509KeyManager.chooseClientAlias
method in multiple iterations while performing client authentication. One key type per call. https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/X509KeyManager.html#chooseClientAlias-java.lang.String:A-java.security.Principal:A-java.net.Socket-
If application code implements javax.net.ssl.X509KeyManager
, ensure that the code logic in that implementation does not assume that all keytypes are passed in the keyType
String array in the first call to chooseClientAlias: String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
This version of the JDK no longer includes Java Mission Control (JMC). The jmc
launcher has been removed from the JDK bin
directory, and the missioncontrol
directory has been removed from the JDK lib
directory. The .jfr
file association is not registered by JDK installers. JMC is now available as a separate download. Please visit https://www.oracle.com/javase/jmc for more information.
JDK 8u261 release includes an implementation of the Transport Layer Security (TLS) 1.3 specification (RFC 8446). The following are descriptions of "Known Issues" which an application might encounter during a SSL handshake, post upgrade to Oracle JDK/JRE 8u261:
javax.net.ssl|SEVERE|C8|....|TransportContext.java:319|Fatal (HANDSHAKE_FAILURE): Received fatal
alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:187)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1198)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1107)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:400)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:372)
Cause: One possible cause is old server intolerance to FFDHE arguments. As per TLS RFC 7919 on server behavior If a compatible TLS server receives a Supported Groups extension from a client that includes any FFDHE group (i.e., any codepoint between 256 and 511, inclusive, even if unknown to the server), and if none of the client-proposed FFDHE groups are known and acceptable to the server, then the server MUST NOT select an FFDHE cipher suite. In this case, the server SHOULD select an acceptable non-FFDHE cipher suite from the client's offered list. If the extension is present with FFDHE groups, none of the client's offered groups are acceptable by the server, and none of the client's proposed non-FFDHE cipher suites are acceptable to the server, the server MUST end the connection with a fatal TLS alert of type insufficient_security(71).
Solution: In Oracle JDK 8u261, Finite Field Diffie-Hellman Ephemeral (FFDHE) is enabled by default. User can disable FFDHE via security property "-Djsse.enableFFDHE=false on the server (See JDK-8252716)
javax.net.ssl.SSLProtocolException: Received close_notify during handshake
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Cause: In case of an SSL abbreviated handshake (session resumption) SSL client is adding extra extensions than the agreed protocol's supported extensions. While it is TLS RFC complaint, some old non-compliant server implementations may reject this ClientHello.
Solution: As a work around specify System property -Djdk.tls.client.protocols=
Following method reference count would increase in memory profilers
HashMap$Node[] java.util.HashMap.resize()
void sun.security.ssl.SSLSessionContextImpl.put(SSLSessionImpl)
void sun.security.util.MemoryCache.put(Object, Object)
Object java.util.HashMap.put(Object, Object)
Object java.util.HashMap.putVal(int, Object, Object, boolean, boolean)
HashMap$Node[] java.util.HashMap.resize()
Cause: In 8u261, System Property SSLSessionContext.getSessionCacheSize default value was changed from 0 to 20480 ( see JDK-8210985 ) The change was made since with larger heaps, applications are running into situations where the cache ends up with several million entries at the 24 hour mark, at which time many of them are invalidated at almost the same time, which can result in multi-minute pauses, which are effectively service failures.
Solution: Revert back to JDK 8u251 behaviour by setting System Property "-Djavax.net.ssl.sessionCacheSize=0" (set number of entries in the SSL session cache to infinite)
Cause: The internal implementation of the SSLEngine and associated classes has been reworked with the introduction of TLS v1.3 support. Buffer usage has been improved in the SSLEngine area.
Solution: If an SSLEngine application encounters issues after upgrading to JDK 8u261 or later, refer to the Java 8 API to ensure application code is correct. In particular, applications using SSLEngine should not just depend on SSLEngineResult.Status.BUFFER_UNDERFLOW or SSLEngineResult.Status.BUFFER_OVERFLOW results in order to flush pending data. Buffers should always be flushed after an SSLEngine wrap operation if such a call produces data (where SSLEngineResult.Status.OK may be returned).
Cause: If deployment.security.clientauth.keystore.auto=false in the deployment.properties file Java Plugin and Java Web Start show “Request Authentication” dialog regardless the number of available certificates. However due to some modifications introduced by TLS 1.3 framework sometimes the list of available certificates might be empty.
Solution: There are two possible ways to resolve the issue:
Set deployment System Property deployment.security.clientauth.keystore.auto=true
Upgrade to new version 8u281 of Oracle JDK contained the fix for the issue
(see JDK-8253502 )
javax.net.ssl|WARNING|03|Finalizer|2020-08-31 09:42:20.203 EDT|null:-1|SSLSocket duplex close failed (
"throwable" : {
java.net.SocketException: Socket is not connected
at java.net.Socket.shutdownOutput(Unknown Source)
at sun.security.ssl.BaseSSLSocketImpl.shutdownOutput(Unknown Source)
at sun.security.ssl.SSLSocketImpl.duplexCloseOutput(Unknown Source)
at sun.security.ssl.SSLSocketImpl.close(Unknown Source)
at sun.security.ssl.BaseSSLSocketImpl.finalize(Unknown Source)
at java.lang.System$2.invokeFinalize(Unknown Source)
at java.lang.ref.Finalizer.runFinalizer(Unknown Source)
at java.lang.ref.Finalizer.access$100(Unknown Source)
at java.lang.ref.Finalizer$FinalizerThread.run(Unknown Source)}
Cause: JDK 8u261 introduced a new format for TLS logging. Additional data is now captured per event and logged. Exceptions handled by the JDK TLS library code may print verbose information about the cause of such exceptions when logging is enabled.
Solution: User can safely ignore these Warning messages
Symptoms: New/Unexpected issues from 3rd party library software being used in conjunction with the JDK.
Cause: The new TLS implementation introduces significant changes to the internal, underlying, design of the JDK TLS security libraries. The new design has exposed some bugs in 3rd party software libraries. For the most part, these issues have already been patched in such 3rd party libraries.
Examples include: Apache http-core Bouncy Castle Jetty
Solution: It's good practice to ensure that 3rd party library products being used in conjunction with the JDK TLS API are patched and up to date.
On Windows 7, the Internet Explorer 11 (IE 11) JavaScript engine does not interact properly with Java Applets because, beginning with 8u261, the JDK/JRE is compiled with VisualStudio 2017. For example, an application that uses the JavaScript methods setTimeout()
and setInterval()
may cause IE 11 to hang when a modal dialog is shown by a Java Applet.
Communication with the alternatives framework of JDK RPM installer starting from 8u261 has changed. JDK RPM installers of prior versions registered two groups of symbolic links with alternatives framework, java
and javac
. Some names of links in these groups were duplicated, which resulted in installation failures for some versions of alternatives framework. The JDK RPM installer beginning with 8u261 doesn't register the javac
group with alternatives framework. All links unique to the javac
group have been moved into the java
group, but the set of symbolic links registered by the installer have not changed; only the duplicated links have been dropped.
The implication of this change is that if this version of JDK and 8u251 or older versions of the JDK are installed and the previous version is uninstalled, the symbolic links from the java
group that are managed by the alternatives framework will be deleted. To restore deleted links, run the command: /usr/sbin/alternatives --auto java
When executing in a container, or other virtualized operating environment, the following OperatingSystemMXBean
methods in this release return container specific information, if available. Otherwise, they return host specific data:
getFreePhysicalMemorySize()
getTotalPhysicalMemorySize()
getFreeSwapSpaceSize()
getTotalSwapSpaceSize()
getSystemCpuLoad()
The default SSL session cache size has been updated to 20480 in this JDK release
BoringSSL is an SSL library deployed on some popular websites such as those run by Google/YouTube. An interoperability issue with the BoringSSL library can lead to a connection failure if TLSv1.3 is presented as the only enabled protocol in the ClientHello message and the certificate status_request extension is disabled. Enabling the certificate status_request extension by setting the jdk.tls.client.enableStatusRequestExtension
system property to true
will provide mitigation in such scenarios.
When setting a serialization filter by using java.io.ObjectInputStream.setObjectInputFilter
the method must be called before reading any objects from the stream. If the methods readObject
or readUnshared
are called, the setObjectInputFilter
method throws IllegalStateException
.
In TLS, a ciphersuite defines a specific set of cryptography algorithms used in a TLS connection. JSSE maintains a prioritized list of ciphersuites. In this update, GCM-based cipher suites are configured as the most preferable default cipher suites in the SunJSSE provider.
In the SunJSSE provider, the following ciphersuites are now the most preferred by default:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Note that this is a behavior change of the SunJSSE provider in the JDK, it is not guaranteed to be examined and used by other JSSE providers. There is no guarantee the cipher suites priorities will remain the same in future updates or releases.
client-libs/javax.swing
➜ Deprecated NSWindowStyleMaskTexturedBackground
After an upgrade of the macOS SDK used to build the JDK, the behavior of the apple.awt.brushMetalLook
and textured
Swing properties has changed. When these properties are set, the title of the frame is still visible. It is recommended that the apple.awt.transparentTitleBar
property be set to true
to make the title of the frame invisible again. The apple.awt.fullWindowContent
property can also be used.
Please note that Textured window
support was implemented by using the NSTexturedBackgroundWindowMask
value of NSWindowStyleMask
. However, this was deprecated in macOS 10.12 along with NSWindowStyleMaskTexturedBackground
, which was deprecated in macOS 10.14.
For additional information, refer to the following documentation:
See JDK-8240995
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8130737 | client-libs | 2d | [macosx] AffineTransformOp can't handle child raster with non-zero x-offset |
2 | JDK-8211301 | client-libs | java.awt | [macos] support full window content options |
3 | JDK-8214046 | client-libs | java.awt | [macosx] Undecorated Frame does not Iconify when set to |
4 | JDK-8231438 | client-libs | java.awt | [macOS] Dark mode for the desktop is not supported |
5 | JDK-8242498 | client-libs | java.awt | Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash |
6 | JDK-8226253 | client-libs | javax.accessibility | JAWS reports wrong number of radio buttons when buttons are hidden |
7 | JDK-8238842 | client-libs | javax.imageio | AIOOBE in GIFImageReader.initializeStringTable |
8 | JDK-8194298 | core-libs | java.net | Add support for per Socket configuration of TCP keepalive |
9 | JDK-8232854 | core-libs | java.net | URLClassLoader.close() doesn't close cached JAR file on Windows when load() fails |
10 | JDK-8044365 | core-libs | java.nio | (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) |
11 | JDK-8229888 | core-libs | java.nio | (zipfs) Updating an existing zip file does not preserve original permissions |
12 | JDK-8146356 | core-libs | java.time | java.time.format.TextStyle.FULL_STANDALONE does not work well while formatting months. |
13 | JDK-8165936 | core-libs | java.util:i18n | Potential Heap buffer overflow when seaching timezone info files |
14 | JDK-8228477 | core-libs | java.util:i18n | Have calendar revert to default names if no standalone resources exist |
15 | JDK-8214440 | core-libs | javax.naming | ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" |
16 | JDK-8193137 | core-libs | jdk.nashorn | Nashorn crashes when given an empty script file. |
17 | JDK-8226575 | core-svc | java.lang.management | OperatingSystemMXBean should be made container aware |
18 | JDK-8239332 | deploy | plugin | LiveConnect netscape.javascript.JSException: No such property "outerWidthX" on JavaScript object |
19 | JDK-8170074 | docs | guides | Typos on "How Classes are Found" web page on Oracle site |
20 | JDK-8240337 | docs | guides | JDK 8 Developer Guides index.html page has incorrect links |
21 | JDK-8241531 | docs | guides | Update copyright page for JDK 8 docs |
22 | JDK-8243337 | docs | guides | Java Print Service API User's Guide contains typos and formatting errors |
23 | JDK-8243584 | docs | guides | Malformed HTML in the Serialization section of the JDK 8 developer guides |
24 | JDK-8181872 | hotspot | compiler | C1: possible overflow when strength reducing integer multiply by constant |
25 | JDK-8062808 | hotspot | gc | Turn on the -Wreturn-type warning |
26 | JDK-8064786 | hotspot | gc | Fix debug build after 8062808: Turn on the -Wreturn-type warning |
27 | JDK-8141056 | hotspot | gc | Erroneous assignment in HeapRegionSet.cpp |
28 | JDK-8176100 | hotspot | gc | [REDO][REDO] G1 Needs pre barrier on dereference of weak JNI handles |
29 | JDK-8191393 | hotspot | gc | Random crashes during cfree+0x1c |
30 | JDK-8225716 | hotspot | gc | G1 GC: Undefined behaviour in G1BlockOffsetTablePart::block_at_or_preceding |
31 | JDK-8231779 | hotspot | gc | crash HeapWord*ParallelScavengeHeap::failed_mem_allocate |
32 | JDK-8041626 | hotspot | jfr | Shutdown tracing event |
33 | JDK-8213617 | hotspot | jfr | JFR should record the PID of the recorded process |
34 | JDK-8035493 | hotspot | jvmti | JVMTI PopFrame capability must instruct compilers not to prune locals |
35 | JDK-8060721 | hotspot | runtime | Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler |
36 | JDK-8076475 | hotspot | runtime | Misuses of strncpy/strncat |
37 | JDK-8187667 | hotspot | runtime | Disable deprecation warning for readdir_r |
38 | JDK-8223671 | infrastructure | The latest Java 8 is not ready to use in applications on future macOS versions | |
39 | JDK-8237820 | infrastructure | build | remove clang version check for optimization bug workaround from 8u |
40 | JDK-8240780 | infrastructure | build | [8u] update jprt.properties to add Xcode 10.1 / macOS 10.13 builds |
41 | JDK-8232811 | javafx | controls | Dialog's preferred size no longer accommodates multi-line strings |
42 | JDK-8189092 | javafx | graphics | ArrayIndexOutOfBoundsException on Linux in getCachedGlyph |
43 | JDK-8212034 | javafx | graphics | Potential memory leaks in jpegLoader.c in error case |
44 | JDK-8234916 | javafx | graphics | [macos 10.15] Garbled text running with native-image |
45 | JDK-8237782 | javafx | graphics | Only read advances up to the minimum of the numHorMetrics or the available font data. |
46 | JDK-8237833 | javafx | graphics | Check glyph size before adding to glyph texture cache. |
47 | JDK-8239107 | javafx | graphics | Update libjpeg to version 9d |
48 | JDK-8241370 | javafx | graphics | Crash in JPEGImageLoader after fix for JDK-8212034 |
49 | JDK-8202393 | javafx | media | App Transport Security blocks http media on macOS with JDK build using new compilers |
50 | JDK-8236832 | javafx | media | [macos 10.15] JavaFX Application hangs on video play on Catalina |
51 | JDK-8240694 | javafx | media | [macos 10.15] JavaFX Media hangs on some video files on Catalina |
52 | JDK-8241629 | javafx | media | [macos10.15] Long startup delay playing media over https on Catalina |
53 | JDK-8242530 | javafx | media | [macos] Some audio files miss spectrum data when another audio file plays first |
54 | JDK-8238434 | javafx | samples | Ensemble: Update version of Lucene to 7.7.2 |
55 | JDK-8132880 | javafx | scenegraph | Unpredictable behaviour when trying to set negative scene width or height |
56 | JDK-8223298 | javafx | web | SVG patterns are drawn wrong |
57 | JDK-8237889 | javafx | web | Update libxml2 to version 2.9.10 |
58 | JDK-8237944 | javafx | web | webview native cl "-m32" unknown option for windows 32-bit build |
59 | JDK-8242209 | javafx | web | Increase web native thread stack size for x86 mode |
60 | JDK-8244579 | javafx | web | Windows "User Objects" leakage with WebView |
61 | JDK-8181476 | javafx | window-toolkit | [macos] Stages with StageStyle.UTILITY are always on-top when initialized without an owner |
62 | JDK-8234474 | javafx | window-toolkit | [macos 10.15] Crash in file dialog in sandbox mode |
63 | JDK-8236685 | javafx | window-toolkit | [macOs] Remove obsolete file dialog subclasses |
64 | JDK-8236971 | javafx | window-toolkit | [macos] Gestures handled incorrectly due to missing events |
65 | JDK-7092821 | security-libs | java.security | java.security.Provider.getService() is synchronized and became scalability bottleneck |
66 | JDK-8028431 | security-libs | java.security | NullPointerException in DerValue.equals(DerValue) |
67 | JDK-8028591 | security-libs | java.security | NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() |
68 | JDK-8181841 | security-libs | java.security | A TSA server returns timestamp with precision higher than milliseconds |
69 | JDK-8228613 | security-libs | java.security | java.security.Provider#getServices order is no longer deterministic |
70 | JDK-8231387 | security-libs | java.security | java.security.Provider.getService returns random result due to race condition with mutating methods in the same class |
71 | JDK-8238452 | security-libs | java.security | Keytool generates wrong expiration date if validity is set to 2050/01/01 |
72 | JDK-8177784 | security-libs | javax.crypto | Use CounterMode intrinsic for AES/GCM |
73 | JDK-8179098 | security-libs | javax.crypto | Crypto AES/ECB encryption/decryption performance regression (introduced in jdk9b73) |
74 | JDK-8201633 | security-libs | javax.crypto | Problems with AES-GCM native acceleration |
75 | JDK-8220165 | security-libs | javax.crypto | Encryption using GCM results in RuntimeException: input length out of bound |
76 | JDK-8233954 | security-libs | javax.crypto | UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll |
77 | JDK-8165275 | security-libs | javax.crypto:pkcs11 | Replace the reflective call to the implUpdate method in HandshakeMessage::digestKey |
78 | JDK-4919790 | security-libs | javax.net.ssl | Errors in alert ssl message does not reflect the actual certificate status |
79 | JDK-7013776 | security-libs | javax.net.ssl | Multithreaded JSSE application debug information is hard to read |
80 | JDK-8028518 | security-libs | javax.net.ssl | Increase the priorities of GCM cipher suites |
81 | JDK-8145854 | security-libs | javax.net.ssl | SSLContextImpl.statusResponseManager should be generated if required |
82 | JDK-8166595 | security-libs | javax.net.ssl | TLS Support for RSASSA-PSS Signature Algorithms |
83 | JDK-8185576 | security-libs | javax.net.ssl | New handshake implementation |
84 | JDK-8206355 | security-libs | javax.net.ssl | SSLSessionImpl.getLocalPrincipal() throws NPE |
85 | JDK-8206929 | security-libs | javax.net.ssl | Check session context for TLS 1.3 session resumption |
86 | JDK-8207009 | security-libs | javax.net.ssl | TLS 1.3 half-close and synchronization issues |
87 | JDK-8207029 | security-libs | javax.net.ssl | Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21 |
88 | JDK-8207058 | security-libs | javax.net.ssl | Backport System Property jdk.tls.server.protocols |
89 | JDK-8207223 | security-libs | javax.net.ssl | SSL Handshake failures are reported with more generic SSLException |
90 | JDK-8207317 | security-libs | javax.net.ssl | SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy |
91 | JDK-8208166 | security-libs | javax.net.ssl | Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 |
92 | JDK-8209333 | security-libs | javax.net.ssl | Socket reset issue for TLS 1.3 socket close |
93 | JDK-8209916 | security-libs | javax.net.ssl | NPE in SupportedGroupsExtension |
94 | JDK-8209965 | security-libs | javax.net.ssl | The "supported_groups" extension in ServerHellos |
95 | JDK-8210334 | security-libs | javax.net.ssl | TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes |
96 | JDK-8210846 | security-libs | javax.net.ssl | TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth |
97 | JDK-8210974 | security-libs | javax.net.ssl | No extensions debug log for ClientHello |
98 | JDK-8210985 | security-libs | javax.net.ssl | Update the default SSL session cache size to 20480 |
99 | JDK-8210989 | security-libs | javax.net.ssl | RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 |
100 | JDK-8211339 | security-libs | javax.net.ssl | NPE during SSL handshake caused by HostnameChecker |
101 | JDK-8211806 | security-libs | javax.net.ssl | TLS 1.3 handshake server name indication is missing on a session resume |
102 | JDK-8211866 | security-libs | javax.net.ssl | TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms |
103 | JDK-8212738 | security-libs | javax.net.ssl | Incorrectly named signature scheme ecdsa_secp512r1_sha512 |
104 | JDK-8212885 | security-libs | javax.net.ssl | TLS 1.3 resumed session does not retain peer certificate chain |
105 | JDK-8213202 | security-libs | javax.net.ssl | Possible race condition in TLS 1.3 session resumption |
106 | JDK-8213782 | security-libs | javax.net.ssl | NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers |
107 | JDK-8214098 | security-libs | javax.net.ssl | sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards. |
108 | JDK-8214129 | security-libs | javax.net.ssl | SSL session resumption/SNI with TLS1.2 causes StackOverflowError |
109 | JDK-8214339 | security-libs | javax.net.ssl | SSLSocketImpl erroneously wraps SocketException |
110 | JDK-8214688 | security-libs | javax.net.ssl | TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" |
111 | JDK-8215524 | security-libs | javax.net.ssl | Finished message validation failure should be decrypt_error alert |
112 | JDK-8215711 | security-libs | javax.net.ssl | Missing key_share extension for (EC)DHE key exchange should alert missing_extension |
113 | JDK-8215790 | security-libs | javax.net.ssl | Delegated task created by SSLEngine throws java.nio.BufferUnderflowException |
114 | JDK-8216045 | security-libs | javax.net.ssl | The size of key_exchange may be wrong on FFDHE |
115 | JDK-8216326 | security-libs | javax.net.ssl | SSLSocket stream close() does not close the associated socket |
116 | JDK-8217610 | security-libs | javax.net.ssl | TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 |
117 | JDK-8219389 | security-libs | javax.net.ssl | Delegated task created by SSLEngine throws BufferUnderflowException |
118 | JDK-8221253 | security-libs | javax.net.ssl | TLSv1.3 may generate TLSInnerPlainText longer than 2^14+1 bytes |
119 | JDK-8223482 | security-libs | javax.net.ssl | Unsupported ciphersuites may be offered by a TLS client |
120 | JDK-8223940 | security-libs | javax.net.ssl | Private key not supported by chosen signature algorithm |
121 | JDK-8225766 | security-libs | javax.net.ssl | Curve in certificate should not affect signature scheme when using TLSv1.3 |
122 | JDK-8228757 | security-libs | javax.net.ssl | Fail fast if the handshake type is unknown |
123 | JDK-8235263 | security-libs | javax.net.ssl | Revert TLS 1.3 change that wrapped IOExceptions |
124 | JDK-8235311 | security-libs | javax.net.ssl | Tag mismatch may alert bad_record_mac |
125 | JDK-8235874 | security-libs | javax.net.ssl | The ordering of Cipher Suites is not maintained provided through “jdk.tls.client.cipherSuites” and “jdk.tls.server.cipherSuites” system property. |
126 | JDK-8236039 | security-libs | javax.net.ssl | JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 |
127 | JDK-8237474 | security-libs | javax.net.ssl | Default SSLEngine should create in server role |
128 | JDK-8239798 | security-libs | javax.net.ssl | SSLSocket closes socket both socket endpoints on a SocketTimeoutException |
129 | JDK-8242141 | security-libs | javax.net.ssl | New System Properties to configure the TLS signature schemes |
130 | JDK-8242294 | security-libs | javax.net.ssl | JSSE Client does not throw SSLException when an alert occurs during handshaking |
131 | JDK-8236645 | security-libs | javax.xml.crypto | JDK 8u231 introduces a regression with incompatible handling of XML messages |
132 | JDK-8224157 | xml | jaxp | BCEL: update to version 6.3.1 |
133 | JDK-8238164 | xml | jaxp | Update Apache Xerces to version 2.12.0 in JDK 8u |
The following sections summarize changes made in all Java SE 8u251 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8244579 | javafx | web | Windows "User Objects" leakage with WebView |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8241966 (Confidential) | install | Add Oracle copyright to modified Sparkle 1.23.0 files | |
8241965 (Confidential) | install | Update THIRD_PARTY_README for Sparkle 1.23.0 | |
8241814 (Confidential) | install | auto_update | [macos] 8u251b60 AU missing "Remind Me" button |
8241410 (Confidential) | infrastructure | 8u251 b60 Mac notarized build is missing the ant-javafx.jar | |
8241399 (Confidential) | client-libs | java.awt | jdk8 build broken on macOS 10.7 and sdk 10.8 |
8240780 | infrastructure | build[8u] update jprt.properties to add Xcode 10.1 / macOS 10.13 builds | |
8239919 | hotspot | [8u] enable parentheses-equality warnings in HotSpot | |
8239808 (Confidential) | install | auto_update | Change URL In <cntry-lookup> Tag In mac-XXX-XX.xml |
8239400 | hotspot | [8u] clean up delete-non-virtual-dtor warnings in HotSpot | |
8239223 | hotspot | [8u] enable Wparentheses warnings in HotSpot | |
8239112 | hotspot | [8u] clean up empty-body warnings in HotSpot | |
8239053 | hotspot | runtime | [8u] clean up undefined-var-template warnings |
8238852 (Confidential) | install | install | [macos] AU to NEXTVER failed when AU from 8u251 to future |
8238700 (Confidential) | infrastructure | build | Signing reliability change not fully working on 8u |
8238225 | infrastructure | build | Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary |
8237820 | infrastructure | build | remove clang version check for optimization bug workaround from 8u |
8236971 | javafx | window-toolkit | [macos] Gestures handled incorrectly due to missing events |
8236956 (Confidential) | security-libs | javax.net.ssl | Backport test lib files from JDK-8228967 |
8235687 | infrastructure | build | Contents/MacOS/libjli.dylib cannot be a symlink |
8232580 (Confidential) | infrastructure | build | Sign Macosx binaries with hardened runtime enabled |
8232087 (Confidential) | security-libs | org.ietf.jgss | Migrate KDC from sca00jvo/burge0401/sca00kte/sca00lol/adc1140258/sca00joh to new OCI hosts |
8231438 | client-libs | java.awt | [macOS] Dark mode for the desktop is not supported |
8231092 (Confidential) | infrastructure | build | Implement Apple notarization support in the build |
8230555 (Confidential) | security-libs | javax.net.ssl | OCI migration on IIS |
8226306 (Confidential) | infrastructure | build | Improve signing reliability |
8214046 | client-libs | java.awt | [macosx] Undecorated Frame does not Iconify when set to |
8213838 (Confidential) | install | Upgrade sparkle to 1.23.0 | |
8202393 | javafx | media | App Transport Security blocks http media on macOS with JDK build using new compilers |
8200550 | hotspot | gc | Xcode 9.3 produce warning -Wexpansion-to-defined |
8196724 | infrastructure | build | Change macosx deployment target to 10.9 |
8196538 (Confidential) | infrastructure | build | Fix compilation errors when using Xcode 9.2/Macosx 10.13 in deploy and install |
8181872 | hotspot | compiler | C1: possible overflow when strength reducing integer multiply by constant |
8152856 | hotspot | runtime | Xcode 7.3 -Wshift-negative-value compile failure on Mac OS X |
8141056 | hotspot | gc | Erroneous assignment in HeapRegionSet.cpp |
8060721 | hotspot | runtime | Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler |
8043646 | client-libs | java.awt | libosxapp.dylib fails to build on Mac OS 10.9 with clang |
8030680 | hotspot | compiler | 292 cleanup from default method code assessment |
7188942 (Confidential) | client-libs | 2d | Remove support of pbuffers in OGL Java2d pipeline |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8239444 (Confidential) | security-libs | java.security | High contention java.security.Provider.getService()-JDK-7092821 |
7092821 | security-libs | java.security | java.security.Provider.getService() is synchronized and became scalability bottleneck |
8231387 | security-libs | java.security | java.security.Provider.getService returns random result due to race condition with mutating methods in the same class |
8228613 | security-libs | java.security | java.security.Provider#getServices order is no longer deterministic |
8239946 (Confidential) | security-libs | javax.crypto | Update JarVerifier class with new signing cert details |
8240439 (Confidential) | core-libs | java.net | java.net.PlainDatagramSocketImpl.receive0 seems to fail for UDP traffic spontaneously |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8231779 | hotspot | gc | crash HeapWord*ParallelScavengeHeap::failed_mem_allocate |
April 14, 2020
The full version string for this update release is 1.8.0_251-b08 (where "b" means "build"). The version number is 8u251. This JDK 8 Update release implements JSR 337 Maintenance Release 3 (approved Feb 2020).
JDK 8u251 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u251 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_251-b08 |
7 | 1.7.0_261-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u251) be used after the next critical patch update scheduled for July 14, 2020.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u251) on August 14, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
security-libs/javax.net.ssl
➜ TLS Application-Layer Protocol Negotiation Extension
JEP 244 has enhanced the Java Secure Socket Extension (JSSE) to provide support for the TLS Application-Layer Protocol Negotiation (ALPN) Extension (RFC 7301). New methods have been added to the javax.net.ssl
classes SSLEngine
, SSLSocket
, and SSLParameters
to allow clients and servers to negotiate an application layer value as part of the TLS handshake.
This API change was required by JSR 337 MR 3.
See JDK-8051498
security-libs/javax.crypto
➜ RSASSA-PSS Signature Support Added to SunMSCAPI
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
See JDK-8205445
security-libs/java.security
➜ Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
The SunRsaSign and SunJCE providers have been enhanced with support for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS signature and OAEP using FIPS 180-4 digest algorithms. New constructors and methods have been added to relevant JCA/JCE classes under the java.security.spec
and javax.crypto.spec
packages for supporting additional RSASSA-PSS parameters.
This API change was required by JSR 337 MR 3.
See JDK-8146293
javafx/web
➜ WebEngine Limits JavaScript Method Calls for Certain Classes
JavaScript programs that are run in the context of a web page loaded by WebEngine can communicate with Java objects passed from the application to the JavaScript program. JavaScript programs that reference java.lang.Class
objects are now limited to the following methods:
getCanonicalName
getEnumConstants
getFields
getMethods
getName
getPackageName
getSimpleName
getSuperclass
getTypeName
getTypeParameters
isAssignableFrom
isArray
isEnum
isInstance
isInterface
isLocalClass
isMemberClass
isPrimitive
isSynthetic
toGenericString
toString
No methods can be called on the following classes:
java.lang.ClassLoader
java.lang.Module
java.lang.Runtime
java.lang.System
java.lang.invoke.*
java.lang.module.*
java.lang.reflect.*
java.security.*
sun.misc.*
JDK-8236798 (not public)
security-libs/javax.xml.crypto
➜ New Oracle Specific JDK 8 Updates System Property to Fallback to Legacy Base64 Encoding Format
Oracle JDK 8u231 upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue where XML signature using Base64 encoding resulted in appending 
or 
to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.
Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without 
or 
.
Therefore, a new Oracle JDK 8 Updates only system property, - com.sun.org.apache.xml.internal.security.lineFeedOnly,
is made available to fall back to legacy Base64 encoded format.
Users can set this flag in one of two ways:
-Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
This new system property is disabled by default. It has no effect on default behavior nor when com.sun.org.apache.xml.internal.security.ignoreLineBreaks
property is set.
Later JDK family versions might only support the recommended property: com.sun.org.apache.xml.internal.security.ignoreLineBreaks
See JDK-8236645
security-libs/javax.crypto
➜ Support for MS Cryptography Next Generation (CNG)
The SunMSCAPI provider now supports reading private keys in Cryptography Next Generation (CNG) format. This means that RSA and EC keys in CNG format are loadable from Windows keystores, such as "Windows-MY". Signature algorithms related to EC (SHA1withECDSA
, SHA256withECDSA
, etc.) are also supported.
See JDK-8026953
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8232154 | client-libs | 2d | Update Mesa 3-D Headers to version 19.2.1 |
2 | JDK-8214578 | client-libs | java.awt | [macos] Problem with backslashes on macOS/JIS keyboard: Java ignores system settings |
3 | JDK-8230597 | client-libs | java.awt | Update GIFlib library to the 5.2.1 |
4 | JDK-8230926 | client-libs | java.awt | [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout |
5 | JDK-4949105 | client-libs | javax.accessibility | Access Bridge lacks html tags parsing |
6 | JDK-8223158 | client-libs | javax.swing | Docked MacBook cannot start any Java Swing applications |
7 | JDK-8224475 | client-libs | javax.swing | JTextPane does not show images in HTML rendering |
8 | JDK-8226892 | client-libs | javax.swing | ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys |
9 | JDK-8230235 | client-libs | javax.swing | Rendering HTML with empty img attribute and documentBaseKey cause Exception |
10 | JDK-8235744 | client-libs | javax.swing | PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 |
11 | JDK-8229022 | core-libs | java.io | BufferedReader performance can be improved by using StringBuilder |
12 | JDK-6996807 | core-libs | java.io:serialization | FieldReflectorKey hash code computation can be improved |
13 | JDK-8067796 | core-libs | java.lang | (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null |
14 | JDK-8208715 | core-libs | java.lang | Conversion of milliseconds to nanoseconds in UNIXProcess contains bug. |
15 | JDK-8051853 | core-libs | java.net | new URI("x/").resolve("..").getSchemeSpecificPart() returns null! |
16 | JDK-8230856 | core-libs | java.net | Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return |
17 | JDK-8233022 | core-libs | java.net | [test] backout accidental change to SetLoopbackMode.java |
18 | JDK-8232003 | core-libs | java.nio | (fs) Files.write can leak file descriptor in the exception case |
19 | JDK-8237368 | core-libs | java.rmi | Problem with NullPointerException in RMI TCPEndpoint.read |
20 | JDK-8227127 | core-libs | java.text | Era designator not displayed correctly using the COMPAT provider |
21 | JDK-8234466 | core-libs | java.util.jar | Class loading deadlock involving X509Factory#commitEvent() |
22 | JDK-8066652 | core-libs | java.util:i18n | Default TimeZone is GMT not local if user.timezone is invalid on Mac OS |
23 | JDK-8225435 | core-libs | java.util:i18n | Upgrade IANA Language Subtag Registry to the latest for JDK14 |
24 | JDK-8033215 | hotspot | compiler | clang: node.cpp:284 IDX_INIT macro use uninitialized field _out |
25 | JDK-8146792 | hotspot | compiler | Predicate moved after partial peel may lead to broken graph |
26 | JDK-8231988 | hotspot | compiler | Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop |
27 | JDK-8222122 | hotspot | jfr | Provision to disable XML validation in .jfc file in JFR |
28 | JDK-8215355 | hotspot | runtime | Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) |
29 | JDK-8229345 | hotspot | runtime | Memory leak due to vtable stubs not being shared on SPARC |
30 | JDK-8146293 | security-libs | java.security | Add support for RSASSA-PSS Signature algorithm |
31 | JDK-8175029 | security-libs | java.security | StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider) |
32 | JDK-8206171 | security-libs | java.security | Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized |
33 | JDK-8214096 | security-libs | java.security | sun.security.util.SignatureUtil passes null parameter, so JCE validation fails |
34 | JDK-8215694 | security-libs | java.security | keytool cannot generate RSASSA-PSS certificates |
35 | JDK-8225180 | security-libs | java.security | SignedObject with invalid Key not throwing the InvalidKeyException in Windows |
36 | JDK-8225745 | security-libs | java.security | NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support |
37 | JDK-8236470 | security-libs | java.security | Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId |
38 | JDK-8193262 | security-libs | javax.crypto | JNI array not released in libsunmscapi convertToLittleEndian |
39 | JDK-8205445 | security-libs | javax.crypto | Add RSASSA-PSS Signature support to SunMSCAPI |
40 | JDK-8221407 | security-libs | javax.crypto | Windows 32bit build error in libsunmscapi/security.cpp |
41 | JDK-8223003 | security-libs | javax.crypto | SunMSCAPI keys are not cleaned up |
42 | JDK-8145849 | security-libs | javax.net.ssl | ALPN: getHandshakeApplicationProtocol() always return null |
43 | JDK-8158978 | security-libs | javax.net.ssl | ALPN not working when values are set directly on a SSLServerSocket |
44 | JDK-8170282 | security-libs | javax.net.ssl | Enable ALPN parameters to be supplied during the TLS handshake |
45 | JDK-8171443 | security-libs | javax.net.ssl | (spec) An ALPN callback function may also ignore ALPN |
46 | JDK-8216039 | security-libs | javax.net.ssl | TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange |
47 | JDK-8236645 | security-libs | javax.xml.crypto | JDK 8u231 introduces a regression with incompatible handling of XML messages |
48 | JDK-8207760 | xml | javax.xml.transform | SAXException: Invalid UTF-16 surrogate detected: d83c ? |
49 | JDK-8046274 | xml | jaxp | Removing dependency on jakarta-regexp |
50 | JDK-8163121 | xml | jaxp | BCEL: update to the latest 6.0 release |
51 | JDK-8233548 | xml | jaxp | Update CUP to v0.11b |
Java SE 8u241 BPRs, are based on the current Java SE 8u241 release and are available for Java SE Subscription customers.
For more information on installation and licensing of Java SE Products, visit Java SE Products Overview.
Find information about Java SE Subscriptions at Oracle Java SE Subscriptions.
The following sections summarize changes made in all Java SE 8u241 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8163251 | security-libs | javax.smartcardio | Hard coded loop limit prevents reading of smart card data greater than 8k |
8236645 | security-libs | javax.xml.crypto | JDK 8u231 introduces a regression with incompatible handling of XML messages |
8239033 (Confidential) | security-libs | javax.xml.crypto | Oracle JDK 8u Base64XmlEncode.java test fails for windows platform |
8236832 | javafx | media | [macos 10.15] JavaFX Application hangs on video play on Catalina |
8239803 (Confidential) | javafx | build | [macOS 10.15] Wrong SDK recorded in dylib files prevents notarization |
8160768 | core-libs | javax.naming | Add capability to custom resolve host/domain names within the default JNDI LDAP provider |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8234468 | security-libs | java.security | Application startup failed on JRE 8u231 |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8193445 | javafx | controls | JavaFX CSS is applied redundantly leading to significant performance degradation |
January 14, 2020
The full version string for this update release is 1.8.0_241-b07 (where "b" means "build"). The version number is 8u241.
JDK 8u241 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u241 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_241-b07 |
7 | 1.7.0_251-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u241) be used after the next critical patch update scheduled for April 14, 2020.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u241) on May 14, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
security-libs/javax.security
➜ Allow SASL Mechanisms to Be Restricted
A security property named jdk.sasl.disabledMechanisms
has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the mechanisms
argument of Sasl.createSaslClient
or the mechanism
argument of Sasl.createSaslServer
. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box.
See JDK-8200400
security-libs/javax.crypto:pkcs11
➜ SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
The SunPKCS11 provider has been updated with support for PKCS#11 v2.40. This version adds support for more algorithms such as the AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message digests, and RSASSA-PSS signatures when the corresponding PKCS11 mechanisms are supported by the underlying PKCS11 library.
See JDK-8080462
security-libs/java.security
➜ New Checks on Trust Anchor Certificates
New checks have been added to ensure that trust anchors are CA certificates and contain proper extensions. Trust anchors are used to validate certificate chains used in TLS and signed code. Trust anchor certificates must include a Basic Constraints extension with the cA field set to true. Also, if they include a Key Usage extension, the keyCertSign bit must be set.
A new system property named jdk.security.allowNonCaAnchor
has been introduced to restore the previous behavior, if necessary. If the property is set to the empty String or "true" (case-insensitive), trust anchor certificates can be used if they do not have proper CA extensions.
The default value of this property, if not set, is "false".
Note that the property does not apply to X.509 v1 certificates (since they don't support extensions).
This property is currently used by the JDK implementation. It is not guaranteed to be supported by other Java SE implementations.
JDK-8230318 (not public)
security-libs/java.security
➜ Exact Match Required for Trusted TLS Server Certificate
A TLS server certificate must be an exact match of a trusted certificate on the client in order for it to be trusted when establishing a TLS connection.
JDK-8227758 (not public)
security-libs/java.security
➜ Added LuxTrust Global Root 2 Certificate
The following root certificate has been added to the cacerts truststore:
+ LuxTrust
+ luxtrustglobalroot2ca
DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU
See JDK-8232019
security-libs/java.security
➜ Added 4 Amazon Root CA Certificates
The following root certificates have been added to the cacerts truststore:
+ Amazon
+ amazonrootca1
DN: CN=Amazon Root CA 1, O=Amazon, C=US
+ amazonrootca2
DN: CN=Amazon Root CA 2, O=Amazon, C=US
+ amazonrootca3
DN: CN=Amazon Root CA 3, O=Amazon, C=US
+ amazonrootca4
DN: CN=Amazon Root CA 4, O=Amazon, C=US
See JDK-8233223
core-libs/java.rmi
➜ Improve Registry Support
The java.rmi.Remote
marker interface identifies interfaces containing methods that can be invoked remotely by using the following specification:
java.rmi.Remote
can be invoked remotelyRemote
directly or indirectly cannot be invoked remotelyThis affects remote objects in the java.rmi.registry.Registry
and any other remote object.
JDK-8230967 (not public)
The following are some of the notable bug fixes included in this release:
client-libs/2d
➜ Support for OpenType CFF Fonts
Previously, Oracle JDK 8 did not include OpenType CFF fonts (.otf
fonts) into the standard logical fonts (such as "Dialog" and "SansSerif"). This resulted in missing glyphs when rendering text. In the most extreme cases where only CFF fonts were installed on the system, a Java exception could be thrown.
Several Linux distributions were affected by this issue because they rely on CFF fonts to support some languages, which is common for CJK (Chinese, Japanese, and Korean) languages.
Oracle JDK 8 now uses these CFF fonts, and this issue has been resolved.
See JDK-8209672
core-libs/java.io:serialization
➜ Better Serial Filter Handling
The jdk.serialFilter
system property can only be set on the command line. If the filter has not been set on the command line, it can be set can be set with java.io.ObjectInputFilter.Config.setSerialFilter
. Setting the jdk.serialFilter with java.lang.System.setProperty
has no effect.
JDK-8231422 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8080465 | client-libs | The underline of the text doesn't display unless resizing the window with the option "-server -d64 -Xmixed -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel". | |
2 | JDK-8185538 | client-libs | 2d | JDK 9 is really slow initialising some OTF/CFF fonts. |
3 | JDK-8146238 | client-libs | 2d | [macosx] Java2D Queue Flusher crash on OSX after switching between user accounts |
4 | JDK-8209672 | client-libs | 2d | Oracle JDK 8 equivalent fix for JDK-8188030: AIOOBE in font manager init |
5 | JDK-8225101 | client-libs | java.awt | Crash at sun.awt.X11.XlibWrapper.XkbGetUpdatedMap when change keybord map |
6 | JDK-8230782 | client-libs | java.awt | Robot.createScreenCapture() fails if ???awt.robot.gtk??? is set to false |
7 | JDK-8221246 | client-libs | java.awt | NullPointerException within Win32ShellFolder2 |
8 | JDK-8213119 | client-libs | java.awt | [macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails |
9 | JDK-8225505 | client-libs | javax.swing | ctrl-F1 does not show the tooltip of a menu item (JMenuItems) |
10 | JDK-8134424 | core-libs | java.io:serialization | BlockDataInputStream.readUTFBody: size local StringBuffer with the given length |
11 | JDK-8185898 | core-libs | java.net | setRequestProperty(key, null) results in HTTP header without colon in request |
12 | JDK-8230085 | core-libs | java.nio | (fs) FileStore::isReadOnly is always true on macOS Catalina |
13 | JDK-8223490 | core-libs | java.util | Optimize search algorithm for determining default time zone |
14 | JDK-8227018 | core-libs | java.util.concurrent | CompletableFuture should not call Runtime.availableProcessors on fast path |
15 | JDK-8204290 | core-libs | jdk.nashorn | Add check to limit number of capture groups |
16 | JDK-8232984 | core-libs | jdk.nashorn | Upgrading Joni License version to 2.1.16 |
17 | JDK-8204288 | core-libs | jdk.nashorn | Matching the end of a string followed by an empty greedy regex and a word boundary fails |
18 | JDK-8230303 | core-svc | debugger | JDB hangs when running monitor command |
19 | JDK-8179348 | deploy | webstart | User friendly warning when Java WebStart Temporary Internet Files is disabled. |
20 | JDK-8133949 | deploy | webstart | deploy-test build broken by fix to JDK-6921877 |
21 | JDK-6921877 | deploy | webstart | JCP JNLP Shortcut settings for JDK 9 |
22 | JDK-7024585 | deploy | webstart | enhance the list of secure jnlp vm-args for plugin and web start |
23 | JDK-8223925 | docs | No document covering default property files and system properties of the Preferences API | |
24 | JDK-8060000 | docs | guides | Endpoint identification algorithm is not only in TLS 1.2 |
25 | JDK-8207028 | docs | guides | JSSE TrustManagerFactory ignores custom value of deployment.system.security.cacerts property |
26 | JDK-8227326 | docs | guides | Broken link to JNLP specifications in Java Web Start documentation |
27 | JDK-8077316 | docs | guides | JRE Installer Options Page should include JDK |
28 | JDK-8171356 | docs | tools | providerpath option should be added to all keytool commands which specify provider information's |
29 | JDK-8143925 | hotspot | compiler | enhancing CounterMode.crypt() for AESCrypt.implEncryptBlock() |
30 | JDK-8146581 | hotspot | compiler | Minor corrections to the patch submitted for earlier bug id - 8143925 |
31 | JDK-8171974 | hotspot | compiler | Fix for R10 Register clobbering with usage of ExternalAddress |
32 | JDK-8131778 | hotspot | compiler | java disables UseAES flag when using VIS=2 on sparc |
33 | JDK-8225141 | hotspot | compiler | Better handling of classes in error state by fast class initialization checks |
34 | JDK-8229420 | hotspot | gc | [Redo] jstat reports incorrect values for OU for CMS GC |
35 | JDK-8048556 | hotspot | gc | Unnecessary GCLocker-initiated young GCs |
36 | JDK-8226798 | hotspot | runtime | JVM crash in klassItable::initialize_itable_for_interface(int, InstanceKlass*, bool, Thread*) |
37 | JDK-8041620 | hotspot | runtime | Solaris Studio 12.4 C++ 5.13 change in behavior for placing friend declarations within surrounding scope |
38 | JDK-8231854 | javafx | other | Change Mercurial to git in various README files |
39 | JDK-8231590 | javafx | other | Update location of jfx repo to GitHub in third-party legal files |
40 | JDK-8232522 | javafx | other | FX: Update copyright year in docs, readme files to 2020 |
41 | JDK-8231126 | javafx | web | libxslt.md has incorrect version string |
42 | JDK-8224636 | javafx | web | CSS "pointer-events" property "stroke" is not respected for SVG renderings |
43 | JDK-8218640 | javafx | web | Update ICU4C to version 64.2 |
44 | JDK-8173956 | security-libs | java.security | KeyStore regression due to default keystore being changed to PKCS12 |
45 | JDK-8195667 | security-libs | javax.crypto:pkcs11 | ProblemList PKCS11 tests Secmod/AddTrustedCert.java and tls/TestKeyMaterial.java due to JDK-8180837 |
46 | JDK-8080462 | security-libs | javax.crypto:pkcs11 | Update SunPKCS11 provider with PKCS11 v2.40 support |
47 | JDK-8228835 | security-libs | javax.crypto:pkcs11 | Memory leak in PKCS11 provider when using AES GCM |
48 | JDK-8229243 | security-libs | javax.crypto:pkcs11 | SunPKCS11-Solaris provider tests failing on Solaris 11.4 |
49 | JDK-8225695 | security-libs | javax.crypto:pkcs11 | 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) |
50 | JDK-8133489 | security-libs | javax.net.ssl | Better messaging for PKIX path validation matching |
51 | JDK-8229767 | security-libs | javax.security | Typo in java.security: Sasl.createClient and Sasl.createServer |
52 | JDK-8200400 | security-libs | javax.security | Allow Sasl mechanisms to be restricted |
53 | JDK-8226607 | security-libs | javax.smartcardio | Inconsistent info between pcsclite.md and MUSCLE headers |
54 | JDK-8201627 | security-libs | org.ietf.jgss:krb5 | Kerberos sequence number issues |
The following sections summarize changes made in all Java SE 8u231 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8223158 | client-libs | javax.swing | Docked MacBook cannot start any Java Swing applications |
8134424 | core-libs | java.io:serialization | BlockDataInputStream.readUTFBody: size local StringBuffer with the given length |
8077707 (Confidential) |
client-libs | javax.accessibility | jdk9 b58 cannot run any graphical application on Win 8 with JAWS running |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8185538 | client-libs | 2d | JDK 9 is really slow initialising some OTF/CFF fonts. |
8223490 | core-libs | java.util | Optimize search algorithm for determining default time zone |
8209672 (Confidential) |
client-libs | 2d | Oracle JDK 8 equivalent fix for JDK-8188030: AIOOBE in font manager init |
8080465 (Confidential) |
client-libs | The underline of the text doesn't display unless resizing the window with the option "-server -d64 -Xmixed -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel". |
Bug Fixes
October 15, 2019
The full version string for this update release is 1.8.0_231-b11 (where "b" means "build"). The version number is 8u231.
JDK 8u231 contains IANA time zone data version 2019b. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u231 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_231-b11 |
7 | 1.7.0_241-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u231) be used after the next critical patch update scheduled for January 14, 2020.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u231) on February 14, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
security-libs/javax.crypto
New jdk.jceks.iterationCount System Property
A new system property has been introduced to control the iteration count value used for the jceks
keystore. The default value remains at 200000 but values between 10000 and 5000000 may be specified. The new system property name is jdk.jceks.iterationCount
and the value supplied should be an integer in the accepted range. The default value will be used if a parsing error is encountered.
JDK-8223269 (not public)
security-libs/java.security
➜ New Java Flight Recorder (JFR) Security Events
Four new JFR events have been added to the security library area. These events are disabled by default and can be enabled via the JFR configuration files or via standard JFR options.
java/security_property
Security.setProperty(String key, String value)
method callsjava/tls_handshake
java/x509_validation
java/x509_certificate
See JDK-8148188
javafx/graphics
➜ Removal of T2K Rasterizer and ICU Layout Engine From JavaFX
The T2K rasterizer and ICU layout engine have been removed from JavaFX.
See JDK-8187147
client-libs
➜ [client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix
Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.
Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.
The old behavior can be restored by using the system property: -Djdk.gtk.version=2.2
See JDK-8222496
docs
➜ Using the JDK or JRE on macOS Catalina (10.15)
Changes introduced in macOS 10.15 (Catalina) have caused JCK test failures which will prevent Java from being supported on macOS 10.15. If you still want to install and test then please see http:/java/technologies/javase/jdk-jre-macos-catalina.html.
JDK-8230057 (not public)
security-libs/javax.net.ssl
➜ Remove Obsolete NIST EC Curves from the Default TLS Algorithms
This change removes obsolete NIST EC curves from the default Named Groups used during TLS negotiation. The curves removed are sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, and secp256k1.
To re-enable these curves, use the jdk.tls.namedGroups
system property. The property contains a comma-separated list within quotation marks of enabled named groups in preference order. For example:
java -Djdk.tls.namedGroups="secp256r1, secp384r1, secp521r1, sect283k1,
sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1" ...
JDK-8228825 (not public)
security-libs/javax.xml.crypto
➜Updated XML Signature Implementation to Apache Santuario 2.1.3
The XML Signature implementation in the java.xml.crypto
module has been updated to version 2.1.3 of Apache Santuario. New features include:
See JDK-8219013
security-libs/javax.xml.crypto
➜ Updated xmldsig Implementation to Apache Santuario 2.1.1
The XMLDSig provider implementation in the java.xml.crypto
module has been updated to version 2.1.1 of Apache Santuario. New features include:
See JDK-8177334
security-libs/javax.crypto
➜ System Property jdk.security.useLegacyECC is Turned Off by Default
The system property jdk.security.useLegacyECC
, which was introduced in the update releases 7u231 and 8u221, is turned off by default.
This option allows control of which implementation of ECC is in use.
When the system property, jdk.security.useLegacyECC
, is explicitly set to "true" (the value is case-insensitive) the JDK uses the old, native implementation of ECC. If the option is set to an empty string, it is treated as if it were set to "true". This makes it possible to specify -Djdk.security.useLegacyECC
If the option is set to "false", or if it is not specified at all, the provider decides which implementation of ECC is used. This is the recommended setting, as the JDK will use modern and timing resistant implementations of the NIST secp256r1, secp384r1, and secp521r1 curves. For more information on which curves are recommended and which are legacy, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunEC.
JDK-8224499 (not public)
An Apache Santuario libraries upgrade introduces a behavioral change where Base64 encoded XML signatures may result in 
or 
being appended to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.
An application may continue working with the encoded output data containing the carriage return character (
or 
) if the application coding logic allows such output.
The com.sun.org.apache.xml.internal.security.ignoreLineBreaks
system property may be set to a value of true
if an application is unable to handle encoded output data including the carriage return character (
or 
).
Additional information can be found at https://issues.apache.org/jira/browse/SANTUARIO-482.
core-libs/java.lang
➜ Runtime.exec and ProcessBuilder Argument Restrictions
Runtime.exec
and ProcessBuilder
have been updated in this release to tighten the constraints on the quoting of arguments to processes created by these APIs. The changes may impact applications on Microsoft Windows that are deployed with a security manager. The changes have no impact on applications that are run without a security manager.
In applications where there is no security manager, there is no change in the default behavior and the new restrictions are opt-in. To enable the restrictions, set the system property jdk.lang.Process.allowAmbiguousCommands
to false
.
In applications where there is a security manager, the new restrictions are opt-out. To revert to the previous behavior set the system property jdk.lang.Process.allowAmbiguousCommands
to true
.
Applications using Runtime.exec
or ProcessBuilder
with a security manager to invoke .bat
or .cmd
and command names that do not end in ".exe
" may be more restrictive in the characters accepted for arguments if they contain double-quote, "&", "|", "<", ">", or "^". The arguments passed to applications may be quoted differently than in previous versions.
For .exe
programs, embedded double quotes are allowed and are encoded so they are passed to Windows as literal quotes. In the case where the entire argument has been passed with quotes or must be quoted to encode special characters including space and tab, the encoding ensures they are passed to the application correctly. The restrictions are enforced if there is a security manager and the jdk.lang.Process.allowAmbiguousCommands
property is "false
" or there is no security manager and property is not "false
".
JDK-8221858 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8222496 | client-libs | [8u] Switch on GTK3 as a default GTK L&F in client-libs | |
2 | JDK-8217676 | client-libs | Upgrade libpng to 1.6.37 | |
3 | JDK-8219914 | client-libs | Change the environment variable for Java Access Bridge logging to have a directory | |
4 | JDK-8222108 | client-libs | 2d | Reduce minRefreshTime for updating remote printer list on Windows |
5 | JDK-8196681 | client-libs | javax.accessibility | Java Access Bridge logging and debug flags dynamically controlled |
6 | JDK-8226964 | client-libs | javax.swing | [Yaru] GTK L&F: There is no difference between menu selected and de-selected |
7 | JDK-8225423 | client-libs | javax.swing | GTK L&F: JSplitPane: There is no divider shown |
8 | JDK-8214702 | client-libs | javax.swing | Wrong text position for whitespaced string in printing Swing text |
9 | JDK-8216401 | core-libs | Allow "file:" URLs in Class-Path of local JARs | |
10 | JDK-8151486 | core-libs | java.lang | Class.forName causes memory leak |
11 | JDK-8197930 | core-libs | java.lang | JNI exception pending in initializeEncoding of jni_util.c |
12 | JDK-8225425 | core-libs | java.net | java.lang.UnsatisfiedLinkError: net.dll: Can't find dependent libraries |
13 | JDK-8214687 | core-libs | java.util:collections | Optimize Collections.nCopies().hashCode() and equals() |
14 | JDK-8222980 | core-libs | java.util:i18n | Upgrade IANA Language Subtag Registry to Version 2019-04-03 |
15 | JDK-8219890 | core-libs | java.util:i18n | Calendar.getDisplayName() returns empty string for new Japanese Era on some locales |
16 | JDK-8203324 | core-libs | java.util:i18n | Use out of scope in getMacOSXLocale of java_props_macosx.c:120 |
17 | JDK-8139965 | core-libs | javax.naming | Hang seen when using com.sun.jndi.ldap.search.replyQueueSize |
18 | JDK-8217581 | docs | tools | JDK 8 javadoc man page does not list correct values for -source |
19 | JDK-8206879 | globalization | locale-data | Currency decimal marker incorrect for Peru |
20 | JDK-8202414 | hotspot | compiler | Unsafe write after primitive array creation may result in array length change |
21 | JDK-8219807 | hotspot | compiler | C2 crash in IfNode::up_one_dom(Node*, bool) |
22 | JDK-8218721 | hotspot | compiler | C1's CEE optimization produces safepoint poll with invalid debug information |
23 | JDK-8130341 | hotspot | compiler | GHASH 32bit intrinsics has AEADBadTagException |
24 | JDK-8080157 | hotspot | compiler | assert(allocates2(pc)) failed: not in CodeBuffer memory |
25 | JDK-8187147 | javafx | graphics | Remove T2K from JavaFX in JDK 10 |
26 | JDK-8201539 | javafx | graphics | Crash in DirectWrite CreateBitmap code when running TestFX test suite |
27 | JDK-8213510 | javafx | media | [Windows] MediaPlayer does not play some mp3 with artwork stream in mjpeg |
28 | JDK-8222780 | javafx | media | Visual Studio does not open media vs_projects files |
29 | JDK-8223046 | javafx | samples | AudioClip sample does not work in Ensemble when run via web-start |
30 | JDK-8230361 | javafx | web | [web] Cookies are not enabled in WebKit v608.1 |
31 | JDK-8229328 | javafx | web | [windows] PlatformFileHandle type should be JGObject rather than void * |
32 | JDK-8227431 | javafx | web | [Windows] Fix assertion failure on X86 32-bit when enabling CLOOP based JavaScript interpreter |
33 | JDK-8227079 | javafx | web | Cherry pick GTK WebKit 2.24.3 changes |
34 | JDK-8222912 | javafx | web | Websocket client doesn't work in WebView |
35 | JDK-8219362 | javafx | web | Update to 608.1 version of WebKit |
36 | JDK-8225203 | javafx | web | Update SQLite to version 3.28.0 |
37 | JDK-8222788 | javafx | web | javafx.web build fails on XCode 10.2 |
38 | JDK-8222497 | javafx | window-toolkit | [8u] Switch on GTK3 as a default GTK L&F in javafx |
39 | JDK-8226537 | javafx | window-toolkit | Multi-level Stage::initOwner can crash gnome-shell or X.org server |
40 | JDK-8211302 | javafx | window-toolkit | DragAndDrop no longer works with GTK3 |
41 | JDK-8212060 | javafx | window-toolkit | [GTK3] Stage sometimes shown at top-left before moving to correct position |
42 | JDK-8147502 | security-libs | java.security | Digest is incorrectly truncated for ECDSA signatures when the bit length of n is less than the field size |
43 | JDK-8148188 | security-libs | java.security | Enhance the security libraries to record events of interest |
44 | JDK-8226543 | security-libs | javax.crypto | Reduce GC pressure during message digest calculations in password-based encryption |
45 | JDK-8073108 | security-libs | javax.crypto | Use x86 and SPARC CPU instructions for GHASH acceleration |
46 | JDK-8218780 | security-libs | javax.smartcardio | Update MUSCLE PCSC-Lite header files |
47 | JDK-8229868 | security-libs | javax.xml.crypto | Update Apache Santuario TPRM version |
48 | JDK-8218629 | security-libs | javax.xml.crypto | XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 |
49 | JDK-8217878 | security-libs | javax.xml.crypto | ENVELOPING XML signature no longer works in JDK 11 |
50 | JDK-8219013 | security-libs | javax.xml.crypto | Update Apache Santuario (XML Signature) to version 2.1.3 |
51 | JDK-8177334 | security-libs | javax.xml.crypto | Update xmldsig implementation to Apache Santuario 2.1.1 |
The following sections summarize changes made in all Java SE 8u221 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8221246 | client-libs | java.awt | NullPointerException within Win32ShellFolder2 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8080157 | hotspot | compiler | assert(allocates2(pc)) failed: not in CodeBuffer memory |
8130341 | hotspot | compiler | GHASH 32bit intrinsics has AEADBadTagException |
8073108 | security-libs | javax.crypto | Use x86 and SPARC CPU instructions for GHASH acceleration |
8048556 | hotspot | gc | Unnecessary GCLocker-initiated young GCs |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8226895 (Confidential) |
xml | jaxp | Problems when validating XML with STax |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8226543 | security-libs | javax.crypto | Reduce GC pressure during message digest calculations in password-based encryption |
8139965 | core-libs | javax.naming | Hang seen when using com.sun.jndi.ldap.search.replyQueueSize |
8225615 (Confidential) |
deploy | packager | Need javapackager to work with Inno Setup 6.x |
8223727 (Confidential) |
core-libs | javax.naming | com/sun/jndi/ldap/privconn/RunTest.java failed due to hang in LdapRequest.getReplyBer |
Please note that fixes from prior BPR are included in this version.
July 16, 2019
The full version string for this update release is 1.8.0_221-b11 (where "b" means "build"). The version number is 8u221.
JDK 8u221 contains IANA time zone data version 2018i. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u221 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_221-b11 |
7 | 1.7.0_231-b08 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u221) will expire with the release of the next critical patch update scheduled for October 15, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u221) on November 15, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
hotspot/runtime
HotSpot Windows OS Detection Correctly Identifies Windows Server 2019
Prior to this fix, Windows Server 2019 was recognized as "Windows Server 2016", which produced incorrect values in the os.name
system property and the hs_err_pid
file.
See JDK-8211106
security-libs/java.security
Removal of Two DocuSign Root CA Certificates
Two DocuSign root CA certificates are expired and have been removed from the cacerts
keystore:
Distinguished Name: CN=Class 2 Primary CA, O=Certplus, C=FR
Distinguished Name: CN=Class 3P Primary CA, O=Certplus, C=FR
See JDK-8223499
security-libs/java.security
Removal of Two Comodo Root CA Certificates
Two Comodo root CA certificates are expired and have been removed from the cacerts
keystore:
Distinguished Name: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Distinguished Name: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
See JDK-8222136
security-libs/java.security
Removal of T-Systems Deutsche Telekom Root CA 2 Certificate
The T-Systems Deutsche Telekom Root CA 2 certificate is expired and has been removed from the cacerts
keystore:
Distinguished Name: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
See JDK-8222137
install
Java Access Bridge Installation Workaround
There is a risk of breaking Java Access Bridge functionality when installing Java on a Windows system that has both a previously installed version of Java and an instance of JAWS running. After rebooting, the system can be left without the WindowsAccessBridge-64.dll
in either the system directory (C:\Windows\System32
) for 64bit Java products or the system directory used by WOW64 (C:\Windows\SysWoW64
) for 32bit Java products.
To prevent breaking Java Access Bridge functionality, use one of the following workarounds:
The goal of the workarounds is to avoid the scenario of uninstalling existing JRE(s) from Java installer when JAWS is running.
JDK-8223293 (not public)
security-libs/javax.crypto
System Property to Switch Between Implementations of ECC
A new boolean system property, jdk.security.useLegacyECC
, has been introduced that enables switching between implementations of ECC.
When the system property, jdk.security.useLegacyECC
, is set to "true" (the value is case-insensitive) the JDK uses the old, native implementation of ECC. If the option is set to an empty string, it is treated as if it were set to "true". This makes it possible to specify -Djdk.security.useLegacyECC
in the command line.
If the option is explicitly set to "false", the provider decides which implementation of ECC is used.
The default value of the option is "true". Note that the default value might change in a future update release of the JDK.
JDK-8217763 (not public)
client-libs/2d
Missing Glyphs in AWT/Swing Components Due to Lack of CJK TrueType Fonts in RHEL 8
Red Hat Enterprise Linux 8 no longer includes packages which provided TrueType fonts used by JDK for CJK (Chinese, Japanese, and Korean) languages.
Text display for those languages will therefore result in missing glyphs.
See JDK-8209672 for a resolution to this issue.
See JDK-8230150
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8214252 | client-libs | Expanded & Collapsed nodes of a JTree look the same on GTK3 | |
2 | JDK-8153732 | client-libs | 2d | Windows remote printer changes do not reflect in lookupPrintServices() |
3 | JDK-8212202 | client-libs | 2d | [Windows] Exception if no printers are installed. |
4 | JDK-8218020 | client-libs | 2d | Fix version number in mesa.md 3rd party legal file |
5 | JDK-8215210 | client-libs | 2d | [macos] Hangul text does not shape to the precomposed form on JDK8u |
6 | JDK-8218605 | client-libs | 2d | Startup Splash Screen of SwingSet2 flashes in smaller coordinates before appearing in the final size |
7 | JDK-8214765 | client-libs | java.awt | All TrayIcon MessageType icons does not show up with gtk3 option set |
8 | JDK-8204142 | client-libs | java.awt | AWT hang occurs when sequenced events arrive out of sequence in multiple AppContexts. |
9 | JDK-8210886 | client-libs | java.awt | Remove references in xwindows.md to non-existent files. |
10 | JDK-8214109 | client-libs | java.awt | XToolkit is not correctly displayed color on 16-bit high color setting |
11 | JDK-8213183 | client-libs | java.awt:i18n | InputMethod cannot be used after its restarting |
12 | JDK-8214253 | client-libs | javax.swing | Tooltip is transparent rather than having a black background |
13 | JDK-8214112 | client-libs | javax.swing | The whole text in target JPasswordField image are not selected. |
14 | JDK-8214111 | client-libs | javax.swing | There is no icon in all JOptionPane target image |
15 | JDK-8220349 | client-libs | javax.swing | The fix done for JDK-8214253 have caused issues in JTree behaviour |
16 | JDK-8218674 | client-libs | javax.swing | HTML Tooltip with "img src=" on component doesn't show |
17 | JDK-8196775 | core-libs | java.net | java/net/Socket/asyncClose/Race.java failed intermittently on Windows with ConnectException: Connection refused |
18 | JDK-8044047 | core-libs | java.util.stream | Missing null pointer checks for streams |
19 | JDK-8213294 | core-libs | java.util:i18n | Upgrade IANA LSR data |
20 | JDK-8040211 | core-libs | java.util:i18n | Update LSR datafile for BCP 47 |
21 | JDK-8191404 | core-libs | java.util:i18n | Upgrading JDK with latest available LSR data from IANA. |
22 | JDK-8203872 | core-libs | java.util:i18n | Upgrading JDK with latest available LSR data from IANA. |
23 | JDK-8214935 | core-libs | java.util:i18n | Upgrade IANA LSR data |
24 | JDK-8218781 | core-libs | java.util:i18n | Localized names for Japanese Era Reiwa in COMPAT provider |
25 | JDK-8209775 | core-libs | java.util:i18n | ISO 4217 Amendment #169 Update |
26 | JDK-8210153 | core-libs | java.util:i18n | localized currency symbol of VES |
27 | JDK-8209951 | hotspot | compiler | Problematic sparc intrinsic: com.sun.crypto.provider.CipherBlockChaining |
28 | JDK-8211106 | hotspot | runtime | [windows] Update OS detection code to recognize Windows Server 2019 |
29 | JDK-8134030 | hotspot | svc | test/serviceability/dcmd/gc/HeapDumpTest fails to verify the dump |
30 | JDK-8202884 | hotspot | svc-agent | SA: Attach/detach might fail on Linux if debugee application create/destroy threads during attaching |
31 | JDK-8222812 | install | install | java usage unit tests are failing |
32 | JDK-8212742 | install | uninstall | More information link at Java Uninstall tool for MAC point to Windows page instructions |
33 | JDK-8215686 | javafx | build | FX build fails using gradle 5 |
34 | JDK-8217942 | javafx | build | Upgrade to libxslt 1.1.33 |
35 | JDK-8219008 | javafx | graphics | Update OpenGL Headers to version 4.6 |
36 | JDK-8204060 | javafx | graphics | [Canvas] Add API in GraphicsContext to control image smoothing |
37 | JDK-8215894 | javafx | media | Provide media support for libav version 58 |
38 | JDK-8133841 | javafx | media | Full HD video can not be played on standard 1080p screen in portrait mode |
39 | JDK-8222217 | javafx | media | FX build fails on 32-bit Windows after fix for JDK-8133841 |
40 | JDK-8218174 | javafx | other | Add missing license file for Mesa header files |
41 | JDK-8222883 | javafx | samples | Ensemble: Update version of Lucene to 7.7.1 |
42 | JDK-8219734 | javafx | web | [WebView] Get rid of macOS SDK private API usage |
43 | JDK-8215775 | javafx | web | Scrollbars from web pages appear to be absolute, overlapping everything |
44 | JDK-8220147 | javafx | web | Cherry pick GTK WebKit 2.22.7 changes |
45 | JDK-8219917 | javafx | web | [WebView] Sub-resource integrity check fails on Windows and Linux |
46 | JDK-8151225 | security-libs | java.security | Mark SpecTest.java as intermittently failing |
47 | JDK-8222137 | security-libs | java.security | Remove T-Systems root CA certificate |
48 | JDK-8223499 | security-libs | java.security | Remove two DocuSign root certificates that are expiring |
49 | JDK-8222136 | security-libs | java.security | Remove two Comodo root CA certificates that are expiring |
50 | JDK-8181594 | security-libs | javax.crypto | Efficient and constant-time modular arithmetic |
51 | JDK-8203228 | security-libs | javax.crypto | Branch-free output conversion for X25519 and X448 |
52 | JDK-8201317 | security-libs | javax.crypto | X25519/X448 code improvements |
53 | JDK-8208648 | security-libs | javax.crypto | ECC Field Arithmetic Enhancements |
54 | JDK-8204909 | security-libs | javax.crypto | Improved ECC Implementation |
55 | JDK-8193830 | xml | jaxp | Xalan Update: Xalan Java 2.7.2 |
The following sections summarize changes made in all Java SE 8u212 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes in 8u212 b34 are included in 8u221-b32.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8208666 | client-libs | 2d | Missing glyphs from custom made font when rendering on Graphics2D |
8178870 | hotspot | jvmti | instrumentation.retransformClasses cause coredump |
8155951 | hotspot | jvmti | VM crash in nsk/jvmti/RedefineClasses/StressRedefine: assert failed: Corrupted constant pool |
8151066 | hotspot | jvmti | assert(0 <= i && i < length()) failed: index out of bounds |
8221986 (Confidential) |
javafx | build | Intermittent FX Hudson build failure on Windows: cannot execute gperf |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8218674 | client-libs | javax.swing | HTML Tooltip with "img src=" on component doesn't show |
8223233 (Confidential) |
install | install | 8u 211 32 bit MSI uninstalls Java 8u211 64 bit, which is above the security baseline |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8204060 | javafx | graphics | [Canvas] Add API in GraphicsContext to control image smoothing |
8221263 | client-libs | 2d | [TEST_BUG] RemotePrinterStatusRefresh test is hard to use |
8153732 | client-libs | 2d | Windows remote printer changes do not reflect in lookupPrintServices() |
8221412 | client-libs | 2d | lookupPrintServices() does not always update the list of Windows remote printers |
8212202 | client-libs | 2d | [Windows] Exception if no printers are installed. |
8194653 | core-libs | java.lang | Deadlock involving FileSystems.getDefault and System.loadLibrary call |
8219410 (Confidential) |
javafx | graphics | [GraphicsContext] Backport doc changes |
Please note that fixes from prior BPR (8u202 b34) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8221355 | hotspot | compiler | Performance regression after JDK-8155635 backport into 8u |
April 16, 2019
The full version string for this update release is 1.8.0_212-b10 (where "b" means "build"). The version number is 8u212.
JDK 8u212 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u212 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_211-b12 |
7 | 1.7.0_221-b08 |
6 | 1.6.0_221 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u212) will expire with the release of the next critical patch update scheduled for July 16, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u212) on August 16, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8215364 | client-libs | JavaFX crashes on Ubuntu 18.04 with Wayland while using Swing-FX interop | |
2 | JDK-8207070 | client-libs | java.awt | Webstart app popup on wrong screen in a one-screen setup changing to multi-monitor |
3 | JDK-8189926 | javafx | other | [Mac] Pulse timer should pause when idle |
4 | JDK-8210411 | javafx | window-toolkit | JavaFX crashes on Ubuntu 18.04 with Wayland |
5 | JDK-8211280 | javafx | window-toolkit | JavaFX build fails on Linux with gcc8 |
6 | JDK-8213952 | security-libs | java.security | Relax DNSName restriction as per RFC 1123 |
April 16, 2019
The full version string for this update release is 1.8.0_211-b12 (where "b" means "build"). The version number is 8u211.
JDK 8u211 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u211 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_211-b12 |
7 | 1.7.0_221-b08 |
6 | 1.6.0_221 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u211) will expire with the release of the next critical patch update scheduled for July 16, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u211) on August 16, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
core-libs/java.time
An instance representing the new Reiwa era has been added to this update. Unlike other eras, there is no public field for this era. It can be obtained by calling JapaneseEra.of(3)
or JapaneseEra.valueOf("Reiwa")
. JDK 13 and later will have a new public field to represent this era.
The placeholder name, "NewEra
", for the Japanese era that started from May 1st, 2019 has been replaced with the new official name. Applications that relied on the placeholder name (see JDK-8202088) to obtain the new era singleton (JapaneseEra.valueOf("NewEra")
) will no longer work.
See JDK-8205432
core-libs/java.util:i18n
Square Character Support for Japanese New Era
The code point, U+32FF, is reserved by the Unicode Consortium to represent the Japanese square character for the new era that begins from May, 2019. Relevant methods in the Character
class return the same properties as the existing Japanese era characters (e.g., U+337E for "Meizi"). For details about the code point, see http://blog.unicode.org/2018/09/new-japanese-era.html.
See JDK-8211398
client-libs/2d
High DPI Auto-Scaling on Windows
If the Windows desktop DPI of the default screen is configured via Display Settings to be 150% or greater (that is 144 dpi or greater), JDK will now ask Windows to auto-scale the entire UI of a Java application to be consistent with the rest of the Windows desktop UI.
Below that value Java applications will appear at the same size as they did in previous releases.
This threshold is chosen as a trade-off between compatibility and legibility of the UI. At higher DPI settings, without this auto-scaling, the Java UI may be just too small to be read comfortably.
There may be some negative consequences such as
In the event that the negative consequences outweigh the benefits, an application can request the old behaviour by specifying:
-Dsun.java2d.dpiaware=true
Conversely, if the application would prefer to be auto-scaled even at lower DPI settings, then specify:
-Dsun.java2d.dpiaware=false
In the absence of either explicit setting, the default behaviour described above will apply.
JDK-8204512 (not public)
core-libs/java.lang
New Currency Code Points Added
The Java SE 8 Platform spec for java.lang.Character
now supports Unicode 6.2 plus an extension to allow new currency code points from Unicode 10.0.
The following currency code points have been added:
0BB NORDIC MARK SIGN
20BC MANAT SIGN
20BD RUBLE SIGN
20BE LARI SIGN
20BF BITCOIN SIGN
See JDK-8217710
install
Java Access Bridge Installation Workaround
There is a risk of breaking Java Access Bridge functionality when installing Java on a Windows system that has both a previously installed version of Java and an instance of JAWS running. After rebooting, the system can be left without the WindowsAccessBridge-64.dll
in either the system directory (C:\Windows\System32
) for 64bit Java products or the system directory used by WOW64 (C:\Windows\SysWoW64
) for 32bit Java products.
To prevent breaking Java Access Bridge functionality, use one of the following workarounds:
The goal of the workarounds is to avoid the scenario of uninstalling existing JRE(s) from Java installer when JAWS is running.
JDK-8223293 (not public)
hotspot/compiler
Possible Performance Regression in JDK 8 Updates 202, 211, and 212
Due to a known issue with the fix for JDK-8155635, introduced in JDK 8 update 202, some applications may experience a performance regression (lower throughput and/or higher CPU consumption) when migrating from earlier releases. Examples of code that might trigger this regression include heavy use of sun.misc.Unsafe
and the Reflection API. This performance regression is addressed in JDK-8221355.
See JDK-8221355
security-libs/java.security
Added GlobalSign R6 Root Certificate
The following root certificate has been added to the cacerts truststore:
globalsignrootcar6
DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6
JDK-8216577 (not public)
security-libs/javax.net.ssl
Distrust TLS Server Certificates Anchored by Symantec Root CAs
The JDK will stop trusting TLS Server certificates issued by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec.
TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected. See the DigiCert support page for information on how to replace your Symantec certificates with a DigiCert certificate (DigiCert took over validation and issuance for all Symantec Website Security SSL/TLS certificates on December 1, 2017).
An exception to this policy is that TLS Server certificates issued through two subordinate Certificate Authorities managed by Apple, and identified below, will continue to be trusted as long as they are issued on or before December 31, 2019.
The restrictions are enforced in the JDK implementation (the SunJSSE
Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below.
An application will receive an Exception with a message indicating the trust anchor is not trusted, ex:
"TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US"
If necessary, and at your own risk, you can work around the restrictions by removing "SYMANTEC_TLS" from the jdk.security.caDistrustPolicies
security property in the java.security
configuration file.
The restrictions are imposed on the following Symantec Root certificates included in the JDK:
Distinguished Name | SHA-256 Fingerprint |
---|---|
CN=GeoTrust Global CA, O=GeoTrust Inc., C=US | FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA: DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A |
CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US | 37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8: 2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C |
CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US | 5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F: 7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66 |
CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US | B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E: E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4 |
CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US | A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93: 42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 |
CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US | 8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A: 97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F |
CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US | A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB: 43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57 |
CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US | 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C: 06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C |
EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA | 3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47: 9C:36:93:65:08:80:50:56:98:10:5D:BC:E9 |
OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US | 3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F: D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1 |
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US | A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09: CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05 |
OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US | 83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E: DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B |
CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US | EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1: B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44 |
CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US | 69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60: 32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79 |
CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US | 9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99: 89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF |
CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US | 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5: C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C |
Distinguished Name | SHA-256 Fingerprint |
---|---|
CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US | AC:2B:92:2E:CF:D5:E0:17:11:77:2F:EA:8E:D3:72:DE:9D:1E:22:45:FC:E3:F5:7A: 9C:DB:EC:77:29:6A:42:4B |
CN=Apple IST CA 8 - G1, OU=Certification Authority, O=Apple Inc., C=US | A4:FE:7C:7F:15:15:5F:3F:0A:EF:7A:AA:83:CF:6E:06:DE:B9:7C:A3:F9:09:DF:92:0A: C1:49:08:82:D4:88:ED |
If you have a TLS Server certificate issued by one of the CAs above, you should have received a message from DigiCert with information about replacing that certificate, free of charge.
You can also use the keytool
utility from the JDK to print out details of the certificate chain, as follows:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server if not yours.
See JDK-8207258
core-libs/java.time
Support New Japanese Era in java.time.chrono.JapaneseEraThe JapaneseEra class and its of(int)
, valueOf(String)
, and values()
methods are clarified to accommodate future Japanese era additions, such as how the singleton instances are defined, what the associated integer era values are, etc.
See JDK-8212941
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8213983 | client-libs | java.awt | [macosx] Keyboard shortcut ???cmd +`??? stops working properly if popup window is displayed |
2 | JDK-8213583 | client-libs | java.awt | Error while opening the JFileChooser when desktop contains shortcuts pointing to deleted files |
3 | JDK-8076164 | client-libs | javax.swing | [JTextField] When input too long Thai character, cursor's behavior is odd |
4 | JDK-8132136 | client-libs | javax.swing | [PIT] RTL orientation in JEditorPane is broken |
5 | JDK-8133108 | client-libs | javax.swing | [PIT] Container size is wrong in JEditorPane |
6 | JDK-8187364 | client-libs | javax.swing | Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component |
7 | JDK-8216396 | core-libs | java.lang | Support new Japanese era and new currency code points in java.lang.Character for Java SE 8 |
8 | JDK-8218915 | core-libs | java.lang | Change isJavaIdentifierStart and isJavaIdentifierPart to handle new code points |
9 | JDK-8217710 | core-libs | java.lang | Add 5 currency code points to Java SE 8uX |
10 | JDK-8180469 | core-libs | java.time | Wrong short form text for supplemental Japanese era |
11 | JDK-8212941 | core-libs | java.time | Support new Japanese era in java.time.chrono.JapaneseEra |
12 | JDK-8211398 | core-libs | java.util:i18n | Square character support for the Japanese new era |
13 | JDK-8202088 | core-libs | java.util:i18n | Japanese new era implementation |
14 | JDK-8207152 | core-libs | java.util:i18n | Placeholder for Japanese new era should be two characters |
15 | JDK-8217609 | core-libs | java.util:i18n | New era placeholder not recognized by java.text.SimpleDateFormat |
16 | JDK-8159886 | deploy | plugin | Window of a newly launched Oracle Forms applet loses focus |
17 | JDK-8133984 | hotspot | runtime | print_compressed_class_space() is only defined in 64-bit VM |
18 | JDK-8180904 | hotspot | test | Hotspot tests running with -agentvm failing due to classpath |
19 | JDK-8187220 | install | install | postinstall fails if there is a space in user name |
20 | JDK-8214185 | javafx | media | Upgrade GStreamer to the latest (1.14.4) version |
21 | JDK-8200665 | javafx | samples | Ensemble: Update SyntaxHighlighter to version 4.0.1 |
22 | JDK-8207772 | javafx | web | File API and FileReader should be supported in WebView |
23 | JDK-8213541 | javafx | web | WebView does not handle HTTP response without ContentType |
24 | JDK-8215702 | javafx | web | SVG gradients are not rendered |
25 | JDK-8215799 | javafx | web | Complex text is not rendered by webkit on Windows |
26 | JDK-8214119 | javafx | web | Update to 607.1 version of WebKit |
27 | JDK-8211399 | javafx | web | libxslt fails to build with glibc 2.26 |
28 | JDK-8211454 | javafx | web | Update SQLite to version 3.26.0 |
29 | JDK-8214452 | javafx | web | Update libxml2 to version 2.9.9 |
30 | JDK-8213806 | javafx | web | WebView - JVM crashes for given HTML |
31 | JDK-8218611 | javafx | web | [DRT] fast/xslt tests fails with Unsupported encoding windows-1251 |
32 | JDK-8219539 | javafx | web | Cherry pick GTK WebKit 2.22.6 changes |
33 | JDK-8133802 | security-libs | replace some <tt> tags (obsolete in html5) in security-libs docs | |
34 | JDK-8216280 | security-libs | java.security | Allow later Symantec Policy distrust date for two Apple SubCAs |
35 | JDK-8215318 | security-libs | java.security | Amend the Standard Algorithm Names specification to clarify that names can be defined in later versions |
36 | JDK-8029661 | security-libs | javax.net.ssl | Support TLS v1.2 algorithm in SunPKCS11 provider |
37 | JDK-8207258 | security-libs | javax.net.ssl | Distrust TLS server certificates anchored by Symantec Root CAs |
38 | JDK-8129988 | security-libs | javax.net.ssl | JSSE should create a single instance of the cacerts KeyStore |
39 | JDK-8217579 | security-libs | javax.net.ssl | TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883 |
40 | JDK-8203190 | security-libs | javax.net.ssl | SessionId.hashCode generates too many collisions |
41 | JDK-8164656 | security-libs | org.ietf.jgss:krb5 | krb5 does not retry if TCP connection timeouts |
The following sections summarize changes made in all Java SE 8u202 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8204142 | client-libs | java.awt | AWT hang occurs when sequenced events arrive out of sequence in multiple AppContexts. |
8217227 (Confidential) |
deploy | plugin | Java Deployment Ruleset (DRS) not working for forms Web Start (webstart) config |
8221544 (Confidential) |
deploy | webstart | StackOverflowError and JWS fails to launch for some client PCs in cluster config |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8213583 | client-libs | java.awt | Error while opening the JFileChooser when desktop contains shortcuts pointing to deleted files |
8207070 | client-libs | java.awt | Webstart app popup on wrong screen in a one-screen setup changing to multi-monitor |
8027434 | hotspot | runtime | "-XX:OnOutOfMemoryError" uses fork instead of vfork |
Please note that fixes from the prior BPR (8u192 b35) are included in this version.
January 15, 2019
The full version string for this update release is 1.8.0_202-b08 (where "b" means "build"). The version number is 8u202.
JDK 8u202 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u202 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_201-b09 |
7 | 1.7.0_211-b07 |
6 | 1.6.0_221 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u202) will expire with the release of the next critical patch update scheduled for April 16, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u202) on May 16, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
client-libs
GTK+ 3.20 and Later Unsupported by Swing
Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore, Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release.
See JDK-8219072
The following are some of the notable bug fixes included in this release:
deploy/webstart
Changes in Update Process of Java Web Start Cached Objects
The update mechanism of cached Java Web Start objects has been slightly changed. Now Java Web Start issues HTTP HEAD request instead of GET to test whether the updates for cached object are available or not. The downloading of the updates did not change and keeps working in the same way as before.
JDK-8211746 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8210384 | client-libs | 2d | SunLayoutEngine.isAAT() font is expensive on MacOS |
2 | JDK-8191178 | client-libs | java.awt | [macos] Problem with input of yen symbol |
3 | JDK-8130655 | client-libs | java.awt | OS X: keyboard input in textfield is not possible if the window contained textfield is owned by EmbeddedFrame |
4 | JDK-8205479 | client-libs | java.awt | OS X: requestFocus() does not work properly for embedded frame |
5 | JDK-8170937 | client-libs | java.awt | Swing apps are slow if displaying from a remote source to many local displays |
6 | JDK-8207322 | client-libs | java.awt | [Client-Libs] Backport GTK3 support on Linux to 8u |
7 | JDK-8201801 | client-libs | java.awt | RTL language (Hebrew) is presented from left to right |
8 | JDK-8182461 | client-libs | javax.imageio | IndexOutOfBoundsException when reading indexed color BMP |
9 | JDK-8207150 | client-libs | javax.sound | Clip.isRunning() may return true after Clip.stop() was called |
10 | JDK-8202264 | client-libs | javax.sound | Race condition in AudioClip.loop() |
11 | JDK-8206392 | client-libs | javax.swing | [macosx] Cycling through windows (JFrames) does not work with keyboard shortcut |
12 | JDK-8208638 | client-libs | javax.swing | Instead of circle rendered in appl window, but ellipse is produced JEditor Pane |
13 | JDK-8207060 | core-libs | java.io | Memory leak when malloc fails within WITH_UNICODE_STRING block |
14 | JDK-8207750 | core-libs | java.io | Native handle leak in java.io.WinNTFileSystem.list() |
15 | JDK-8200719 | core-libs | java.net | Cannot connect to IPv6 host when exists any active network interface without IPv6 address |
16 | JDK-8202261 | core-libs | java.nio | (fc) FileChannel.map and RandomAccessFile.setLength should not preallocate space |
17 | JDK-8207145 | core-libs | java.nio | (fs) Native memory leak in WindowsNativeDispatcher.LookupPrivilegeValue0 |
18 | JDK-8165852 | core-libs | java.nio | (fs) Mount point not found for a file which is present in overlayfs |
19 | JDK-8139507 | core-libs | java.util | WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs |
20 | JDK-8209184 | core-libs | java.util:i18n | JCK Test Failure due to ResourceBundle |
21 | JDK-8210038 | deploy | webstart | JNLP 'arch' attribute fails with NPE in SingleInstanceServiceImpl |
22 | JDK-8208183 | hotspot | update HSDIS plugin license to UPL | |
23 | JDK-8212709 | hotspot | Backout backport of JDK-8211394 from jdk 8u-dev | |
24 | JDK-8164920 | hotspot | compiler | ppc: enhancement of CRC32 intrinsic |
25 | JDK-8209639 | hotspot | compiler | assert failure in coalesce.cpp: attempted to spill a non-spillable item |
26 | JDK-8172850 | hotspot | compiler | Anti-dependency on membar causes crash in register allocator due to invalid instruction scheduling |
27 | JDK-8155635 | hotspot | compiler | C2: Mixed unsafe oop accesses break alias analysis |
28 | JDK-8131048 | hotspot | compiler | ppc: implement CRC32 intrinsic |
29 | JDK-8211150 | hotspot | gc | G1 Full GC not purging code root memory and hence causing memory leak |
30 | JDK-8064811 | hotspot | gc | Use THREAD instead of CHECK_NULL in return statements |
31 | JDK-8211909 | hotspot | jvmti | JDWP Transport Listener: dt_socket thread crash |
32 | JDK-8211387 | hotspot | runtime | [Zero] atomic_copy64: Use ldrexd for atomic reads on ARMv7 |
33 | JDK-8211124 | hotspot | runtime | HotSpot vm_version.cpp should recognise updated VS2017 |
34 | JDK-8205965 | hotspot | runtime | SIGSEGV on write to NativeCallStack::EMPTY_STACK |
35 | JDK-8196882 | hotspot | runtime | VS2017 Hotspot Defined vsnprintf Function Causes C2084 Already Defined Compilation Error |
36 | JDK-8209863 | hotspot | runtime | Add a test to verify that -XX:+EnableTracing works |
37 | JDK-8211394 | hotspot | runtime | CHECK_ must be used in the rhs of an assignment statement within a block (round 2) |
38 | JDK-8145788 | hotspot | svc | JVM crashes with -XX:+EnableTracing |
39 | JDK-8208091 | hotspot | svc-agent | SA: jhsdb jstack --mixed throws UnmappedAddressException on i686 |
40 | JDK-8164383 | hotspot | svc-agent | jhsdb dumps core on Solaris 12 when loading dumped core |
41 | JDK-8210219 | javafx | graphics | GlassClipboard.cpp fails to compile with newer versions of VS2017 |
42 | JDK-8148129 | javafx | web | Implement Accelerated composition for WebView |
43 | JDK-8209457 | javafx | web | [WebView] Canvas.toDataURL with image/jpeg MIME type fails |
44 | JDK-8202277 | javafx | web | WebView image capture fails with standalone FX due to dependency on javafx.swing |
45 | JDK-8196968 | javafx | web | One time crash on exit in JNIEnv_::CallObjectMethod |
46 | JDK-8207159 | javafx | web | Update ICU to version 62.1 |
47 | JDK-8212147 | javafx | window-toolkit | [JavaFX] Backport GTK3 support on Linux to 8u |
48 | JDK-8156709 | security-libs | java.security | Cannot call setSeed on NativePRNG on Mac if EGD is /dev/urandom |
49 | JDK-8187218 | security-libs | org.ietf.jgss | GSSCredential.getRemainingLifetime() returns negative value for TTL > 24 days. |
50 | JDK-8131051 | security-libs | org.ietf.jgss:krb5 | KDC might issue a renewable ticket even if not requested |
51 | JDK-8160928 | tools | javac | javac incorrectly copies over interior type annotations to bridge method |
January 15, 2019
The full version string for this update release is 1.8.0_201-b09 (where "b" means "build"). The version number is 8u201.
JDK 8u201 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u201 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_201-b09 |
7 | 1.7.0_211-b07 |
6 | 1.6.0_221 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u201) will expire with the release of the next critical patch update scheduled for April 16, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u201) on May 16, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
This change limits the use of transparent HTTP authentication on Microsoft Windows for the NTLM scheme. In that scheme, the security credentials based on the currently logged in user's name and password are obtained directly from the operating system, without prompting the user.
A new networking system property, jdk.http.ntlm.transparentAuth
, has been added with the following possible values:
java.net.Authenticator
class.Any other value, or no value, is treated the same as "disabled". Care should be taken before enabling this mechanism.
See JDK-8209094
security-libs/javax.net.ssl
TLS anon and NULL Cipher Suites are Disabled
The TLS anon (anonymous) and NULL cipher suites have been added to the jdk.tls.disabledAlgorithms
security property and are now disabled by default.
See JDK-8211883
security-libs/java.security
jarsigner Prints When a timestamp Will Expire
The jarsigner
tool now shows more information about the lifetime of a timestamped JAR. New warning and error messages are displayed when a timestamp has expired or is expiring within one year.
See JDK-8191438
hotspot/runtime
Linux Native Code Checks
Additional safeguards to protect against buffer overruns in native code have been enabled on Linux. If a buffer overrun is encountered the system will write the message “stack smashing detected” and the program will exit. Issues of this type should be reported to your vendor.
JDK-8196902 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8201818 | client-libs | 2d | [macosx] Printing attributes break page size set via "java.awt.print.Book" object |
2 | JDK-8141491 | core-libs | java.nio | Unaligned memory access in Bits.c |
3 | JDK-8171049 | core-libs | java.time | Era.getDisplayName doesn't work with non-IsoChronology |
4 | JDK-8205330 | core-libs | javax.naming | InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection |
5 | JDK-8157913 | deploy | packager | Launcher can not find path to libpackager.so |
6 | JDK-8213011 | deploy | plugin | Running application under 1.8u172 via a DRS rules with the 1.8u192 plugin fail with java.lang.NoSuchMethodError |
7 | JDK-8212457 | deploy | webstart | JWS: Application does not launch on when jnlp.delete.jnlp.file is enabled |
8 | JDK-8212793 | deploy | webstart | Fix for JDK-8189783 fails |
9 | JDK-8147555 | docs | Document that % and " characters are not supported in keys and values of a property for Java Web Start | |
10 | JDK-8161741 | docs | guides | Typo within section "22.2.3 File Names" |
11 | JDK-8189182 | install | install | JDK8 RPM postinstall scriptlet assumes /usr/share/man/man1 exists |
12 | JDK-8203884 | javafx | graphics | Update libjpeg to version 9c |
13 | JDK-8214035 | javafx | graphics | Unable to render cmyk jpeg image |
14 | JDK-8212158 | javafx | other | FX: Update copyright year in docs, readme files to 2019 |
15 | JDK-8209652 | javafx | samples | Ensemble: Update version of Lucene to 7.4.0 |
16 | JDK-8213837 | javafx | samples | FX samples cannot load media from download.java.net over http |
17 | JDK-8211304 | javafx | window-toolkit | [macOS] Crash on focus loss from dialog on macOS 10.14 Mojave |
18 | JDK-8027781 | security-libs | java.security | New jarsigner timestamp warning is grammatically incorrect |
19 | JDK-8209129 | security-libs | javax.crypto | Further improvements to cipher buffer management |
20 | JDK-8208583 | security-libs | javax.crypto | Better management of internal KeyStore buffers |
21 | JDK-8207775 | security-libs | javax.crypto | Better management of CipherCore buffers |
22 | JDK-8209862 | security-libs | javax.crypto | CipherCore performance improvement |
23 | JDK-8211883 | security-libs | javax.net.ssl | Disable anon and NULL cipher suites |
The following sections summarize changes made in all Java SE 8u192 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR. Note that bug fixes in previous BPR (8u181-b37) are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8213011 | deploy | plugin | Running application under 1.8u172 via a DRS rules with the 1.8u192 plugin fail with java.lang.NoSuchMethodError |
8187364 | client-libs | javax.swing | Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component |
8159886 | deploy | plugin | Window of a newly launched Oracle Forms applet loses focus |
8141491 | core-libs | java.nio | Unaligned memory access in Bits.c |
8029661 | security-libs | javax.net.ssl | Support TLS v1.2 algorithm in SunPKCS11 provider |
8129988 | security-libs | javax.net.ssl | JSSE should create a single instance of the cacerts KeyStore |
8203190 | security-libs | javax.net.ssl | SessionId.hashCode generates too many collisions |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8212457 | deploy | webstart | JWS: Application does not launch on when jnlp.delete.jnlp.file is enabled |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8139507 | core-libs | java.util | WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs |
8170937 | client-libs | java.awt | Swing apps are slow if displaying from a remote source to many local displays |
8193879 (Confidential) |
core-svc | debugger | Java debugger hangs on method invocation |
8163083 (Confidential) |
core-svc | debugger | SocketListeningConnector does not allow invocations with port 0 |
Please note that fixes from the prior BPR (8u181 b37) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8208638 | client-libs | javax.swing | Instead of circle rendered in appl window, but ellipse is produced JEditor Pane |
October 16, 2018
The full version string for this update release is 1.8.0_192-b12 (where "b" means "build"). The version number is 8u192.
JDK 8u192 contains IANA time zone data version 2018e. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u192 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_191-b12 |
7 | 1.7.0_201-b11 |
6 | 1.6.0_211-b11 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u192) will expire with the release of the next critical patch update scheduled for January 15, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u192) on February 15, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Support for Customization of Default Enabled Cipher Suites via System Properties
The system property jdk.tls.client.cipherSuites
can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property jdk.tls.server.cipherSuites
can be used for customization on the server side.
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicit setting of enabled cipher suites will override the system properties.
Please refer to the "Java Cryptography Architecture Standard Algorithm Name Documentation" for the standard JSSE cipher suite names, and the "Java Cryptography Architecture Oracle Providers Documentation" for the cipher suite names supported by the SunJSSE provider.
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.
Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
See JDK-8162362
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8201240 | client-libs | 2d | Improve releasing native resources of BufImgSurfaceData.ICMColorData |
2 | JDK-8188030 | client-libs | java.awt | AWT java apps fail to start when some minimal fonts are present |
3 | JDK-8200353 | client-libs | java.awt | Shift or Capslock not working in Textfield after accented keystrokes |
4 | JDK-8195738 | client-libs | java.awt | scroll position in ScrollPane is reset after calling validate() |
5 | JDK-8188083 | client-libs | java.awt | NullPointerExcpn-java.awt.image.FilteredImageSource.startProduction JDK-8079607 |
6 | JDK-8150954 | client-libs | java.awt | Taking screenshots on x11 composite desktop produce wrong result |
7 | JDK-8202696 | client-libs | javax.swing | Remove exclusion range for phonetic chars in windows fontconfig.properties |
8 | JDK-8195095 | client-libs | javax.swing | Images are not scaled correctly in JEditorPane |
9 | JDK-8206914 | core-libs | add jdk8u-dev test failures to ProblemList.txt | |
10 | JDK-8201369 | core-libs | java.net | Inet4AddressImpl_getLocalHostName reverse lookup on Solaris only |
11 | JDK-8194412 | core-libs | java.time | Adding 256 units of IsoFields.QUARTER_YEARS broken |
12 | JDK-8176192 | core-libs | javax.naming | Incorrect usage of Iterator in Java 8 In com.sun.jndi.ldap.EventSupport.removeNamingListener |
13 | JDK-8156824 | core-libs | javax.naming | com.sun.jndi.ldap.pool.PoolCleaner should clear its context class loader |
14 | JDK-8186646 | core-libs | jdk.nashorn | Nashorn: "duplicate code" assertion when binding a vararg function that just passes arguments along |
15 | JDK-8201651 | deploy | plugin | Better error handling during JNLP2Manager initialisation |
16 | JDK-8204508 | deploy | webstart | Robot ScreenCapture fails on HiDPI system |
17 | JDK-8205343 | deploy | webstart | bug in backport of JDK-8185002 |
18 | JDK-8168415 | deploy | webstart | ShowDocument fails with URL using jnlp or jnlps protocol |
19 | JDK-8193711 | deploy | webstart | Launching JWS applet the default download progress dialog only shows if the java console is enabled |
20 | JDK-8195609 | deploy | webstart | DRS - cert based run rule not working when running offline |
21 | JDK-8008321 | hotspot | compiler | compile.cpp verify_graph_edges uses "bool" as "int" |
22 | JDK-8162540 | hotspot | compiler | Crash in C2 escape analysis with assert: "node should be registered" |
23 | JDK-8194642 | hotspot | compiler | Improve OOM error reporting for JDK8 |
24 | JDK-8158012 | hotspot | compiler | Use SW prefetch instructions instead of BIS for allocation prefetches on SPARC Core C4 |
25 | JDK-8148175 | hotspot | compiler | C1: G1 barriers don't preserve FP registers |
26 | JDK-8165489 | hotspot | gc | Missing G1 barrier in Unsafe_GetObjectVolatile |
27 | JDK-8173013 | hotspot | gc | JVMTI tagged object access needs G1 pre-barrier |
28 | JDK-8114823 | hotspot | gc | G1 doesn't honor request to disable class unloading |
29 | JDK-8081323 | hotspot | jvmti | ConstantPool::_resolved_references is missing in heap dump |
30 | JDK-8150426 | hotspot | runtime | Wrong cast in metadata_at_put |
31 | JDK-8196884 | hotspot | runtime | VS2017 Multiple Type Cast Conversion Compilation Errors |
32 | JDK-8196880 | hotspot | runtime | VS2017 Addition of Global Delete Operator with Size Parameter Conflicts with Arena's Chunk Provided One |
33 | JDK-8197868 | hotspot | runtime | VS2017 (C2065) 'timezone': Undeclared Identifier in share/runtime/os.cpp |
34 | JDK-8144201 | hotspot | runtime | openjdk aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto |
35 | JDK-8189170 | hotspot | runtime | Add option to disable stack overflow checking in primordial thread for use with JNI_CreateJavaJVM |
36 | JDK-8206406 | hotspot | runtime | StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list |
37 | JDK-8186461 | hotspot | runtime | Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe |
38 | JDK-8185723 | hotspot | runtime | Zero: segfaults on Power PC 32-bit |
39 | JDK-8026331 | hotspot | runtime | hs_err improvement: Print if we have seen any OutOfMemoryErrors or StackOverflowErrors |
40 | JDK-8202600 | hotspot | runtime | [Zero] Undefined behaviour in src/os_cpu/linux_zero/vm/os_linux_zero.cpp |
41 | JDK-6730115 | hotspot | svc | Fastdebug VM crashes with "ExceptionMark destructor expects no pending exceptions" error |
42 | JDK-8204053 | hotspot | svc-agent | libsaproc.so not linked with -z,noexecstack |
43 | JDK-8189677 | javafx | controls | RadioMenuItem fires extra NULL value in property |
44 | JDK-8192800 | javafx | controls | Table auto resize ignores column resize policy |
45 | JDK-8198354 | javafx | graphics | [macOS] Corrupt Thai characters displayed in word wrapped label |
46 | JDK-8198316 | javafx | media | MediaPlayer crashes when playing m3u8 files on macOS High Sierra 10.13.2 |
47 | JDK-8202036 | javafx | other | Update OpenJFX license files to match OpenJDK |
48 | JDK-8147476 | javafx | web | Rendering issues with MathML token elements |
49 | JDK-8203845 | performance | backport of JDK-8034788 inadvertently rolled back JDK-8187045 changes to toolchain.m4 | |
50 | JDK-8165463 | security-libs | Native implementation of sunmscapi should use operator new (nothrow) for allocations | |
51 | JDK-8185855 | security-libs | java.security | Debug exception stacks should be clearer |
52 | JDK-8193171 | security-libs | java.security | keytool -list displays "JKS" for a PKCS12 keystore. |
53 | JDK-8081792 | security-libs | javax.crypto | buffer size calculation issue in NativeGCMCipher |
54 | JDK-8203182 | security-libs | javax.crypto:pkcs11 | Release session if initialization of SunPKCS11 Signature fails |
55 | JDK-8162362 | security-libs | javax.net.ssl | Introduce system property to control enabled ciphersuites |
October 16, 2018
The full version string for this update release is 1.8.0_191-b12 (where "b" means "build"). The version number is 8u191.
JDK 8u191 contains IANA time zone data version 2018e. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u191 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_191-b12 |
7 | 1.7.0_201-b11 |
6 | 1.6.0_211-b11 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u191) will expire with the release of the next critical patch update scheduled for January 15, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u191) on February 15, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
infrastructure/build
Build Environment Update Linux x86/x64 Moved to gcc 7.3
On x86/x64 Linux, the toolchain used to build the JDK has been upgraded from GCC 4.3 to GCC 7.3.
JDK-8206409 (not public)
core-svc
Changed Central File System Location for usagetracker.properties File
The file system location in Windows for the usagetracker.properties
file has been moved from %ProgramData%\Oracle\Java\
to %ProgramFiles%\Java\conf
There is no change in the file path for Linux, Solaris, or macOS.
JDK-8204901 (not public)
security-libs/javax.net.ssl
Disabled all DES TLS Cipher Suites
DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the jdk.tls.disabledAlgorithms
security property. These cipher suites can be reactivated by removing "DES" from the jdk.tls.disabledAlgorithms
security property in the java.security
file or by dynamically calling the Security.setProperty()
method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the SSLSocket.setEnabledCipherSuites()
or SSLEngine.setEnabledCipherSuites()
methods.
Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the jdk.tls.disabledAlgorithms
security property.
See JDK-8208350
security-libs/java.security
Removal of Several Symantec Root CAs
The following Symantec root certificates are no longer in use and have been removed:
DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
DN: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
DN: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
DN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
DN: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
See JDK-8191031
security-libs/java.security
Removal of Baltimore Cybertrust Code Signing CA
The following Baltimore CyberTrust Code Signing root certificate is no longer in use and has been removed:
DN: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
See JDK-8189949
security-libs/java.security
Removal of SECOM Root Certificate
The following SECOM root certificate is no longer in use and has been removed:
DN: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
See JDK-8191844
hotspot/runtime
Java Improvements for Docker Containers
The following changes have been introduced in JDK 10 to improve the execution and configurability of Java running in Docker containers:
The JVM has been modified to be aware that it is running in a Docker container and will extract container specific configuration information instead of querying the operating system. The information being extracted is the number of CPUs and total memory that have been allocated to the container. The total number of CPUs available to the Java process is calculated from any specified cpu sets, cpu shares or cpu quotas. This support is only available on Linux based platforms. This new support is enabled by default and can be disabled in the command line with the JVM option:
-XX:-UseContainerSupport
In addition, this change adds a JVM option that provides the ability to specify the number of CPUs that the JVM will use:
-XX:ActiveProcessorCount=count
This count overrides any other automatic CPU detection logic in the JVM.
Three new JVM options have been added to allow Docker container users to gain more fine grained control over the amount of system memory that will be used for the Java Heap:
-XX:InitialRAMPercentage
-XX:MaxRAMPercentage
-XX:MinRAMPercentage
These options replace the deprecated Fraction forms (-XX:InitialRAMFraction
, -XX:MaxRAMFraction
, and -XX:MinRAMFraction
).
This bug fix corrects the attach mechanism when trying to attach from a host process to a Java process that is running in a Docker container.
See JDK-8146115
security-libs/javax.crypto
The specification of javax.crypto.CipherInputStream
has been clarified to indicate that this class may catch BadPaddingException and other exceptions thrown by failed integrity checks during decryption. These exceptions are not re-thrown, so the client may not be informed that integrity checks failed. Because of this behavior, this class may not be suitable for use with decryption in an authenticated mode of operation (e.g. GCM). Applications that require authenticated encryption can use the Cipher API directly as an alternative to using this class.
JDK-8201756 (not public)
The following are some of the notable bug fixes included in this release:
core-libs/javax.naming
Application code using LDAPS with a socket connect timeout that is <= 0 ( the default value ) may encounter an exception when establishing the connection.
The top most frames from Exception stack traces of applications encountering such issues might resemble the following:
javax.naming.ServiceUnavailableException: <server:port>; socket closed
at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)
...
See JDK-8211107
core-libs/java.net
Better HTTP Redirection Support
In this release, the behavior of methods which application code uses to set request properties in java.net.HttpURLConnection
has changed. When a redirect occurs automatically from the original destination server to a resource on a different server, then all such properties are cleared for the redirect and any subsequent redirects. If these properties are required to be set on the redirected requests, then the redirect responses should be handled by the application by calling HttpURLConnection.setInstanceFollowRedirects(false)
for the original request.
JDK-8196902 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8152974 | client-libs | java.awt | AWT hang occurrs when sequenced events arrive out of sequence |
2 | JDK-8208353 | client-libs | java.awt | Upgrade JDK to libpng 1.6.35 |
3 | JDK-8168628 | core-libs | java.nio | (fc) SIGBUS when extending file size to map it |
4 | JDK-8171452 | core-libs | java.nio | (ch) linux io_util_md: Operation not supported exception after 8168628 |
5 | JDK-8211107 | core-libs | javax.naming | LDAPS communication failure with jdk 1.8.0_181 |
6 | JDK-8175871 | docs | guides | Deployment.properties file example is incorrect |
7 | JDK-8198835 | docs | guides | Typo in URL for XML section in developer guides |
8 | JDK-8173224 | docs | guides | Document jdk.tls.legacyAlgorithms security property |
9 | JDK-8164480 | hotspot | compiler | Crash with assert(handler_address == SharedRuntime::compute_compiled_exc_handler(..) failed: Must be the same |
10 | JDK-8146115 | hotspot | runtime | Improve docker container detection and resource configuration usage |
11 | JDK-8206875 | install | install | [L10N]Truncation issue happens on the final dialog for pt on Mac |
12 | JDK-8209191 | javafx | graphics | [macOS] Distorted complex text rendering |
13 | JDK-8199527 | javafx | media | Upgrade GStreamer to 1.14 |
14 | JDK-8209049 | javafx | web | Cherry pick GTK WebKit 2.20.4 changes |
15 | JDK-8208622 | javafx | web | [WebView] IllegalStateException when invoking print API with html form controls |
16 | JDK-8204856 | javafx | web | WebEngine document becomes null after PAGE_REPLACED event |
17 | JDK-8208114 | javafx | web | Drag and drop of text contents and URL links functionalities are broken in Webview |
18 | JDK-8203698 | javafx | web | JavaFX WebView crashes when visiting certain web sites |
19 | JDK-8199474 | javafx | web | Update to 606.1 version of WebKit |
20 | JDK-8200629 | javafx | web | Update SQLite to version 3.23.0 |
21 | JDK-8197987 | javafx | web | Update libxslt to version 1.1.32 |
22 | JDK-8193368 | javafx | web | [OS X] Remove redundant files |
23 | JDK-8142927 | other-libs | other | Feed some text to STDIN in ProcessTools.executeProcess() |
24 | JDK-8180289 | security-libs | java.security | jarsigner treats timestamped signed jar invalid after the signer cert expires |
25 | JDK-8130132 | security-libs | java.security | jarsigner should emit warning if weak algorithms or keysizes are used |
26 | JDK-8191031 | security-libs | java.security | Remove several Symantec Root CAs |
27 | JDK-8191844 | security-libs | java.security | Remove SECOM root (secomevrootca1) |
28 | JDK-8189949 | security-libs | java.security | Remove Baltimore Cybertrust Code Signing CA |
29 | JDK-8074462 | security-libs | javax.net.ssl | Handshake messages can be strictly ordered |
30 | JDK-8172529 | security-libs | jdk.security | Use PKIXValidator in jarsigner |
31 | JDK-8197518 | security-libs | org.ietf.jgss | Kerberos krb5 authentication: AuthList's put method leads to performance issue |
The following sections summarize changes made in all Java SE 8u181 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8211107 | core-libs | javax.naming | LDAPS communication failure with jdk 1.8.0_181 |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8204513 (Confidential) |
deploy | deployment_toolkit | Context lost after resizing the browser window in applet with Forms |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8201818 | client-libs | 2d | [macosx] Printing attributes break page size set via "java.awt.print.Book" object |
Bug Fixes
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8202696 | client-libs | javax.swing | Remove exclusion range for phonetic chars in windows fontconfig.properties |
8206242 (Confidential) |
deploy | webstart | Java Web Start checks "user.dir" read permission when opening http connection |
Please note that fixes from the prior BPR (8u172 b37) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8195095 | client-libs | javax.swing | Images are not scaled correctly in JEditorPane |
July 17, 2018
The full version string for this update release is 1.8.0_181-b13 (where "b" means "build"). The version number is 8u181.
JDK 8u181 contains IANA time zone data version 2018e. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u181 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_181-b13 |
7 | 1.7.0_191-b08 |
6 | 1.6.0_201-b07 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u181) will expire with the release of the next critical patch update scheduled for October 16, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u181) on November 16, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
other-libs/javadb
Java DB, also known as Apache Derby, has been removed in this release.
We recommend that you obtain the latest Apache Derby directly from the Apache project at:
JDK-8197871 (not public)
core-libs/javax.naming
Endpoint identification has been enabled on LDAPS connections.
To improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default.
Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification
.
Define this system property (or set it to true
) to disable endpoint identification algorithms.
JDK-8200666 (not public)
core-libs/java.io:serialization
New access checks have been added during the object creation phase of deserialization. This should not affect ordinary uses of deserialization. However, reflective frameworks that make use of JDK-internal APIs may be impacted. The new checks can be disabled if necessary by setting the system property jdk.disableSerialConstructorChecks to the value "true". This must be done by adding the argument -Djdk.disableSerialConstructorChecks=true to the Java command line.
JDK-8197925 (not public)
The following are some of the notable bug fixes included in this release:
core-svc/debugger
Unable to use the JDWP API in JDK 8 to debug JDK >=9
The implementation of VirtualMachineImpl.canGetInstanceInfo() has been corrected, so it is now able to see JDK JVMs >= JDK 9.
This correction allows certain debugger agents to operate correctly without any action required from a user (developer).
See JDK-8197943
hotspot/gc
A klass that has been considered unreachable by the concurrent marking of G1, can be looked up in the ClassLoaderData/SystemDictionary, and its _java_mirror or _class_loader fields can be stored in a root or any other reachable object making it alive again. Whenever a klass is resurrected in this manner, the SATB part of G1 needs to be notified about this, otherwise, the concurrent marking remark phase will erroneously unload that klass.
In this particular crash, while G1 was doing concurrent marking and had prepared its list of unreachable classes, JVMTI on a Java thread could traverse classes in the CLD and store thread-local JNIHandles for the java_mirror of the loaded classes. G1 did not have knowledge of these thread-local JNIHandles, and in the remark phase, it unloaded the classes per its prior knowledge of unreachable classes. When these JNIHandles were later scanned, it lead to a crash.
This fix for JDK-8187577 informs G1's SATB that a klass has been resurrected and it should not be unloaded.
See JDK-8187577
hotspot/gc
Better stability with older NUMA libraries (-XX+UseNuma)
A fix included in JDK 8 Update 152 introduced a regression that might cause the HotSpot JVM to crash during startup when the UseNUMA flag is used on Linux systems with versions of libnuma older than 2.0.9. This issue has been resolved.
See JDK-8198794
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8201433 | client-libs | 2d | Fix potential crash in BufImg_SetupICM |
2 | JDK-8198605 | client-libs | java.awt | Touch keyboard is shown for a non-focusable text component |
3 | JDK-8198606 | client-libs | java.awt | Touch keyboard does not hide, when a text component looses focus |
4 | JDK-8199748 | client-libs | java.awt | Touch keyboard is not shown, if text component gets focus from other text component |
5 | JDK-8187635 | client-libs | java.awt | On Windows Swing changes keyboard layout on a window activation |
6 | JDK-8203368 | core-libs | java.io:serialization | ObjectInputStream filterCheck method throws NullPointerException |
7 | JDK-8202996 | core-libs | java.rmi | Remove debug print statements from RMI fix |
8 | JDK-8197943 | core-svc | debugger | Unable to use JDWP API in JDK 8 to debug JDK 9 VM |
9 | JDK-8194690 | deploy | JRE bundled in App-V package will not start Java Web Start applications | |
10 | JDK-8190689 | deploy | plugin | Java incorrectly requires "HttpOnly" cookie attribute to be case sensitive |
11 | JDK-8201133 | deploy | webstart | Security check failure for main jar downlaod with jnlp.versionEnabled and Deployment Rule Set feature |
12 | JDK-8189783 | deploy | webstart | Java Web Start application with file extension association is removed from cache when invoked for the second time from browser |
13 | JDK-8187223 | deploy | webstart | Long JNLP file is not parsed correctly and ends with javaws path |
14 | JDK-8199304 | deploy | webstart | javaws.exe failed to launch UTF-8 encoded JNLP file |
15 | JDK-8038636 | hotspot | compiler | speculative traps break when classes are redefined |
16 | JDK-8156137 | hotspot | compiler | SIGSEGV in ReceiverTypeData::clean_weak_klass_links |
17 | JDK-8188223 | hotspot | compiler | IfNode::range_check_trap_proj() should handle dying subgraph with single if proj |
18 | JDK-8169201 | hotspot | compiler | Montgomery multiply intrinsic should use correct name |
19 | JDK-8187577 | hotspot | gc | JVM crash during gc doing concurrent marking |
20 | JDK-8199406 | hotspot | gc | Performance drop with Java JDK 1.8.0_162-b32 |
21 | JDK-8055008 | hotspot | jvmti | Clean up code that saves the previous versions of redefined classes |
22 | JDK-8057570 | hotspot | jvmti | RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid |
23 | JDK-8198794 | hotspot | runtime | Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 |
24 | JDK-8078628 | hotspot | runtime | linux-zero does not build without precompiled header |
25 | JDK-8202065 | install | install | jre/bin/javaw.exe is missing from server-jre for windows since 8u171 |
26 | JDK-8199650 | install | install | JDK installation uninstalls public JRE |
27 | JDK-8200418 | javafx | web | webPage.executeCommand("removeFormat", null) removes the style of the body element |
28 | JDK-8196011 | javafx | web | Intermittent crash when using WebView from JFXPanel application |
29 | JDK-8076117 | security-libs | java.security | EndEntityChecker should not process custom extensions after PKIX validation |
30 | JDK-8170035 | security-libs | javax.net.ssl | When determining the ciphersuite lists there is no debug output for disabled suites. |
31 | JDK-8074373 | tools | launcher | NMT is not enabled if NMT option is specified after class path specifiers |
32 | JDK-8196491 | xml | jax-ws | Newlines in JAXB string values of SOAP-requests are escaped to " " |
The following sections summarize changes made in all Java SE 8u172 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8189161 (Confidential) | deploy | deployment_toolkit | JWS: Method required to clean up all running instances by jnlp.sis.sessionid |
8189098 (Confidential) | deploy | webstart | JWS: Request for a method to limit the number of JVMs running on the client |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8200359 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2018d |
8196491 | xml | jax-ws | Newlines in JAXB string values of SOAP-requests are escaped to " " |
8164480 | hotspot | compiler | Crash with assert(handler_address == SharedRuntime::compute_compiled_exc_handler(..) failed: Must be the same |
8194690 | deploy | webstart | JRE bundled in App-V package will not start Java Web Start applications |
8199304 | deploy | webstart | javaws.exe failed to launch UTF-8 encoded JNLP file |
8196011 | javafx | web | Intermittent crash when using WebView from JFXPanel applications |
Please note that fixes from prior BPR (8u162 b37) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8198794 | hotspot | runtime | Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 |
8197518 | security-libs | org.ietf.jgss | Kerberos krb5 authentication: AuthList's put method leads to performance issue |
8199406 | hotspot | gc | Performance drop with Java JDK 1.8.0_162-b32 |
April 17, 2018
The full version string for this update release is 1.8.0_172-b11 (where "b" means "build"). The version number is 8u172.
JDK 8u172 contains IANA time zone data version 2018c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u172 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_171-b11 |
7 | 1.7.0_181-b09 |
6 | 1.6.0_191-b09 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u172) will expire with the release of the next critical patch update scheduled for July 17, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u172) on August 17, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Description for Toolkit.getImage() and Toolkit.createImage()
The changes made under JDK-8033530 introduced an inconsistency between the implementation for and the documentation of the following methods:
java.awt.Toolkit.getImage(URL u)
java.awt.Toolkit.createimage(URL u)
The description in the API document should read:
This method first checks if there is a security manager installed. If so, the method calls the security managers checkPermission()
method with the corresponding permission to ensure that the access to the image or the image creation is allowed. If the connection to the specified URL requires either URLPermission or SocketPermission, then URLPermission
is used for security checks.
JDK-8154405
Touch Keyboard for Swing/AWT Text Components
This release adds support for automatically showing the touch keyboard for Swing/AWT text components on Microsoft Windows 8 or later. A user can display the touch keyboard either by using a touch screen to tap the text component area or by using a mouse to click in the area, when a keyboard is not attached to a computer.
The system property awt.touchKeyboardAutoShowIsEnabled
controls whether this functionality is enabled in the JDK. This functionality is enabled by default. However, if the functionality is not needed, the user can switch it off from the command line by setting the system property to false
:
-Dawt.touchKeyboardAutoShowIsEnabled=false
See JDK-8166772
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8130400 | client-libs | 2d | Test java/awt/image/DrawImage/IncorrectClipXorModeSurface2Surface.java fails with ClassCastException |
2 | JDK-8080444 | client-libs | demo | Update SwingSet2 to use installed L&Fs instead of hard-coded list. |
3 | JDK-8147542 | client-libs | java.awt | Linux: ClassCastException when repainting after display resolution change |
4 | JDK-8166772 | client-libs | java.awt | Touch keyboard is not shown for text components on a screen touch |
5 | JDK-8188855 | core-libs | Fix VS10 build after "8187658: Bigger buffer for GetAdaptersAddresses" | |
6 | JDK-8154017 | core-libs | java.lang | Shutdown hooks are racing against shutdown sequence, if System.exit()-calling thread is interrupted |
7 | JDK-8187658 | core-libs | java.net | Bigger buffer for GetAdaptersAddresses |
8 | JDK-8165466 | core-libs | java.text | DecimalFormat percentage format can contain unexpected % |
9 | JDK-8136356 | core-libs | java.util:i18n | Add time zone mappings on Windows |
10 | JDK-8169424 | core-libs | javax.script | src/share/sample/scripting/scriptpad/src/scripts/memory.sh missing #! |
11 | JDK-8079510 | core-svc | java.lang.management | AIX: avoid UnsatisfiedLinkError by providing empty basic implementations of getSystemCpuLoad and getProcessCpuLoad |
12 | JDK-8177721 | core-svc | javax.management | Improve diagnostics in sun.management.Agent#startAgent() |
13 | JDK-8185498 | deploy | plugin | Console log shows that cert is expired (but TSA valid) although no certs in chain is expired. |
14 | JDK-8187822 | hotspot | compiler | C2 conditonal move optimization might create broken graph |
15 | JDK-8170358 | hotspot | gc | [REDO] 8k class metaspace chunks misallocated from 4k chunk freelist |
16 | JDK-8170395 | hotspot | gc | Metaspace initialization queries the wrong chunk freelist |
17 | JDK-8187629 | hotspot | runtime | NMT: Memory miscounting in compiler (C2) |
18 | JDK-8184991 | hotspot | runtime | NMT detail diff should take memory type into account |
19 | JDK-8139673 | hotspot | runtime | NMT stack traces in output should show mt component |
20 | JDK-8187685 | hotspot | runtime | NMT: Tracking compiler memory usage of thread's resource area |
21 | JDK-8187331 | hotspot | runtime | VirtualSpaceList tracks free space on wrong node |
22 | JDK-8055755 | hotspot | svc | Information about loaded dynamic libraries is wrong on MacOSX. |
23 | JDK-8031304 | hotspot | svc | Add dcmd to print all loaded dynamic libraries. |
24 | JDK-8059036 | hotspot | svc | Implement Diagnostic Commands for heap and finalizerinfo |
25 | JDK-8044107 | hotspot | svc | Add Diagnostic Command to list all ClassLoaders |
26 | JDK-8189265 | javafx | controls | Closing stage does not free internal resources |
27 | JDK-8183100 | javafx | controls | Styles not applied reliably after Java 8u92 |
28 | JDK-8178275 | javafx | samples | Ensemble: Upgrade version of Lucene to 7.1.0 |
29 | JDK-8189280 | javafx | swing | Memory leak in SwingNode if Stage is not shown |
30 | JDK-8185634 | javafx | swing | Java Fx-Swing dialogs appearing behind main stage |
31 | JDK-8187928 | javafx | web | [WebView] Images copied from clipboard not written in source file format |
32 | JDK-8187726 | javafx | web | [WebView] Copy and Paste of Image not resulting in expected behavior |
33 | JDK-8090011 | javafx | web | 'tab' key makes control loose focus |
34 | JDK-8191035 | javafx | web | WebView Canvas Graphics2D arc renders incorrectly |
35 | JDK-8088925 | javafx | web | Non opaque background cause NumberFormatException |
36 | JDK-8187985 | security-libs | java.security | Broken certificate number in debug output |
April 17, 2018
The full version string for this update release is 1.8.0_171-b11 (where "b" means "build"). The version number is 8u171.
JDK 8u171 contains IANA time zone data version 2018c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u171 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_171-b11 |
7 | 1.7.0_181-b09 |
6 | 1.6.0_191-b09 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u171) will expire with the release of the next critical patch update scheduled for July 17, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u171) on August 17, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
security-libs/javax.crypto
CipherOutputStream Usage
The specification of javax.crypto.CipherOutputStream
has been clarified to indicate that this class catches BadPaddingException and other exceptions thrown by failed integrity checks during decryption. These exceptions are not re-thrown, so the client is not informed that integrity checks have failed. Because of this behavior, this class may not be suitable for use with decryption in an authenticated mode of operation (for example, GCM) if the application requires explicit notification when authentication fails. These applications can use the Cipher API directly as an alternative to using this class.
JDK-8182362 (not public)
client-libs
Enhanced KeyStore MechanismsTwo files, jre/bin/javaw.exe
and jre/bin/jabswitch.exe,
were not included in 8u171. As a workaround, users who need those files can download the non-server JRE and copy those files from it into their server JRE image.
See JDK-8203544
security-libs/javax.crypto
Enhanced KeyStore Mechanisms
A new security property named jceks.key.serialFilter
has been introduced. If this filter is configured, the JCEKS KeyStore uses it during the deserialization of the encrypted Key object stored inside a SecretKeyEntry. If it is not configured or if the filter result is UNDECIDED (for example, none of the patterns match), then the filter configured by jdk.serialFilter
is consulted.
If the system property jceks.key.serialFilter
is also supplied, it supersedes the security property value defined here.
The filter pattern uses the same format as jdk.serialFilter
. The default pattern allows java.lang.Enum
, java.security.KeyRep
, java.security.KeyRep$Type
, and javax.crypto.spec.SecretKeySpec
but rejects all the others.
Customers storing a SecretKey that does not serialize to the above types must modify the filter to make the key extractable.
JDK-8189997 (not public)
core-svc/java.lang.management
System Property to Disable JRE Last Usage Tracking
A new system property jdk.disableLastUsageTracking
has been introduced to disable JRE last usage tracking for a running VM. This property can be set in the command line by using either -Djdk.disableLastUsageTracking=true
or -Djdk.disableLastUsageTracking
. With this system property set, JRE last usage tracking will be disabled regardless of the com.oracle.usagetracker.track.last.usage
property value set in usagetracker.properties
.
JDK-8192039 (not public)
security-libs/java.security
Additional TeliaSonera Root Certificate"TeliaSonera Root CA v1" has been added to the cacerts
keystore.
JDK-8190851 (not public)
security-libs/javax.xml.crypto
XML Signatures Signed with EC Keys Less Than 224 Bits Disabled
The secure validation mode of the XML Signature implementation has been enhanced to restrict EC keys less than 224 bits by default. The secure validation mode is enabled either by setting the property org.jcp.xml.dsig.secureValidation
to true with the javax.xml.crypto.XMLCryptoContext.setProperty()
method, or by running the code with a SecurityManager.
JDK-8186032 (not public)
security-libs/javax.net.ssl
3DES Cipher Suites Disabled
To improve the strength of SSL/TLS connections, 3DES cipher suites have been disabled in SSL/TLS connections in the JDK via the jdk.tls.disabledAlgorithms
Security Property.
JDK-8175075 (not public)
core-libs/java.util.logging
System Property Controls java.util.logging.FileHandler's MAX_LOCKS Limit
A new JDK implementation specific system property jdk.internal.FileHandlerLogging.maxLocks
has been introduced to control the java.util.logging.FileHandler
MAX_LOCKS limit. The default value of the current MAX_LOCKS (100) is retained if this new system property is not set or an invalid value is provided to the property. Valid values for this property are integers ranging from 1 to Integer.MAX_VALUE-1.
See JDK-8153955
install
Change to Internal Java Package Names in RPM Installers
On the Linux platform, the names of JRE and JDK packages provided by Java RPM installers have been changed. Names of JRE and JDK packages follow `jre
jre
and jdk
previously used. For example, the new names of JRE and JDK packages are jre1.8
and jdk1.8
respectively.
On Linux platform, the names of installation directories of Java products have also been changed. The installation directories of products from the 8u171 release are as follows:
/usr/java/jre1.8.0_171-i586 for 32bit JRE
/usr/java/jdk1.8.0_171-i586 for 32bit JDK
/usr/java/jre1.8.0_171-amd64 for 64bit JRE
/usr/java/jdk1.8.0_171-amd64 for 64bit JDK
See JDK-8191608
The following are some of the notable bug fixes included in this release:
core-libs/java.rmi
Server-side HTTP-tunneled RMI Connections Disabled
This release disables server side HTTP-tunneled RMI connections by default. The previous behavior can be re-enabled after due consideration of any impact by setting the runtime property sun.rmi.server.disableIncomingHttp
to false
. Note that this should not be confused with the sun.rmi.server.disableHttp
property, which disables HTTP-tunneling on the client side and is false by default.
JDK-8193833 (not public)
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8179665 | client-libs | javax.swing | [Windows] java.awt.IllegalComponentStateException: component must be showing on the screen to determine its location |
2 | JDK-8054213 | core-libs | java.lang:reflect | Class name repeated in output of Type.toString() |
3 | JDK-8189789 | core-libs | java.util.jar | tomcat gzip-compressed response bodies appear to be broken in update 151 |
4 | JDK-8153955 | core-libs | java.util.logging | increase java.util.logging.FileHandler MAX_LOCKS limit |
5 | JDK-8195748 | deploy | webstart | When in <application-desc> is present "progress-class" attribute javaws cannot start |
6 | JDK-8185036 | docs | guides | Typo in one of the content link of "Location-Independent Access to Resources" doc |
7 | JDK-8177914 | docs | guides | Links to jaxp.java.net in Java SE docs will be broken when java.net is shut down |
8 | JDK-8066866 | docs | guides | Supported Encodings page for Java SE 8 is out of date |
9 | JDK-8195813 | infrastructure | build | Change download.java.net links in java.net created pages from http to https |
10 | JDK-8198838 | infrastructure | release_eng | 8u171-b08 and 8u172-b08 Need SECURE_ID Promoted |
11 | JDK-8191608 | install | Java RPMs should allow for side-by-side installation of JDK and JRE, 32 and 64 bit, and only one update for each major version | |
12 | JDK-8193522 | install | install | meta-index in 1.8.0_152 does not include jfxrt.jar entries |
13 | JDK-8189350 | javafx | web | Crash due to ASSERT(url == m_string) fail while loading URL |
14 | JDK-8187568 | javafx | web | JavaFX crash in libjfxwebkit.so |
15 | JDK-8089124 | javafx | web | HTML5: Number input allows non-numeric input |
16 | JDK-8187671 | javafx | web | [WebView] Drag and Drop of text or html results in an image |
17 | JDK-8157686 | javafx | web | JavaFX WebView fails to track URL changes for PJAX websites |
18 | JDK-8185940 | javafx | web | Web native compiled files not removed during gradle clean |
19 | JDK-8186148 | javafx | web | Few extension to MIME type mappings are missing |
20 | JDK-8183928 | javafx | web | [Linux] Remove Warnings [-Wunused-parameter] |
21 | JDK-8196374 | javafx | web | windows x86 webview-icu isAlphaNumericString crash |
22 | JDK-8196677 | javafx | web | Cherry pick GTK WebKit 2.18.6 changes |
23 | JDK-8187483 | javafx | web | Update to 605.1 version of WebKit |
24 | JDK-8189420 | javafx | web | Crash in :web:test in debug build |
25 | JDK-8089264 | javafx | web | DRT test fast/events/before-unload-returnValue.html times out |
26 | JDK-8194265 | javafx | web | Webengine (webkit) crash when reading files using FileReader |
27 | JDK-8194935 | javafx | web | Cherry pick GTK WebKit 2.18.5 changes |
28 | JDK-8193798 | javafx | web | Cherry pick GTK WebKit 2.18.4 changes |
29 | JDK-8197463 | javafx | web | Update libxml2 to version 2.9.7 |
30 | JDK-8150530 | security-libs | javax.crypto | Improve javax.crypto.BadPaddingException messages |
31 | JDK-8196952 | security-libs | javax.crypto | Bad primeCertainty value setting in DSAParameterGenerator |
32 | JDK-8186441 | xml | jax-ws | Change of behavior in the getMessage () method of the SOAPMessageContextImpl class |
The following sections summarize changes made in all Java SE 8u162 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8187635 | client-libs | java.awt | On Windows Swing changes keyboard layout on a window activation |
8187803 | client-libs | javax.swing | JDK part of JavaFX-Swing dialogs appearing behind main stage |
8185634 | javafx | swing | Java Fx-Swing dialogs appearing behind main stage |
8189280 | javafx | swing | Memory leak in SwingNode if Stage is not shown |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8076117 | security-libs | java.security | EndEntityChecker should not process custom extensions after PKIX validation |
8176072 | client-libs | java.awt | READING attributes are not available on TSF |
8183504 | client-libs | javax.swing | 8u131 Win 10, issue with wrong position of Sogou IME popup |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8171452 | core-libs | java.nio | (ch) linux io_util_md: Operation not supported exception after 8168628 |
8168628 | core-libs | java.nio | (fc) SIGBUS when extending file size to map it |
8187577 | hotspot | gc | JVM crash during gc doing concurrent marking |
8196912 | deploy | plugin | Java Plugin - CRL lookup does external search, with internal CRL configured |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8196332 (Confidential) |
deploy | plugin | settings are written to the root drive on Windows-10 with MSI installer |
8074373 | tools | launcher | NMT is not enabled if NMT option is specified after class path specifiers |
8192987 | security-libs | java.security | keytool should remember real storetype if it is not provided |
8187045 | infrastructure | build | [linux] Not all libraries in the VM are linked with -z,noexecstack |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8057570 | hotspot | jvmti | RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid |
8156137 | hotspot | compiler | SIGSEGV in ReceiverTypeData::clean_weak_klass_links |
8055008 | hotspot | jvmti | Clean up code that saves the previous versions of redefined classes |
8038636 | hotspot | compiler | speculative traps break when classes are redefined |
Please note that fixes from the prior BPR (8u152 b35) are included in this version.
January 16, 2018
The full version string for this update release is 1.8.0_162-b12 (where "b" means "build"). The version number is 8u162.
JDK 8u162 contains IANA time zone data version 2017c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u162 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_161-b12 |
7 | 1.7.0_171-b11 |
6 | 1.6.0_181-b10 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u162) will expire with the release of the next critical patch update scheduled for April 17, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u162) on May 17, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/java.rmi
RMI Registry Filter Allows Binding Arrays of Any Type
The RMI Registry built-in serial filter has been modified to check only the array size and not the component type. The maximum array size has been increased to 1,000,000. The override filter can be used to decrease the limit. Array sizes greater than the maxarray limit will be rejected. Sizes less than the maxarray limit will be allowed.
The java.security
file contains more information about the sun.rmi.registry.registryFilter
property and the conf/security/java.security
configuration file has been updated to better describe the default behavior and how to override it.
See JDK-8185346
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-7162125 | client‑libs | 2d | [macosx] A font has different behaviour for ligatures depending on its creation mode |
2 | JDK-8147002 | client‑libs | 2d | [macosx] Arabic character cannot be rendered on MacOS X |
3 | JDK-8180370 | client‑libs | 2d | Characters are skipped on input of Korean text on OS X |
4 | JDK-8181659 | client‑libs | 2d | Create an alternative fix for JDK‑8167102, whose fix was backed out |
5 | JDK-8190280 | client‑libs | 2d | [macos] Font2DTest demo started failing for Arabic range from JDK 8 u162 b01 on Mac |
6 | JDK-7124271 | client‑libs | java.awt | [macosx] RealSync test failure |
7 | JDK-8080504 | client‑libs | java.awt | [macosx] SunToolkit.realSync() may hang |
8 | JDK-8139218 | client‑libs | java.awt | Dialog that opens and closes quickly changes focus in original focusowner |
9 | JDK-8155197 | client‑libs | java.awt | Focus transition issue |
10 | JDK-8078269 | client‑libs | javax.swing | JTabbedPane UI Property TabbedPane.tabAreaBackground no longer works |
11 | JDK-4354680 | core‑libs | java.lang | Runtime.runFinalization() silently clears interrupted flag in the calling thread |
12 | JDK-8031661 | core‑libs | java.net | java/net/Authenticator/B4769350.java failed intermittently |
13 | JDK-8184328 | core‑libs | java.net | JDK 8u131 socketRead0 hang at SSL read |
14 | JDK-8185346 | core‑libs | java.rmi | Relax RMI Registry Serial Filter to allow arrays of any type |
15 | JDK-8179086 | core‑libs | java.time | java.time.temporal.ValueRange has poor hashCode() |
16 | JDK-8184893 | core‑libs | jdk.nashorn | jdk8u152 b06 : issues with nashorn when running kraken benchmarks |
17 | JDK-6618335 | core‑svc | debugger | ThreadReference.stop(null) throws NPE instead of InvalidTypeException |
18 | JDK-8181419 | core‑svc | debugger | Race in jdwp invoker handling may lead to crashes or invalid results |
19 | JDK-8162530 | core‑svc | java.lang.management | src/jdk.management/share/native/libmanagement_ext/GcInfoBuilder.c doesn't handle JNI exceptions properly |
20 | JDK-8046778 | core‑svc | javax.management | Better error messages when starting JMX agent via attach or jcmd |
21 | JDK-6656031 | core‑svc | tools | SA: jmap ‑permstat number of classes is off by 1 |
22 | JDK-6977426 | core‑svc | tools | sun/tools tests can intermittently fail to find app's Java pid |
23 | JDK-8074812 | core‑svc | tools | More specific error message when the .java_pid well‑known file is not secure |
24 | JDK-8190758 | deploy | packager | javapackager fails to consider filesystem type |
25 | JDK-8191176 | deploy | packager | JavaFX Self-Contained Application fails with error "Failed to find library: jvm.dll" |
26 | JDK-8074544 | deploy | webstart | webstart app fails with CouldNotLoadArgumentException when account in Japanese |
27 | JDK-8185661 | deploy | webstart | JNLP files won't launch from IE11 on Windows 10 Creators Update |
28 | JDK-8160365 | deploy | webstart | Desktop shortcut of Web Start application is broken after JRE update |
29 | JDK-8072428 | hotspot | compiler | Enable UseLoopCounter ergonomically if on‑stack‑replacement is enabled |
30 | JDK-8073670 | hotspot | compiler | TypeF::eq and TypeD::eq do not handle NaNs correctly |
31 | JDK-8145913 | hotspot | compiler | PPC64: add Montgomery multiply intrinsic |
32 | JDK-8148786 | hotspot | compiler | xml.transform fails on x86‑64 |
33 | JDK-8164954 | hotspot | compiler | split_if creates empty phi and region nodes |
34 | JDK-8166742 | hotspot | compiler | SIGFPE in C2 Loop IV elimination |
35 | JDK-8168318 | hotspot | compiler | PPC64: Use cmpldi instead of li/cmpld |
36 | JDK-8170328 | hotspot | compiler | PPC64: Use andis instead of lis/and |
37 | JDK-8172751 | hotspot | compiler | OSR compilation at unreachable bci causes C1 crash |
38 | JDK-8177958 | hotspot | compiler | Possible uninitialized char* in vm_version_solaris_sparc.cpp |
39 | JDK-8178047 | hotspot | compiler | Aliasing problem with raw memory accesses |
40 | JDK-8180855 | hotspot | compiler | Null pointer dereference in OopMapSet::all_do of oopMap.cpp:394 |
41 | JDK-8181810 | hotspot | compiler | PPC64: Leverage extrdi for bitfield extract |
42 | JDK-8184009 | hotspot | compiler | Missing null pointer check in InterpreterRuntime::update_mdp_for_ret() |
43 | JDK-8184271 | hotspot | compiler | Time related C1 intrinsics produce inconsistent results when floating around |
44 | JDK-8185572 | hotspot | compiler | Enable AssumeMP by default on SPARC machines |
45 | JDK-8181055 | hotspot | gc | PPC64: "mbind: Invalid argument" still seen after 8175813 |
46 | JDK-8185164 | hotspot | jvmti | GetOwnedMonitorInfo() returns incorrect owned monitor |
47 | JDK-6651256 | hotspot | runtime | jstack: DeleteGlobalRef method call doesn't lead to descreasing of global refs count shown by jstack |
48 | JDK-8087291 | hotspot | runtime | InitialBootClassLoaderMetaspaceSize and CompressedClassSpaceSize should be checked consistent from MaxMetaspaceSize |
49 | JDK-8023667 | hotspot | svc | SA: ExceptionBlob and other C2 classes not available in client VM |
50 | JDK-8130721 | javafx | graphics | [macos] problem with editing thai in TextArea |
51 | JDK-8181922 | javafx | media | Provide media support for libav version 57 |
52 | JDK-8185691 | javafx | media | MediaPlayer reports error with HTTP Live Streams instead of EOS |
53 | JDK-8187594 | javafx | media | Media crashes with libavcodec 57 on Ubuntu 17.04 32‑bit |
54 | JDK-8188029 | javafx | media | [macos] MediaView Crashes on OS X 10.13 High Sierra |
55 | JDK-8191335 | javafx | media | Linux 32‑bit build fails after fix for JDK‑8187594 |
56 | JDK-8190249 | javafx | other | Missing content from cssref.html due to missed closing comment |
57 | JDK-8181786 | javafx | swing | Extra runLater causes impossible states to be possible using javafx.embed.singleThread=true |
58 | JDK-8187781 | javafx | swing | "InvalidDnDOperationException: Drag and drop in progress" while running javafx application with option ‑Djavafx.embed.singleThread=true |
59 | JDK-8182977 | javafx | web | NullPointerException with HTMLEditor when changing the scene graph |
60 | JDK-8185970 | javafx | web | Possible crash due to use‑after‑free |
61 | JDK-8158633 | security‑libs | javax.crypto | BASE64 encoded cert not correctly parsed with UTF‑16 |
62 | JDK-8187023 | security‑libs | javax.crypto:pkcs11 | Cannot read pkcs11 config file in UTF‑16 environment |
63 | JDK-8140436 | security‑libs | javax.net.ssl | Negotiated Finite Field Diffie‑Hellman Ephemeral Parameters for TLS |
64 | JDK-8066185 | tools | launcher | VM crashed with SIGSEGV VirtualMemoryTracker::add_reserved_region |
January 16, 2018
The full version string for this update release is 1.8.0_161-b12 (where "b" means "build"). The version number is 8u161.
JDK 8u161 contains IANA time zone data version 2017c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u161 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_161-b12 |
7 | 1.7.0_171-b11 |
6 | 1.6.0_181-b10 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u161) will expire with the release of the next critical patch update scheduled for April 17, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u161) on May 17, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
security-libs/javax.net.ssl
Added TLS session hash and extended master secret extension support
Support has been added for the TLS session hash and extended master secret extension (RFC 7627) in JDK JSSE provider. Note that in general, server certificate change is restricted if endpoint identification is not enabled and the previous handshake is a session-resumption abbreviated initial handshake, unless the identities represented by both certificates can be regarded as the same. However, if the extension is enabled or negotiated, the server certificate changing restriction is not necessary and will be discarded accordingly. In case of compatibility issues, an application may disable negotiation of this extension by setting the System Property jdk.tls.useExtendedMasterSecret
to false
in the JDK. By setting the System Property jdk.tls.allowLegacyResumption
to false
, an application can reject abbreviated handshaking when the session hash and extended master secret extension is not negotiated. By setting the System Property jdk.tls.allowLegacyMasterSecret
to false
, an application can reject connections that do not support the session hash and extended master secret extension.
See JDK-8148421
security-libs/javax.crypto
Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
Enhance the JDK security providers to support 3072-bit DiffieHellman and DSA parameters generation, pre-computed DiffieHellman parameters up to 8192 bits and pre-computed DSA parameters up to 3072 bits.
See JDK-8072452
other-libs/corba
Add additional IDL stub type checks to org.omg.CORBA.ORBstring_to_object method
Applications that either explicitly or implicitly call org.omg.CORBA.ORB.string_to_object
, and wish to ensure the integrity of the IDL stub type involved in the ORB::string_to_object
call flow, should specify additional IDL stub type checking. This is an "opt in" feature and is not enabled by default.
To take advantage of the additional type checking, the list of valid IDL interface class names of IDL stub classes is configured by one of the following:
com.sun.CORBA.ORBIorTypeCheckRegistryFilter
located in the file conf/security/java.security
in Java SE 9 or in jre/lib/security/java.security
in Java SE 8 and earlier.com.sun.CORBA.ORBIorTypeCheckRegistryFilter
with the list of classes. If the system property is set, its value overrides the corresponding property defined in the java.security
configuration.If the com.sun.CORBA.ORBIorTypeCheckRegistryFilter
property is not set, the type checking is only performed against a set of class names of the IDL interface types corresponding to the built-in IDL stub classes.
JDK-8160104 (not public)
security-libs/javax.crypto
In 8u161, the RSA implementation in the SunRsaSign provider will reject any RSA public key that has an exponent that is not in the valid range as defined by PKCS#1 version 2.2. This change will affect JSSE connections as well as applications built on JCE.
JDK-8174756 (not public)
security-libs/javax.net.ssl
Restrict Diffie-Hellman keys less than 1024 bits
Diffie-Hellman keys less than 1024 bits are considered too weak to use in practice and should be restricted by default in SSL/TLS/DTLS connections. Accordingly, Diffie-Hellman keys less than 1024 bits have been disabled by default by adding "DH keySize < 1024" to the "jdk.tls.disabledAlgorithms" security property in the java.security file. Although it is not recommended, administrators can update the security property ("jdk.tls.disabledAlgorithms") and permit smaller key sizes (for example, by setting "DH keySize < 768").
JDK-8148108 (not public)
security-libs/javax.crypto
Provider default key size is updated
This change updates the JDK providers to use 2048 bits as the default key size for DSA instead of 1024 bits when applications have not explicitly initialized the java.security.KeyPairGenerator
and java.security.AlgorithmParameterGenerator
objects with a key size.
If compatibility issues arise, existing applications can set the system property jdk.security.defaultKeySize
introduced in JDK-8181048 with the algorithm and its desired default key size.
JDK-8178466 (not public)
security-libs/javax.crypto
The generateSecret(String)
method has been mostly disabled in the javax.crypto.KeyAgreement
services of the SunJCE and SunPKCS11 providers. Invoking this method for these providers will result in a NoSuchAlgorithmException
for most algorithm string arguments. The previous behavior of this method can be re-enabled by setting the value of the jdk.crypto.KeyAgreement.legacyKDF
system property to true
(case insensitive). Re-enabling this method by setting this system property is not recommended.
Prior to this change, the following code could be used to produce secret keys for AES using Diffie-Hellman:
KeyAgreement ka = KeyAgreement.getInstance("DiffieHellman");
ka.init(...);
ka.doPhase(...);
SecretKey sk = ka.generateSecret("AES");
The issue with this code is that it is unspecified how the provider should derive a secret key from the output of the Diffie-Hellman operation. There are several options for how this key derivation function can work, and each of these options has different security properties. For example, the key derivation function may bind the secret key to some information about the context or the parties involved in the key agreement. Without a clear specification of the behavior of this method, there is a risk that the key derivation function will not have some security property that is expected by the client.
To address this risk, the generateSecret(String) method of KeyAgreement was mostly disabled in the DiffieHellman services, and code like the example above will now result in a java.security.NoSuchAlgorithmException. Clients still may use the no-argument generateSecret method to obtain the raw Diffie-Hellman output, which can be used with an appropriate key derivation function to produce a secret key.
Existing applications that use the generateSecret(String) method of this service will need to be modified. Here are a few options:
A) Implement the key derivation function from an appropriate standard. For example, NIST SP 800-56Ar2[1] section 5.8 describes how to derive keys from Diffie-Hellman output.
B) Implement the following simple key derivation function:
requires the standard name of the secret-key algorithm (e.g. "AES")
This is a simple key derivation function that may provide adequate security in a typical application. Developers should note that this method provides no protection against the reuse of key agreement output in different contexts, so it is not appropriate for all applications. Also, some additional effort may be required to enforce key size restrictions like the ones in Table 2 of NIST SP 800-57pt1r4[2].
C) Set the jdk.crypto.KeyAgreement.legacyKDF system property to "true". This will restore the previous behavior of this KeyAgreement service. This solution should only be used as a last resort if the application code cannot be modified, or if the application must interoperate with a system that cannot be modified. The "legacy" key derivation function and its security are unspecified.
JDK-8185292 (not public)
security-libs/javax.crypto
Unlimited cryptography enabled by default
The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure cryptographic algorithm restrictions. Previously, the Policy files in the JDK placed limits on various algorithms. This release ships with both the limited and unlimited jurisdiction policy files, with unlimited being the default. The behavior can be controlled via the new 'crypto.policy' Security property found in the /lib/java.security file. Please refer to that file for more information on this property.
See JDK-8170157
core-libs/java.rmi
The RMI Registry filter is relaxed to allow binding arrays of any type
The RMI Registry built-in serial filter is modified to check only the array size and not the component type. The maximum array size is increased to 1,000,000. The override filter can be used to decrease the limit. Array sizes greater than the maxarray limit will be rejected and otherwise will be allowed. The java.security
file contains more information about the sun.rmi.registry.registryFilter
property and it will be updated in the conf/security/java.security
configuration file to better describe the default behavior and how to override it.
See JDK-8185346
security-libs/javax.net.ssl
Disable exportable cipher suites
To improve the strength of SSL/TLS connections, exportable cipher suites have been disabled in SSL/TLS connections in the JDK by the jdk.tls.disabledAlgorithms
Security Property.
See JDK-8163237
security-libs/java.security
Disable JARs signed with DSA keys less than 1024 bits
DSA keys less than 1024 bits have been added to the jdk.jar.disabledAlgorithms
Security property in the java.security
file. This property contains a list of disabled algorithms and key sizes for signed JAR files. If a signed JAR file uses a disabled algorithm or key size less than the minimum length, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
Running jarsigner -verify -verbose
on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.
For example, to check a JAR file named test.jar
, use this command: jarsigner -verify -verbose test.jar
If the file in this example was signed with a weak key such as 512 bit DSA, this output would be seen:
- Signed by "CN=weak_signer"
Digest algorithm: SHA1
Signature algorithm: SHA1withDSA, 512-bit key (weak)
To address the issue, the JAR file will need to be re-signed with a stronger key size. Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms
security property; however, this option is not recommended. Before re-signing affected JARs, the existing signature(s) should be removed from the JAR file. This can be done with the zip
utility, as follows:
zip -d test.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'
Periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JARs and other security components.
JDK-8185909 (not public)
core-svc/javax.management
JMX Connections need deserialization filters
New public attributes, RMIConnectorServer.CREDENTIALS_FILTER_PATTERN
and RMIConnectorServer.SERIAL_FILTER_PATTERN
have been added to RMIConnectorServer.java
. With these new attributes, users can specify the deserialization filter pattern strings to be used while making a RMIServer.newClient()
remote call and while sending deserializing parameters over RMI to server respectively.
The user can also provide a filter pattern string to the default agent via management.properties. As a result, a new attribute is added to management.properties.
Existing attribute RMIConnectorServer.CREDENTIAL_TYPES
is superseded by RMIConnectorServer.CREDENTIALS_FILTER_PATTERN
and has been removed.
JDK-8159377 (not public)
xml/jaxp
JDK Transform, Validation and XPath use the system-default parser
Java SE 9 changes the JDK's Transform
, Validation
and XPath
implementations to use the JDK's system-default parser even when a third party parser is on the classpath. In order to override the JDK system-default parser, applications need to explicitly set the new System property jdk.xml.overrideDefaultParser
.
The overrideDefaultParser
property is supported by the following APIs:
The overrideDefaultParser
property can be set through the System.setProperty.
The overrideDefaultParser
property can be set in the JAXP configuration file jaxp.properties
.
The overrideDefaultParser
property follows the same rule as other JDK JAXP properties in that a setting of a narrower scope takes preference over that of a wider scope. A setting through the API overrides the System property which in turn overrides that in the jaxp.properties
file.
JDK-8186080 (not public)
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8079595 | client‑libs | java.awt | Resizing dialog which is JWindow parent makes JVM crash |
2 | JDK-8184016 | client‑libs | java.swing | Text in native popup is not always updated with Sogou IME |
3 | JDK-8035105 | core‑libs | javax.naming | DNS provider cleanups |
4 | JDK-8185661 | deploy | webstart | JNLP files won't launch from IE11 on Windows 10 Creators Update |
5 | JDK-8186344 | deploy | webstart | 64 bit java install not setting jnlp associate if lower 32bit versions exist |
6 | JDK-8157548 | hotspot | runtime | JVM crashes sometimes while starting |
7 | JDK-8191607 | install | install | undo 8189805: 64 and 32 bit RPMS must co‑exist |
8 | JDK-8178728 | security‑libs | java.security | Check the AlgorithmParameters in algorithm constraints |
9 | JDK-8184673 | security‑libs | java.security | Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers |
10 | JDK-8072452 | security‑libs | javax.crypto | Support DHE sizes up to 8192‑bits and DSA sizes up to 3072‑bits |
11 | JDK-8170157 | security‑libs | javax.crypto | Enable unlimited cryptographic policy by default in Oracle JDK builds |
12 | JDK-8156502 | security‑libs | javax.net.ssl | Use short name of SupportedEllipticCurvesExtension.java |
13 | JDK-8193683 | security‑libs | javax.net.ssl | Increase the number of clones in the CloneableDigest |
14 | JDK-8159240 | xml | jaxb | XSOM parser incorrectly processes type names with whitespaces |
The following sections summarize changes made in all Java SE 8u152 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8191608 | install | install | Java RPMs should allow for side-by-side installation of JDK and JRE, 32 and 64 bit, and only one update for each major version |
8193218 | install | install | Simplify build system building rpms |
8191607 | install | install | undo 8189805: 64 and 32 bit RPMS must co-exist |
8189805 | install | install | 64 and 32 bit RPMS must co-exist |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8179665 | client-libs | javax.swing | [Windows] java.awt.IllegalComponentStateException: component must be showing on the screen to determine its location |
8186441 | xml | jax-ws | Change of behavior in the getMessage () method of the SOAPMessageContextImpl class |
8185661 | deploy | webstart | JNLP files won't launch from IE11 on Windows 10 Creators Update |
8189612 (Confidential) |
deploy | webstart | com.sun.deploy.net.JARSigningException: Found unsigned entry in resource |
8173129 (Confidential) |
deploy | plugin | [deploy] System must be left clean after the uninstall process completes |
8193168 (Confidential) |
deploy | javafx | Failed to launch the FX application after clicking link 'click to launch this app as webstart' |
Bug Fixes
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
6988950 | core-svc | debugger | JDWP exit error JVMTI_ERROR_WRONG_PHASE(112) |
8134103 (Confidential) |
core-svc | debugger | JVMTI_ERROR_WRONG_PHASE(112): on checking for an interface |
8182402 (Confidential) |
client-libs | swing | Tooltip for Desktop button is in English when non-English locale is set |
Please note that fixes from prior BPR (8u144 b34) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8184328 | core-libs | java.net | JDK 8u131 socketRead0 hang at SSL read |
8185346 | core-libs | java.rmi | Relax RMI Registry Serial Filter to allow arrays of any type |
8185864 (Confidential) |
install | install | JDK 8 Install wizard is hidden after JRE silent install is used |
8160365 | deploy | webstart | Desktop shortcut of Web Start application is broken after JRE update |
October 17, 2017
The full version string for this update release is 1.8.0_152-b16 (where "b" means "build"). The version number is 8u152.
JDK 8u152 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8159684
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u152 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_151-b12 |
7 | 1.7.0_161-b13 |
6 | 1.6.0_171-b13 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u152) will expire with the release of the next critical patch update scheduled for January 16, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u152) on February 16, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/java.util.jar
Decode error with Tomcat version 7.x
The zlib version shipped in the 8u151 and 7u161 JDK releases was updated to zlib v1.2.11. The deflate functionality in this version causes a compatibility issue with Tomcat v7.x. Server responses can appear as corrupt or can fail to be decoded. The issue is seen if Tomcat is using compression (e.g. compression="on" in server.xml). This issue is being fixed via JDK-8189789.
Users can disable the compression mode on their Tomcat servers as a workaround. Tomcat versions 8.x and later don't appear to be affected.
See JDK-8191040
security-libs/javax.crypto
New Security property to control crypto policy
This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy
Security property. If the new Security property (crypto.policy) is set in the java.security
file, or has been set dynamically using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security
file shipping with this release for more information.
Note : On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, or 8u111, then you should set the new crypto.policy Security property in the java.security
file.
Because the old JCE jurisdiction files are left in <<em>java-home</em>>/lib/security
, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
Caused by: java.lang.SecurityException: Jurisdiction policy files are not
signed by trusted signers!
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593)
at
javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)
See JDK-8157561
BigInteger performance improvements turned on by default
The performance improvements described in JDK-8130150 and JDK-8081778 have now been turned on by default. They can be turned off by using the following command options:
-XX:-UseMontgomerySquareIntrinsic
-XX:-UseMontgomeryMultiplyIntrinsic
-XX:-UseSquareToLenIntrinsic
-XX:-UseMultiplyToLenIntrinsic
See JDK-8154945
The following are some of the notable bug fixes included in this release:
Compilers accept modification of final fields outside initializer methods
According to the Java VM Specification, final fields can be modified by the putfield
byte code instruction only if the instruction appears in the instance initializer method <init>
of the field's declaring class. Similar, static final fields can be modified by a putstatic
instruction only if the instruction appears in the class initializer method <clinit>
of the field's declaring class. With the JDK 9 release, the HotSpot VM fully enforces the previously mentioned restrictions, but only for class files with version number >= 53. For class files with version numbers < 53, restrictions are only partially enforced (as it is done by releases preceding JDK 9). That is, for class files with version number < 53 final fields can be modified in any method of the class declaring the field (not only class/instance initializers).
See JDK-8157181
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8160893 | client‑libs | [macosx] JMenuItems in JPopupMenu are not accessible | |
2 | JDK-8177315 | client‑libs | backout changes for 8176516 (backport of 8173791) | |
3 | JDK-8039412 | client‑libs | 2d | Stack overflow on Linux using DialogTypeSelection.NATIVE |
4 | JDK-8040635 | client‑libs | 2d | [macosx] Printing a shape filled with a texture doesn't work under Mac OS X |
5 | JDK-8058316 | client‑libs | 2d | lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command |
6 | JDK-8061258 | client‑libs | 2d | [macosx] PrinterJob's native Print Dialog does not reflect specified Copies or Page Ranges |
7 | JDK-8067059 | client‑libs | 2d | PrinterJob.pageDialog() with DialogSelectionType.NATIVE returns a PageFormat when cancelled. |
8 | JDK-8074562 | client‑libs | 2d | CID keyed OpenType fonts are not supported by T2K |
9 | JDK-8089573 | client‑libs | 2d | [macosx] Incorrect char to glyph mapping printing on OSX 10.10 |
10 | JDK-8158356 | client‑libs | 2d | SIGSEGV when attempting to rotate BufferedImage using AffineTransform by NaN degrees |
11 | JDK-8160664 | client‑libs | 2d | JVM crashed with font manager on Solaris 12 |
12 | JDK-8162488 | client‑libs | 2d | JDK should be updated to use LittleCMS 2.8 |
13 | JDK-8162796 | client‑libs | 2d | [macosx] LinearGradientPaint and RadialGradientPaint are not printed on OS X. |
14 | JDK-8167102 | client‑libs | 2d | [macosx] PrintRequestAttributeSet breaks page size set using PageFormat |
15 | JDK-8170552 | client‑libs | 2d | [macosx] Wrong rendering of diacritics on macOS |
16 | JDK-8170913 | client‑libs | 2d | Java "1.8.0_112" on Windows 10 displays different characters for EUDCs from ones created in eudcedit.exe. |
17 | JDK-8170950 | client‑libs | 2d | Text is displayed in bold when fonts are installed into symlinked folder |
18 | JDK-8175025 | client‑libs | 2d | The copyright section in the test/java/awt/font/TextLayout/DiacriticsDrawingTest.java should be updated |
19 | JDK-8176530 | client‑libs | 2d | JDK support for JavaFX modal print dialogs |
20 | JDK-4953367 | client‑libs | java.awt | MAWT: Java should be more careful manipulating NLSPATH, XFILESEARCHPATH env variables |
21 | JDK-6980209 | client‑libs | java.awt | Make tracking SecondaryLoop.enter/exit methods easier |
22 | JDK-8035568 | client‑libs | java.awt | [macosx] Cursor management unification |
23 | JDK-8040322 | client‑libs | java.awt | TextArea.replaceRange() and insert() are broken with setText(null) |
24 | JDK-8050478 | client‑libs | java.awt | [macosx] Cursor not updating correctly after closing a modal dialog |
25 | JDK-8075516 | client‑libs | java.awt | Deleting a file from either the open or save java.awt.FileDialog hangs. |
26 | JDK-8139189 | client‑libs | java.awt | VK_OEM_102 dead key detected as VK_UNDEFINED |
27 | JDK-8140525 | client‑libs | java.awt | AwtFrame::WmShowWindow() may steal focus |
28 | JDK-8156116 | client‑libs | java.awt | [macosx] two JNI locals to delete in AWTWindow.m, CGraphicsEnv.m |
29 | JDK-8156723 | client‑libs | java.awt | JVM crash at sun.java2d.windows.GDIBlitLoops.nativeBlit |
30 | JDK-8160570 | client‑libs | java.awt | [macosx] modal dialog can skip the activation/focus events |
31 | JDK-8160623 | client‑libs | java.awt | [PIT] Exception running java/awt/event/KeyEvent/KeyChar/KeyCharTest.java |
32 | JDK-8160696 | client‑libs | java.awt | IllegalArgumentException: adding a component to a container on a different GraphicsDevice |
33 | JDK-8160941 | client‑libs | java.awt | "text/uri‑list" dataflavor concats the first two strings |
34 | JDK-8163583 | client‑libs | java.awt | [macosx] Press "To Back" button on the Dialog,the Dialog moves behind the Frame |
35 | JDK-8165717 | client‑libs | java.awt | [macosx] Various memory leaks in jdk9 |
36 | JDK-8169355 | client‑libs | java.awt | Diacritics input works incorrectly on Windows if Spanish (Latin American) keyboard layout is used |
37 | JDK-8173853 | client‑libs | java.awt | IllegalArgumentException in java.awt.image.ReplicateScaleFilter |
38 | JDK-8173876 | client‑libs | java.awt | [macosx] Fast precise scrolling and DeltaAccumulator fix for macOS Sierra 10.12.2 |
39 | JDK-8176490 | client‑libs | java.awt | [macosx] Sometimes NSWindow.isZoomed hangs |
40 | JDK-8136570 | client‑libs | java.awt:i18n | Stop changing user environment variables related to /usr/dt |
41 | JDK-8159696 | client‑libs | java.beans | java.beans.MethodRef#get throws NullPointerException |
42 | JDK-8076249 | client‑libs | javax.accessibility | NPE in AccessBridge while editing JList model |
43 | JDK-8076554 | client‑libs | javax.accessibility | [macosx] Custom Swing text components need to allow standard accessibility |
44 | JDK-8145207 | client‑libs | javax.accessibility | [macosx] JList, VO can't access non‑visible list items |
45 | JDK-8165829 | client‑libs | javax.accessibility | Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent |
46 | JDK-8171808 | client‑libs | javax.accessibility | Performance problems in dialogs with large tables when JAB activated |
47 | JDK-8175915 | client‑libs | javax.accessibility | NullPointerException from JComboBox and JList when Accessibility enabled |
48 | JDK-8168751 | client‑libs | javax.sound | Two "Direct Clip" threads are created to play the same "AudioClip" object, what makes clip sound corrupted |
49 | JDK-7172652 | client‑libs | javax.swing | With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin |
50 | JDK-8152981 | client‑libs | javax.swing | Double icons with JMenuItem setHorizontalTextPosition on Win 10 |
51 | JDK-8158325 | client‑libs | javax.swing | Memory leak in com.apple.laf.ScreenMenu: removed JMenuItems are still referenced |
52 | JDK-8161664 | client‑libs | javax.swing | Memory leak in com.apple.laf.AquaProgressBarUI: removed progress bar still referenced |
53 | JDK-8177450 | client‑libs | javax.swing | javax.swing.text.html.parser.Parser parseScript ignores a character after comment end |
54 | JDK-8163518 | core‑libs | java.io | Integer overflow in StringBufferInputStream.read() and CharArrayReader.read/skip() |
55 | JDK-8169556 | core‑libs | java.io | Wrap FileInputStream's native skip and available methods |
56 | JDK-8161039 | core‑libs | java.lang | System.getProperty("os.version") returns incorrect version number on Mac |
57 | JDK-8170153 | core‑libs | java.lang | PPC64/s390x/aarch64: Poor StrictMath performance due to non‑optimized compilation |
58 | JDK-8170873 | core‑libs | java.lang | PPC64/aarch64: Poor StrictMath performance due to non‑optimized compilation |
59 | JDK-8172053 | core‑libs | java.lang | (ppc64) Downport of 8170153 breaks build on linux/ppc64 (big endian) |
60 | JDK-8173654 | core‑libs | java.lang | Regression since 8u60: System.getenv doesn't return env var set in JNI code |
61 | JDK-8174729 | core‑libs | java.lang:reflect | Race Condition in java.lang.reflect.WeakCache |
62 | JDK-6947916 | core‑libs | java.net | JarURLConnection does not handle useCaches correctly |
63 | JDK-8022580 | core‑libs | java.net | sun.net.ftp.impl.FtpClient.nameList(String path) handles "null" incorrectly |
64 | JDK-8035158 | core‑libs | java.net | Remove dependency on sun.misc.RegexpPool and friends |
65 | JDK-8035653 | core‑libs | java.net | InetAddress.getLocalHost crash |
66 | JDK-8071424 | core‑libs | java.net | JCK test api/java_net/Socket/descriptions.html#Bind crashes on Windows |
67 | JDK-8075484 | core‑libs | java.net | SocketInputStream.socketRead0 can hang even with soTimeout set |
68 | JDK-8145732 | core‑libs | java.net | Duplicate entry in http.nonProxyHosts will ignore subsequent entries |
69 | JDK-8159410 | core‑libs | java.net | InetAddress.isReachable returns true for non existing IP addresses |
70 | JDK-8166747 | core‑libs | java.net | Add invalid network / computer name cases to isReachable known failure switch |
71 | JDK-8169865 | core‑libs | java.net | Downport minor fixes in java.net native code from JDK 9 to JDK 8 |
72 | JDK-8182672 | core‑libs | java.net | Java 8u121 on Linux intermittently returns null for MAC address |
73 | JDK-8145981 | core‑libs | java.nio | (fs) LinuxWatchService can reports events against wrong directory |
74 | JDK-8153925 | core‑libs | java.nio | (fs) WatchService hangs on GetOverlappedResult and locks directory (win) |
75 | JDK-8165231 | core‑libs | java.nio | java.nio.Bits.unaligned() doesn't return true on ppc |
76 | JDK-8180949 | core‑libs | java.rmi | Correctly handle exception in TCPChannel.createConnection |
77 | JDK-8054214 | core‑libs | java.time | JapaneseEra.getDisplayName doesn't return names if it's an additional era |
78 | JDK-8164366 | core‑libs | java.time | ZoneOffset.ofHoursMinutesSeconds() does not reject invalid input |
79 | JDK-8173423 | core‑libs | java.time | Wrong display name for supplemental Japanese era |
80 | JDK-8177678 | core‑libs | java.time | Overstatement of universality of Era.getDisplayName() implementation |
81 | JDK-8165243 | core‑libs | java.util | Base64.Encoder.wrap(os).write(byte[],int,int) with incorrect arguments should not produce output |
82 | JDK-8166507 | core‑libs | java.util.concurrent | ConcurrentSkipListSet.clear() can leave the Set in an invalid state |
83 | JDK-8179515 | core‑libs | java.util.concurrent | Class java.util.concurrent.ThreadLocalRandom fails to Initialize when using SecurityManager |
84 | JDK-8169056 | core‑libs | java.util.regex | StringIndexOutOfBoundsException in Pattern.compile with CANON_EQ flag |
85 | JDK-8129361 | core‑libs | java.util:i18n | ISO 4217 amendment 160 |
86 | JDK-8145952 | core‑libs | java.util:i18n | Currency update needed for ISO 4217 Amendment #161 |
87 | JDK-8164784 | core‑libs | java.util:i18n | Currency update needed for ISO 4217 Amendment #162. |
88 | JDK-8174736 | core‑libs | java.util:i18n | [JCP] [Mac]Cannot launch JCP on Mac os with language set to "Chinese, Simplified" while region is not China |
89 | JDK-8174779 | core‑libs | java.util:i18n | Locale issues with Mac 10.12 |
90 | JDK-8177776 | core‑libs | java.util:i18n | Create an equivalent test case for JDK9's SupplementalJapaneseEraTest |
91 | JDK-8149521 | core‑libs | javax.naming | automatic discovery of LDAP servers with Kerberos authentication |
92 | JDK-8163945 | core‑libs | jdk.nashorn | Honor Number type hint in toPrimitive on Numbers |
93 | JDK-8166902 | core‑libs | jdk.nashorn | Nested object literal property maps not reset in optimistic recompilation |
94 | JDK-8168373 | core‑libs | jdk.nashorn | "Bad local variable type" in ES6 Nashorn when reassigning a `let` within a `try` |
95 | JDK-8170565 | core‑libs | jdk.nashorn | JSObject call() is passed undefined for the argument 'thiz' |
96 | JDK-8170594 | core‑libs | jdk.nashorn | >>>=0 generates invalid bytecode for BaseNode LHS |
97 | JDK-8170977 | core‑libs | jdk.nashorn | SparseArrayData should not grow its underlying dense array data |
98 | JDK-8171219 | core‑libs | jdk.nashorn | Missing checks in sparse array shift() implementation |
99 | JDK-8171849 | core‑libs | jdk.nashorn | Can't unambiguously select between fixed arity signatures [(java.util.Collection), (java.util.Map)] |
100 | JDK-8176511 | core‑libs | jdk.nashorn | JSObject property access is broken for numeric keys outside the int range |
101 | JDK-8181191 | core‑libs | jdk.nashorn | getUint32 returning Long |
102 | JDK-8153711 | core‑svc | debugger | [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command |
103 | JDK-8160024 | core‑svc | debugger | jdb returns invalid argument count if first parameter to Arrays.asList is null |
104 | JDK-8164843 | core‑svc | tools | UsageTracker should limit records and avoid truncation |
105 | JDK-8169236 | core‑svc | tools | JRE 8u112 attempts to run ICACLS.EXE on startup in Windows 10 Version 1607, build 14393 |
106 | JDK-8173664 | core‑svc | tools | Typo in https://java.net/downloads/heap‑snapshot/hprof‑binary‑format.html |
107 | JDK-8174806 | deploy | packager | Packager update App Store runtime rules for libjfxwebkit.dylib |
108 | JDK-8164410 | deploy | plugin | JRE 6u121 causes applet to fail with: Reset deny session certificate store |
109 | JDK-8022291 | deploy | webstart | Mac OS: Unexpected JavaLaunchHelper message displaying |
110 | JDK-8161700 | deploy | webstart | Deadlock in Java Web Start application involving JNLPClassLoader |
111 | JDK-8161986 | deploy | webstart | Selecting 32/64 bit resources failed if user has installed both jre's |
112 | JDK-8167306 | deploy | webstart | Side effects of using url schema handler. |
113 | JDK-8038348 | hotspot | compiler | Instance field load is replaced by wrong data Phi |
114 | JDK-8043913 | hotspot | compiler | remove legacy code in SPARC's VM_Version::platform_features |
115 | JDK-8134119 | hotspot | compiler | Use new API to get cache line sizes |
116 | JDK-8134389 | hotspot | compiler | Crash in HotSpot with jvm.dll+0x42b48 ciObjectFactory::create_new_metadata |
117 | JDK-8134918 | hotspot | compiler | C2: Type speculation produces mismatched unsafe accesses |
118 | JDK-8140309 | hotspot | compiler | [REDO] failed: no mismatched stores, except on raw memory: StoreB StoreI |
119 | JDK-8143897 | hotspot | compiler | Weblogic12medrec assert(handler_address == SharedRuntime::compute_compiled_exc_handler(nm, pc, exception, force_unwind, true)) failed: Must be the same |
120 | JDK-8152172 | hotspot | compiler | PPC64: Support AES intrinsics |
121 | JDK-8153134 | hotspot | compiler | Infinite loop in handle_wrong_method in jmod |
122 | JDK-8153267 | hotspot | compiler | nmethod's exception cache not multi‑thread safe |
123 | JDK-8154945 | hotspot | compiler | Enable 8130150 and 8081778 intrinsics by default |
124 | JDK-8155781 | hotspot | compiler | C2: opaque unsafe access triggers an assert |
125 | JDK-8157181 | hotspot | compiler | Compilers accept modification of final fields outside initializer methods |
126 | JDK-8157306 | hotspot | compiler | Random infrequent null pointer exceptions in javac |
127 | JDK-8158639 | hotspot | compiler | C2 compilation fails with SIGSEGV |
128 | JDK-8162101 | hotspot | compiler | C2: Handle "wide" aliases for unsafe accesses |
129 | JDK-8162384 | hotspot | compiler | Performance regression: bimorphic inlining may be bypassed by type speculation |
130 | JDK-8162496 | hotspot | compiler | missing precedence edge for anti_dependence |
131 | JDK-8164002 | hotspot | compiler | Add a new CPU family (S_family) for SPARC S7 and above processors |
132 | JDK-8164293 | hotspot | compiler | HotSpot leaking memory in long‑running requests |
133 | JDK-8164508 | hotspot | compiler | unexpected profiling mismatch in c1 generated code |
134 | JDK-8165482 | hotspot | compiler | java in ldoms, with cpu‑arch=generic has problems |
135 | JDK-8173373 | hotspot | compiler | C1: NPE is thrown instead of LinkageError when accessing inaccessible field on NULL receiver |
136 | JDK-8175887 | hotspot | compiler | C1 value numbering handling of Unsafe.get*Volatile is incorrect |
137 | JDK-8177095 | hotspot | compiler | Range check dependent CastII/ConvI2L is prematurely eliminated |
138 | JDK-8140584 | hotspot | gc | nmethod::oops_do_marking_epilogue always runs verification code |
139 | JDK-8153176 | hotspot | gc | Long pause in ParOldGC, because ParallelTaskTerminator peeks wrong TaskQueueSet |
140 | JDK-8168914 | hotspot | gc | Crash in ClassLoaderData/JNIHandleBlock::oops_do during concurrent marking |
141 | JDK-8170409 | hotspot | gc | CMS: Crash in CardTableModRefBSForCTRS::process_chunk_boundaries |
142 | JDK-8175813 | hotspot | gc | PPC64: "mbind: Invalid argument" when ‑XX:+UseNUMA is used |
143 | JDK-8180048 | hotspot | gc | Interned string and symbol table leak memory during parallel unlinking |
144 | JDK-8034249 | hotspot | jvmti | need more workarounds for suspend equivalent condition issue |
145 | JDK-8081219 | hotspot | jvmti | hs_err improvement: Add event logging for class redefinition to the hs_err file |
146 | JDK-8162795 | hotspot | jvmti | [REDO] MemberNameTable doesn't purge stale entries |
147 | JDK-8049717 | hotspot | runtime | expose L1_data_cache_line_size for diagnostic/sanity checks |
148 | JDK-8087342 | hotspot | runtime | Crash in klassItable::initialize_itable_for_interface when running SelectionResolution InvokeInterfaceICCE.java |
149 | JDK-8162766 | hotspot | runtime | Unsafe_DefineClass0 accesses raw oops while in _thread_in_native |
150 | JDK-8163969 | hotspot | runtime | Cyclic interface initialization causes JVM crash |
151 | JDK-8165153 | hotspot | runtime | Crash in rebuild_cpu_to_node_map |
152 | JDK-8171155 | hotspot | runtime | Scanning method file for initialized final field updates can fail for non‑existent fields |
153 | JDK-8171194 | hotspot | runtime | Exception "Duplicate field name&signature in class file" should report the name and signature of the field |
154 | JDK-8177817 | hotspot | runtime | Remove assertions in 8u that were removed by 8056124 in 9. |
155 | JDK-8166208 | hotspot | svc | FlightRecorderOptions settings for defaultrecording ignored. |
156 | JDK-8173941 | hotspot | svc | SA does not work if executable is DSO |
157 | JDK-8161945 | install | install | REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE |
158 | JDK-8164096 | javafx | base | ListChangeListener on ReadOnlyListWrapper's getReadOnlyProperty() does not reset change |
159 | JDK-8139841 | javafx | controls | Axis class does not render ticks marks when tick labels are invisible |
160 | JDK-8139850 | javafx | controls | CategoryAxis rotates improperly as yAxis |
161 | JDK-8163486 | javafx | controls | NumberAxis: inaccurate rendering of ticks when tick unit is low |
162 | JDK-8166847 | javafx | controls | NumberAxis: sticked numbers sometimes |
163 | JDK-8168895 | javafx | controls | Tick marks position is not animated when toggling forceZeroInRange |
164 | JDK-8134600 | javafx | fxml | Can't pass ObservableList as argument using FXML |
165 | JDK-8087565 | javafx | graphics | Scaling problem on OSX Retina |
166 | JDK-8088205 | javafx | graphics | [Mac] WebView renders icons instead of letters on some sites |
167 | JDK-8088395 | javafx | graphics | Print dialogs are not blocking/modal w.r.t specified owner windows |
168 | JDK-8088857 | javafx | graphics | Menu slow to respond after resizing a window multiple times with animation running |
169 | JDK-8090176 | javafx | graphics | Pisces software renderer shows incomplete border images in particular situation |
170 | JDK-8148549 | javafx | graphics | Region is not rendered correctly when node cache is enabled |
171 | JDK-8151744 | javafx | graphics | wrong width/height in texture update |
172 | JDK-8154148 | javafx | graphics | [Mac] JavaFX crashes on startup when run on Mac in VMWare |
173 | JDK-8156078 | javafx | graphics | Stage alwaysOnTop property not reset to false if permission is denied |
174 | JDK-8163526 | javafx | graphics | protect FileChooser return from internal NPE |
175 | JDK-8169777 | javafx | graphics | MenuBar unoperable after moving Application to second monitor |
176 | JDK-8173468 | javafx | graphics | Font.loadFont returns null on some Ubuntu 32bits |
177 | JDK-8174688 | javafx | graphics | JavaFX Applet popup windows are in the wrong location on Mac |
178 | JDK-8178804 | javafx | graphics | Excessive memory consumption in TriangleMesh/MeshView |
179 | JDK-8156563 | javafx | media | JavaFX Ensemble8 media sample hang and crash |
180 | JDK-8159869 | javafx | media | HTTP Live Streaming not working anymore |
181 | JDK-8091485 | javafx | samples | Ensemble8: Review each sample description, playground, appearance, related docs and links |
182 | JDK-8134354 | javafx | samples | Ensemble Media samples sliders don't react to clicks |
183 | JDK-8136918 | javafx | samples | Ensemble uses deprecated flv (vp6) media files hosted on OTN |
184 | JDK-8136968 | javafx | samples | [Mac] Regression from JDK‑8087709 |
185 | JDK-8142439 | javafx | samples | Ensemble8 media player slider issues |
186 | JDK-8152858 | javafx | samples | Ensemble Timeline regression |
187 | JDK-8165373 | javafx | samples | Ensemble8 uses setAccessible to access methods and fields of various classes |
188 | JDK-8168095 | javafx | samples | Second image in Ensemble8/Image Creation sample does not load |
189 | JDK-8170421 | javafx | samples | Ensemble8 black flash at startup on b145+ |
190 | JDK-8130675 | javafx | scenegraph | Document that setting scene on stage changes stage size unless explicitly set |
191 | JDK-8164141 | javafx | scenegraph | [Javadoc] Replace references of Stage with Window in the Window class |
192 | JDK-8172554 | javafx | swing | [macos] deadlock on JFXPanel startup |
193 | JDK-8174154 | javafx | swing | NPE in JFXPanel$HostContainer#setEmbeddedStage |
194 | JDK-8088681 | javafx | web | Underscore not visible in HTML combo box options inside webview |
195 | JDK-8089915 | javafx | web | Input of type file doesn't honor "accept" attribute. |
196 | JDK-8090216 | javafx | web | HTMLEditor: font bold doesn't work when an indent is set |
197 | JDK-8136847 | javafx | web | DRT test fast/canvas/canvas‑fillRect‑shadow.html fails |
198 | JDK-8144263 | javafx | web | [WebView, OS X] Webkit rendering artifacts with inertia scrolling |
199 | JDK-8150982 | javafx | web | Crash when calling WebEngine.print on background thread |
200 | JDK-8158196 | javafx | web | WebView Form Post fails if connection is closed before keepAlive‑Timeout |
201 | JDK-8162922 | javafx | web | JavaFx WebView canvas doesn't support dash within strokeRec |
202 | JDK-8164314 | javafx | web | [WebView] Debug build is no longer working after JDK‑8089681 |
203 | JDK-8165098 | javafx | web | WebEngine.print will attempt to print even if the printer job is complete or has an error |
204 | JDK-8165173 | javafx | web | canvas/philip/tests/2d.path.clip.empty.html fails with 8u112 |
205 | JDK-8166231 | javafx | web | use @Native annotation in web classes |
206 | JDK-8166677 | javafx | web | HTMLEditor freezes after restoring previously maximized window |
207 | JDK-8167098 | javafx | web | Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch |
208 | JDK-8167675 | javafx | web | Animated gifs are not working |
209 | JDK-8168887 | javafx | web | [WebView] ComboBox and DropDownList ‑ Render fragments of the scrollbar are visible |
210 | JDK-8169204 | javafx | web | Need to document JSObject Call and setSlot APIs to use weak references |
211 | JDK-8170938 | javafx | web | Memory leak in JavaFX WebView |
212 | JDK-8172361 | javafx | web | Update java‑wrappers for WebKit generated classes following WebKit update |
213 | JDK-8172495 | javafx | web | Ignore __cmake_systeminformation from web module build directory |
214 | JDK-8174919 | javafx | web | SocketException no longer handled by WebView when processing web pages |
215 | JDK-8144258 | javafx | window‑toolkit | Ensemble Advanced Media sample hangs after going full screen |
216 | JDK-8160241 | javafx | window‑toolkit | Maximizing an Window with Screen‑Size hides it |
217 | JDK-8166106 | javafx | window‑toolkit | JVM crash on resizing JavaFX application with title and icon |
218 | JDK-8172561 | javafx | window‑toolkit | Copying String with "\r\n" to Clipboard duplicates "\r" |
219 | JDK-8155211 | security‑libs | java.security | Ucrypto Library leaks native memory |
220 | JDK-8163896 | security‑libs | java.security | Finalizing one key of a KeyPair invalidates the other key |
221 | JDK-8164846 | security‑libs | java.security | CertificateException missing cause of underlying exception |
222 | JDK-8176536 | security‑libs | java.security | Improved algorithm constraints checking |
223 | JDK-8157561 | security‑libs | javax.crypto | Ship the unlimited policy files in JDK Updates |
224 | JDK-8165751 | security‑libs | javax.crypto | NPE hit with java.security.debug=provider |
225 | JDK-8173581 | security‑libs | javax.crypto | performance regression in com/sun/crypto/provider/OutputFeedback.java |
226 | JDK-8169229 | security‑libs | javax.net.ssl | RSAClientKeyExchange debug info is incorrect |
227 | JDK-8181205 | security‑libs | javax.net.ssl | JRE fails to load/register security providers when started from UNC pathname |
228 | JDK-8147772 | security‑libs | javax.security | Update KerberosTicket to describe behavior if it has been destroyed and fix NullPointerExceptions |
229 | JDK-8163104 | security‑libs | javax.security | Unexpected NPE still possible on some Kerberos ticket calls |
230 | JDK-8153438 | security‑libs | javax.smartcardio | Avoid repeated "Please insert a smart card" popup windows |
231 | JDK-8170278 | security‑libs | org.ietf.jgss:krb5 | ticket renewal won't happen with debugging turned on |
232 | JDK-8176329 | tools | jdeps to detect MR jar file and output a warning | |
233 | JDK-8180660 | tools | javac | missing LNT entry for finally block |
234 | JDK-8028363 | xml | XmlGregorianCalendarImpl.getTimeZone() bug when offset is less than 10 minutes | |
235 | JDK-8169112 | xml | javax.xml.transform | java.lang.VerifyError: (class: GregorSamsa, method: template$dot$0$outline$1 signature: (LGregorSamsa$48;)V) Register 10 contains wrong type |
236 | JDK-8146086 | xml | jax‑ws | Publishing two webservices on same port fails with "java.net.BindException: Address already in use" |
237 | JDK-8172297 | xml | jax‑ws | In java 8, the marshalling with JAX‑WS does not escape carriage return |
238 | JDK-8162598 | xml | jaxp | XSLTC transformer swallows empty namespace declaration which is needed to undeclare default namespace |
239 | JDK-8146961 | xml | org.w3c.dom | Fix PermGen memory leaks caused by static final Exceptions |
October 17, 2017
The full version string for this update release is 1.8.0_151-b12 (where "b" means "build"). The version number is 8u151.
JDK 8u151 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u151 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_151-b12 |
7 | 1.7.0_161-b13 |
6 | 1.6.0_171-b13 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u151) will expire with the release of the next critical patch update scheduled for January 16, 2018.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u151) on February 16, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/java.util.jar
Decode error with Tomcat version 7.x
The zlib
version shipped in the 8u151 and 7u161 JDK releases was updated to zlib
v1.2.11. The deflate functionality in this version causes a compatibility issue with Tomcat v7.x. Server responses can appear as corrupt or can fail to be decoded. The issue is seen if Tomcat is using compression (e.g. compression="on" in server.xml
). This issue is being fixed via JDK-8189789.
Users can disable the compression mode on their Tomcat servers as a workaround. Tomcat versions 8.x and later don't appear to be affected.
See JDK-8191040
security-libs/java.security
Due to the more rigorous procedure of reading a keystore content, some keystores (particularly, those created with old versions of the JDK or with a JDK from other vendors) might need to be regenerated.
The following procedure can be used to import the keystore:
1. Before you start, create a backup of your keystore. For example, if your keystore file is /DIR/KEYSTORE
, make a copy of it:
cp /DIR/KEYSTORE /DIR/KEYSTORE.BK
Download an older release of the JDK, prior CPU17_04, and install it in a separate location. For example: 6u161, 7u151, or 8u141. Suppose, that older JDK is installed in the directory /JDK8U141
2. Make sure that the keystore can be successfully read with the keytool from that older directory. For example, if the keystore file is located in /DIR/KEYSTORE
, the following command should successfully list its content:
/JDK8U141/bin/keytool -list /DIR/KEYSTORE
3. Import the keystore. For example:
/JDK8U141/bin/keytool -importkeystore \
-srckeystore /DIR/KEYSTORE \
-srcstoretype JCEKS \
-srcstorepass PASSWORD \
-destkeystore /DIR/KEYSTORE.NEW \
-deststoretype JCEKS \
-deststorepass PASSWORD
4. Verify that the newly created keystore is correct. At the very least, make sure that the keystore can be read with keytool from a newer JDK:
/NEW_JDK/bin/keytool -list /DIR/KEYSTORE.NEW
After successful verification, replace the old keystore with the new one:
mv /DIR/KEYSTORE.NEW /DIR/KEYSTORE
Keep the backup copy of the keystore at least until you are sure the imported keystore is correct.
JDK-8181370 (not public)
core-libs/java.net
Default timeouts have changed for FTP URL handler
Timeouts used by the FTP URL protocol handler have been changed from infinite to 5 minutes. This will result in an IOException from connect and read operations if the FTP server is unresponsive. For example, new URL("ftp://example.com").openStream().read(),
will fail with java.net.SocketTimeoutException
in case a connection or reading could not be completed within 5 minutes.
To revert this behaviour to that of previous releases, the following system properties may be used, sun.net.client.defaultReadTimeout=0
, sun.net.client.defaultConnectTimeout=0
JDK-8181612 (not public)
install
Demo references in Solaris install documentation
Demos were removed from package tar.Z
bundle(JDK-7066713). There is a separate Demos&Samples bundle beginning with 7u2 b08 and 6u32 b04, but Solaris patches still contain SUNWj7dmo/SUNWj6dmo
. The 64 bit packages are SUNWj7dmx/SUNWj6dmx
Demo packages remain in the existing Solaris patches; however, just because they are there doesn't mean that they are installed. They will be patched only if the end user has them installed on the system.
http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html
The link above is to the Solaris OS Install Directions for the JDK. The SUNWj7dmx
package is mentioned in the tar.Z
portion of the directions. This is confusing to some as, according to the cited bug, the SUNWj7dmx
package shouldn't be part of the tar.Z
bundle.
See JDK-8175866
Remove revoked Swisscom root certificate "swisscomrootevca2"
One Swisscom root certificate has been revoked by Swisscom and has been removed:
Swisscom Root EV CA 2
alias: "swisscomrootevca2 [jdk]"
DN: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch
JDK-8186330 (not public)
security-libs/javax.crypto
New Security property to control crypto policy
This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy
Security property. If the new Security property (crypto.policy
) is set in the java.security
file, or has been set dynamically by using the Security.setProperty()
call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security
directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy
to a value of 'unlimited'. See the notes in the java.security
file shipping with this release for more information.
Note: On Solaris, it's recommended that you remove the old SVR4 packages before installing the new JDK updates. If an SVR4 based upgrade (without uninstalling the old packages) is being done on a JDK release earlier than 6u131, 7u121, 8u111, then you should set the new crypto.policy
Security property in the java.security
file.
Because the old JCE jurisdiction files are left in <java-home>/lib/security
, they may not meet the latest security JAR signing standards, which were refreshed in 6u131, 7u121, 8u111, and later updates. An exception similar to the following might be seen if the old files are used:
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers! at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:593) at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:524)
See JDK-8157561
Applications that either explicitly or implicitly call org.omg.CORBA.ORB.string_to_object
, and wish to ensure the integrity of the IDL stub type involved in the ORB::string_to_object
call flow, should specify additional IDL stub type checking. This is an "opt in" feature and is not enabled by default.
To take advantage of the additional type checking, the list of valid IDL interface class names of IDL stub classes is configured by one of the following:
Specifying the security property com.sun.CORBA.ORBIorTypeCheckRegistryFilter
located in the file conf/security/java.security
in Java SE 9 or in jre/lib/security/java.security
in Java SE 8 and earlier.
Specifying the system property com.sun.CORBA.ORBIorTypeCheckRegistryFilter
with the list of classes. If the system property is set, its value overrides the corresponding property defined in the java.security
configuration.
If the com.sun.CORBA.ORBIorTypeCheckRegistryFilter
property is not set, the type checking is only performed against a set of class names of the IDL interface types corresponding to the built-in IDL stub classes.
security-libs/java.security
Refactor existing providers to refer to the same constants for default values for key length
Two important changes have been made for this issue:
1. A new system property has been introduced that allows users to configure the default key size used by the JDK provider implementations of KeyPairGenerator and AlgorithmParameterGenerator. This property is named "jdk.security.defaultKeySize
" and the value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by ":". In addition, white space is ignored.
By default, this property will not have a value, and JDK providers will use their own default values. Entries containing an unrecognized algorithm name will be ignored. If the specified default key size is not a parseable decimal integer, that entry will be ignored as well.
2. The DSA KeyPairGenerator implementation of the SUN provider no longer implements java.security.interfaces.DSAKeyPairGenerator
. Applications which cast the SUN provider's DSA KeyPairGenerator object to a java.security.interfaces.DSAKeyPairGenerator
can set the system property "jdk.security.legacyDSAKeyPairGenerator
". If the value of this property is "true", the SUN provider will return a DSA KeyPairGenerator object which implements the java.security.interfaces.DSAKeyPairGenerator
interface. This legacy implementation will use the same default value as specified by the javadoc in the interface.
By default, this property will not have a value, and the SUN provider will return a DSA KeyPairGenerator object which does not implement the forementioned interface and thus can determine its own provider-specific default value as stated in the java.security.KeyPairGenerator
class or by the "jdk.security.defaultKeySize
" system property if set.
JDK-8181048 (not public)
core-libs/java.util:collections
Collections use serialization filter to limit array sizes
Deserialization of certain collection instances will cause arrays to be allocated. The ObjectInputFilter.checkInput()
method is now called prior to allocation of these arrays. Deserializing instances of ArrayDeque
, ArrayList
, IdentityHashMap
, PriorityQueue
, java.util.concurrent.CopyOnWriteArrayList
, and the immutable collections (as returned by List.of
, Set.of
, and Map.of
) will call checkInput()
with a FilterInfo instance whose style="font-family: Courier New;">serialClass()
method returns Object[].class
. Deserializing instances of HashMap
, HashSet
, Hashtable
, and Properties will call checkInput()
with a FilterInfo instance whose serialClass()
method returns Map.Entry[].class
. In both cases, the FilterInfo.arrayLength()
method will return the actual length of the array to be allocated. The exact circumstances under which the serialization filter is called, and with what information, is subject to change in future releases.
JDK-8174109 (not public)
security-libs/java.security
keytool now prints warnings when reading or generating certificates/certificate requests/CRLs using weak algorithms
With one exception, keytool will always print a warning if the certificate, certificate request, or CRL it is parsing, verifying, or generating is using a weak algorithm or key. When a certificate is from an existing TrustedCertificateEntry
, either in the keystore directly operated on or in the cacerts
keystore when the -trustcacerts
option is specified for the -importcert
command, keytool will not print a warning if it is signed with a weak signature algorithm. For example, suppose the file cert
contains a CA certificate signed with a weak signature algorithm, keytool -printcert -file cert
and keytool -importcert -file cert -alias ca -keystore ks
will print out a warning, but after the last command imports it into the keystore, keytool -list -alias ca -keystore ks
will not show a warning anymore.
Precisely, an algorithm or a key is weak if it matches the value of the jdk.certpath.disabledAlgorithms
security property defined in the conf/security/java.security
file.
See JDK-8171319
security-libs/java.security
New defaults for DSA keys in jarsigner and keytool
For DSA keys, the default signature algorithm for keytool
and jarsigner
has changed from SHA1withDSA to SHA256withDSA and the default key size for keytool
has changed from 1024 bits to 2048 bits.
Users wishing to revert to the previous behavior can use the -sigalg
option of keytool
and jarsigner
and specify SHA1withDSA and the -keysize
option of keytool
and specify 1024.
There are a few potential compatibility risks associated with this change:
keytool
to generate a DSA keypair but then subsequently specifies a specific signature algorithm, ex:
keytool -genkeypair -keyalg DSA -keystore keystore -alias mykey ...
keytool -certreq -sigalg SHA1withDSA -keystore keystore -alias mykey ...
it will fail with one of the following exceptions, because the new 2048-bit keysize default is too strong for SHA1withDSA:
keytool error: java.security.InvalidKeyException: The security strength of
SHA-1 digest algorithm is not sufficient for this key size
keytool error: java.security.InvalidKeyException: DSA key must be at most
1024 bits
The workaround is to remove the -sigalg
option and use the stronger SHA256withDSA default or, at your own risk, use the -keysize
option of keytool
to specify a smaller key size (1024).
jarsigner
to sign JARs with the new defaults, previous versions (than this release) of JDK 6 and 7 do not support the stronger defaults and will not be able to verify the JAR. jarsigner -verify
on an earlier release of JDK 6 or 7 will output the following error:
jar is unsigned. (signatures missing or not parsable)
If you add -J-Djava.security.debug=jar
to the jarsigner
command line, the cause will be output:
jar: processEntry caught: java.security.NoSuchAlgorithmException:
SHA256withDSA Signature not available
If compatibility with earlier releases is important, you can, at your own risk, use the -sigalg
option of jarsigner
and specify the weaker SHA1withDSA algorithm.
PKCS11
keystore, the SunPKCS11 provider does not support the SHA256withDSA
algorithm. jarsigner
and some keytool
commands may fail with the following exception if PKCS11
is specified with the -storetype
option, ex:
keytool error: java.security.InvalidKeyException: No installed provider
supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
A similar error may occur if you are using NSS with the SunPKCS11 provider. The workaround is to use the -sigalg
option of keytool
and specify SHA1withDSA.
See JDK-8057810
security-libs/java.security
Add warnings to keytool when using JKS and JCEKS
When keytool
is operating on a JKS or JCEKS keystore, a warning may be shown that the keystore uses a proprietary format and migrating to PKCS12 is recommended. The keytool
's -importkeystore
command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.
JDK-8182879 (not public)
security-libs/java.security
keytool now prints out information of a certificate's public key
Keytool now prints out the key algorithm and key size of a certificate's public key, in the form of "Subject Public Key Algorithm: <size>-bit RSA key", where <size>
is the key size in bits (ex: 2048).
See JDK-8029659
tools
Improve javadoc generation
The Javadoc Standard Doclet documentation has been enhanced to specify that it doesn't validate the content of documentation comments for conformance, nor does it attempt to correct any errors in documentation comments. See the Conformance section in the Doclet documentation.
JDK-8179042 (not public)
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8179084 | hotspot | gc | HotSpot VM fails to start when AggressiveHeap is set |
2 | JDK-8089283 | javafx | web | Padding property of the select tag is incorrect in WebView |
3 | JDK-8132675 | javafx | web | VBox.setVgrow and HBox.setHgrow corrupt following controls when window resized |
4 | JDK-8138652 | javafx | web | [macosx] New WebView Native Code uses private Apple APIs |
5 | JDK-8165909 | javafx | web | JavaScript to Java String conversion is not correct |
6 | JDK-8170450 | javafx | web | Crash while loading wordpress.com in HiDPI / Retina display |
7 | JDK-8172495 | javafx | web | Ignore __cmake_systeminformation from web module build directory |
8 | JDK-8172836 | javafx | web | WebView Debug build is broken |
9 | JDK-8176729 | javafx | web | com.sun.webkit.dom.NodeImpl#SelfDisposer is not called |
10 | JDK-8178319 | javafx | web | Build sqlite3 from source |
11 | JDK-8178360 | javafx | web | Build and integrate ICU from source |
12 | JDK-8178440 | javafx | web | Build libxml2 and libxslt from source |
13 | JDK-8179673 | javafx | web | JVM Crash in WebPage.setBackgroundColor() during webpage navigation (Non Public API) |
14 | JDK-8180825 | javafx | web | Javafx WebView fails to render pdf.js |
15 | JDK-8183292 | javafx | web | Update to 604.1 version of WebKit |
16 | JDK-8184448 | javafx | web | Crash while loading gif images with more frames |
17 | JDK-8185132 | javafx | web | window.requestAnimationFrame API is not working |
18 | JDK-8172847 | javafx | window‑toolkit | [macos] If you hit the escape key repeatedly to close the subwindow, the process crashes |
19 | JDK-8029659 | security‑libs | java.security | Keytool, print key algorithm of certificate or key entry |
20 | JDK-8154015 | security‑libs | java.security | Apply algorithm constraints to timestamped code |
21 | JDK-8171319 | security‑libs | java.security | keytool should print out warnings when reading or generating cert/cert req using weak algorithms |
22 | JDK-8177569 | security‑libs | java.security | keytool should not warn if signature algorithm used in cacerts is weak |
23 | JDK-8157561 | security‑libs | javax.crypto | Ship the unlimited policy files in JDK Updates |
24 | JDK-8167485 | tools | visualvm | Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK |
The following sections summarize changes made in all Java SE 8u144 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8159035 (Confidential) |
security-libs | javax.crypto | com/sun/crypto/provider/Cipher/CTS/CTSMode.java test crashed due to unhandled case of cipher length value as 0 |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8185572 | hotspot | compiler | Enable AssumeMP by default on SPARC machines |
8074544 | deploy | webstart | webstart app fails with CouldNotLoadArgumentException when account in Japanese |
8133531 (Confidential) |
deploy | webstart | deployJava.launchWebStartApplication() couldn't work |
8129820 (Confidential) |
deploy | webstart | Crash in native javaws base64 code |
8180490 (Confidential) |
deploy | plugin | Forms context lost when legacy_lifecycle=yes |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8180048 | hotspot | gc | Interned string and symbol table leak memory during parallel unlinking |
8175169 (Confidential) |
deploy | webstart | Reduce security dialogs when only application args change |
8180457 (Confidential) |
deploy | webstart | WebStart cached jar verification intermittently slow in native ReadFile function |
Please note that fixes from prior BPR (8u141 b32) are included in this version.
Bug Fixes
July 26, 2017
The full version string for this update release is 1.8.0_144-b01 (where "b" means "build"). The version number is 8u144.
JDK 8u144 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u144 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_141-b15 |
7 | 1.7.0_151-b15 |
6 | 1.6.0_161-b13 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u144) will expire with the release of the next critical patch update scheduled for October 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u144) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/java.util.jar
java.util.zip.ZipFile.getEntry() now always returns the ZipEntry instance with a / ended entry name for directory entry
The java.util.zip.ZipEntry
API doc specifies "A directory entry is defined to be one whose name ends with a /"
. However, in previous JDK releases, java.util.zip.ZipFile.getEntry(String entryName)
may return a ZipEntry
instance with an entry name that does not end with /
for an existing zip directory entry when
entryName
does not end with a /, andentryName
+ /
in the zip file.With this release, the name of the ZipEntry
instance returned from java.util.zip.ZipFile.getEntry()
always ends with /
for any zip directory entry.
To revert to the previous behavior, set the system property jdk.util.zip.ensureTrailingSlash
to "false".
This change was made in order to fix a regression introduced in JDK 8u141 when verifying signed JARs that has caused some WebStart applications to fail to load.
See JDK-8184993
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8184993 | security‑libs | java.security | Jar file verification failing with SecurityException: digest missing xxx |
The following sections summarize changes made in all Java SE 8u141 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from prior BPR (8u131 b34) are included in this version.
deploy/webstart
JAR file validation changes
After upgrading to the JDK July CPU release (8u141/7u151/6u161), when executing Java Webstart applications, customers may encounter an exception like
“java.lang.SecurityException: digest missing for …” that prevents the application from loading.
The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/" in the name of the package (e.g.: Name: org/apache/xml/resolver). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:
NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.
NOTE: You must use the jar utility. Other jar creation tools might re-introduce the issue.
[1] https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706
See JDK-8184993
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8164410 | deploy | plugin | JRE 6u121 causes applet to fail with: Reset deny session certificate store |
8178536 | hotspot | svc | OOM ERRORS + SERVICE-THREAD TAKES A PROCESSOR TO 100% |
8161598 (Confidential) |
hotspot | compiler | Kitchensink fails: assert(nm->insts_contains(original_pc)) failed: original PC must be in nmethod/CompiledMethod |
8182672 (Confidential) |
core-libs | java.net | Java 8u121 on Linux intermittently returns null for MAC address |
July 18, 2017
The full version string for this update release is 1.8.0_141-b15 (where "b" means "build"). The version number is 8u141.
JDK 8u141 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u141 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_141-b15 |
7 | 1.7.0_151-b15 |
6 | 1.6.0_161-b13 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u141) will expire with the release of the next critical patch update scheduled for October 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u141) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
deploy/webstart
JAR file validation changes
After upgrading to the JDK July CPU release (8u141/7u151/6u161), when executing Java Webstart applications, customers may encounter an exception like “java.lang.SecurityException: digest missing for …” that prevents the application from loading.
The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/
" in the name of the package (e.g.: Name: org/apache/xml/resolver
). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:
NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.
jar xf jar-file
)./
” to the name of the package ( e.g.: Name: org/apache/xml/resolver/
).rm -f META-INF/*.SF META-INF/*.RSA META-INF/*.DSA
).jar cfm jar-file META-INF/MANIFEST.MF input-file(s)
). NOTE: You must use the jar
utility. Other jar
creation tools might re-introduce the issue.
[1] https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706
See JDK-8184993
New Let's Encrypt certificates added to root CAs
One new root certificate has been added:
ISRG Root X1
alias: letsencryptisrgx1
DN: CN=ISRG Root X1, O=Internet Security Research Group, C=US
JDK-8177539 (not public)
security-libs/java.security
Disable SHA-1 TLS Server Certificates
Any TLS server certificate chain containing a SHA-1 certificate (end-entity or intermediate CA) and anchored by a root CA certificate included by default in Oracle's JDK is now blocked by default. TLS Server certificate chains that are anchored by enterprise or private CAs are not affected. Only X.509 certificate chains that are validated by the PKIX
implementation of the CertPathValidator
and CertPathBuilder
APIs and the SunX509
and PKIX
implementations of the TrustManagerFactory
API are subject to the restrictions. Third-party implementations of these APIs are directly responsible for enforcing their own restrictions.
To implement this restriction and provide more flexibility for configuring your own restrictions, additional features have been added to the jdk.certpath.disabledAlgorithms
and jdk.jar.disabledAlgorithms
Security Properties in the java.security
file, as follows:
jdk.certpath.disabledAlgorithms
:
Three new constraints have been added to this Security Property:
A new constraint named jdkCA
, that when set, restricts the algorithm if it is used in a certificate chain that is anchored by a trust anchor that is pre-installed in the JDK cacerts keystore. This condition does not apply to certificate chains that are anchored by other certificates, including those that are subsequently added to the cacerts keystore. Also, note that the restriction does not apply to trust anchor certificates, since they are directly trusted.
A new constraint named denyAfter
, that when set, restricts the algorithm if it is used in a certificate chain after the specified date. The restriction does not apply to trust anchor certificates, since they are directly trusted. Also, code signing certificate chains as used in signed JARs are treated specially as follows:
if the certificate chain is used with a signed JAR that is not timestamped, it will be restricted after the specified date
if the certificate chain is used with a signed JAR that is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.
A new constraint named usage
, that when set, restricts the algorithm if it is used in a certificate chain for the specified use(s). Three usages are initially supported: TLSServer
for TLS/SSL server certificate chains, TLSClient
for TLS/SSL client certificate chains, and SignedJAR
for certificate chains used with signed JARs.
Multiple constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA-1 TLS Server certificate chains that are anchored by pre-installed root CAs, the constraint is "SHA1 jdkCA & usage TLSServer".
jdk.jar.disabledAlgorithms
:
A new constraint has been added named denyAfter
, that when set, restricts the algorithm if it is used in a signed JAR after the specified date, as follows:
if the JAR is not timestamped, it will be restricted (treated as unsigned) after the specified date
if the JAR is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.
For example, to restrict SHA1 in JAR files signed after January 1st 2018, add the following to the property: "SHA1 denyAfter 2018-01-01". The syntax is the same as the certpath property, however certificate checking will not be performed by this property.
See JDK-8176536
core-svc/java.lang.management
JMX Diagnostic improvements
com.sun.management.HotSpotDiagnostic::dumpHeap
API is modified to throw IllegalArgumentException
if the supplied file name does not end with “.hprof
” suffix. Existing applications which do not provide a file name ending with the “.hprof
” extension will fail with IllegalArgumentException
. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix
' to true.
JDK-8176055 (not public)
security-libs/javax.net.ssl
Custom HostnameVerifier enables SNI extension
Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via the setHostnameVerifier(HostnameVerifier v)
method in HttpsURLConnection
. The fix ensures the Server Name is now sent in the ClientHello body.
See JDK-8144566
xml/jax-ws
Tighter secure checks on processing WSDL files by wsimport tool
The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:
To restore the previous behavior:
com.sun.xml.internal.ws.disableXmlSecurity
to true–disableXmlSecurity
NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU
JDK-8182054 (not public)
This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8179014 | client‑libs | java.awt | JFileChooser with Windows look and feel crashes on win 10 |
2 | JDK-8178996 | client‑libs | javax.swing | [macos] JComboBox doesn't display popup in mixed JavaFX Swing Application on 8u131 and Mac OS 10.12 |
3 | JDK-8174729 | core‑libs | java.lang:reflect | Race Condition in java.lang.reflect.WeakCache |
4 | JDK-8165231 | core‑libs | java.nio | java.nio.Bits.unaligned() doesn't return true on ppc |
5 | JDK-8180582 | core‑libs | java.rmi | After updating to Java8u131, the bind to rmiregistry is rejected by registryFilter even though registryFilter is set |
6 | JDK-8139870 | core‑svc | java.lang.management | sun.management.LazyCompositeData.isTypeMatched() fail for composite types with items of ArrayType |
7 | JDK-8174164 | hotspot | compiler | SafePointNode::_replaced_nodes breaks with irreducible loops |
8 | JDK-8165342 | javafx | scenegraph | NPE when JavaFX loads default stylesheet or font families if CCL is null |
9 | JDK-8179321 | javafx | web | WebEngine.getDocument().getDocumentURI() no longer returns null for loading a String of HTML |
10 | JDK-8175251 | security‑libs | java.security | Failed to load RSA private key from pkcs12 |
11 | JDK-8176536 | security‑libs | java.security | Improved algorithm constraints checking |
12 | JDK-8144566 | security‑libs | javax.net.ssl | Custom HostnameVerifier disables SNI extension |
The following sections summarize changes made in all Java SE 8u131 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8173654 | core-libs | java.lang | Regression since 8u60: System.getenv doesn't return env var set in JNI code |
8075484 | core-libs | java.net | SocketInputStream.socketRead0 can hang even with soTimeout set |
8180660 | tools | javac | missing LNT entry for finally block |
8164119 | client-libs | java.awt | MoveToOtherScreenTest fails due wrong key attribute |
8181192 | client-libs | 2d | [macos] javafx.print.PrinterJob.showPrintDialog() hangs on macOS |
8172297 | xml | jax-ws | In java 8, the marshalling with JAX-WS does not escape carriage return |
8181057 (Confidential) |
deploy | webstart | [regression] Fix of JDK-8174177 breaks existing scenarios of SingleInstanceService. |
8181892 (Confidential) |
core-svc | tools | Fix usagetracker use of getEnvVar |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8175251 | security-libs | java.security | Failed to load RSA private key from pkcs12 |
8160696 | client-libs | java.awt | IllegalArgumentException: adding a component to a container on a different GraphicsDevice |
8168914 | hotspot | gc | Crash in ClassLoaderData/JNIHandleBlock::oops_do during concurrent marking |
8174177 (Confidential) |
deploy | webstart | JWS: SAXParseException due to JNLP file not escaped |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8145207 | client-libs | javax.accessibility | [macosx] JList, VO can't access non-visible list items |
8076554 | client-libs | javax.accessibility | [macosx] Custom Swing text components need to allow standard accessibility |
8165829 | client-libs | javax.accessibility | Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent |
8076249 | client-libs | javax.accessibility | NPE in AccessBridge while editing JList model |
8164002 | hotspot | compiler | Add a new CPU family (S_family) for SPARC S7 and above processors |
8167102 | client-libs | 2d | [macosx] PrintRequestAttributeSet breaks page size set using PageFormat |
8061258 | client-libs | 2d | [macosx] PrinterJob's native Print Dialog does not reflect specified Copies or Page Ranges |
8176490 (Confidential) |
client-libs | java.awt | [macosx] Sometimes NSWindow.isZoomed hangs |
8177449 | core-libs | java.time | (tz) Support tzdata2017b |
Please note that fixes from the prior BPR (8u121 b36) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8164293 | hotspot | compiler | HotSpot leaking memory in long-running requests |
8043913 | hotspot | compiler | remove legacy code in SPARC's VM_Version::platform_features |
8049717 | hotspot | runtime | expose L1_data_cache_line_size for diagnostic/sanity checks |
8177817 | hotspot | runtime | Remove assertions in 8u that were removed by 8056124 in 9. |
8134119 | hotspot | compiler | Use new API to get cache line sizes |
8165482 | hotspot | compiler | java in ldoms, with cpu-arch=generic has problems |
8165342 | javafx | scenegraph | NPE when JavaFX loads default stylesheet or font families if CCL is null |
April 18, 2017
The full version string for this update release is 1.8.0_131-b11 (where "b" means "build"). The version number is 8u131.
JDK 8u131 contains IANA time zone data version 2017a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u131 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_131-b11 |
7 | 1.7.0_141-b11 |
6 | 1.6.0_151-b10 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u131) will expire with the release of the next critical patch update scheduled for July 18, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u131) on August 18, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
security-libs/java.security
MD5 added to jdk.jar.disabledAlgorithms Security property
This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms
, in the java.security
file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify
" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.
For example, to check a JAR file named test.jar
, use the following command:
jarsigner -verify test.jar
If the file in this example was signed with a weak signature algorithm like MD5withRSA, the following output would be displayed:
The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled. Re-run jarsigner with the -verbose
option for more details.
More details can be displayed by using the verbose option:
jarsigner -verify -verbose test.jar
The following output would be displayed:
- Signed by "CN=weak_signer"
Digest algorithm: MD5 (weak)
Signature algorithm: MD5withRSA (weak), 512-bit key (weak)
Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit key
To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size. Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms
security property; however, this option is not recommended. Before re-signing affected JARs, the existing signature(s) should be removed from the JAR file. This can be done with the .zip
utility, as follows:
zip -d test.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*.DSA'
Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JARs and other security components.
JDK-8171121 (not public)
core-libs/java.net
New system property to control caching for HTTP SPNEGO connection.
A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.
With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache
is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:
JDK-8170814 (not public)
core-libs/java.net
New system property to control caching for HTTP NTLM connection.
A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.
On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server.
With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache
is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:
JDK-8163520 (not public)
tools/visualvm
New version of VisualVM
VisualVM 1.3.9 was released on October 4th, 2016 http://visualvm.github.io/relnotes.html and has been integrated into 8u131.
See JDK-8167485
The following are some of the notable bug fixes included in this release:
client-libs/java.awt
Introduced a new window ordering model
On the OS X platform, the AWT framework used native services to implement parent-child relationship for windows. That caused some negative visual effects especially in multi-monitor environments. To get rid of the disadvantages of such an approach, the new window ordering model, which is fully implemented at the JDK layer, was introduced. Its main principles are listed below:
These rules are applied to every frame or dialog from the window hierarchy that contains the currently focused window.
See JDK-8169589
security-libs/javax.net.ssl
Correction of IllegalArgumentException from TLS handshake
A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code:
java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves
The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.
See JDK-8173783
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-7155957 | client‑libs | java.awt | closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 |
2 | JDK-8035568 | client‑libs | java.awt | [macosx] Cursor management unification |
3 | JDK-8079595 | client‑libs | java.awt | Resizing dialog which is JWindow parent makes JVM crash |
4 | JDK-8169589 | client‑libs | java.awt | [macosx] Activating a JDialog puts to back another dialog |
5 | JDK-8147842 | client‑libs | javax.swing | IME Composition Window is displayed at incorrect location |
6 | JDK-7167293 | core‑libs | java.net | FtpURLConnection connection leak on FileNotFoundException |
7 | JDK-8169465 | core‑libs | javax.naming | Deadlock in com.sun.jndi.ldap.pool.Connections |
8 | JDK-8133045 | deploy | deployment_toolkit | java.lang.SecurityException: Failed to extract baseline.versions error |
9 | JDK-8028538 | deploy | webstart | Fedora Linux issue with jnlp‑servlet.jar demo source code license |
10 | JDK-8170646 | deploy | webstart | JNLP fails to get loaded with old javaws when multiple jres (jre9 and jre8u111) installed |
11 | JDK-8075196 | docs | guides | CosNaming's implementation doesn't comply with the specification |
12 | JDK-8161147 | hotspot | compiler | jvm crashes when ‑XX:+UseCountedLoopSafepoints is enabled |
13 | JDK-8161993 | hotspot | gc | G1 crashes if active_processor_count changes during startup |
14 | JDK-8147910 | hotspot | runtime | Cache initial active_processor_count |
15 | JDK-8150490 | hotspot | runtime | Update OS detection code to recognize Windows Server 2016 |
16 | JDK-8170888 | hotspot | runtime | [linux] Experimental support for cgroup memory limits in container (ie Docker) environments |
17 | JDK-8166208 | hotspot | svc | FlightRecorderOptions settings for defaultrecording ignored. |
18 | JDK-8161945 | install | install | REGRESSION: 8u91 update of 32 bit JRE removes preferences of the 64 bit JRE |
19 | JDK-8172932 | install | install | JRE installation fails with 1603 on Windows 10 with enabled Deviceguard |
20 | JDK-8089915 | javafx | web | Input of type file doesn't honor "accept" attribute. |
21 | JDK-8090216 | javafx | web | HTMLEditor: font bold doesn't work when an indent is set |
22 | JDK-8144263 | javafx | web | [WebView, OS X] Webkit rendering artifacts with inertia scrolling |
23 | JDK-8150982 | javafx | web | Crash when calling WebEngine.print on background thread |
24 | JDK-8164314 | javafx | web | [WebView] Debug build is no longer working after JDK‑8089681 |
25 | JDK-8165098 | javafx | web | WebEngine.print will attempt to print even if the printer job is complete or has an error |
26 | JDK-8165173 | javafx | web | canvas/philip/tests/2d.path.clip.empty.html fails with 8u112 |
27 | JDK-8165508 | javafx | web | Incorrect Bug ID in comment for JDK-8164076 |
28 | JDK-8166231 | javafx | web | use @Native annotation in web classes |
29 | JDK-8166677 | javafx | web | HTMLEditor freezes after restoring previously maximized window |
30 | JDK-8166775 | javafx | web | Audio slider works incorrectly for short files |
31 | JDK-8166999 | javafx | web | Update to newer version of WebKit |
32 | JDK-8167098 | javafx | web | Backport of JDK‑8158926 to JDK 8u mistakenly used preliminary patch |
33 | JDK-8167100 | javafx | web | Minor source diffs introduced in backports of JDK-8160837 and JDK-8163582 |
34 | JDK-8167675 | javafx | web | Animated gifs are not working |
35 | JDK-8169204 | javafx | web | Need to document JSObject Call and setSlot APIs to use weak references |
36 | JDK-8170585 | javafx | web | Fix PlatformContextJava type leaking to GraphicsContext |
37 | JDK-8170938 | javafx | web | Memory leak in JavaFX WebView |
38 | JDK-8173783 | security‑libs | javax.net.ssl | IllegalArgumentException: jdk.tls.namedGroups |
39 | JDK-6474807 | security‑libs | javax.smartcardio | (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException |
40 | JDK-8168774 | tools | javac | Polymorhic signature method check crashes javac |
41 | JDK-8167485 | tools | visualvm | Integrate new version of Java VisualVM based on VisualVM 1.3.9 into JDK |
42 | JDK-8167179 | xml | jaxp | Make XSL generated namespace prefixes local to transformation process |
The following sections summarize changes made in all Java SE 8u121 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8058316 | client-libs | 2d | lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command |
8176044 | core-libs | java.time | (tz) Support tzdata2017a |
8165978 (Confidential) |
core-libs | java.net | SocketTest.java fails with NullPointerException |
8145826 (Confidential) |
core-svc | javax.management | closed/jdk/management/resource tests fail after JDK-8056152 |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8162795 | hotspot | jvmti | [REDO] MemberNameTable doesn't purge stale entries |
8171808 | client-libs | javax.accessibility | Performance problems in dialogs with large tables when JAB activated |
8170950 | client-libs | 2d | Text is displayed in bold when fonts are installed into symlinked folder |
8163979 | client-libs | java.awt | [macosx] Chinese text shows as Latin w/ openVanilla input method |
8163889 (Confidential) |
client-libs | java.awt | [macosx] Can't print from browser on Mac OS X |
8171388 (Confidential) |
core-libs | javax.naming | Update JNDI Thread contexts |
A regression has been identified with this build which impacts resource manager functionality only. This regression is only encountered if the commercial resource manager feature is turned on via: "-XX:+UnlockCommercialFeatures -XX:+ResourceManagement". JDK-8145826 (not public)
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8173783 | security-libs | javax.net.ssl | IllegalArgumentException: jdk.tls.namedGroups |
8173145 | client-libs | javax.swing | Menu is activated after using mnemonic Alt/Key combination |
8038348 | hotspot | compiler | Instance field load is replaced by wrong data Phi |
8170888 | hotspot | runtime | [linux] Experimental support for cgroup memory limits in container (ie Docker) environments |
6515172 | hotspot | runtime | Runtime.availableProcessors() ignores Linux taskset command |
8147910 | hotspot | runtime | Cache initial active_processor_count |
8165153 | hotspot | runtime | Crash in rebuild_cpu_to_node_map |
8161993 | hotspot | gc | G1 crashes if active_processor_count changes during startup |
8170307 (Confidential) |
hotspot | runtime | Stack size option -Xss is ignored |
8157184 (Confidential) |
hotspot | compiler | java/lang/invoke/LFCaching/LFMultiThreadCachingTest.java failed with a fatal error |
8166158 (Confidential) |
deploy | webstart | correct version of jar is not asked in some cases when jar is originally downloaded using loadResource |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8169465 | core-libs | javax.naming | Deadlock in com.sun.jndi.ldap.pool.Connections |
8152981 | client-libs | javax.swing | Double icons with JMenuItem setHorizontalTextPosition on Win 10 |
8075516 | client-libs | java.awt | Deleting a file from either the open or save java.awt.FileDialog hangs. |
7172652 | client-libs | javax.swing | With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin |
8159058 | xml | jax-ws | SAXParseException when sending soap message |
8141054 | deploy | webstart | WebStart does not clean up jnlp file after closing |
8169541 (Confidential) |
deploy | deployment_toolkit | security pop-up triggers each time when launching application |
8170668 (Confidential) |
deploy | webstart | java.lang.UnsupportedOperationException in javaws applications |
8168070 (Confidential) |
deploy | webstart | Extra window appears due to Preloader failed to handle AppletInitEvent |
Please note that fixes from the prior BPR (8u112 b32) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8167179 | xml | jaxp | Make XSL generated namespace prefixes local to transformation process |
8166208 | hotspot | svc | FlightRecorderOptions settings for defaultrecording ignored. |
8155211 | security-libs | java.security | Ucrypto Library leaks native memory |
8035568 | client-libs | java.awt | [macosx] Cursor management unification |
8169589 | client-libs | java.awt | [macosx] Activating a JDialog puts to back another dialog |
8163195 (Confidential) |
deploy | webstart | Release DeploymentRuleSet.jar as soon as app is launched |
8160275 (Confidential) |
deploy | deployment_toolkit | 7u95 java does not start after the java splash screen in jws application |
8161609 (Confidential) |
deploy | plugin | Deploy starts applets even if mandatory config hasn't been found |
8164476 (Confidential) |
deploy | deployment_toolkit | JWS: JNLP file not removed when using SingleInstanceService |
8171949 (Confidential) |
client-libs | java.awt | [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state |
8171952 (Confidential) |
client-libs | java.awt | [macosx] ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. |
The fix made under JDK-8164476 does not take any effect without changes for JDK-8141054. JDK-8141054 will be included in the next JDK8u121 BPR build
January 17, 2017
The full version string for this update release is 1.8.0_121-b13 (where "b" means "build"). The version number is 8u121.
JDK 8u121 contains IANA time zone data version 2016i. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u121 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_121-b13 |
7 | 1.7.0_131-b12 |
6 | 1.6.0_141-b12 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u121) will expire with the release of the next critical patch update scheduled for April 18, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u121) on May 18, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
core-libs/javax.naming
Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:
com.sun.jndi.rmi.object.trustURLCodebase
com.sun.jndi.cosnaming.object.trustURLCodebase
JDK-8158997 (not public)
security-libs/java.security
jarsigner -verbose -verify should print the algorithms used to sign the jar
The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.
Specifically, when "jarsigner -verify -verbose filename.jar
" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms
, it will be labeled with "(weak)".
For example:
- Signed by "CN=weak_signer"
Digest algorithm: MD2 (weak)
Signature algorithm: MD2withRSA (weak), 512-bit key (weak)
Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit key
See JDK-8163304
security-libs/javax.xml.crypto
Added security property to configure XML Signature secure validation mode
A new security property named jdk.xml.dsig.secureValidationPolicy
has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the java.security
configuration file is:
jdk.xml.dsig.secureValidationPolicy=\
disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
maxTransforms 5,\
maxReferences 30,\
disallowReferenceUriSchemes file http https,\
noDuplicateIds,\
noRetrievalMethodLoops
Please refer to the definition of the property in the java.security
file for more information.
See JDK-8151893
core-libs/java.io:serialization
Serialization Filter Configuration
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security
. Filter actions are logged to the 'java.io.serialization' logger, if enabled.
See JDK-8155760
core-libs/java.rmi
RMI Better constraint checking
RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.
RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.
Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security
.
JDK-8156802 (not public)
security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions
*New certpath constraint: jdkCA*
In the java.security
file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms
property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts
keystore. If the jdkCA
constraint is not set, then all chains using the specified algorithm are restricted. jdkCA
may only be used once in a DisabledAlgorithm expression.
Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCA
See JDK-8140422
security-libs/javax.net.ssl
Make 3DES as a legacy algorithm in the JSSE provider
For SSL/TLS/DTLS protocols, the security strength of 3DES cipher suites is not sufficient for persistent connections. By adding 3DES_EDE_CBC
to the jdk.tls.legacyAlgorithms
security property by default in JDK, 3DES cipher suites will not be negotiated unless there are no other candidates during the establishing of SSL/TLS/DTLS connections.
At their own risk, applications can update this restriction in the security property (jdk.tls.legacyAlgorithms
) if 3DES cipher suites are really preferred.
JDK-8165071 (not public)
security-libs/javax.net.ssl
Improve the default strength of EC in JDK
To improve the default strength of EC cryptography, EC keys less than 224 bits have been deactivated in certification path processing (via the jdk.certpath.disabledAlgorithms
Security Property) and SSL/TLS connections (via the jdk.tls.disabledAlgorithms
Security Property) in JDK. Applications can update this restriction in the Security Properties and permit smaller key sizes if really needed (for example, "EC keySize < 192"). EC curves less than 256 bits are removed from the SSL/TLS implementation in JDK. The new System Property, jdk.tls.namedGroups
, defines a list of enabled named curves for EC cipher suites in order of preference. If an application needs to customize the default enabled EC curves or the curves preference, please update the System Property accordingly. For example:
jdk.tls.namedGroups="secp256r1, secp384r1, secp521r1"
Note that the default enabled or customized EC curves follow the algorithm constraints. For example, the customized EC curves cannot re-activate the disabled EC keys defined by the Java Security Properties.
See JDK-8148516
tools/javadoc(tool)
New --allow-script-in-comments option for javadoc
The javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments
is specified.
With the --allow-script-in-comments
option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.
JDK-8138725 (not public)
security-libs/javax.xml.crypto
Increase the minimum key length to 1024 for XML Signatures
The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy
has been added to the java.security
file and can be used to control the different restrictions enforced when the secure validation mode is enabled.
The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation
to true with the javax.xml.crypto.XMLCryptoContext.setProperty
method, or by running the code with a SecurityManager
.
If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
JDK-8140353 (not public)
docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.
DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the jdk.certpath.disabledAlgorithms
security property. Applications can update this restriction in the security property (jdk.certpath.disabledAlgorithms
) and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
JDK-8139565 (not public)
security-libs
More checks added to DER encoding parsing code
More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change.
JDK-8168714 (not public)
core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance
Class loaders created by the java.net.URLClassLoader.newInstance
methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions
system property.
JDK-8151934 (not public)
The following are some of the notable bug fixes included in this release:
client-libs/javax.swing
Trackpad scrolling of text on OS X 10.12 Sierra is very fast
The MouseWheelEvent.getWheelRotation()
method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation()
. The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation()
method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation()
specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):
"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."
For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation()
method instead.
See JDK-8166591
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8037099 | client-libs | java.awt | [macosx] Remove all references to GC from native OBJ-C code |
2 | JDK-8166591 | client-libs | javax.swing | [macos 10.12] Trackpad scrolling of text on macOS 10.12 Sierra is very fast (Trackpad, Retina only) |
3 | JDK-8152438 | hotspot | gc | Threads may do significant work out of the non‑shared overflow buffer |
4 | JDK-8163171 | install | install | Java installer leaves cached files on host after update |
5 | JDK-8164908 | other‑libs | corba | ReflectionFactory support for IIOP and custom serialization |
6 | JDK-8161571 | security-libs | java.security | Verifying ECDSA signatures permits trailing bytes |
7 | JDK-8163304 | security-libs | java.security | jarsigner -verbose -verify should print the algorithms used to sign the jar |
8 | JDK-8167591 | security-libs | java.security | Add MD5 to signed JAR restrictions |
9 | JDK-8167459 | security-libs | javax.net.ssl | Add debug output for indicating if a chosen ciphersuite was legacy |
10 | JDK-8167472 | security-libs | javax.net.ssl | Chrome interop regression with JDK‑8148516 |
11 | JDK-8170131 | security-libs | javax.net.ssl | Certificates not being blocked by jdk.tls.disabledAlgorithms property |
12 | JDK-8151893 | security-libs | javax.xml.crypto | Add security property to configure XML Signature secure validation mode |
security-libs/javax.net.ssl
IllegalArgumentException from TLS handshake
A recent issue from the JDK-8148516 fix can cause issue for some TLS servers. The problem originates from an *IllegalArgumentException
* thrown by the TLS handshaker code:
java.lang.IllegalArgumentException: System property
jdk.tls.namedGroups(null) contains no supported elliptic curves
The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.
See JDK-8173783
deploy/packager
javapackager and fx:deploy bundle the whole JDK instead of JRE
There is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime
option. For example: -Bruntime=JavaAppletPlugin.plugin
sets where the JavaAppletPlugin.plugin
for the desired JRE to bundle is located in the current directory.
See JDK-8166835
install/install
Java Installation will fail for non-admin users with UAC off
The Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds
<number>.tmp
, in the %TEMP% directory.
JDK-8161460 (not public)
The following sections summarize changes made in all Java SE 8u112 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from the prior BPR (8u102 b35) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8166591 | client-libs | javax.swing | [macos 10.12] Trackpad scrolling of text on macOS 10.12 Sierra is very fast (Trackpad, Retina only) |
8166875 | core-libs | java.time | (tz) Support tzdata2016g |
8063089 (Confidential) |
hotspot | jfr | VM fails to start on Windows with enabled JFR |
October 18, 2016
The full version string for this update release is 1.8.0_112-b15 (b16 for OS X) (where "b" means "build"). The version number is 8u112.
JDK 8u112 contains IANA time zone data version 2016f. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8159684
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u112 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_111-b14 |
7 | 1.7.0_121-b15 |
6 | 1.6.0_131-b14 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u112) will expire with the release of the next critical patch update scheduled for January 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u112) on February 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
security-libs/java.security
SunPKCS11 Provider no longer offering SecureRandom by default
SecureRandom.PKCS11
from the SunPKCS11 Provider is disabled by default on Solaris because the native PKCS11 implementation has poor performance and is not recommended. If your application requires SecureRandom.PKCS11
, you can re-enable it by removing "SecureRandom" from the disabledMechanisms list in conf/security/sunpkcs11-solaris.cfg
Performance improvements have also been made in the java.security.SecureRandom
class. Improvements in the JDK implementation have allowed for synchronization to be removed from the java.security.SecureRandom.nextBytes(byte[] bytes)
method.
See JDK-8098581
deploy
JVM throws NullPointerExceptions on macOS Sierra 10.12
On macOS Sierra 10.12, if a user presses modifier keys (such as Command, Shift, or Alt) while an applet is running in a browser, an error box named “Internal Error” might be displayed. It will also show the “exec” icon in the macOS dock. The user can dismiss the applet, or try to rerun the applet while not pressing a modifier key. To fix this problem, users can install JRE 8u112.
See JDK-8165867.
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-6477756 | client-libs | 2d | GraphicsDevice.getConfigurations() is slow taking 3 or more seconds |
2 | JDK-7172749 | client-libs | 2d | Xrender: Class cast exception in 2D code running an AWT regression test |
3 | JDK-8028486 | client-libs | 2d | java/awt/Window/WindowsLeak/WindowsLeak.java fails |
4 | JDK-8078382 | client-libs | 2d | Wrong glyph is displayed for a derived font |
5 | JDK-8133309 | client-libs | 2d | [win10] Some unicode characters do not display any more after upgrading to Windows 10 |
6 | JDK-8144703 | client-libs | 2d | ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont |
7 | JDK-8158495 | client-libs | 2d | CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData |
8 | JDK-8158178 | client-libs | java.awt | java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens |
9 | JDK-8154816 | client-libs | java.awt:i18n | Caps Lock doesn't work as expected when using Pinyin Simplified input method |
10 | JDK-8145984 | client-libs | javax.accessibility | [macosx] sun.lwawt.macosx.CAccessible leaks |
11 | JDK-8153149 | client-libs | javax.accessibility | Uninitialised memory in WinAccessBridge.cpp:1128 |
12 | JDK-8154069 | client-libs | javax.accessibility | Jaws reads wrong values from comboboxes when no element is selected |
13 | JDK-8057791 | client-libs | javax.swing | Selection in JList is drawn with wrong colors in Nimbus L&F |
14 | JDK-8078268 | client-libs | javax.swing | javax.swing.text.html.parser.Parser parseScript incorrectly optimized |
15 | JDK-8136998 | client-libs | javax.swing | JComboBox prevents wheel mouse scrolling of JScrollPane |
16 | JDK-8157838 | client-libs | javax.swing | Personalized Windows Font Size is not taken into account in Java8u102 |
17 | JDK-8158734 | client-libs | javax.swing | JEditorPane.createEditorKitForContentType throws NPE after 6882559 |
18 | JDK-8147585 | core-libs | java.lang | Annotations with lambda expressions has parameter result in wrong behavior. |
19 | JDK-8155106 | core-libs | java.lang.invoke | MHs.Lookup.findConstructor returns handles for array classes |
20 | JDK-8153192 | core-libs | java.nio | (se) Selector.select(long) uses wrong timeout after EINTR (lnx) |
21 | JDK-8141148 | core-libs | javax.naming | LDAP "follow" throws ClassCastException with Java 8 |
22 | JDK-8158802 | core-libs | javax.naming | com.sun.jndi.ldap.SimpleClientId produces wrong hash code |
23 | JDK-8159822 | core-libs | javax.naming | Non‑synchronized access to shared members of com.sun.jndi.ldap.pool.Pool |
24 | JDK-8150219 | core-libs | javax.script | ReferenceError in 1.8.0_72 |
25 | JDK-8130127 | core-libs | jdk.nashorn | streamline input parameter of Nashorn scripting $EXEC function |
26 | JDK-8130317 | core-libs | jdk.nashorn | "ant test" fails to complete on Windows when run under cygwin shell |
27 | JDK-8137240 | core-libs | jdk.nashorn | Negative lookahead in RegEx breaks backreference |
28 | JDK-8141541 | core-libs | jdk.nashorn | Simplify Nashorn's Context class loader handling |
29 | JDK-8143642 | core-libs | jdk.nashorn | Nashorn shebang argument handling is broken |
30 | JDK-8144160 | core-libs | jdk.nashorn | Regression: two tests fail on Windows with "ant test" target |
31 | JDK-8144221 | core-libs | jdk.nashorn | fix Nashorn shebang argument handling on Mac/Linux |
32 | JDK-8148140 | core-libs | jdk.nashorn | arguments are handled differently in apply for JS functions and AbstractJSObjects |
33 | JDK-8156714 | core-libs | jdk.nashorn | Parsing issue with automatic semicolon insertion |
34 | JDK-8156896 | core-libs | jdk.nashorn | Script stack trace should display function names |
35 | JDK-8157160 | core-libs | jdk.nashorn | JSON.stringify does not work on ScriptObjectMirror objects |
36 | JDK-8157680 | core-libs | jdk.nashorn | Callback parameter of any JS builtin implementation should accept any Callable |
37 | JDK-8157819 | core-libs | jdk.nashorn | TypeError when a java.util.Comparator object is invoked as a function |
38 | JDK-8158467 | core-libs | jdk.nashorn | AccessControlException is thrown on public Java class access if "script app loader" is set to null |
39 | JDK-8154144 | core-svc | Tests in com/sun/jdi fails intermittently with "jdb input stream closed prematurely" | |
40 | JDK-8049226 | core-svc | debugger | com/sun/jdi/OptionTest.java test times out again |
41 | JDK-8029309 | deploy | [macosx] Java Control Panel unable to perform tasks requiring admin privileges | |
42 | JDK-8165867 | deploy | [macos] JVM continuously throw a NullPointerException on new MacOS 10.12 | |
43 | JDK-8155835 | deploy | javafx | FXUIToolkit.showFileChooser() fails when jre is below 7u21 |
44 | JDK-8155837 | deploy | javafx | FXUIToolkit.showSandboxSecurityDialog fails when running jre below 7u21 |
45 | JDK-8155849 | deploy | javafx | FXUIToolkit.showMessageDialog() fails when running jre below 7u55 |
46 | JDK-8081847 | deploy | webstart | Add a URL scheme handler to reliably launch .jnlp files - Mac registration part |
47 | JDK-8136844 | deploy | webstart | Change JavawsLauncher.app to use NSTask or execv |
48 | JDK-8144348 | deploy | webstart | Desktop shortcut is not updated after JNLP is changed in deployment cache |
49 | JDK-8157337 | deploy | webstart | Allow always checkbox in security dialog when jnlp location is unknown |
50 | JDK-8157785 | deploy | webstart | Signed JWS application unexpectedly asks for permission to open a socket |
51 | JDK-8063086 | hotspot | compiler | Math.pow yields different results upon repeated calls |
52 | JDK-8130309 | hotspot | compiler | Need to bailout cleanly if creation of stubs fails when codecache is out of space |
53 | JDK-8154831 | hotspot | compiler | CastII/ConvI2L for a range check is prematurely eliminated |
54 | JDK-8158260 | hotspot | compiler | PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions |
55 | JDK-8159244 | hotspot | compiler | Partially initialized string object created by C2's string concat optimization may escape |
56 | JDK-8017629 | hotspot | gc | G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages |
57 | JDK-8054326 | hotspot | gc | Confusing message in "Current rem set statistics" |
58 | JDK-8077276 | hotspot | gc | allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux) |
59 | JDK-8158871 | hotspot | gc | Long response times with G1 and StringDeduplication |
60 | JDK-8154722 | hotspot | gc | Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails |
61 | JDK-8147451 | hotspot | jvmti | Crash in Method::checked_resolve_jmethod_id(_jmethodID*) |
62 | JDK-8161144 | hotspot | jvmti | Fix for JDK‑8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*) |
63 | JDK-8036630 | hotspot | runtime | Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array |
64 | JDK-8042660 | hotspot | runtime | vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow |
65 | JDK-8135322 | hotspot | runtime | ConstantPool::release_C_heap_structures not run in some circumstances |
66 | JDK-8147026 | hotspot | runtime | Convert an assert in ClassLoaderData to a guarantee |
67 | JDK-8154210 | hotspot | runtime | Zero: Better byte behaviour |
68 | JDK-8158373 | hotspot | runtime | SIGSEGV: Metadata::mark_on_stack |
69 | JDK-8160201 | infrastructure | release_eng | 8u112 template file need to be updated |
70 | JDK-8148167 | install | install | jdk 8u71 fails to install with no error message |
71 | JDK-8156895 | install | install | ent msi does not have double‑click support |
72 | JDK-8161053 | javafx | application‑lifecycle | Passing objects between JavaScript (JavaFX / WebKit) and Java causes a memory leak |
73 | JDK-8134655 | javafx | base | SortedList wrapping a FilteredList causes AIOOBE |
74 | JDK-8144501 | javafx | controls | TreeTableView's selectedItems reports include null items. |
75 | JDK-8157398 | javafx | controls | [TreeTableView] graphic property of TreeItem is still visible after collapsing tree |
76 | JDK-8161449 | javafx | controls | Enhance CustomColorDialog to have flexibility to hide 'Opacity', 'Use' and 'Save' Button |
77 | JDK-8145516 | javafx | graphics | Scene content shows too large on Retina display, when a regular screen attached |
78 | JDK-8150076 | javafx | graphics | Print jobs do not finish when using a page range |
79 | JDK-8150181 | javafx | graphics | javafx print jobs take 60 times longer than javax.print |
80 | JDK-8152423 | javafx | graphics | Generated temp files (+JXF...temp) for custom fonts not deleted on exit. |
81 | JDK-8155692 | javafx | graphics | changes to compile under Visual Studio 14.0 |
82 | JDK-8155903 | javafx | graphics | Crash while running imported/w3c/canvas/2d.gradient.interpolate.overlap2.html |
83 | JDK-8156094 | javafx | graphics | ContextMenu shown at wrong position on Windows10 with Extended Screen |
84 | JDK-8158688 | javafx | graphics | Revert fix for JDK‑8150181 to push it with the correct commit message |
85 | JDK-8159860 | javafx | graphics | JavaFX Path drawing appears to leak native memory |
86 | JDK-8089563 | javafx | web | Javascript Timing Events stop work on system clock changes at past |
87 | JDK-8130727 | javafx | web | WebView Tooltip position no longer changes in 8u60 |
88 | JDK-8146211 | javafx | web | WebView can't alert from a timer |
89 | JDK-8149045 | javafx | web | Debug build is not working after new WebKit upgrade |
90 | JDK-8150800 | javafx | web | NullPointer exception in WebView |
91 | JDK-8152393 | javafx | web | SQL Server Reporting Services in WebViews shows 401 |
92 | JDK-8152420 | javafx | web | [WebView] Icon font doesn't work if single page application will be loaded from jar |
93 | JDK-8154127 | javafx | web | Need to document that JavaScript to Java bindings use weak references |
94 | JDK-8156698 | javafx | web | Update to newer version of WebKit |
95 | JDK-8157145 | javafx | web | DRT crash at fast/css‑generated‑content/initial‑letter‑basic.html |
96 | JDK-8157384 | javafx | web | Update java‑wrappers for WebKit generated classes following WebKit update |
97 | JDK-8157559 | javafx | web | Linux: Javascript Timing Events stop work on system clock changes at past |
98 | JDK-8158056 | javafx | web | Linux: libjfxwebkit.so has hard‑coded path |
99 | JDK-8158926 | javafx | web | Char value is set as integer, not as character |
100 | JDK-8159549 | javafx | web | Add timestamp to WebView Keyboard Event |
101 | JDK-8159614 | javafx | web | Can't get file size with javascript |
102 | JDK-8159868 | javafx | web | the JVM for our Swing application crashes, once we login into our application server |
103 | JDK-8160260 | javafx | web | WebView cannot render CSS background image with SVG data |
104 | JDK-8160326 | javafx | web | Char value is returned as integer, not as character |
105 | JDK-8160388 | javafx | web | Test Case Failure in CallBackTest |
106 | JDK-8160400 | javafx | web | WebView can't alert from a timer |
107 | JDK-8160563 | javafx | web | jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint (GFlag + Heap verification) |
108 | JDK-8160757 | javafx | web | Implement overridePreference() for DRT framework |
109 | JDK-8160769 | javafx | web | [WebView] Unable to tile SVG image using css background property |
110 | JDK-8160837 | javafx | web | WebEngine doesn't handle html5 color picker |
111 | JDK-8161137 | javafx | web | Assertion fails with https://html‑online.com/editor/ |
112 | JDK-8161258 | javafx | web | [Win] Timer functionality is broken after JDK‑8089563 |
113 | JDK-8161405 | javafx | web | [OS X] Compilation Issue in WebPage.cpp |
114 | JDK-8161699 | javafx | web | Fix compilation warnings in WebCore and JavaScriptCore |
115 | JDK-8161724 | javafx | web | EOFException in GZIPInputStream.readUByte while browsing |
116 | JDK-8162949 | javafx | web | [WebView] WebView can't display social network icons on wellsfargo.com |
117 | JDK-8162977 | javafx | web | General sibling selector is broken for selected input boxes in WebView |
118 | JDK-8162979 | javafx | web | Website weibo.com cannot be loaded |
119 | JDK-8163582 | javafx | web | JavaFX browser can get stuck in an infinite loop when calling path.getTotalLength() |
120 | JDK-8164076 | javafx | web | [Windows] JavaFX crash in WebPage.twkOpen in 8u112 when closing WebView while debugging |
121 | JDK-8165853 | javafx | web | Loading "https://www.windyty.com" with JavaFX WebView crashes JVM. |
122 | JDK-8146975 | other-libs | corba | NullPointerException in IIOPInputStream.inputClassFields |
123 | JDK-8085903 | security-libs | java.security | New fix for memory leak in ProtectionDomain cache |
124 | JDK-8098581 | security-libs | java.security | SecureRandom.nextBytes() hurts performance with small size requests |
125 | JDK-8147969 | security-libs | java.security | Print size of DH keysize when errors are encountered |
126 | JDK-8154009 | security-libs | java.security | Some methods of java.security.Security require more permissions, than necessary |
127 | JDK-8160267 | security-libs | javax.crypto | Ucrypto config file cannot be read when ‑Dfile.encoding=UTF‑16 is set |
128 | JDK-8160723 | security-libs | javax.crypto | Improve jurisdiction policy file signing exception |
129 | JDK-8134232 | security-libs | javax.crypto:pkcs11 | KeyStore.load() throws an IOException with a wrong cause in case of wrong password |
130 | JDK-8158873 | security-libs | javax.crypto:pkcs11 | LoadKeystore.java test is failing |
131 | JDK-8133070 | security-libs | javax.net.ssl | Hot lock on BulkCipher.isAvailable |
132 | JDK-8158111 | security-libs | javax.net.ssl | Make handling of 3rd party providers more stable |
133 | JDK-8158059 | security-libs | javax.security | The fix for 8050402 was partially committed |
134 | JDK-8022582 | security-libs | org.ietf.jgss:krb5 | Relax response flags checking in sun.security.krb5.KrbKdcRep.check. |
135 | JDK-8160518 | security-libs | org.ietf.jgss:krb5 | Semicolon is not recognized as comment starting character (Kerberos) |
136 | JDK-8067964 | tools | Native2ascii doesn't close one of the streams it opens | |
137 | JDK-8129740 | tools | javac | Incorrect class file created when passing lambda in inner class constructor |
138 | JDK-8143640 | tools | launcher | Showing incorrect result while passing specific argument in the Java launcher tools |
139 | JDK-8153781 | xml | jaxp | Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place |
October 18, 2016
The full version string for this update release is 1.8.0_111-b14 (where "b" means "build"). The version number is 8u111.
JDK 8u111 contains IANA time zone data version 2016f. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8159684
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u111 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_111-b14 |
7 | 1.7.0_121-b15 |
6 | 1.6.0_131-b14 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u111) will expire with the release of the next critical patch update scheduled for January 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u111) on February 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
New JCE Code Signing Root CA
In order to support longer key lengths and stronger signature algorithms, a new JCE Provider Code Signing root certificate authority has been created and its certificate added to Oracle JDK. New JCE provider code signing certificates issued from this CA will be used to sign JCE providers from this point forward. By default, new requests for JCE provider code signing certificates will be issued from this CA.
Existing certificates from the current JCE provider code signing root will continue to validate. However, this root CA may be disabled at some point in the future. We recommend that new certificates be requested and existing provider JARs be re-signed.
For details on the JCE provider signing process, please refer to the How to Implement a Provider in the Java Cryptography Architecture documentation.
JDK-8141340 (not public)
client-libs/java.awt
Service Menu services
The lifecycle management of AWT menu components exposed problems on certain platforms. This fix improves state synchronization between menus and their containers.
JDK-8158993 (not public)
core-libs/java.net
Disable Basic authentication for HTTPS tunneling
In some environments, certain authentication schemes may be undesirable when proxying HTTPS. Accordingly, the Basic authentication scheme has been deactivated, by default, in the Oracle Java Runtime, by adding Basic to the jdk.http.auth.tunneling.disabledSchemes
networking property. Now, proxies requiring Basic
authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic
from the jdk.http.auth.tunneling.disabledSchemes
networking property, or by setting a system property of the same name to "" ( empty ) on the command line.
Additionally, the jdk.http.auth.tunneling.disabledSchemes
and jdk.http.auth.proxying.disabledSchemes
networking properties, and system properties of the same name, can be used to disable other authentication schemes that may be active when setting up a tunnel for HTTPS, or proxying plain HTTP, respectively.
JDK-8160838 (not public)
security-libs/java.security
Restrict JARs signed with weak algorithms and keys
This JDK release introduces new restrictions on how signed JAR files are verified. If the signed JAR file uses a disabled algorithm or key size less than the minimum length, signature verification operations will ignore the signature and treat the JAR file as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:
The list of disabled algorithms is controlled via a new security property, jdk.jar.disabledAlgorithms, in the java.security
file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.
The following algorithms and key sizes are restricted in this release:
NOTE: We are planning to restrict MD5-based signatures in signed JARs in the April 2017 CPU.
To check if a weak algorithm or key was used to sign a JAR file, you can use the jarsigner
binary that ships with this JDK. Running jarsigner -verify -J-Djava.security.debug=jar on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.
For example, to check a JAR file named test.jar
, use the following command:
jarsigner -verify -J-Djava.security.debug=jar test.jar
If the file in this example was signed with a weak signature algorithm like MD2withRSA, the following output would be displayed:
jar: beginEntry META-INF/my_sig.RSA
jar: processEntry: processing block
jar: processEntry caught: java.security.SignatureException: Signature check
failed. Disabled algorithm used: MD2withRSA
jar: done with meta!
The updated jarsigner
command will exit with the following warning printed to standard output:
"Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner
with debug enabled (-J-Djava.security.debug=jar
)"
To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size.
Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security property; however, this option is not recommended. Before re-signing affected JAR files, the existing signature(s) should be removed from the JAR. This can be done with the zip utility, as follows:
zip -d test.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'
Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JAR files and other security components. In particular, please note the current plan is to restrict MD5-based signatures in signed JAR files in the April 2017 CPU.
To test if your JARs have been signed with MD5, add MD5 to the jdk.jar.disabledAlgorithms security property, ex:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
and then run jarsigner -verify -J-Djava.security.debug=jar
on your JAR files as described above.
JDK-8155973 (not public)
deploy
Warning message added to deployment authenticator dialog
A warning has been added to the plugin authentication dialog in cases where HTTP Basic authentication (credentials are sent unencrypted) is used while using a proxy or while not using SSL/TLS protocols:
"WARNING: Basic authentication scheme will effectively transmit your credentials in clear text. Do you really want to do this?"
JDK-8161647 (not public)
hotspot/jfr
Some events not available in JFR recordings on Windows
The following events are not available in the JFR recordings on Windows for release 8u111:
hotspot/jvm/os/processor/cpu_load
os/processor/context_switch_rate
This is due to regression JDK-8063089 that was introduced in 8u111 with the changes for JDK-8162419. The fix for JDK-8063089 could not be included in the 8u111 release. It will be available in the next 8u111 BPR build and in the next public release.
JDK-8063089 (not public)
This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8140530 | client-libs | 2d | Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString |
2 | JDK-8148127 | client-libs | 2d | IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline |
3 | JDK-8147077 | client-libs | java.awt | IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General |
4 | JDK-6882559 | client-libs | javax.swing | new JEditorPane("text/plain","") fails for null context class loader |
5 | JDK-8157785 | deploy | webstart | Signed JWS application unexpectedly asks for permission to open a socket |
6 | JDK-8161700 | deploy | webstart | Deadlock in Java Web Start application involving JNLPClassLoader |
7 | JDK-8161986 | deploy | webstart | Selecting 32/64 bit resources failed if user has installed both jre's |
8 | JDK-8148167 | install | install | jdk 8u71 fails to install with no error message |
9 | JDK-8149518 | install | install | Installer hangs during the JDK 8u74 installation process. |
The following sections summarize changes made in all Java SE 8u102 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8153438 | security-libs | javax.smartcardio | Avoid repeated "Please insert a smart card" popup windows |
8164942 (Confidential) |
deploy | webstart | Avoid repeated "Please insert a smart card" popup windows - DEPLOY part |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8141148 | core-libs | javax.naming | LDAP "follow" throws ClassCastException with Java 8 |
8148984 | client-libs | java.awt | [macosx] Chinese Comma cannot be entered using Pinyin Input Method on OS X |
8158111 | security-libs | javax.net.ssl | Make handling of 3rd party providers more stable |
8080729 | client-libs | java.awt | [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus |
8163583 | client-libs | java.awt | [macosx] Press "To Back" button on the Dialog,the Dialog moves behind the Frame |
Please note that fixes from the prior BPR (8u92 b34) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8154788 (Confidential) |
install | install | ENT MSI installers should support system account |
July 19, 2016
The full version string for this update release is 1.8.0_102-b14 (where "b" means "build"). The version number is 8u102.
JDK 8u102 contains IANA time zone data version 2016d. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8151876
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u102 are specified in the following table:
JRE Family Version | JRE Security Baseline(Full Version String) |
---|---|
8 | 1.8.0_101-b13 |
7 | 1.7.0_111-b13 |
6 | 1.6.0_121-b09 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u102) will expire with the release of the next critical patch update scheduled for October 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u102) on November 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
MSI Enterprise JRE Installer option, REMOVEOLDERJRES
MSI Enterprise JRE Installer option, REMOVEOLDERJRES, does not remove static installs. JDK-8161098 (not public)
security-libs/javax.net.ssl
Support SHA224withDSA and SHA256withDSA in the SunJSSE provider
The SHA224withDSA and SHA256withDSA algorithms are now supported in the TLS 1.2 "signature_algorithms" extension in the SunJSSE provider. Note that this extension does not apply to TLS 1.1 and previous versions.
See JDK-8049321
core-libs/java.lang.invoke
Internal package sun.invoke.anon has been removed
The internal package sun.invoke.anon
has been removed. The functionality it used to provide, namely anonymous class loading with possible constant pool patches, is available via the Unsafe.defineAnonymousClass()
method.
See JDK-8081512
hotspot/runtime
New property jdk.lang.processReaperUseDefaultStackSize
When a large TLS (Thread local storage) size is set for Threads, the JVM results in a stack overflow exception. The reason for this behavior is that the reaper thread was created with a low stack size of 32768k. When a large TLS size is set, it steals space from the threads stack, which eventually results in a stack overflow. This is a known glibc bug. To overcome this issue, we have introduced a workaround (jdk.lang.processReaperUseDefaultStackSize
) in which the user can set the reaper threads stack size to a default instead of to 32768. This gives the reaper thread a bigger stack size, so for a large TLS size, such as 32k, the process will not fail. Users can set this flag in one of two ways:
-Djdk.lang.processReaperUseDefaultStackSize=true
System.setProperty("jdk.lang.processReaperUseDefaultStackSize", "true")
The problem has been observed only when JVM is started from JNI code in which TLS is declared using "__thread"
See JDK-8130425
hotspot/compiler
Implemented performance improvements for BigInteger.montgomeryMultiply
We have implemented improvements that will improve performance of several security algorithms, especially when using ciphers with key lengths of 2048-bit or greater. To turn on these improvements, use the options -XX:+UseMontgomeryMultiplyIntrinsic
and -XX:+UseMontgomerySquareIntrinsic
. This improvement is only for Linux and Solaris on x86_64 architecture.
See JDK-8130150
deploy/webstart
32/64-bit interoperability in Java Web Start
The ability to specify a preference to launch a Java Web Start application in 64-bit or 32-bit architectures is now supported, by adding the 'arch' attribute to the JNLP resources block.
See JDK-8147627
core-libs
Ability to limit the capacity of buffers that can be held in the temporary buffer cache
The system property jdk.nio.maxCachedBufferSize
has been introduced in 8u102 to limit the memory used by the "temporary buffer cache." The temporary buffer cache is a per-thread cache of direct memory used by the NIO implementation to support applications that do I/O with buffers backed by arrays in the java heap. The value of the property is the maximum capacity of a direct buffer that can be cached. If the property is not set, then no limit is put on the size of buffers that are cached. Applications with certain patterns of I/O usage may benefit from using this property. In particular, an application that does I/O with large multi-megabyte buffers at startup but does I/O with small buffers may see a benefit to using this property. Applications that do I/O using direct buffers will not see any benefit to using this system property.
See JDK-8147468
core-svc/java.lang.management
New system property for the remote JMX connector
*New JMX agent property - jmxremote.host* A new property, com.sun.management.jmxremote.host
, is introduced that specifies the bind address for the default JMX agent. If the latter is not specified, the default JMX agent will listen on all interfaces (0.0.0.0) and the host value placed in the agent service URL (JMXServiceURL) is the IP address returned from invocation of the InetAddress.getLocalHost()
method.
com.sun.management.jmxremote.host
Specifies bind address for default JMX agent. It can be specified via command line while starting JVM or as part of agent config file (management.properties).
IP address of any network interface of the machine
See JDK-6425769
javafx/web
Fixed memory leak when Java objects are passed into JavaScript
The bug fix for JDK-8089861, which was first integrated in JDK 8u102, fixes a memory leak when Java objects are passed into JavaScript. Prior to JDK 8u102, the WebView JavaScript runtime held a strong reference to such bound objects, which prevented them from being garbage collected. After the fix for JDK-8089861, the WebView JavaScript runtime uses weak references to refer to bound Java objects. The specification was updated to make it clear that this is the intended behavior. Applications which rely on the previously unspecified behavior might be affected by the updated behavior if the application does not hold a strong reference to an object passed to JavaScript. In such case, the Java object might be garbage collected prematurely. The solution is to modify the application to hold a strong reference in Java code for objects that should remain live after being passed into JavaScript.
See JDK-8089681
security-libs/javax.net.ssl
Modify requirements on Authority Key Identifier extension field during X509 certificate chain building
The requirement to have the Authority Key Identifier (AKID) and Subject Key Identifier (SKID) fields matching when building X509 certificate chains has been modified for some cases.
See JDK-8072463
hotspot/gc
Providing more granular levels for GC verification
This enhancement provides a way to specify more granular levels for the GC verification enabled using the VerifyBeforeGC
, VerifyAfterGC
, and VerifyDuringGC
diagnostic options. It introduces a new diagnostic option VerifySubSet
with which one can specify the subset of the memory system that should be verified. With this new option, one or more sub-systems can be specified in a comma separated string. Valid memory sub-systems are: threads
, heap
, symbol_table
, string_table
, codecache
, dictionary
, classloader_data_graph
, metaspace, jni_handles
, c-heap
, and codecache_oops
. During the GC verification, only the sub-systems specified using VerifySubSet
get verified:
D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC -XX:VerifySubSet="threads,c-heap" -Xlog:gc+verify=debug Test
[0.095s][debug ][gc,verify] Threads
[0.099s][debug ][gc,verify] C-heap
[0.105s][info ][gc,verify] Verifying Before GC (0.095s, 0.105s) 10.751ms
[0.120s][debug ][gc,verify] Threads
[0.124s][debug ][gc,verify] C-heap
[0.130s][info ][gc,verify] Verifying Before GC (0.120s, 0.130s) 9.951ms
[0.148s][debug ][gc,verify] Threads
[0.152s][debug ][gc,verify] C-heap
If any invalid memory sub-systems are specified with VerifySubSet
, the Java process exits with the following error message:
D:\\tests>java -XX:+UnlockDiagnosticVMOptions -XX:+VerifyBeforeGC -XX:VerifySubSet="threads,c-heap,hello" -Xlog:gc+verify=debug oom
Error occurred during initialization of VM
VerifySubSet: 'hello' memory sub-system is unknown, please correct it
See JDK-8072725
hotspot/compiler
Removed PICL warning message
In 8u40 and 7u80, a new feature was introduced to use the PICL library on Solaris to get some system information. If this library was not found, we printed an error message: Java HotSpot(TM) Server VM warning: PICL (libpicl.so.1) is missing. Performance will not be optimal. This warning was misleading. Not finding the PICL library is a very minor issue, and the warnings mostly lead to confusion. In this release, the warning was removed.
See JDK-8144957
core-libs/javax.naming
Improved exception handling for bad LDAP referral replies
The JDK was throwing a NullPointerException when a non-compliant REFERRAL status result was sent but no referral values were included. With this change, a NamingException with message value of "Illegal encoding: referral is empty" will be thrown in such circumstances.
See JDK-8149450 and JDK-8154304
client-libs
.oracle_jre_usage folder is no longer created in C\Users\myName
Since JDK 1.8.0_60, a folder named .oracle_jre_usage
is created in the home directory. This folder and the files inside it are created by the Java Runtime Environment to track the last time a JRE was used. This information is very important in understanding what JRE installations are currently being used on the system.
On Windows, this folder was created under either C:\Users\
\AppData\Local
or C:\Users\myName\AppData\Roaming
depending upon whether the user is local, or is a network user.
Writing content in this folder over the network on Windows can introduce performance overhead. This problem has been fixed with JDK-8134300. With this fix, the .oracle_jre_usage
folder is created under %ProgramData%/Oracle/Java/.
See JDK-8134300
security-libs/javax.net.ssl
Fix to resolve "Unable to process PreMasterSecret, may be too big" issue
Recent JDK updates introduced an issue for applications that depend on having a delayed provider selection mechanism. The issue was introduced in JDK 8u71, JDK 7u95 and JDK 6u111. The main error seen corresponded to an exception like the following : handling exception: javax.net.ssl.SSLProtocolException: Unable to process PreMasterSecret, may be too big
See JDK-8149017
hotspot/gc
With UseG1GC, specifying -XX:ParallelGCThreads=0 is no longer allowed
With UseG1GC, specifying -XX:ParallelGCThreads=0
is no longer allowed. Previously, with -XX:ParallelGCThreads=0
, G1 would execute some tasks using serial code executed by the VM thread. The closest approximation of this behavior is to specify -XX:ParallelGCThreads=1
, which causes parallel tasks to be executed by a single GC worker thread using parallel code.
See JDK-8150518
This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8140620 | client-libs | Find and load default.sf2 as the default soundbank on Linux | |
JDK-8073400 | client-libs | 2d | Some Monospaced logical fonts have a different width |
JDK-8076545 | client-libs | 2d | Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display |
JDK-8146035 | client-libs | 2d | Windows - With LCD antialiasing, some glyphs are not rendered correctly |
JDK-6961123 | client-libs | java.awt | setWMClass fails to null-terminate WM_CLASS string |
JDK-8130242 | client-libs | java.awt | DataFlavorComparator transitivity exception |
JDK-8139581 | client-libs | java.awt | AWT components are not drawn after removal and addition to a container |
JDK-8151998 | client-libs | java.awt | VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found |
JDK-8145228 | client-libs | javax.accessibility | Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole |
JDK-8130735 | client-libs | javax.swing | javax.swing.TimerQueue: timer fires late when another timer starts |
JDK-8147994 | client-libs | javax.swing | [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua |
JDK-8149368 | client-libs | javax.swing | [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F |
JDK-8149453 | client-libs | javax.swing | [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F |
JDK-8157838 | client-libs | javax.swing | Personalized Windows Font Size is not taken into account in Java8u102 |
JDK-8081771 | core-libs | ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument | |
JDK-8059677 | core-libs | java.lang | Thread.getName() instantiates Strings |
JDK-8149330 | core-libs | java.lang | Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary |
JDK-8081512 | core-libs | java.lang.invoke | Remove sun.invoke.anon classes, or move / co-locate them with tests |
JDK-8065078 | core-libs | java.net | NetworkInterface.getNetworkInterfaces() triggers intermittent test failures |
JDK-8071125 | core-libs | java.net | Improve exception messages in URLPermission |
JDK-8135259 | core-libs | java.net | InetAddress.getAllByName only reports "unknown error" instead of actual cause |
JDK-8145388 | core-libs | java.net | URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images |
JDK-8147468 | core-libs | java.nio | (bf) Allow users to bound the size of buffers cached in the per-thread buffer caches |
JDK-8046339 | core-libs | java.rmi | sun.rmi.transport.DGCAckHandler leaks memory |
JDK-8151431 | core-libs | java.text | DateFormatSymbols triggers this.clone() in the constructor |
JDK-8068427 | core-libs | java.util | Hashtable deserialization reconstitutes table with wrong capacity |
JDK-8141243 | core-libs | java.util | Unexpected timezone returned after parsing a date |
JDK-8054446 | core-libs | java.util.concurrent | Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError |
JDK-8148820 | core-libs | java.util.logging | Missing @since Javadoc tag in Logger.log(Level, Supplier) |
JDK-8149450 | core-libs | javax.naming | LdapCtx.processReturnCode() throwing Null Pointer Exception |
JDK-8154304 | core-libs | javax.naming | NullpointerException at LdapReferralException.getReferralContext |
JDK-8148379 | core-libs | jdk.nashorn | jdk.nashorn.api.scripting spec. adjustments, clarifications |
JDK-8148926 | core-libs | jdk.nashorn | Call site profiling fails on braces-wrapped anonymous function |
JDK-8149334 | core-libs | jdk.nashorn | JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements |
JDK-8134300 | core-svc | .oracle_jre_usage folder must not be created in C:\Users\myName | |
JDK-4515292 | core-svc | debugger | ReferenceType.isStatic() returns true for arrays |
JDK-4858370 | core-svc | debugger | JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command |
JDK-6425769 | core-svc | java.lang.management | Allow specifying an address to bind JMX remote connector |
JDK-8145982 | core-svc | java.lang.management | JMXInterfaceBindingTest is failing intermittently |
JDK-8146015 | core-svc | java.lang.management | JMXInterfaceBindingTest is failing intermittently for IPv6 addresses |
JDK-8133495 | deploy | Platform.getInstalledJREList() returns only the jres of the current arch on windows. | |
JDK-6999748 | deploy | webstart | Uninstaller Error occurs while trying to uninstall apps imported by 32 bit JWS on 64 bit systems |
JDK-8003984 | deploy | webstart | Allow relaunch between 32 / 64 bit versions in Java Web Start when you have latest versions of both |
JDK-8055448 | deploy | webstart | Provide a way to specify JRE data model requirements in JNLP file |
JDK-8131070 | deploy | webstart | re enable secure launcher for cross platform launches. |
JDK-8147627 | deploy | webstart | 64 bit only app may have problems when initially launched with 32 bit javaws |
JDK-8149497 | deploy | webstart | cannot relaunch to alternate architecture |
JDK-8153087 | deploy | webstart | URL Scheme handler problem |
JDK-6675699 | hotspot | compiler | need comprehensive fix for unconstrained ConvI2L with narrowed type |
JDK-8055530 | hotspot | compiler | assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined |
JDK-8081778 | hotspot | compiler | Use Intel x64 CPU instructions for RSA acceleration |
JDK-8130150 | hotspot | compiler | Implement BigInteger.montgomeryMultiply intrinsic |
JDK-8141420 | hotspot | compiler | Compiler runtime entries don't hold Klass* from being GCed |
JDK-8141551 | hotspot | compiler | C2 can not handle returns with incompatible interface arrays |
JDK-8144957 | hotspot | compiler | Remove PICL warning message |
JDK-8147645 | hotspot | compiler | get_ctrl_no_update() code is wrong |
JDK-8148752 | hotspot | compiler | MethodHandle inlining with long/double arguments is broken in C2 |
JDK-8149543 | hotspot | compiler | range check CastII nodes should not be split through Phi |
JDK-8151522 | hotspot | compiler | Disable 8130150 and 8081778 intrinsics by default |
JDK-8017462 | hotspot | gc | G1: guarantee fails with UseDynamicNumberOfGCThreads |
JDK-8072725 | hotspot | gc | Provide more granular levels for GC verification |
JDK-8076995 | hotspot | gc | gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr |
JDK-8150002 | hotspot | gc | Check for the validity of oop before printing it in verify_remembered_set |
JDK-8150518 | hotspot | gc | G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) |
JDK-8149743 | hotspot | jvmti | JVM crash after debugger hotswap with lambdas |
JDK-8130425 | hotspot | runtime | libjvm crash due to stack overflow in executables with 32k tbss/tdata |
JDK-8139040 | hotspot | runtime | Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. |
JDK-8141445 | hotspot | runtime | Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file |
JDK-8153641 | hotspot | runtime | assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump |
JDK-8153673 | hotspot | runtime | [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command |
JDK-8129419 | hotspot | svc | heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy |
JDK-8154022 | javafx | build | Upgrade production compilers on Windows to Visual Studio 2013 SP4 |
JDK-8154803 | javafx | build | Update license text in javadoc footer for FX API docs |
JDK-8088397 | javafx | controls | [Dialog] ButtonType text not updated when Locale changes |
JDK-8145567 | javafx | controls | Slider: snapToTicks not honoured on changing to true |
JDK-8146325 | javafx | controls | Spinner |
JDK-8151756 | javafx | controls | JavaFX CSS is applied redundantly leading to significant performance degradation |
JDK-8157398 | javafx | controls | [TreeTableView] graphic property of TreeItem is still visible after collapsing tree |
JDK-8130750 | javafx | media | JFXMedia Player EventQueueThread does not always terminate |
JDK-8150503 | javafx | media | Provide media support for libav version 55 and 56 |
JDK-8153534 | javafx | media | Intermittent hang in GSTMedia.gstDispose |
JDK-8154287 | javafx | media | Intermittent crash when disposing MediaPlayer |
JDK-8088689 | javafx | web | Several fast/regions/webkit-* tests fail |
JDK-8088916 | javafx | web | Replace sun.net.www.ParseUtil#decode with public API |
JDK-8089681 | javafx | web | WebView leaks memory when containing object acts as javascript callback handler |
JDK-8089842 | javafx | web | JavaScript2Java Bridge: A char value cannot be set from JavaScript |
JDK-8133775 | javafx | web | Some WebNode tests crash JVM |
JDK-8139114 | javafx | web | WebView crashes on Yahoo login page |
JDK-8139317 | javafx | web | [Mac] SecurityException when constructing WebView from JFXPanel application |
JDK-8147851 | javafx | web | jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint |
JDK-8149537 | javafx | web | JavaFX WebView performance regression when inserting html via javascript |
JDK-8149737 | javafx | web | JRE crash in com.sun.webkit.network.URLLoader.twkDidFinishLoading |
JDK-8149768 | javafx | web | JavaFX Application Performance Issue |
JDK-8152737 | javafx | web | Crash in RuntimeObject::put when object passed to JSObject::setMember is GCed |
JDK-8153148 | javafx | web | Defer image decoding until WebCore requests ImageFrame |
JDK-8153151 | javafx | web | Call JavaScriptCore GC whenever JVM GC happens |
JDK-8153501 | javafx | web | Crash in ResourceLoader::releaseResources() |
JDK-8154186 | javafx | web | JVM crash while using JavaFW WebView and colgroup/cols html feature |
JDK-8144144 | other-libs | corba | ORB destroy() leaks filedescriptors after unsuccessful connection |
JDK-8038837 | security-libs | java.security | Add support to jarsigner for specifying timestamp hash algorithm |
JDK-8072463 | security-libs | java.security | Remove requirement that AKID and SKID have to match when building certificate chain |
JDK-8143913 | security-libs | java.security | MSCAPI keystore should accept Certificate[] in setEntry() |
JDK-8149411 | security-libs | java.security | PKCS12KeyStore cannot extract AES Secret Keys |
JDK-6483657 | security-libs | javax.crypto | MSCAPI provider does not create unique alias names |
JDK-8133535 | security-libs | javax.crypto | Better exception messaging in Ucrypto code |
JDK-8149417 | security-libs | javax.crypto | Use final restricted flag |
JDK-8049321 | security-libs | javax.net.ssl | Support SHA224withDSA and SHA256withDSA in the SunJSSE provider |
JDK-8149017 | security-libs | javax.net.ssl | Delayed provider selection broken in RSA client key exchange. |
JDK-8153531 | security-libs | javax.net.ssl | Improve exception messaging for RSAClientKeyExchange |
JDK-8149029 | security-libs | javax.xml.crypto | Secure validation of XML based digital signature always enabled when checking wrapping attacks |
JDK-8066871 | tools | javac | java.lang.VerifyError: Bad local variable type - local final String |
JDK-8130304 | tools | javac | Inference: NodeNotFoundException thrown with deep generic method call chain |
JDK-8143647 | tools | javac | Javac compiles method reference that allows results in an IllegalAccessError |
JDK-8072081 | xml | javax.xml.parsers | Supplementary characters are rejected in comments |
JDK-8144593 | xml | jaxp | Suppress not recognized property/feature warning messages from SAXParser |
JDK-8145974 | xml | jaxp | XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter |
JDK-8149915 | xml | jaxp | enabling validate-annotations feature for xsd schema with annotation causes NPE |
JDK-8150704 | xml | jaxp | XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees |
July 19, 2016
The full version string for this update release is 1.8.0_101-b13 (where "b" means "build"). The version number is 8u101.
JDK 8u101 contains IANA time zone data version 2016d. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8151876
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u101 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_101-b13 |
7 | 1.7.0_111-b13 |
6 | 1.6.0_121-b09 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u101) will expire with the release of the next critical patch update scheduled for October 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u101) on November 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
New DTrust certificates added to root CAs
Two new root certificates have been added:
See JDK-8153080
New IdenTrust certificates added to root CAs
Three new root certificates have been added:
See JDK-8154757
Comodo Root CA removed
The Comodo "UTN - DATACorp SGC" root CA certificate has been removed from the cacerts file.
See JDK-8141540
Sonera Class1 CA removed
The "Sonera Class1 CA" root CA certificate has been removed from the cacerts file.
See JDK-8141276
other-libs/corba
Improve access control to javax.rmi.CORBA.ValueHandler
The javax.rmi.CORBA.Util
class provides methods that can be used by stubs and ties to perform common operations. It also acts as a factory for ValueHandlers. The javax.rmi.CORBA.ValueHandler
interface provides services to support the reading and writing of value types to GIOP streams. The security awareness of these utilities has been enhanced with the introduction of a permission java.io.SerializablePermission("enableCustomValueHanlder")
. This is used to establish a trust relationship between the users of the javax.rmi.CORBA.Util
and javax.rmi.CORBA.ValueHandler
APIs.
The required permission is "enableCustomValueHanlder"
SerializablePermission. Third party code running with a SecurityManager installed, but not having the new permission while invoking Util.createValueHandler()
, will fail with an AccessControlException.
This permission check behaviour can be overridden, in JDK8u and previous releases, by defining a system property, "jdk.rmi.CORBA.allowCustomValueHandler"
.
As such, external applications that explicitly call javax.rmi.CORBA.Util.createValueHandler
require a configuration change to function when a SecurityManager is installed and neither of the following two requirements is met:
java.io.SerializablePermission("enableCustomValueHanlder")
is not granted by SecurityManager."jdk.rmi.CORBA.allowCustomValueHandler"
is either not defined or is defined equal to "false" (case insensitive).Please note that the "enableCustomValueHanlder"
typo will be corrected in the October 2016 releases. In those and future JDK releases, "enableCustomValueHandler"
will be the correct SerializationPermission to use.
JDK-8079718 (not public)
security-libs/java.security
Support added to jarsigner for specifying timestamp hash algorithm
A new -tsadigestalg
option is added to jarsigner
to specify the message digest algorithm that is used to generate the message imprint to be sent to the TSA server. In older JDK releases, the message digest algorithm used was SHA-1. If this new option is not specified, SHA-256 will be used on JDK 7 Updates and later JDK family versions. On JDK 6 Updates, SHA-1 will remain the default but a warning will be printed to the standard output stream.
See JDK-8038837
security-libs/javax.crypto
MSCAPI KeyStore can handle same-named certificates
Java SE KeyStore does not allow certificates that have the same aliases (http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html).
However, on Windows, multiple certificates stored in one keystore are allowed to have non-unique friendly names. The fix for JDK-6483657 makes it possible to operate on such non-uniquely named certificates through the Java API by artificially making the visible aliases unique.
Please note, this fix does not enable creating same-named certificates with the Java API. It only allows you to deal with same-named certificates that were added to the keystore by 3rd party tools.
It is still recommended that your design not use multiple certificates with the same name. In particular, the following sentence will not be removed from the Java documentation: "In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case."
(http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html)
See JDK-6483657
security-libs/java.security
DomainCombiner will no longer consult runtime policy for static ProtectionDomain objects when combining ProtectionDomain objects
Applications which use static ProtectionDomain objects (created using the 2-arg constructor) with an insufficient set of permissions may now get an AccessControlException with this fix. They should either replace the static ProtectionDomain objects with dynamic ones (using the 4-arg constructor) whose permission set will be expanded by the current Policy or construct the static ProtectionDomain object with all the necessary permissions.
JDK-8147771 (not public)
This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8130735 | client-libs | javax.swing | javax.swing.TimerQueue: timer fires late when another timer starts |
JDK-8151876 | core-libs | java.time | (tz) Support tzdata2016d |
JDK-7166247 | deploy | deployment_toolkit | Deployment Toolkit should recognize IE Metro for Windows 8 and provide appropriate default response |
JDK-8155076 | deploy | webstart | Webstart loads JARs from MANIFEST.MF after loading the jars from resources-tag |
JDK-8038837 | security-libs | java.security | Add support to jarsigner for specifying timestamp hash algorithm |
JDK-8139436 | security-libs | java.security | sun.security.mscapi.KeyStore might load incomplete data |
JDK-8145955 | security-libs | java.security | Add new QuoVadis roots |
JDK-8153080 | security-libs | java.security | Add new DTrust roots |
JDK-8154757 | security-libs | java.security | Add new IdenTrust roots |
deploy
JRE 8u101 is not recognized by Internet Explorer (IE) when using static class ID
When a static class id is used to launch an applet or web start application while using JRE 8u101, users will get an unwanted dialogue box stating that they either use the latest JRE or cancel the launch even though they have installed and are using the latest JRE (JRE 8u101).
This specific case is only applicable on Windows and IE.
We do not recommend using static class id for JRE version selection (since JDK 5u6, Dec 2005) per http://www.oracle.com/java/technologies/javase/family-clsid.html.
To work around this issue, users can do one of the following two things:
To address this issue, developers can do one of the following two things:
JDK-8147457 (not public)
The following sections summarize changes made in all Java SE 8u92 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8132434 | install | install | On Mac Install Run javawslauncher.app to register protocol handler with Launch Services |
8159244 | hotspot | compiler | Partially initialized string object created by C2's string concat optimization may escape |
8155068 (Confidential) |
deploy | webstart | jnlp protocol is not registered on mac after installing jre |
8136844 | deploy | webstart | Change JavawsLauncher.app to use NSTask or execv |
8081847 | deploy | webstart | Add a URL scheme handler to reliably launch .jnlp files - Mac registration part |
8156977 (Confidential) |
deploy | webstart | java.lang.NumberFormatException: For input string: 1z |
8144348 | deploy | webstart | Desktop shortcut is not updated after JNLP is changed in deployment cache |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
6882559 | client-libs | javax.swing | new JEditorPane("text/plain","") fails for null context class loader |
8154899 | deploy | webstart | System property 'user.dir' now set to 'java.home' value rather than user's working directory |
8156822 | deploy | webstart | Application started using javaws now starts in {java.home} rather than current directory |
8063086 | hotspot | compiler | Math.pow yields different results upon repeated calls |
8158734 | client-libs | javax.swing | JEditorPane.createEditorKitForContentType throws NPE after 6882559 |
8154287 | javafx | media | Intermittent crash when disposing MediaPlayer |
8153534 | javafx | media | Intermittent hang in GSTMedia.gstDispose |
8154186 | javafx | web | JVM crash while using JavaFW WebView and colgroup/cols html feature |
8153148 | javafx | web | Defer image decoding until WebCore requests ImageFrame |
8153501 | javafx | web | Crash in ResourceLoader::releaseResources() |
8153151 | javafx | web | Call JavaScriptCore GC whenever JVM GC happens |
8151459 | javafx | web | Validation of new behaviour for JS callback memory leak |
8152737 | javafx | web | Crash in RuntimeObject::put when object passed to JSObject::setMember is GCed |
8089681 | javafx | web | WebView leaks memory when containing object acts as javascript callback handler |
8149537 | javafx | web | JavaFX WebView performance regression when inserting html via javascript |
8149768 | javafx | web | JavaFX Application Performance Issue |
8147851 | javafx | web | jvm crash at javafx com.sun.webkit.WebPage.twkPrePaint |
8149737 | javafx | web | JRE crash in com.sun.webkit.network.URLLoader.twkDidFinishLoading |
8139114 | javafx | web | WebView crashes on Yahoo login page |
8154022 | javafx | build | Upgrade production compilers on Windows to Visual Studio 2013 SP4 |
Please note that fixes from the prior BPR (8u77 b31) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
6483657 | security-libs | javax.crypto | MSCAPI provider does not create unique alias names |
8143913 | security-libs | java.security | MSCAPI keystore should accept Certificate[] in setEntry() |
8145844 (Confidential) |
deploy | plugin | JARSigningException when loading jar file from JRE\lib\applet |
8152917 (Confidential) |
deploy | webstart | jarUpdate: javaws app has unexpectedly updated after choosing "cancel" on "Application Update" window |
The full version string for this update release is 1.8.0_92-b14 (where "b" means "build") for the Microsoft Windows JRE and JDK and 1.8.0_92-b14 for all other platforms and for the Microsoft Windows Server JRE. The version number is 8u92.
This update release contains several enhancements and changes including the following.
JDK 8u92 contains IANA time zone data version 2016a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u92 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_91 |
7 | 1.7.0_101 |
6 | 1.6.0_115 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u92) will expire with the release of the next critical patch update scheduled for July 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u92) on August 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory. For a list of bug fixes included in this release, see JDK 8u92 Bug Fixes page.
The following are some of the notable bug fixes included in this release:
SHA224 removed from the default support list if SunMSCAPI enabled
SunJSSE allows SHA224 as an available signature and hash algorithm for TLS 1.2 connections. However, the current implementation of SunMSCAPI does not yet support SHA224. This can cause problems if SHA224 and SunMSCAPI private keys are used at the same time.
To mitigate the problem, we remove SHA224 from the default support list if SunMSCAPI is enabled.
See JDK-8064330.
New JVM Options added: ExitOnOutOfMemoryError and CrashOnOutOfMemoryError
Two new JVM flags have been added:
ExitOnOutOfMemoryError - When you enable this option, the JVM exits on the first occurrence of an out-of-memory error. It can be used if you prefer restarting an instance of the JVM rather than handling out of memory errors.
CrashOnOutOfMemoryError - If this option is enabled, when an out-of-memory error occurs, the JVM crashes and produces text and binary crash files (if core files are enabled).
See JDK-8138745.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8041900 | client-libs | 2d | [macosx] Java forces the use of discrete GPU |
JDK-8132890 | client-libs | 2d | Text Overlapping on Dot Matrix Printers |
JDK-8132503 | client-libs | java.awt | [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X |
JDK-8138764 | client-libs | java.awt | In some cases the usage of TreeLock can be replaced by other synchronization |
JDK-8041501 | client-libs | javax.imageio | ImageIO reader is not capable of reading JPEGs without JFIF header |
JDK-8134828 | client-libs | javax.swing | Scrollbar thumb disappears with Nimbus L&F |
JDK-8131129 | core-libs | java.lang.invoke | Attempt to define a duplicate BMH$Species class |
JDK-8067800 | core-libs | java.time | Clarify java.time.chrono.Chronology.isLeapYear for out of range years |
JDK-8062901 | core-libs | java.util | Iterators is spelled incorrectly in the Javadoc for Spliterator |
JDK-8140587 | core-libs | java.util.concurrent | Atomic*FieldUpdaters should use Class.isInstance instead of direct class check |
JDK-8145539 | core-libs | java.util:collections | (coll) AbstractMap.keySet and .values should not be volatile |
JDK-8143297 | core-libs | jdk.nashorn | Nashorn compilation time reported in nanoseconds |
JDK-8143896 | core-libs | jdk.nashorn | java.lang.Long is implicitly converted to double |
JDK-8144020 | core-libs | jdk.nashorn | Remove long as an internal numeric type |
JDK-8144131 | core-libs | jdk.nashorn | ArrayData.getInt implementations do not convert to int32 |
JDK-8146147 | core-libs | jdk.nashorn | Java linker indexed property getter does not work for computed nashorn string |
JDK-8147845 | core-libs | jdk.nashorn | Varargs Array functions still leaking longs |
JDK-8147857 | core-svc | javax.management | RMIConnector logs attribute names incorrectly |
JDK-8140244 | core-svc | tools | Port fix of JDK-8075773 to AIX and possibly MacOSX |
JDK-8139773 | deploy | Add more debug traces to deployment registration process (RegFx.cpp) | |
JDK-8142982 | deploy | Race Condition can cause CacheEntry.getJarSigningData() to return null. | |
JDK-8143294 | deploy | cookie handler can't get JSESSIONID on linux | |
JDK-8145217 | deploy | Fix GenericCookieHandlerTest | |
JDK-8143314 | deploy | packager | Runtime not respected with INI-configuration while creating native bundle |
JDK-8139389 | deploy | webstart | Register a protocol handler for Java Webstart |
JDK-6869327 | hotspot | compiler | Add new C2 flag to keep safepoints in counted loops. |
JDK-8058563 | hotspot | compiler | InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries |
JDK-8080650 | hotspot | compiler | Enable stubs to use frame pointers correctly |
JDK-8129847 | hotspot | compiler | Compiling methods generated by Nashorn triggers high memory usage in C2 |
JDK-8131782 | hotspot | compiler | C1 Class.cast optimization breaks when Class is loaded from static final |
JDK-8139421 | hotspot | compiler | PPC64LE: MacroAssembler::bxx64_patchable kills register R12 |
JDK-8140483 | hotspot | compiler | Atomic*FieldUpdaters final fields should be trusted |
JDK-8144487 | hotspot | compiler | PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true |
JDK-8144935 | hotspot | compiler | C2: safepoint is pruned from a non-counted loop |
JDK-8145754 | hotspot | compiler | PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI |
JDK-8065579 | hotspot | gc | WB method to start G1 concurrent mark cycle should be introduced |
JDK-8138966 | hotspot | gc | Intermittent SEGV running ParallelGC |
JDK-8145442 | hotspot | gc | Add the facility to verify remembered sets for G1 |
JDK-8029630 | hotspot | runtime | Thread id should be displayed as hex number in error report |
JDK-8046611 | hotspot | runtime | Build errors with gcc on sparc/fastdebug |
JDK-8087120 | hotspot | runtime | [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms |
JDK-8138745 | hotspot | runtime | Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot |
JDK-8139258 | hotspot | runtime | PPC64LE: argument passing problem when passing 15 floats in native call |
JDK-8143963 | hotspot | runtime | improve ClassLoader::trace_class_path to accept an additional outputStream* arg |
JDK-8029726 | hotspot | svc | On OS X some dtrace probe names are mismatched with Solaris |
JDK-8029727 | hotspot | svc | On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. |
JDK-8029728 | hotspot | svc | On OS X dtrace probes SetStaticBooleanField are not fired |
JDK-8130910 | hotspot | svc | hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions |
JDK-8140031 | hotspot | svc | SA: Searching for a value in Threads does not work |
JDK-8144885 | hotspot | svc | agent/src/os/linux/libproc.h needs to support Linux/SPARC builds |
JDK-8145099 | hotspot | svc | Better error message when SA can't attach to a process |
JDK-8142443 | javafx | build | Error compiling generated web classes with gradle 2.8 |
JDK-8136535 | javafx | controls | JavaFX NumberAxis AutoRange Infinite Loop |
JDK-8143266 | javafx | controls | TreeTableView flickers when inserting elements |
JDK-8089847 | javafx | graphics | [JAVADOC] Change docs to not refer to full-screen exclusive mode |
JDK-8090292 | javafx | web | Test transitions/created-while-suspended.html fails |
JDK-8141345 | javafx | web | Cannot build WebKit with bison3 |
JDK-8141386 | javafx | web | Unable to pass values to java functions which takes wrapper objects as arguments |
JDK-8074935 | security-libs | java.security | jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did |
JDK-8139436 | security-libs | java.security | sun.security.mscapi.KeyStore might load incomplete data |
JDK-8064330 | security-libs | javax.net.ssl | Remove SHA224 from the default support list if SunMSCAPI enabled |
JDK-8131665 | security-libs | javax.net.ssl | Bad exception message in HandshakeHash.getFinishedHash |
JDK-8136442 | security-libs | javax.net.ssl | Don't tie Certificate signature algorithms to ciphersuites |
JDK-8038184 | security-libs | javax.xml.crypto | XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String |
JDK-8038349 | security-libs | javax.xml.crypto | Signing XML with DSA throws Exception when key is larger than 1024 bits |
JDK-8065986 | tools | javac | Compiler fails to NullPointerException when calling super with Object<>() |
JDK-8066974 | tools | javac | Compiler doesn't infer method's generic type information in lambda body |
JDK-8068254 | tools | javac | Method reference uses wrong qualifying type |
JDK-8130506 | tools | javac | javac AssertionError when invoking MethodHandle.invoke with lambda parameter |
JDK-8134007 | tools | javac | Improve string folding |
JDK-8134759 | tools | javac | jdb: Incorrect stepping inside finally block |
JDK-8139751 | tools | javac | Javac crash with -XDallowStringFolding=false |
JDK-8145466 | tools | javac | javac: No line numbers in compilation error |
JDK-8145722 | tools | javadoc(tool) | NullPointerException in javadoc |
JDK-8133924 | xml | jaxp | NPE may be thrown when xsltc select a non-existing node after JDK-8062518 |
The full version string for this update release is 1.8.0_91-b15 (where "b" means "build") for the Microsoft Windows JRE and JDK and 1.8.0_91-b14 for all other platforms and for the Microsoft Windows Server JRE. The version number is 8u91.
This update release contains several enhancements and changes including the following.
JDK 8u91 contains IANA time zone data version 2016a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u91 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_91 |
7 | 1.7.0_101 |
6 | 1.6.0_115 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u91) will expire with the release of the next critical patch update scheduled for July 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u91) on August 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Removal of Static JREs
Java installers for Windows that were released prior to version 8u91 did not remove statically installed JREs by default. In order to remove JREs that were installed statically, users had to manually select those JREs in the Java installer's user interface. Now in Java releases 8u91 and above, JREs that were installed statically will automatically be removed, if they are below the security baseline. For more information on static install, please see Java Runtime Environment Configuration.
This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
DSA signature generation is now subject to a key strength check
For signature generation, if the security strength of the digest algorithm is weaker than the security strength of the key used to sign the signature (e.g. using (2048, 256)-bit DSA keys with SHA1withDSA signature), the operation will fail with the error message:
"The security strength of SHA1 digest algorithm is not sufficient for this key size."
JDK-8138593 (not public)
Firefox 42 liveconnect problem
Because it might cause the browser to hang, we don't process JavaScript-to-Java calls when the Java plugin is launched from plugin-container.exe
(the default behavior for Firefox 42) and the applet status is not Ready(2). If the applet is not ready (the status is not 2), we don't execute the actual Java method and only return null.
If the plugin is launched from plugin-container.exe
, do not use JavaScript-To-Java calls that may require more than 11 seconds(the default value of dom.ipc.plugins.hangUITimeoutSecs
) to be completed or show a modal dialog during JavaScript-To-Java call. In this case, the main browser thread must be blocked, which might cause the browser to hang and the plugin to terminate.
Workaround (for Firefox 42):
User’s can set dom.ipc.plugins.enabled=false
. The side effect of this workaround is that it changes the setting for all plugins.
JDK-8144079 (not public)
New attribute for JMX RMI JRMP servers specifies a list of class names to use when deserializing server credentials
A new java attribute has been defined for the environment to allow a JMX RMI JRMP server to specify a list of class names. These names correspond to the closure of class names that are expected by the server when deserializing credentials. For instance, if the expected credentials were a List<string>, then the closure would constitute all the concrete classes that should be expected in the serial form of a list of Strings.
By default, this attribute is used only by the default agent with the following:
{
"[Ljava.lang.String;",
"java.lang.String"
}
Only arrays of Strings and Strings will be accepted when deserializing the credentials.
The attribute name is:
"jmx.remote.rmi.server.credential.types"
The following is an example of a user starting a server with the specified credentials class names:
Map<String, Object> env = new HashMap<>(1);
env.put (
"jmx.remote.rmi.server.credential.types",
new String[]{
String[].class.getName(),
String.class.getName()
}
);
JMXConnectorServer server
= JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbeanServer);
The new feature should be used by directly specifying:
"jmx.remote.rmi.server.credential.types"
JDK-8144430 (not public)
New certificates added to root CAs
Eight new root certificates have been added :
See JDK-8145954 and JDK-8145955
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8148446 | core-libs | java.util:i18n | (tz) Support tzdata2016a |
JDK-8144963 | deploy | Javaws checks jar files twice if JVM needs to be restarted. | |
JDK-8145954 | security-libs | java.security | Add new DigiCert roots. |
JDK-8145955 | security-libs | java.security | Add new QuoVadis roots. |
The following sections summarize changes made in all Java SE 8u77 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from the prior BPR (8u74 b32) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8130150 | hotspot | compiler | Implement BigInteger.montgomeryMultiply intrinsic |
8081778 | hotspot | compiler | Use Intel x64 CPU instructions for RSA acceleration |
8151522 | hotspot | compiler | Disable 8130150 and 8081778 intrinsics by default |
8147994 | client.libs | javax.swing | [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua |
The full version string for this update release is 1.8.0_77-b03 (where "b" means "build"). The version number is 8u77.
This update release contains several enhancements and changes including the following.
JDK 8u77 contains IANA time zone data version 2016a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u77 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_77 |
7 | 1.7.0_99 |
6 | 1.6.0_111 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u77) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u77) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
This Security Alert (8u77) is based on the earlier 8u74 PSU release. All users of earlier JDK 8 releases should update to this release. For more information on the difference between Critical Patch Updates and Patch Set Updates please visit Java CPU and PSU Releases Explained.
The demos, samples, and Documentation bundles for 8u77 are not impacted by the Security Alert for CVE-2016-0636, so version 8u73 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.
This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.
The following sections summarize changes made in all Java SE 8u74 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
6675699 | hotspot | compiler | need comprehensive fix for unconstrained ConvI2L with narrowed typed |
8130735 | client-libs | javax.swing | javax.swing.TimerQueue: timer fires late when another timer starts |
8038837 | security-libs | java.security | Add support to jarsigner for specifying timestamp hash algorithm |
8146336 (Confidential) |
deploy | plugin | pac file returns wrong proxy with IE only due to broken wildcarding |
8144864 (Confidential) |
deploy | plugin | .pac file returns wrong proxy |
8145712 (Confidential) |
deploy | webstart | NPE is introduced by 8133458 |
Please note that fixes from the prior BPR (8u72 b31) are included in this version.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8144963 | deploy | webstart | Javaws checks jar files twice if JVM needs to be restarted |
8140291 (Confidential) |
deploy | webstart | (JWS)LazyRootStore leak when calling getResourceAsStream on non-class resource |
8142982 | deploy | webstart | Race Condition can cause CacheEntry.getJarSigningData() to return null. |
The full version string for this update release is 1.8.0_74-b02 (where "b" means "build"). The version number is 8u74.
This update release contains several enhancements and changes including the following.
JDK 8u74 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u74 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_71 |
7 | 1.7.0_95 |
6 | 1.6.0_111 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u74) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u74) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Oracle strongly recommends that Java users who have downloaded affected versions and plan future installations with these downloaded versions discard these old downloads. Java users who have installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 need take no action. Java users who have not installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 should upgrade to the Java SE 6, 7, or 8 releases from the Security Alert for CVE-2016-0603.
The demos, samples, and Documentation bundles for 8u74 are not impacted by the Security Alert for CVE-2016-0603, so version 8u72 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.
This release contains fixes for security vulnerabilities. For more information, see the Oracle Java SE Critical Patch Update Advisory.
The full version string for this update release is 1.8.0_73-b02 (where "b" means "build"). The version number is 8u73.
This update release contains several enhancements and changes including the following.
JDK 8u73 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u73 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_71 |
7 | 1.7.0_95 |
6 | 1.6.0_111 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u73) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u73) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Oracle strongly recommends that Java users who have downloaded affected versions and plan future installations with these downloaded versions discard these old downloads. Java users who have installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 need take no action. Java users who have not installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 should upgrade to the Java SE 6, 7, or 8 releases from the Security Alert for CVE-2016-0603.
The demos, samples, and Documentation bundles for 8u73 are not impacted by the Security Alert for CVE-2016-0603, so version 8u71 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.
This release contains fixes for security vulnerabilities. For more information, see the Oracle Java SE Critical Patch Update Advisory.
Note that 8u73 does not contain the PSU builds found in 8u72. Customers who require the additional bug fixes contained in 8u72 should update to 8u74 instead of 8u73.
The following sections summarize changes made in all Java SE 8u72 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from the prior BPR (8u66 b36) are included in this version.
The full version string for this update release is 1.8.0_72-b15 (where "b" means "build") for the Microsoft Windows JRE and JDK and 1.8.0_72-b15 for all other platforms and for the Microsoft Windows Server JRE. The version number is 8u72.
This update release contains several enhancements and changes including the following.
JDK 8u72 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u72 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_71 |
7 | 1.7.0_95 |
6 | 1.6.0_111 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u72) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u72) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
Regression in Applet startup time fixed
JDK-8080977 introduced delay on applet launch. The delay appears only on IE and lasts about 20 seconds. JDK-8136759 removed this delay.
See JDK-8136759
jps running as root fails after the fix of JDK-8050807
When running jps as root in solaris or linux, it should be able to display process information for all running java process in the system. This worked fine until 7u72:
For example:
jps running In 7u72 solaris machine:
7u72/bin/jps
1771 ControlPanel
722 Bootstrap
1224 ContainerPrivate
1637 swupna.jar
1772 Jp
jps running In 7u75 solaris machine:
7u75/bin/jps
1746 Jps
1739 -- process information unavailable
722 -- process information unavailable
1224 ContainerPrivate
1637 -- process information unavailable
This bug was introduced when fix JDK-8050807 was merged in JDK repository. In this fix UID of directory is matched with the effective Id of process. When JPS command is executed as root, it tries to read the process information from "/tmp/hsperfdata_$username_$ProcessID" file. Before reading the process file or directory, it checks if the file or directory is secure or not. It opens the user directory and match the UID of that directory (which belong to other user) with the current process(root-jps) effective ID,which gets fail and process returns failure.
See JDK-8075773.
"Apply" button is permanently disabled in JCP, after roaming profile option is changed
After the option "Store user settings in the roaming profile" located in "Java Control Panel -> Advanced -> Miscellaneous" is changed and applied by a click on "Apply" button in Java Control Panel (JCP), "Apply" button becomes permanently disabled and changes of any other options in JCP do not lead to enabling of "Apply" button.
See JDK-8133985.
JFR reports abnormally high machine CPU consumption on Linux
On Linux kernels 2.6 and later, the JDK would include time spent waiting for IO completion as "CPU usage". During periods of heavy IO activity, this could result in misleadingly high values reported as CPU consumption in various tools like Flight Recorder and performance counters. This issue has been resolved.
JDK-8133527 (not public)
Problem with REMOVEOUTOFDATEJRES Installer option documentation corrected
Missing documentation for the REMOVEOUTOFDATEJRES installer option was added to the Java Platform, Standard Edition Installation Guide: http://docs.oracle.com/javase/8/docs/technotes/guides/install/config.html#table_config_file_options
See JDK-8133527.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8133917 | client-libs | Please backport X11FontManager refactor to Java 8! | |
JDK-8130136 | client-libs | 2d | Swing window sometimes fails to repaint partially when it becomes exposed |
JDK-8132850 | client-libs | 2d | java.lang.ArrayIndexOutOfBoundsException during text rendering with many fonts installed |
JDK-8137106 | client-libs | 2d | EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ |
JDK-8065081 | client-libs | demo | Intermittent NPE in Java2Demo applet on Stop/Restart in appletviewer |
JDK-8081485 | client-libs | java.awt | EDT auto shutdown is broken in case of new event queue usage |
JDK-8081787 | client-libs | java.awt | [macosx] MalformedURLException is thrown during reading data for application/x-java-url;class=java.net.URL flavor |
JDK-8086038 | client-libs | java.awt | [macosx] No available data flavors when copying from Microsoft Word for Mac |
JDK-8130776 | client-libs | java.awt | Remove EmbeddedFrame.requestFocusToEmbedder() method |
JDK-8132382 | client-libs | java.awt | [macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries |
JDK-8136763 | client-libs | java.awt | [macosx] java always returns only one value for "text/uri-list" dataflavor even if several files were copied |
JDK-8134828 | client-libs | javax.swing | Scrollbar thumb disappears with Nimbus L&F |
JDK-8134917 | client-libs | javax.swing | [macosx] JOptionPane doesn't receive mouse events when opened from a drop event |
JDK-8134356 | core-libs | {@code} tag contains < and > sequences | |
JDK-8134569 | core-libs | Add tests for prototype callsites | |
JDK-8134939 | core-libs | Improve toString method of Dynalink DynamicMethod objects | |
JDK-8133249 | core-libs | java.io | Occasional SIGSEGV: non thread-safe use of strerr in getLastErrorString |
JDK-8073644 | core-libs | java.lang.invoke | Assertion in LambdaFormEditor.bindArgumentType is too strict |
JDK-8030785 | core-libs | java.lang:reflect | Missing "since 1.8" javadoc for java.lang.reflect.Method:getParameterCount |
JDK-8072466 | core-libs | java.net | Deadlock when initializing MulticastSocket and DatagramSocket |
JDK-8087190 | core-libs | java.net | Regression in sun.net.util.IPAddressUtil.isIPv4LiteralAddress(String) |
JDK-8133015 | core-libs | java.net | InetAddress.isReachable(tmout) returning wrong value on Windows for IPv6 |
JDK-8143397 | core-libs | java.net | It looks like InetAddress.isReachable(timeout) works incorrectly |
JDK-6857566 | core-libs | java.nio | (bf) DirectByteBuffer garbage creation can outpace reclamation |
JDK-8029516 | core-libs | java.nio | (fs) WatchKey cancel unreliable on Windows |
JDK-8034057 | core-libs | java.nio | Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) |
JDK-8080115 | core-libs | java.nio | (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads |
JDK-8130274 | core-libs | java.nio | java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal |
JDK-8133232 | core-libs | java.nio | [fs] Regex has redundant | in the char class |
JDK-8133647 | core-libs | java.nio | (ch) Test java/nio/channels/AsynchronousSocketChannel/StressLoopback.java fails for Windows XP |
JDK-8137121 | core-libs | java.nio | (fc) Infinite loop FileChannel.truncate |
JDK-8138819 | core-libs | java.nio | (se) File descriptor leak when Selector.open fails |
JDK-8081794 | core-libs | java.text | ParsePosition getErrorIndex returns 0 for TimeZone parsing problem |
JDK-8074032 | core-libs | java.time | Instant.ofEpochMilli(millis).toEpochMilli() can throw arithmetic overflow in toEpochMilli() |
JDK-8133022 | core-libs | java.time | Instant.toEpochMilli() silently overflows |
JDK-8139107 | core-libs | java.time | DateTimeFormatter with Locale.UK throw a NullPointerException when parsing zone |
JDK-6907252 | core-libs | java.util.jar | ZipFileInputStream Not Thread-Safe |
JDK-8038502 | core-libs | java.util.jar | Deflater.needsInput() should use synchronization |
JDK-8134505 | core-libs | java.util:i18n | Cleanup of "TimeZone_md.c" |
JDK-8129957 | core-libs | javax.naming | Deadlock in JNDI LDAP implementation when closing the LDAP context |
JDK-8027137 | core-libs | jdk.nashorn | Merge ScriptFunction and ScriptFunctionImpl |
JDK-8055917 | core-libs | jdk.nashorn | jdk.nashorn.internal.codegen.CompilationPhase$N should be renamed to proper classes |
JDK-8068901 | core-libs | jdk.nashorn | Surprising behavior with more than one functional interface on a class |
JDK-8068903 | core-libs | jdk.nashorn | Can't invoke vararg @FunctionalInterface methods |
JDK-8073613 | core-libs | jdk.nashorn | Here documents: how to avoid string interpolation? |
JDK-8073733 | core-libs | jdk.nashorn | TypeError messages with "call" and "new" could be improved |
JDK-8087292 | core-libs | jdk.nashorn | nashorn should have a "fail-fast" option for scripting, analog to bash "set -e" |
JDK-8087312 | core-libs | jdk.nashorn | PropertyMapWrapper.equals should compare className |
JDK-8114838 | core-libs | jdk.nashorn | Anonymous functions escape to surrounding scope when defined under "with" statement |
JDK-8129950 | core-libs | jdk.nashorn | Wrong condition for checking absence of logger in MethodHandleFactory |
JDK-8129959 | core-libs | jdk.nashorn | DebugLogger has unnecessary API methods |
JDK-8130234 | core-libs | jdk.nashorn | Get rid of JSType.isNegativeZero |
JDK-8130307 | core-libs | jdk.nashorn | improve Nashorn Javadoc target |
JDK-8130424 | core-libs | jdk.nashorn | if directory specified with --dest-dir does not exist, only .class files are dumped and .js files are not |
JDK-8130476 | core-libs | jdk.nashorn | Remove unused methods in Global.java |
JDK-8130663 | core-libs | jdk.nashorn | 6 fields can be static fields in Global class |
JDK-8130853 | core-libs | jdk.nashorn | Non-extensible global is not handled property |
JDK-8131039 | core-libs | jdk.nashorn | after adding a function property to Object.prototype, JSON.parse with reviver function goes into infinite loop |
JDK-8131340 | core-libs | jdk.nashorn | Varargs function is recompiled each time it is linked |
JDK-8131683 | core-libs | jdk.nashorn | Delete fails over multiple scopes |
JDK-8133119 | core-libs | jdk.nashorn | Error message associated with TypeError for call and new should include stringified Node |
JDK-8133300 | core-libs | jdk.nashorn | Ensure symbol table immutability in Nashorn AST |
JDK-8133785 | core-libs | jdk.nashorn | SharedScopeCall should be enabled for non-optimistic call sites even with optimistic compilation |
JDK-8134150 | core-libs | jdk.nashorn | Make Nashorn Timing class both threadsafe and efficient |
JDK-8134484 | core-libs | jdk.nashorn | disallow backquotes as heredoc end marker delimiters |
JDK-8134488 | core-libs | jdk.nashorn | var statement in if(false) block incorrectly evacuated into enclosing function |
JDK-8134490 | core-libs | jdk.nashorn | Dead var statement evacuation incorrectly descends into nested functions |
JDK-8134502 | core-libs | jdk.nashorn | introduce abstraction for basic NodeVisitor usage |
JDK-8134609 | core-libs | jdk.nashorn | Allow constructors with same prototoype map to share the allocator map |
JDK-8134731 | core-libs | jdk.nashorn | Function.prototype.apply interacts incorrectly with 'arguments' |
JDK-8134930 | core-libs | jdk.nashorn | Defer stack trace walking of NashornException for extracting line number and file name |
JDK-8134931 | core-libs | jdk.nashorn | jdk.nashorn.internal.codegen.TypeMap should not use Map |
JDK-8134973 | core-libs | jdk.nashorn | Control flow exceptions should avoid filling stack trace |
JDK-8135000 | core-libs | jdk.nashorn | Number.prototype.toFixed returns wrong string for 0.5 and -0.5 |
JDK-8135054 | core-libs | jdk.nashorn | Add more samples to nashorn samples directory |
JDK-8135075 | core-libs | jdk.nashorn | Reorder short-circuit tests in ApplySpecialization to run cheapest first |
JDK-8135190 | core-libs | jdk.nashorn | Method code too large in Babel browser.js script |
JDK-8135262 | core-libs | jdk.nashorn | Sanitize CodeInstaller and Compiler API |
JDK-8135332 | core-libs | jdk.nashorn | ScriptFunction constructor should use is bound and is strict check rather than checking for 'arguments' and 'caller' |
JDK-8135337 | core-libs | jdk.nashorn | NativeDebug.dumpCounters with incorrect scope count |
JDK-8136349 | core-libs | jdk.nashorn | Typos patch for nashorn sources submitted on Sep 10, 2015 |
JDK-8136544 | core-libs | jdk.nashorn | Call site switching to megamorphic causes incorrect property read |
JDK-8136694 | core-libs | jdk.nashorn | Megemorphic scope access does not throw ReferenceError when property is missing |
JDK-8137258 | core-libs | jdk.nashorn | JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects |
JDK-8137281 | core-libs | jdk.nashorn | OutOfMemoryError with large numeric keys in JSON.parse |
JDK-8137333 | core-libs | jdk.nashorn | Boundless soft caching of property map histories causes high memory pressure |
JDK-8138616 | core-libs | jdk.nashorn | invokeFunction fails if function calls a function defined in GLOBAL_SCOPE |
JDK-8138632 | core-libs | jdk.nashorn | Sparse array does not handle growth of underlying dense array |
JDK-8074696 | core-svc | debugger | Remote debugging session hangs for several minutes when calling findBootType |
JDK-8074368 | core-svc | java.lang.management | ThreadMXBean.getThreadInfo() corrupts memory when called with empty array for thread ids |
JDK-8133666 | core-svc | java.lang.management | OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux |
JDK-8075773 | core-svc | tools | jps running as root fails after the fix of JDK-8050807 |
JDK-8139613 | deploy | push of backport of JDK-8081846 broke build | |
JDK-8138650 | deploy | packager | Packager cannot bundle Mac App Store Apps because JavaFX WebKit uses apple private APIs |
JDK-8133985 | deploy | plugin | "Apply" button is permanently disabled in JCP, after roaming profile option is changed |
JDK-8134109 | deploy | plugin | Applet2Manager.getMainDeploymentRuleSet ignores jar version. |
JDK-8134495 | deploy | plugin | Cannot enable debugging on JNLP applet with java-vm-args params |
JDK-7156268 | deploy | webstart | app is stuck when launching with javaagent if there is no jre info in deployment.properties |
JDK-8055464 | deploy | webstart | Add a URL scheme handler to reliably launch .jnlp files - java part |
JDK-8056013 | deploy | webstart | Web Start looks in currently directory for all classes prior to jars - slow |
JDK-8077380 | deploy | webstart | JNLPSigning exception when signed jnlp is launched from local tomcat server |
JDK-8081846 | deploy | webstart | Add a URL scheme handler to reliably launch .jnlp files - Windows registration part |
JDK-8135115 | deploy | webstart | DRS1.3: App is not blocked when there is a invalid attribute in jnlp-checksum |
JDK-8135227 | deploy | webstart | DRS 1.3 enhancements doesn't work as expected when load no href jnlp by "javaws <local_path_of_jnlp_file>" |
JDK-8136906 | deploy | webstart | Extreme Application Startup Time due to frequent requests for the jnlp-6.0.dtd |
JDK-8139323 | deploy | webstart | JNLPSignedResourcesHelperTest shows regression caused by JDK-8129600 |
JDK-8140264 | deploy | webstart | create junit test for JDK-8136906 |
JDK-8140740 | deploy | webstart | Test jnlp_file/applicationDesc/index.html\#args is failing |
JDK-8011858 | hotspot | compiler | Use Compile::live_nodes() instead of Compile::unique() in appropriate places |
JDK-8058737 | hotspot | compiler | CodeCache::find_blob fails with 'unsafe access to zombie method' |
JDK-8075805 | hotspot | compiler | Crash while trying to release CompiledICHolder |
JDK-8134031 | hotspot | compiler | Incorrect JIT compilation of complex code with inlining and escape analysis |
JDK-8134493 | hotspot | compiler | Cleaning inline caches of unloaded nmethods should be done in sweeper |
JDK-8133193 | hotspot | gc | Memory leak in G1 because G1RootProcessor doesn't have desctructor |
JDK-8029453 | hotspot | runtime | java/util/concurrent/locks/ReentrantLock/TimeoutLockLoops.java failed by timeout |
JDK-8135002 | hotspot | runtime | Fix or remove broken links in objectMonitor.cpp comments |
JDK-8139150 | hotspot | runtime | ClassVerifier frees exception message while it's still in use |
JDK-8140249 | hotspot | runtime | JVM Crashing During startUp If Flight Recording is enabled |
JDK-7194452 | security-libs | java.security | Remove "Reverse" PKIX CertPathBuilder implementation |
JDK-8130875 | security-libs | java.security | Ucrypto library leaks memory when null output buffer is specified |
JDK-8136534 | security-libs | java.security | Loading JKS keystore using non-null InputStream results in closed stream |
JDK-8132551 | security-libs | javax.crypto:pkcs11 | Initialize local variables before returning them in p11_convert.c |
JDK-8067422 | tools | javac | Lambda method names are unnecessarily unstable |
JDK-8071291 | tools | javac | Compiler crashes trying to cast UnionType to IntersectionClassType |
JDK-8073519 | xml | jaxb | schemagen does not report errors while generating xsd files |
The full version string for this update release is 1.8.0_71-b15 (where "b" means "build"). The version number is 8u71.
This update release contains several enhancements and changes including the following.
JDK 8u71 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u71 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_71 |
7 | 1.7.0_95 |
6 | 1.6.0_111 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u71) will expire with the release of the next critical patch update scheduled for April 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u71) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
The following are some of the notable new features and changes in this release:
*MD5 now disabled for X509 Certificate validating*
MD5 must not be used for digital signatures where collision resistance is required. To prevent the use of X.509 certificates that include an MD5-based digital signature algorithm, MD5 has been added to the jdk.certpath.disabledAlgorithms security property. Applications should upgrade or replace certificates that include an MD5-based digital signature.
Reversing this change is possible by removing MD5 from the jdk.certpath.disabledAlgorithms security property in the java.security file. This is not recommended.
JDK-8141287 (not public)
Disable MD5withRSA signature algorithm in the JSSE provider
The MD5withRSA signature algorithm is now considered insecure and should no longer be used. Accordingly, MD5withRSA has been deactivated by default in the Oracle JSSE implementation by adding "MD5withRSA" to the "jdk.tls.disabledAlgorithms" security property. Now, both TLS handshake messages and X.509 certificates signed with MD5withRSA algorithm are no longer acceptable by default. This change extends the previous MD5-based certificate restriction ("jdk.certpath.disabledAlgorithms") to also include handshake messages in TLS version 1.2. If required, this algorithm can be reactivated by removing "MD5withRSA" from the "jdk.tls.disabledAlgorithms" security property.
JDK-8144773 (not public)
This release contains fixes for security vulnerabilities. The following are some of the notable bug fixes included in this release:
Running jps as root does not show all information
After the fix of JDK-8050807 (fixed in 8u31, 7u75 and 6u91), running jps as root did not show all the information from Java processes started by other users on some systems. This has now been fixed.
See JDK-8075773.
Installers appearing stalled on ESC configurations
Users running Internet Explorer Enhance Security Configuration (ESC) on Windows Server 2008 R2 may have experienced issues installing Java in interactive mode. This issue has been resolved in the 8u71 release. Installers executed in interactive mode will no longer appear to be stalled on ESC configurations.
See JDK-8140197.
Problem with PBE algorithms using AES crypto corrected
An error was corrected for PBE using 256-bit AES ciphers such that the derived key may be different and not equivalent to keys previously derived from the same password.
JDK-8138589 (not public)
Problem with Enterprise MSI switch 'REMOVEOLDERJRES' documentation corrected
The Enterprise MSI documentation lists configuration options:
The REMOVEOLDERJRES option used to uninstall old JREs was missing. Added this option, with the description:
If set to 1, removes older releases of the JRE installed on the system.
Default: 0 does not remove any old JREs
JDK-8081237 (not public)
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8138716 | core-libs | (tz) Support tzdata2015g | |
JDK-8075773 | core-svc | tools | jps running as root fails after the fix of JDK-8050807 |
JDK-8134109 | deploy | plugin | Applet2Manager.getMainDeploymentRuleSet ignores jar version. |
JDK-8140197 | install | install | JRE 8u65 installer doesn't work on Windows Server |
JDK-8132082 | security-libs | javax.net.ssl | Let OracleUcrypto accept RSAPrivateKey |
The following sections summarize changes made in all Java SE 8u66 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8130212 (Confidential) |
hotspot | runtime | Thread::current() might access freed memory on Solaris |
8132890 | client-libs | 2d | Text Overlapping on Dot Matrix Printers |
8133458 (Confidential) |
deploy | webstart | 8u51 is slower than 6u101 to launch JWS application |
8098826 (Confidential) |
deploy | webstart | WS sends multiple request to server to download extensions |
8141527 | deploy | webstart | AddRemoveTest tests fail as second request to jnlp not getting to server, but resource requests going through fine |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8142908 (Confidential) |
deploy | plugin | Java Plug-in crashes under some scenarios using FF42 |
8133523 | deploy | plugin | _releaseObject called from wrong thread |
8134828 | client-libs | javax.swing | Scrollbar thumb disappears with Nimbus L&F |
8144110 (Confidential) |
install | install | 32-bit JRE install fails on 64-bit Windows Server 2012 under System Account |
8140670 (Confidential) |
install | install | 32-bit JRE silent install fails on 64-bit Windows under System Account |
8067422 | tools | javac | Lambda method names are unnecessarily unstable |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8136759 (Confidential) |
deploy | deployment_toolkit | Regression in Applet startup time with Internet Explorer on 8u60 and 8u65-b14 |
Please note that fixes from the prior BPR (8u60 b32) are included in this BPR.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8135307 (Confidential) |
tools | javac | CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing |
The full version string for this update release is 1.8.0_66-b18 (where "b" means "build") for the Microsoft Windows JRE and JDK and 1.8.0_66-b17 for all other platforms and for the Microsoft Windows Server JRE. The version number is 8u66.
This update release contains several enhancements and changes including the following.
JDK 8u66 contains IANA time zone data version 2015f. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u66 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_65 |
7 | 1.7.0_91 |
6 | 1.6.0_105 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u66) will expire with the release of the next critical patch update scheduled for January 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u66) on February 20, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
DYLD_LIBRARY_PATH
, may be stripped from the environment when running Java from the command line or when double-clicking a JAR file. Applications should not rely on these variables in a production environment, they are only intended for debugging during development. The following are some of the notable new features and changes in this release: <br>
Support ISO 4217 "Current funds codes" table (A.2)
This enhancement adds support for ISO 4217 table A.2 fund codes. Previously the JDK only supported those currencies listed in table A.1.
See JDK-8074350.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
Kerberos changes for applications running with security manager
This JDK release introduces some changes to how Kerberos requests are handled when a security manager is present.
Note that if a security manager is installed while a KerberosPricipal is being created, a {@link ServicePermission} must be granted and the service principal of the permission must minimally be inside the {@code KerberosPrincipal
}'s realm.
For example, if the result of {@code new KerberosPrincipal("user")}
is {@code user@EXAMPLE.COM}
, then a {@code ServicePermission}
with service principal {@code host/www.example.com@EXAMPLE.COM}
(and any action) must be granted.
Also note that if a single GSS-API principal entity that contains a Kerberos name element without providing its realm is being created via the org.ietf.jgss.GSSName
interface and a security manager is installed, then this release introduces a new requirement. A {@link javax.security.auth.kerberos.ServicePermission ServicePermission}
must be granted and the service principal of the permission must minimally be inside the Kerberos name element's realm.
For example, if the result of {@link GSSManager#createName(String, Oid) createName("user", NT_USER_NAME)}
contains a Kerberos name element {@code user@EXAMPLE.COM}
, then a {@code ServicePermission}
with service principal {@code host/www.example.com@EXAMPLE.COM}
(and any action) must be granted. Otherwise, the creation will throw a {@link GSSException}
containing the {@code GSSException.FAILURE}
error code.
JDK-8048030 (not public)
Hotspot should use PICL interface to get cacheline size on SPARC
The libpicl library is now required on Solaris/SPARC to determine the size of the cache lines. In case the library is not present or the PICL service is not available the JVM will display a warning and compiler optimizations that utilize the BIS (Block Initializing Store) instruction will be turned off.
See JDK-8056124.
Preloading libjsig.dylib causes deadlock when signal() is called
Applications need to preload the libjsig
library to enable signal chaining. Previously, on OS X, after libjsig.dylib
was preloaded, any call from native code to signal()
caused a deadlock. This has been corrected.
See JDK-8072147.
VM crash when class is redefined with Instrumentation.redefineClasses
The JVM could crash when a class was redefined with Instrumentation.redefineClasses()
. The crash could either be a segmentation fault at SystemDictionary::resolve_or_null
, or an internal error with the message "tag mismatch with resolution error table
". This has now been fixed.
See JDK-8076110.
_releaseObject called from wrong thread
A recent change to Firefox caused the _releaseObject
call to be made from a thread other than the main thread. This may cause a race condition, which may inadvertently crash the browser. This has been addressed in build 18 of 8u66. For more information, see Bugs@Mozilla 1221448.
See JDK-8133523.
Java plug-in does not work in Firefox after installing Java
Firefox 42 may crash when trying to run the Java plug-in.
NOTE: The workaround applies to Firefox 42 and requires Windows Java Version 8 Update 66 Build 18 or later versions.
See JDK-8133523 for related information.
There are several workaround options. The simplest method is noted first and is recommended. The remaining available options are not recommended for non-technical users.
Option 1: Add property name dom.ipc.plugins.java.enabled
in Firefox preferences
about:config
in the address bardom.ipc.plugins.java.enabled
Option 2: Create "user.js" file with preference entry
Instructions are based on Mozilla references listed below.
user_pref("dom.ipc.plugins.java.enabled", false);
Option 3: Update "pref.js" file with preference entry
user_pref("dom.ipc.plugins.java.enabled", false);
Correction to end time checking for native TGT
The end times for native TGTs (ticket-granting tickets) are now compared with UTC time stamps.
See JDK-8078495.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8087201 | client-libs | 2D | OGL: rendering of lcd text is slow |
JDK-8130938 | client-libs | 2D | [solaris] Incomplete 8ux fix for 8071710: libfontmanager & t2k should link against headless awt on solaris |
JDK-8037371 | client-libs | java.awt | [macosx] Test closed/java/awt/dnd/ImageTransferTest/ImageTransferTest.html fails |
JDK-8131752 | client-libs | java.awt | [Regression] Test java/awt/GraphicsDevice/CheckDisplayModes.java fails |
JDK-8134453 | client-libs | javax.accessibility | JAWS crashes in WindowsAccessBridge.DLL on 32 bit 8u60 running on 32 bit Win 7 |
JDK-8134403 | core-libs | jdk.nashorn | Nashorn react.js benchmark performance regression |
JDK-8079618 | deploy | plugin | AccessControlException with deployment cache and RMI |
JDK-8135116 | globalization | translation | [de] Missing the link of license agreement |
JDK-6904403 | hotspot | jvmti | assert(f == k->has_finalizer(),"inconsistent has_finalizer") with debug VM |
JDK-8048353 | hotspot | runtime | jstack -l crashes VM when a Java mirror for a primitive type is locked |
JDK-8072147 | hotspot | runtime | Preloading libjsig.dylib causes deadlock when signal() is called |
JDK-8076110 | hotspot | runtime | VM crash when class is redefined with Instrumentation.redefineClasses |
JDK-8133191 | install | NVDA screen reader and JAWS can't read the "Look and Feel" Selections. | |
JDK-8078495 | security-libs | org.ietf.jgss:krb5 | End time checking for native TGT is wrong |
JDK-8131907 | xml | jaxp | Numerous threads lock during XML processing while running Weblogic 12.1.3 |
JDK-8133523 | deploy | plugin | _releaseObject called from wrong thread |
The full version string for this update release is 1.8.0_65-b17 (where "b" means "build"). The version number is 8u65.
This update release contains several enhancements and changes including the following.
JDK 8u65 contains IANA time zone data version 2015f. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u65 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_65 |
7 | 1.7.0_91 |
6 | 1.6.0_105 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u65) will expire with the release of the next critical patch update scheduled for January 19, 2016.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u65) on February 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
When running on OSX 10.11 "El Capitan", when SIP is enabled, certain environment variables intended for debugging applications, such as DYLD_LIBRARY_PATH, may be stripped from the environment when running Java from the command line or when double-clicking a JAR file. Applications should not rely on these variables in a production environment, they are only intended for debugging during development.
The following are some of the notable new features and changes in this release:
Support ISO 4217 "Current funds codes" table (A.2)
This enhancement adds support for ISO 4217 table A.2 fund codes. Previously the JDK only supported those currencies listed in table A.1.
See JDK-8074350.
This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
Kerberos changes for applications running with security manager
This JDK release introduces some changes to how Kerberos requests are handled when a security manager is present.
Note that if a security manager is installed while a KerberosPricipal is being created, a {@link ServicePermission} must be granted and the service principal of the permission must minimally be inside the {@code KerberosPrincipal}
's realm.
For example, if the result of {@code new KerberosPrincipal("user")}
is {@code user@EXAMPLE.COM}, then a {@code ServicePermission} with service principal {@code host/www.example.com@EXAMPLE.COM}
(and any action) must be granted.
Also note that if a single GSS-API principal entity that contains a Kerberos name element without providing its realm is being created via the org.ietf.jgss.GSSName
interface and a security manager is installed, then this release introduces a new requirement. A {@link javax.security.auth.kerberos.ServicePermission ServicePermission}
must be granted and the service principal of the permission must minimally be inside the Kerberos name element's realm.
For example, if the result of {@link GSSManager#createName(String, Oid) createName("user", NT_USER_NAME)}
contains a Kerberos name element {@code user@EXAMPLE.COM}, then a {@code ServicePermission}
with service principal {@code host/www.example.com@EXAMPLE.COM}
(and any action) must be granted. Otherwise, the creation will throw a {@link GSSException} containing the {@code GSSException.FAILURE}
error code.
JDK-8048030 (not public)
Hotspot should use PICL interface to get cacheline size on SPARC
The libpicl library is now required on Solaris/SPARC to determine the size of the cache lines. In case the library is not present or the PICL service is not available the JVM will display a warning and compiler optimizations that utilize the BIS (Block Initializing Store) instruction will be turned off.
See JDK-8056124.
Preloading libjsig.dylib causes deadlock when signal() is called
Applications need to preload the libjsig library to enable signal chaining. Previously, on OS X, after libjsig.dylib
was preloaded, any call from native code to signal()
caused a deadlock. This has been corrected.
See JDK-8072147.
Use Safe Prime Diffie-Hellman Groups
In the JDK SSL/TLS implementation (SunJSSE provider), safe prime Diffie-Hellman groups are used by default. Users can customize Diffie-Hellman groups with the security property, "jdk.tls.server.defaultDHEParameters"
.
[macosx] JRE AU client installed fails update to NEXTVER on Mac 10.11
A new installer is introduced in the 8u65 release to update OS X users to the latest version. The installer will apply to both scheduled and manual updates, and bundles made available on java.com and OTN. Users who experience compatibility issues with the new installer can manually download and install the ".pkg" installer available on My Oracle Support.
VM crash when class is redefined with Instrumentation.redefineClasses
The JVM could crash when a class was redefined with Instrumentation.redefineClasses()
. The crash could either be a segmentation fault at SystemDictionary::resolve_or_null
, or an internal error with the message "tag mismatch with resolution error table"
. This has now been fixed.
See JDK-8076110.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8133321 | core-libs | (tz) Support tzdata2015f | |
JDK-8133665 | deploy | plugin | REGRESSION: Hidden applet does not load in 8u60 and 8u65 |
JDK-8135116 | globalization | translation | [de] Missing the link of license agreement |
[macosx] Sponsor offer screen accessibility (a11y) issues
Users who operate the keyboard to access user interfaces in the Java installer will be unable to access hyperlinks and checkboxes in software add-on offer screens. As a workaround to setting preferences related to add-on software in the user interface, users can disable such offers either by disabling them in the Java Control Panel, or by passing 'SPONSORS=0' via the command line. For more information, refer to: https://www.java.com/en/download/faq/disable_offers.xml
The Java SE 8u60 SE Platform, available for Java SE Subscription customers, is based on the current Java SE 8u60 release. This release is also available for legacy Java SE Suite, Java SE Advanced, and Java SE Support and when directed by support to be used as part of another Oracle product.
For more information on installation and licensing of Java SE Suite and Java SE Advanced, visit Java SE Products Overview.
Find information about Java SE Support at Oracle Java SE Subscriptions.
The following sections summarize changes made in all Java SE 8u60 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8081297 (Confidential) | security-libs | javax.net.ssl | Unable to process PreMasterSecret Tomcat issue |
8132082 | security-libs | javax.net.ssl | Let OracleUcrypto accept RSAPrivateKey |
8075773 | core-svc | tools | jps running as root fails after the fix of JDK-8050807 |
8133943 (Confidential) | hotspot | gc | Better TLAB handling for Resource Management |
8134719 (Confidential) | hotspot | gc | Reduce locking at native layer when thread metrics are updated due to resource context switch at thread level |
8134109 | deploy | plugin | Applet2Manager.getMainDeploymentRuleSet ignores jar version. |
8133196 | core-libs | java.net | HTTPS hostname invalid issue with InetAddress |
Please note that fixes from the prior BPR (8u51 b31) are included in this BPR.
The full version string for this update release is 1.8.0_60-b27 (where "b" means "build"), except for OS X, where the version string is 1.8.0_60-b28. The version number is 8u60.
This update release contains several enhancements and changes including the following:
JDK 8u60 contains IANA time zone data version 2015e. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u60 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_51 |
7 | 1.7.0_85 |
6 | 1.6.0_101 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u60) will expire with the release of the next critical patch update scheduled for October 20, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u60) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
This release includes Java Development Kit for ARM Release 8u60 (JDK 8u60 for ARM).
For ARM device support information, see Java SE Development Kit Downloads page.
For system requirements, installation instructions and troubleshooting tips, see Installation Instructions page.
Limitation: Native Memory Tracking support is limited in JDK for ARM. The java command line option XX:NativeMemoryTracking=detail
is not supported for ARM targets (an error message is displayed to user). Instead, use the following option:
XX:NativeMemoryTracking=summary
deploy
New "Use roaming profile" option added in Java Control Panel (Windows only)
New option "Use roaming profile" added in JCP (Windows only).
1. The option is set when file <user_home>\AppData\Roaming\Sun\Java\Deployment\deployment.properties
exists.
2. Setting this option in JCP results in deployment.properties file from LocalLow being copied to the Roaming folder.
3. Clearing this option results in the deployment.properties
file being moved from the Roaming folder to the LocalLow folder.
When the option is set, the following data is stored in the roaming profile:
1. deployment.properties
2. local application properties
3. security baselines
4. blacklisted certs
5. blacklisted jars
6. user certs stores
7. exception site list
The rest of the cache ( the cache without LAP), temp and log folders are always stored in LocalLow regardless of the roaming profile settings.
JDK-8062830 (not public)
Different bytecode between JDK8u45 and JDK8u60
Fixing JDK-8064857 has provoked a benign, actually beneficial, side effect in javac
's code generation. The mentioned fix has improved the information javac
has about aliveness of local variables and thus jump chains have richer information allowing the compiler to generate direct jumps to the final destination when in the past a chain of intermediate jumps were generated.
See JDK-8080555.
IBM1166 character set now available
This release adds IBM1166 character set. It provides support for cyrillic multilingual with euro for Kazakhstan. Aliases for this new character set include cp1166
,ibm1166
, ibm-1166
, and 1166
.
See JDK-8071447.
Allow use of TransmitFile on Microsoft Windows
Applications running on server editions of Microsoft Windows that make heavy use of java.nio.channels.FileChannel.transferTo
may see performance improvements if the implementation uses TransmitFile
. TransmitFile
makes use of the Windows cache manager to provide high-performance file data transfer over sockets. The system property jdk.nio.enableFastFileTransfer
controls whether the JDK uses TransmitFile
on Microsoft Windows. It is disabled by default but can be enabled by setting the system property on the command line with -Djdk.nio.enableFastFileTransfer
or -Djdk.nio.enableFastFileTransfer=true
.
See JDK-8064407.
Allow use of SIO_LOOPBACK_FAST_PATH on Microsoft Windows
Applications running on server editions of Microsoft Windows that make heavy use of loopback connections may see latency and performance improvements if SIO_LOOPBACK_FAST_PATH is enabled. The system property jdk.net.useFastTcpLoopback
controls whether the JDK enables SIO_LOOPBACK_FAST_PATH on Microsoft Windows. It is disabled by default but can be enabled by setting the system property on the command line with -Djdk.net.useFastTcpLoopback
or -Djdk.net.useFastTcpLoopback=true
.
See JDK-8060170.
G1 now collects unreachable Humongous objects during young collections
G1 now tries to collect humongous objects of primitive type (char, integer, long, double) with few or no references from other objects at any young collection. During young collection, G1 checks if any remaining incoming references to these humongous objects are current. G1 will reclaim any humongous object having no remaining incoming references.
Three new experimental JVM options to control this behavior that have been added with this change: 1. G1EagerReclaimHumongousObjects - This option controls whether G1 makes any attempt to reclaim unreachable humongous objects at every young GC. Default is enabled. 2. G1EagerReclaimHumongousObjectsWithStaleRefs - When this option is enabled G1 attempts to reclaim humongous objects that may have a few stale incoming references at every young GC. Default is enabled. 3. G1TraceEagerReclaimHumongousObjects - This option enables printing of some information about the collection of humongous objects at every young GC. Default is disabled.
Documentation Updates due to Nashorn Enhancements
JDK 8u60 includes new enhancements to Nashorn. As a result the following documentation changes should be read in conjunction with the current Nashorn documentation:
Addition:
In the previous section, we mentioned that every JavaScript object when exposed to Java APIs implements the java.util.Map
interface. This is true even for JavaScript arrays. However, this behavior is often not desired or expected when the Java code expects JSON-parsed objects. Java libraries that manipulate JSON-parsed objects usually expect arrays to expose the java.util.List
interface instead. If you need to expose your JavaScript objects so that arrays are exposed as lists and not maps, you can use the Java.asJSONCompatible(obj)
function, where obj
is the root of your JSON object tree.
Correction:
The caution mentioned at the end of Mapping Data Types section, is no longer applicable.
Nashorn ensures that internal JavaScript strings are converted to java.lang.String
when exposed externally.
Correction:
The statement in the section Mapping Data Types, that mentions "For example, arrays must be explicitly converted,........." is not correct.
Arrays are automatically converted to Java array types, such as java.util.List
, java.util.Collection
, java.util.Queue
and java.util.Deque
and so on.
Changes in Deployment Rule Set v1.2
JDK 8u60 implements Deployment Rule Set (DRS) 1.2, which includes the following changes:
Add "checksum"
element as sub element of "id"
which can allow unsigned jars to be identified by the SHA-256 checksum of the uncompressed form of a jar:
"checksum"
element will match only unsigned jars, and the given hash will be compared only against the uncompressed form of the jar."checksum"
element (similar to "certificate"
element) has two arguments "hash"
and "algorithm"
, however, unlike "certificate"
element, the only supported value for "algorithm"
is "SHA-256". Any other value provided will be ignored.Allow "message"
element to apply to all rule types, where previously it only applied to a block rule:
Echo "customer"
blocks in the Java Console, trace files, and Java Usage Tracker records.
"customer"
elements could be included (with any sub-elements) in the ruleset.xml
file. This element and all its sub elements are ignored. In DRS 1.2, the elements are still functionally ignored. However:ruleset.xml
file, all "customer"
blocks will be echoed to the Java Console and deployment trace file (if Console and Tracing are enabled)."customer"
records included within that rule will be added to the Java Usage Tracker (JUT) record (if JUT is enabled).As a result of the above changes, the DTD for DRS 1.2 is as follows:
<!ELEMENT ruleset (rule*)>
<!ATTLIST ruleset href CDATA #IMPLIED>
<!ATTLIST ruleset version CDATA #REQUIRED>
<!ELEMENT rule (id, action)>
<!ELEMENT id (certificate?, checksum?) >
<!ATTLIST id title CDATA #IMPLIED>
<!ATTLIST id location CDATA #IMPLIED>
<!ELEMENT certificate EMPTY>
<!ATTLIST certificate algorithm CDATA #IMPLIED>
<!ATTLIST certificate hash CDATA #REQUIRED>
<!ELEMENT checksum EMPTY>
<!ATTLIST checksum algorithm CDATA #IMPLIED>
<!ATTLIST checksum hash CDATA #REQUIRED>
<!ELEMENT action (message?)>
<!ATTLIST action permission (run | block | default) #REQUIRED>
<!ATTLIST action version CDATA #IMPLIED>
<!ATTLIST action force (true|false) "false">
<!ELEMENT message (#PCDATA)>
<!ATTLIST message locale CDATA #IMPLIED>
The following are some of the notable bug fixes included in JDK 8u60 release:
Area: hotspot/ compiler
Synopsis: Nondeterministic wrong answer on arithmetic corrected
When performing OSR on loops with huge stride and/or initial values, in very rare cases, the tiered/server compilers could produce non-canonical loop shapes that produce nondeterministic answers when the answers should be deterministic. This issue has now been fixed.
See JDK-8072753.
Area: security-libs/org.ietf.jgss:krb5
Synopsis: dns_lookup_realm should be false by default
The dns_lookup_realm setting in Kerberos' krb5.conf
file is by default false
.
See 8080637.
Area: security-libs/javax.net.ssl
Synopsis: Disable RC4 cipher suites
RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security
file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods.
You can also use the -Djava.security.properties
command line option to override the jdk.tls.disabledAlgorithms
security property. For example:
java -Djava.security.properties=my.java.security ...
where my.java.security
is a file containing the property without RC4:
jdk.tls.disabledAlgorithms=SSLv3
Even with this option set from commandline, the RC4 based ciphersuites need to be re-added to the enabled ciphersuite list by using the SSLSocket/SSLEngine.setEnabledCipherSuites()
methods.
See 8076221.
Area: security-libs/java.secuirty
Synopsis: Support keystore type detection for JKS and PKCS12 keystores
Keystore Compatibility Mode:
To aid interoperability, the Java keystore type JKS now supports keystore compatibility mode by default. This mode enables JKS keystores to access both JKS and PKCS12 file formats. To disable keystore compatibility mode set the Security property keystore.type.compat
to the string value false
.
See 8062552.
Area: core-libs/java.lang
Synopsis: Deprecate Unsafe monitor methods in JDK 8u release
The methods monitorEnter
, monitorExit
and tryMonitorEnter
on sun.misc.Unsafe
are marked as deprecated in JDK 8u60 and will be removed in a future release. These methods are not used within the JDK itself and are very rarely used outside of the JDK.
See 8069302.
Area: hotspot/jfr
Synopsis: Extract JFR recording from the core file using SA
DumpJFR is a Serviceability Agent based tool that can be used to extract Java Flight Recorder(JFR) data from the core files and live Hotspot processes. DumpJFR can be used in one of the following methods:
java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <pid>
java -cp $JAVA_HOME/lib/sa-jdi.jar sun.jvm.hotspot.tools.DumpJFR <java> <core>
DumpJFR tool dumps the JFR data to a file called recording.jfr in the current working folder. 8065301(not public).
Area: tools/javac
Synopsis: Local variables named 'enum' lead to spurious compiler crashes
The javac
parser is incorrectly parsing local variables with name 'enum'; this results in spurious failures when a program containing such local variables is compiled with a 'source' flag corresponding to a release in which the enum construct is not available (such as '-source 1.4').
See 8069181.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8075244 | client-libs | [macosx] The fix for JDK-8043869 should be reworked | |
JDK-8077518 | client-libs | XMLParserTest unit test failure. | |
JDK-8077982 | client-libs | GIFLIB upgrade | |
JDK-8078654 | client-libs | CloseTTFontFileFunc callback should be removed | |
JDK-8081315 | client-libs | 8077982 giflib upgrade breaks system giflib builds with earlier versions | |
JDK-8129116 | client-libs | Deadlock with multimonitor fullscreen windows. | |
JDK-7145508 | client-libs | [embedded] java.awt.GraphicsDevice.get/setDisplayMode behavior is incorrect when no display is present | |
JDK-8017773 | client-libs | 2d | OpenJDK7 returns incorrect TrueType font metrics |
JDK-8023794 | client-libs | 2d | [macosx] LCD Rendering hints seems not working without FRACTIONALMETRICS=ON |
JDK-8035371 | client-libs | 2d | gcc compiler warnings in closed source code |
JDK-8036930 | client-libs | 2d | Type1 font not loaded by java.awt.Font.createFont |
JDK-8061831 | client-libs | 2d | [OGL] "java.lang.InternalError: not implemented yet" during the blit of VI to VI in xor mode |
JDK-8064833 | client-libs | 2d | [macosx] Native font lookup uses family+style, not full name/postscript name |
JDK-8066132 | client-libs | 2d | BufferedImage::getPropertyNames() always returns null |
JDK-8067364 | client-libs | 2d | Printing to Postscript doesn't support dieresis |
JDK-8071710 | client-libs | 2d | [solaris] libfontmanager should be linked against headless awt library |
JDK-8073001 | client-libs | 2d | Java's system LnF on OS X: editable JComboBoxes are being rendered incorrectly |
JDK-8076419 | client-libs | 2d | Path2D copy constructors and clone method propagate size of arrays from source path |
JDK-8078331 | client-libs | 2d | Upgrade JDK to use LittleCMS 2.7 |
JDK-8078464 | client-libs | 2d | Path2D storage growth algorithms should be less linear |
JDK-8079652 | client-libs | 2d | Could not enable D3D pipeline |
JDK-8085910 | client-libs | 2d | OGL text renderer: gamma lut cleanup |
JDK-8104577 | client-libs | demo | Remove debugging message from Font2DTest demo |
JDK-6475361 | client-libs | java.awt | Attempting to remove help menu from java.awt.MenuBar throws NullPointerException |
JDK-7155963 | client-libs | java.awt | Deadlock in SystemFlavorMap.getFlavorsForNative and SunToolkit.awtLock |
JDK-8020443 | client-libs | java.awt | Frame is not created on the specified GraphicsDevice with two monitors |
JDK-8039926 | client-libs | java.awt | -spash:<image> can't be combined with -xStartOnFirstThread since JDK 7 |
JDK-8042585 | client-libs | java.awt | [macosx] Unused code in LWCToolkit.m |
JDK-8043393 | client-libs | java.awt | NullPointerException and no event received when clipboard data flavor changes |
JDK-8056151 | client-libs | java.awt | Switching to GTK L&F on-the-fly leads to X Window System error RenderBadPicture |
JDK-8056915 | client-libs | java.awt | Focus lost in applet when browser window is minimized and restored |
JDK-8058930 | client-libs | java.awt | GraphicsEnvironment.getHeadlessProperty() does not work for AIX |
JDK-8061636 | client-libs | java.awt | Fix for JDK-7079254 changes behavior of MouseListener, MouseMotionListener |
JDK-8064934 | client-libs | java.awt | Incorrect Exception message from java.awt.Desktop.open() |
JDK-8068886 | client-libs | java.awt | IDEA IntelliJ crashes in objc_msgSend when an accessibility tool is enabled |
JDK-8071306 | client-libs | java.awt | GUI perfomance are very slow compared java 1.6.0_45 |
JDK-8072069 | client-libs | java.awt | Toolkit.getScreenInsets() doesn't update if insets change |
JDK-8072088 | client-libs | java.awt | [PIT] NPE in DnD tests apparently because of the fix to JDK-8061636 |
JDK-8072769 | client-libs | java.awt | System tray icon title freezes java |
JDK-8072775 | client-libs | java.awt | Tremendous memory usage by JTextArea |
JDK-8073008 | client-libs | java.awt | press-and-hold input method for accented characters works incorrectly on OS X |
JDK-8073453 | client-libs | java.awt | Focus doesn't move when pressing Shift + Tab keys |
JDK-8074500 | client-libs | java.awt | java.awt.Checkbox.setState() call causes ItemEvent to be filed |
JDK-8074921 | client-libs | java.awt | OS X build broken by reference to XToolkit |
JDK-8075609 | client-libs | java.awt | java.lang.IllegalArgumentException: aContainer is not a focus cycle root of aComponent |
JDK-8076106 | client-libs | java.awt | [macosx] Drag image of TransferHandler does not honor MultiResolutionImage |
JDK-8077409 | client-libs | java.awt | Drawing deviates when validate() is invoked on java.awt.ScrollPane |
JDK-8077686 | client-libs | java.awt | OperationTimedOut exception inside from XToolkit.syncNativeQueue call on Ubuntu 15.04 |
JDK-8078149 | client-libs | java.awt | [macosx] The text of the TextArea is not wrapped at word boundaries |
JDK-8078165 | client-libs | java.awt | [macosx] NPE when attempting to get image from toolkit |
JDK-8078606 | client-libs | java.awt | Deadlock in awt clipboard |
JDK-8080137 | client-libs | java.awt | Dragged events for extra mouse buttons (4,5,6) are not generated on JSplitPane |
JDK-8081371 | client-libs | java.awt | [PIT] Test closed/java/awt/FullScreen/DisplayMode/CycleDMImage.java switches Linux to the single device mode |
JDK-8130752 | client-libs | java.awt | Wrong changes were pushed with 8068886 |
JDK-8132382 | client-libs | java.awt | [macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries |
JDK-8076455 | client-libs | java.awt:i18n | IME Composition Window is displayed on incorrect position |
JDK-8067657 | client-libs | java.beans | Dead/outdated links in Javadoc of package java.beans |
JDK-8069268 | client-libs | javax.accessibility | JComponent.AccessibleJComponent.addPropertyListeners adds exponential listeners |
JDK-8076182 | client-libs | javax.accessibility | Open Source Java Access Bridge - Create Patch for JEP C127 8055831 |
JDK-8078408 | client-libs | Java version applet hangs with Voice over turned on | |
JDK-4952954 | client-libs | abort flag is not cleared for every write operation for JPEG ImageWriter | |
JDK-4958064 | client-libs | javax.imageio | JPGWriter does not throw UnsupportedException when canWriteSequence retunsfalse |
JDK-8074954 | client-libs | javax.imageio | ImageInputStreamImpl.readShort/readIntdo not behave correctly at EOF |
JDK-8068412 | client-libs | javax.sound | [macosx] Initialization of Cocoa hangs if CoreAudio was initialized before |
JDK-6206437 | client-libs | javax.swing | Typo in JInternalFrame setDefaultCloseOperation() doc (WindowClosing --> internalFrameClosing) |
JDK-6338077 | client-libs | javax.swing | link back to self in javadoc JTextArea.replaceRange() |
JDK-6459798 | client-libs | javax.swing | JDesktopPane,JFileChooser violate encapsulation by returning internal Dimensions |
JDK-6459800 | client-libs | javax.swing | Some Swing classes violate encapsulation by returning internal Insets |
JDK-6470361 | client-libs | javax.swing | Swing's Threading Policy example does not compile |
JDK-6515713 | client-libs | javax.swing | example in JFormattedTextField API docs instantiates abstract class |
JDK-6573305 | client-libs | javax.swing | Animated icon is not visible by click on menu |
JDK-7180976 | client-libs | javax.swing | Pending String deadlocks UIDefaults |
JDK-8013820 | client-libs | javax.swing | JavaDoc for JSpinner contains errors |
JDK-8015085 | client-libs | javax.swing | [macosx] Label shortening via " ... " broken when String contains combining diaeresis |
JDK-8033000 | client-libs | javax.swing | No Horizontal Mouse Wheel Support In BasicScrollPaneUI |
JDK-8033069 | client-libs | javax.swing | mouse wheel scroll closes combobox popup |
JDK-8041470 | client-libs | javax.swing | JButtons stay pressed after they have lost focus if you use the mouse wheel |
JDK-8041642 | client-libs | javax.swing | Incorrect paint of JProgressBar in Nimbus LF |
JDK-8041654 | client-libs | javax.swing | OutOfMemoryError: RepaintManager doesn't clean up cache of volatile images |
JDK-8044444 | client-libs | javax.swing | The output's 'Page-n' footer does not show completely. |
JDK-8048289 | client-libs | javax.swing | Gtk: call to UIManager.getSystemLookAndFeelClassName() leads to crash |
JDK-8051617 | client-libs | javax.swing | Fullscreen mode is not working properly on Xorg |
JDK-8064939 | client-libs | javax.swing | SwingSet2: Themes are incorrectly enabled when running with Nimbus Look and feel |
JDK-8068040 | client-libs | javax.swing | [macosx] Combo box consuming ENTER key events |
JDK-8071705 | client-libs | javax.swing | Java application menu misbehaves when running multiple screen stacked vertically |
JDK-8072448 | client-libs | javax.swing | Can not input Japanese in JTextField on RedHat Linux |
JDK-8072676 | client-libs | javax.swing | [macosx] Jtree icon painted over label when scrollbars present in window |
JDK-8072900 | client-libs | javax.swing | [macosx] Mouse events are captured by the wrong menu in OS X |
JDK-8073795 | client-libs | javax.swing | JMenuBar looks bad under retina |
JDK-8074956 | client-libs | javax.swing | ArrayIndexOutOfBoundsException in javax.swing.text.html.parser.ContentModel.first() |
JDK-8080628 | client-libs | javax.swing | No mnemonics on Open and Save buttons in JFileChooser |
JDK-8066504 | core-libs | GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version | |
JDK-8068580 | core-libs | JavaAdapterFactory.isAutoConvertibleFromFunction should be more robust | |
JDK-8074657 | core-libs | Missing space on a boundary of concatenated strings | |
JDK-8081674 | core-libs | EmptyStackException at startup if running with extended or unsupported charset | |
JDK-8098547 | core-libs | (tz) Support tzdata2015e | |
JDK-8065372 | core-libs | java.lang | Object.wait(ms, ns) timeout returns early |
JDK-8067471 | core-libs | java.lang | Use private static final char[0] for empty Strings |
JDK-8067748 | core-libs | java.lang | (process) Child is terminated when parent's console is closed [win] |
JDK-8069302 | core-libs | java.lang | Deprecate Unsafe monitor methods in JDK 8u release |
JDK-8059455 | core-libs | java.lang.invoke | LambdaForm.prepare() does unnecessary work for cached LambdaForms |
JDK-8063137 | core-libs | java.lang.invoke | Never taken branches should be pruned when GWT LambdaForms are shared |
JDK-8069591 | core-libs | java.lang.invoke | Customize LambdaForms which are invoked using MH.invoke/invokeExact |
JDK-8071788 | core-libs | java.lang.invoke | CountingWrapper.asType() is broken |
JDK-8077054 | core-libs | java.lang.invoke | DMH LFs should be customizeable |
JDK-8078290 | core-libs | java.lang.invoke | Customize adapted MethodHandle in MH.invoke() case |
JDK-8064846 | core-libs | java.lang:reflect | Lazy-init thread safety problems in core reflection |
JDK-8066842 | core-libs | java.math | java.math.BigDecimal.divide(BigDecimal, RoundingMode) produces incorrect result |
JDK-8065994 | core-libs | java.net | HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive |
JDK-8067680 | core-libs | java.net | (sctp) Possible race initializing native IDs |
JDK-8067846 | core-libs | java.net | (sctp) InternalError when receiving SendFailedNotification |
JDK-8068028 | core-libs | java.net | JNI exception pending in jdk/src/solaris/native/java/net |
JDK-8068795 | core-libs | java.net | HttpServer missing tailing space for some response codes |
JDK-8072384 | core-libs | java.net | Setting IP_TOS on java.net sockets not working on unix |
JDK-8077155 | core-libs | java.net | LoginContext Subject ignored by jdk8 sun.net.www.protocol.http.HttpURLConnection |
JDK-8080819 | core-libs | java.net | Inet4AddressImpl regression caused by JDK-7180557 |
JDK-8064407 | core-libs | java.nio | (fc) FileChannel transferTo should use TransmitFile on Windows |
JDK-8068507 | core-libs | java.nio | (fc) Rename the new jdk.net.enableFastFileTransfer system property to jdk.nio.enableFastFileTransfer |
JDK-8071599 | core-libs | java.nio | (so) Socket adapter sendUrgentData throws IllegalBlockingMode when channel configured non-blocking |
JDK-8071447 | core-libs | java.nio.charsets | IBM1166 Locale Request for Kazakh characters |
JDK-8080248 | core-libs | java.nio.charsets | Coding regression in HKSCS charsets |
JDK-8081479 | core-libs | java.sql | Backport JDBC tests from JDK 9 from test/java/sql and test/javax/sql to JDK 8u. |
JDK-8074791 | core-libs | java.text | Long-form date format incorrect month string for Finnish locale |
JDK-8075173 | core-libs | java.text | DateFormat in german locale returns wrong value for month march |
JDK-8034906 | core-libs | java.time | Fix typos, errors and Javadoc differences in java.time |
JDK-8062796 | core-libs | java.time | java.time.format.DateTimeFormatter error in API doc example |
JDK-8062803 | core-libs | java.time | principal' should be 'principle' in java.time package description |
JDK-8075676 | core-libs | java.time | java.time package javadoc typos |
JDK-8075678 | core-libs | java.time | java.time javadoc error in DateTimeFormatter::parsedLeapSecond |
JDK-8081022 | core-libs | java.time | java/time/test/java/time/format/TestZoneTextPrinterParser.java fails by timeout on slow device |
JDK-8068790 | core-libs | java.util | ZipEntry/JarEntry.setCreation/LastAccessTime(null) don't throw NPE as specified |
JDK-8072909 | core-libs | java.util | TimSort fails with ArrayIndexOutOfBoundsException on worst case long arrays |
JDK-8068432 | core-libs | java.util.concurrent | Inconsistent exception handling in CompletableFuture.thenCompose |
JDK-8078490 | core-libs | java.util.concurrent | Missed submissions in ForkJoinPool |
JDK-8080623 | core-libs | java.util.concurrent | CPU overhead in FJ due to spinning in awaitWork |
JDK-8085978 | core-libs | java.util.concurrent | LinkedTransferQueue<T>.spliterator can report LTQ.Node object, not T |
JDK-8068338 | core-libs | java.util.jar | Better message about incompatible zlib in Deflater.init |
JDK-8073497 | core-libs | java.util.jar | Lazy conversion of ZipEntry time |
JDK-8076641 | core-libs | java.util.jar | getNextEntry throws ArrayIndexOutOfBoundsException when unzipping file |
JDK-8129120 | core-libs | java.util.stream | Terminal operation properties should not be back-propagated to upstream operations |
JDK-7044727 | core-libs | java.util:i18n | (tz) TimeZone.getDefault() call returns incorrect value in Windows terminal session |
JDK-8055088 | core-libs | java.util:i18n | Optimization for locale resources loading isn't working |
JDK-8072602 | core-libs | java.util:i18n | Unpredictable timezone on Windows when OS's timezone is not found in tzmappings |
JDK-8074350 | core-libs | java.util:i18n | Support ISO 4217 "Current funds codes" table (A.2) |
JDK-8075548 | core-libs | java.util:i18n | SimpleDateFormat formatting of "LLLL" in English is incorrect; should be identical to "MMMM" |
JDK-8076287 | core-libs | java.util:i18n | Performance degradation observed with TimeZone Benchmark |
JDK-6991580 | core-libs | javax.naming | IPv6 Nameservers in resolv.conf throws NumberFormatException |
JDK-7011441 | core-libs | javax.naming | ./jndi/ldap/Connection.java needs to avoid spurious wakeup |
JDK-8074761 | core-libs | javax.naming | Empty optional parameters of LDAP query are not interpreted as empty |
JDK-8062030 | core-libs | javax.script | Nashorn bug retrieving array property after key string concatenation |
JDK-8068279 | core-libs | javax.script | (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName |
JDK-8068462 | core-libs | javax.script | javax.script.ScriptEngineFactory.getParameter spec is not completely consistent with the rest of the API |
JDK-8068872 | core-libs | javax.script | Nashorn JSON.parse drops numeric keys |
JDK-8071928 | core-libs | javax.script | Instance properties with getters returning wrong values |
JDK-8072002 | core-libs | javax.script | The spec on javax.script.Compilable contains a typo and confusing inconsistency |
JDK-8073846 | core-libs | javax.script | Javascript for-in loop returned extra keys |
JDK-8059411 | core-libs | javax.sql | RowSetWarning does not correctly chain warnings |
JDK-8062198 | core-libs | javax.sql | Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable |
JDK-8066188 | core-libs | javax.sql | BaseRowSet returns the wrong default value for escape processing |
JDK-8007456 | core-libs | jdk.nashorn | Nashorn test framework @argument does not handle quoted strings |
JDK-8012190 | core-libs | jdk.nashorn | Global scope should be initialized lazily |
JDK-8035712 | core-libs | jdk.nashorn | Investigate if RuntimeCallSite linkage can be removed |
JDK-8049300 | core-libs | jdk.nashorn | jjs scripting: need way to quote $EXEC command arguments to protect spaces |
JDK-8053905 | core-libs | jdk.nashorn | Eager code generation fails for earley boyer with split threshold set to 1000 |
JDK-8066407 | core-libs | jdk.nashorn | Function with same body not reparsed after SyntaxError |
JDK-8066773 | core-libs | jdk.nashorn | JSON-friendly wrapper for objects |
JDK-8067139 | core-libs | jdk.nashorn | Finally blocks inlined incorrectly |
JDK-8067215 | core-libs | jdk.nashorn | Disable dual fields when not using optimistic types |
JDK-8067420 | core-libs | jdk.nashorn | BrowserJSObjectLinker should give priority to beans linker for property get/set |
JDK-8067636 | core-libs | jdk.nashorn | ant javadoc target is broken |
JDK-8067774 | core-libs | jdk.nashorn | Local variable type calculation mismatch |
JDK-8067854 | core-libs | jdk.nashorn | bound java static method throws NPE when 'null' is used for this argument |
JDK-8067880 | core-libs | jdk.nashorn | Dead typed push methods in ArrayData |
JDK-8067931 | core-libs | jdk.nashorn | Improve error message when with statement is passed a POJO |
JDK-8068431 | core-libs | jdk.nashorn | @since and @jdk.Exported are missing in jdk.nashorn.api.scripting classes and package-info.java files |
JDK-8068524 | core-libs | jdk.nashorn | NashornScriptEngineFactory.getParameter() throws IAE for an unknown key, doesn't conform to the general spec |
JDK-8068603 | core-libs | jdk.nashorn | NashornScriptEngine.put/get() impls don't conform to NPE, IAE spec assertions |
JDK-8068784 | core-libs | jdk.nashorn | Halve the function object creation code size |
JDK-8068985 | core-libs | jdk.nashorn | Wrong 'this' bound to eval call within a function when caller's 'this' is a Java object |
JDK-8071989 | core-libs | jdk.nashorn | NashornScriptEngine returns javax.script.ScriptContext instance with insonsistent get/remove methods behavior for undefined attributes |
JDK-8071991 | core-libs | jdk.nashorn | Build errors in 8u-dev after backporting JDK-8067139 and JDK-8066232 |
JDK-8072000 | core-libs | jdk.nashorn | New compiler warning after JDK-8067139 |
JDK-8072426 | core-libs | jdk.nashorn | Can't compare Java enums to strings |
JDK-8072595 | core-libs | jdk.nashorn | nashorn should not use obj.getClass() for null checks |
JDK-8072596 | core-libs | jdk.nashorn | Arrays.asList results in ClassCastException with a JS array |
JDK-8072626 | core-libs | jdk.nashorn | Test for JDK-8068872 fails in tip |
JDK-8072853 | core-libs | jdk.nashorn | SimpleScriptContext used by NashornScriptEngine doesn't completely complies to the spec regarding exception throwing |
JDK-8073707 | core-libs | jdk.nashorn | const re-assignment should not reported as a "early error" |
JDK-8073868 | core-libs | jdk.nashorn | Regex matching causes java.lang.ArrayIndexOutOfBoundsException: 64 |
JDK-8074021 | core-libs | jdk.nashorn | Indirect eval fails when used as an element of an array or as a property of an object |
JDK-8074031 | core-libs | jdk.nashorn | Canonicalize "is a JS string" tests |
JDK-8074410 | core-libs | jdk.nashorn | Startup time: Port shell.js to Java |
JDK-8074484 | core-libs | jdk.nashorn | More aggressive value discarding |
JDK-8074487 | core-libs | jdk.nashorn | Static analysis of IfNode should consider terminating branches |
JDK-8074687 | core-libs | jdk.nashorn | Add tests for JSON parsing of numeric keys |
JDK-8075006 | core-libs | jdk.nashorn | Threads spinning infinitely in WeakHashMap.get running test262parallel |
JDK-8075090 | core-libs | jdk.nashorn | Add tests for the basic failure of try/finally compilation |
JDK-8075231 | core-libs | jdk.nashorn | Typed array setters are very slow when index exceeds capacity |
JDK-8075366 | core-libs | jdk.nashorn | Slow scope access to global let/const does not work |
JDK-8075604 | core-libs | jdk.nashorn | jjs exits even when non-daemon threads are still active |
JDK-8075927 | core-libs | jdk.nashorn | toNumber(String) accepts illegal characters |
JDK-8076646 | core-libs | jdk.nashorn | nashorn tests should avoid using package names used by nashorn sources |
JDK-8076972 | core-libs | jdk.nashorn | Several nashorn tests failing |
JDK-8077955 | core-libs | jdk.nashorn | Undeclared globals in eval code should not be handled as fast scope |
JDK-8078049 | core-libs | jdk.nashorn | Nashorn crashes when attempting to start TypeScript compiler |
JDK-8078414 | core-libs | jdk.nashorn | Don't create impossible converters for ScriptObjectMirror |
JDK-8078612 | core-libs | jdk.nashorn | Persistent code cache should support more configurations |
JDK-8079145 | core-libs | jdk.nashorn | jdk.nashorn.internal.runtime.arrays.IntArrayData.convert assertion |
JDK-8079269 | core-libs | jdk.nashorn | Optimistic rewrite in object literal causes ArrayIndexOutOfBoundsException |
JDK-8079349 | core-libs | jdk.nashorn | Eliminate dead code around Nashorn code generator |
JDK-8079362 | core-libs | jdk.nashorn | Enforce best practices for Node token API usage |
JDK-8079424 | core-libs | jdk.nashorn | Code generator emits an extra POP for discarded boolean logical operation |
JDK-8079470 | core-libs | jdk.nashorn | Misleading error message when explicit signature constructor is called with wrong arguments |
JDK-8080087 | core-libs | jdk.nashorn | Nashorn $ENV.PWD is originally undefined |
JDK-8080090 | core-libs | jdk.nashorn | -d option should dump script source as well |
JDK-8080275 | core-libs | jdk.nashorn | transparently download testng.jar for Nashorn testing |
JDK-8080286 | core-libs | jdk.nashorn | use path separator setting consistently in Nashorn project properties |
JDK-8080471 | core-libs | jdk.nashorn | fix usage of replace and file separator in Nashorn tests |
JDK-8080490 | core-libs | jdk.nashorn | add $EXECV command to Nashorn scripting mode |
JDK-8080598 | core-libs | jdk.nashorn | Javadoc warnings in Global.java after lazy initialization |
JDK-8080848 | core-libs | jdk.nashorn | delete of bound Java method property results in crash |
JDK-8081015 | core-libs | jdk.nashorn | Allow conversion of native arrays to Queue and Collection |
JDK-8081062 | core-libs | jdk.nashorn | ListAdapter should take advantage of JSObject |
JDK-8081156 | core-libs | jdk.nashorn | jjs "nashorn.args" system property is not effective when script arguments are passed |
JDK-8081204 | core-libs | jdk.nashorn | ListAdapter throws NPE when adding/removing elements outside of JS context |
JDK-8081603 | core-libs | jdk.nashorn | erroneous dot file generated from Nashorn --print-code |
JDK-8081604 | core-libs | jdk.nashorn | rename ScriptingFunctions.tokenizeCommandLine |
JDK-8081609 | core-libs | jdk.nashorn | engine.eval call from a java method which was called from a previous engine.eval results in wrong ScriptContext being used. |
JDK-8081668 | core-libs | jdk.nashorn | fix Nashorn ant externals command |
JDK-8081696 | core-libs | jdk.nashorn | reduce dependency of Nashorn tests on external components |
JDK-8081809 | core-libs | jdk.nashorn | Missing final modifier in method parameters (nashorn code convention) |
JDK-8081813 | core-libs | jdk.nashorn | JSONListAdapter should delegate its [[DefaultValue]] to wrapped object |
JDK-8085802 | core-libs | jdk.nashorn | Nashorn -nse option causes parse error on anonymous function definition |
JDK-8085810 | core-libs | jdk.nashorn | Return value of Objects.requireNonNull call can be used |
JDK-8085885 | core-libs | jdk.nashorn | address Javadoc warnings in Nashorn source code |
JDK-8085937 | core-libs | jdk.nashorn | add autoimports sample script to easily explore Java classes in interactive mode |
JDK-8087136 | core-libs | jdk.nashorn | regression: apply on $EXEC fails with ClassCastException |
JDK-8087211 | core-libs | jdk.nashorn | Indirect evals should be strict with -strict option |
JDK-8098546 | core-libs | jdk.nashorn | eval within a 'with' leaks definitions into global scope |
JDK-8098578 | core-libs | jdk.nashorn | Global scope is not accessible with indirect load call |
JDK-8098807 | core-libs | jdk.nashorn | Strict eval throws ClassCastException with large scripts |
JDK-8098808 | core-libs | jdk.nashorn | Convert Scope from interface to class |
JDK-8098847 | core-libs | jdk.nashorn | obj."prop" and obj.'prop' should result in SyntaxError |
JDK-8117883 | core-libs | jdk.nashorn | nasgen prototype, instance member count calculation is wrong |
JDK-8129410 | core-libs | jdk.nashorn | Java adapters with class-level overrides should preserve variable arity constructors |
JDK-4505697 | core-svc | debugger | nsk/jdi/ExceptionEvent/_itself_/exevent006 and exevent008 tests fail with InvocationTargetException |
JDK-8071657 | core-svc | debugger | JDI ObjectReferenceImpl.invokeMethod() validation fails for virtual invocations of method with declaring type being an interface |
JDK-6712222 | core-svc | java.lang.management | Race condition in java/lang/management/ThreadMXBean/AllThreadIds.java |
JDK-8048050 | core-svc | javax.management | Agent NullPointerException when rmi.port in use |
JDK-8064331 | core-svc | javax.management | JavaSecurityAccess.doIntersectionPrivilege() drops the information about the domain combiner of the stack ACC |
JDK-8071687 | core-svc | tools | AIX port of "8039173: Propagate errors from Diagnostic Commands as exceptions in the attach framework" |
JDK-6554593 | deploy | Java Control Panel accessibility problem with labels and text fields | |
JDK-7017683 | deploy | java.com link in some of the dialogs are not accessible | |
JDK-8023324 | deploy | With expired or selfsigned DeploymentRuleSet, not hint is provied in JCP Rule Set dialog. | |
JDK-8024156 | deploy | DRS: The messaging for invalid rule set jar is not explicit. | |
JDK-8046790 | deploy | echo <customer> elements in ruleset.xml | |
JDK-8047698 | deploy | Clicking cancel on security dialog for preloader clears the DeniedCertStore | |
JDK-8049999 | deploy | DRS: Want customizable message in case of application blocking if only default rule is specified | |
JDK-8067171 | deploy | [parfait] File Handle Leak in configcache_pd.c | |
JDK-8068456 | deploy | Revert project file accidentally pushed | |
JDK-8069275 | deploy | The text location of "More information" overlap with "code" in mixed code dialog | |
JDK-8072431 | deploy | Unit test failures: JNLPClassloaderTest, JNLP2ClassLoaderTest | |
JDK-8074105 | deploy | Remove support for downloaded JavaFX classes | |
JDK-8074402 | deploy | Add DRS rules <customer> block to Java Usage Tracker records. | |
JDK-8074961 | deploy | Ensure JFR options could be passed to webstart app by specifying VM arguments in the JCP | |
JDK-8078534 | deploy | DRS 1.2: checksum algorithm needs to be restricted to SHA-256 | |
JDK-8022268 | deploy | deployment_toolkit | DRS: Unable to include escaped characters in message |
JDK-8075179 | deploy | deployment_toolkit | Test jnlp_file/applicationDesc/index.html#args fails with incorrect arg value |
JDK-8131321 | deploy | packager | 8u60 Windows 64-bit packager - install succeeds but application fails to start |
JDK-8035582 | deploy | plugin | DeploymentRuleSet <message> on run action |
JDK-8058474 | deploy | plugin | Applet is not started in IE on dynamic insertion into a web page |
JDK-8059622 | deploy | plugin | Java Console GUI is irresponsive in JRE 8u20 on OS X |
JDK-8061642 | deploy | plugin | Plugin missing MIME type registration for application/x-java-applet;version=1.8 |
JDK-8069161 | deploy | plugin | Slow cache performance since JRE 7u06 |
JDK-8074481 | deploy | plugin | [macosx] Menu items are appearing on top of other windows |
JDK-8074482 | deploy | plugin | [macosx] Menu items disappear and redrawn quickly when moving mouse into applet frame |
JDK-8077855 | deploy | plugin | When applet is relaunched, extra JUT records can be sent |
JDK-8079677 | deploy | plugin | fix to JDK-8078534 removed part of fix to JDK-8076220 |
JDK-8080123 | deploy | plugin | StringIndexOutOfBoundsException in CertUtils.checkWildcardDomain |
JDK-8080955 | deploy | plugin | embedded_jnlp param requires also code or jnlp_href param or applet arg. |
JDK-8081330 | deploy | plugin | The applet thrown NullPointerException when loading it |
JDK-8042632 | deploy | webstart | Application with Signed JNLP cannot pass accented characters in <argument> |
JDK-8051030 | deploy | webstart | Web Start applet process fails to exit |
JDK-8066985 | deploy | webstart | Java Webstart downloading packed files can result in Timezone set to UTC |
JDK-8067172 | deploy | webstart | Xcode javaws Project to Debug Native Code |
JDK-8068187 | deploy | webstart | Fix Xcode project |
JDK-8068531 | deploy | webstart | Netbeans javaws Project to Debug Native Code |
JDK-8068939 | deploy | webstart | Visual Studio javaws Project to Debug Native Code |
JDK-8072003 | deploy | webstart | NPE (instead of proper error dialog) thrown when some jnlp files have no resources |
JDK-8072999 | deploy | webstart | DRS certificate based rule does not match with Java WS Application compressed by pack200 |
JDK-8077285 | deploy | webstart | jnlp spec version 8.20 is not supported |
JDK-8077649 | deploy | webstart | jnlp "codebase" attribute has been made mandatory |
JDK-8077925 | deploy | webstart | Jnlp fails to load with CouldNotLoadArgumentException after JDK-8075179 |
JDK-8078893 | deploy | webstart | cert based run rule doesn't work when running offline |
JDK-8080607 | deploy | webstart | Web Start does not honor height / width % values |
JDK-8080785 | deploy | webstart | remove dead code to donwload JavaFX on demand. |
JDK-8080774 | globalization | DateFormat for Singapore/English locale (en_SG) is M/d/yy instead of d/M/yy | |
JDK-8072453 | globalization | translation | [de,fr,pt_BR,sv] duplicate mnemonics in JCP security tab. |
JDK-8072589 | globalization | translation | [windows 8] S. Chinese quotation mark needs to be replaced by English quotation mark |
JDK-8079361 | globalization | translation | Broken Localization Strings (XMLSchemaMessages_de.properties) |
JDK-8083601 | globalization | translation | jdk8u60 l10n resource file translation update 2 |
JDK-8075798 | hotspot | Allow ADLC register class to depend on runtime conditions also for cisc-spillable classes | |
JDK-8006960 | hotspot | compiler | hotspot, "impossible" assertion failure |
JDK-8036851 | hotspot | compiler | volatile double accesses are not explicitly atomic in C2 |
JDK-8036913 | hotspot | compiler | make DeoptimizeALot dependent on number of threads |
JDK-8037140 | hotspot | compiler | C1: Incorrect argument type used for SharedRuntime::OSR_migration_end in LIRGenerator::do_Goto |
JDK-8060036 | hotspot | compiler | C2: CmpU nodes can end up with wrong type information |
JDK-8062280 | hotspot | compiler | C2: inlining failure due to access checks being too strict |
JDK-8062591 | hotspot | compiler | SPARC PICL causes significantly longer startup times |
JDK-8065915 | hotspot | compiler | Fix includes after 8058148: MaxNodeLimit and LiveNodeCountInliningCutoff |
JDK-8068881 | hotspot | compiler | SIGBUS in C2 compiled method weblogic.wsee.jaxws.framework.jaxrpc.EnvironmentFactory$SimulatedWsdlDefinitions.<init> |
JDK-8068909 | hotspot | compiler | SIGSEGV in c2 compiled code with OptimizeStringConcat |
JDK-8068915 | hotspot | compiler | C2: uncommon trap w/ Reason_speculate_class_check causes performance regression due to continuous deoptimizations |
JDK-8068945 | hotspot | compiler | Use RBP register as proper frame pointer in JIT compiled code on x86 |
JDK-8069263 | hotspot | compiler | assert(fm == NULL || fm->method_holder() == _participants[n]) failed: sanity |
JDK-8071302 | hotspot | compiler | assert(!_reg_node[reg_lo] || edge_from_to(_reg_node[reg_lo],def)) failed: after block local scheduling |
JDK-8071534 | hotspot | compiler | assert(!failing()) failed: Must not have pending failure. Reason is: out of memory |
JDK-8072383 | hotspot | compiler | resolve conflicts between open and closed ports |
JDK-8072753 | hotspot | compiler | Nondeterministic wrong answer on arithmetic |
JDK-8074548 | hotspot | compiler | Never-taken branches cause repeated deopts in MHs.GWT case |
JDK-8074551 | hotspot | compiler | GWT can be marked non-compilable due to deopt count pollution |
JDK-8074869 | hotspot | compiler | C2 code generator can replace -0.0f with +0.0f on Linux |
JDK-8075587 | hotspot | compiler | Compilation of constant array containing different sub classes crashes the JVM |
JDK-8076523 | hotspot | compiler | assert(((ABS(iv_adjustment_in_bytes) % elt_size) == 0)) fails in superword.cpp |
JDK-8077504 | hotspot | compiler | Unsafe load can loose control dependency and cause crash |
JDK-8078113 | hotspot | compiler | 8011102 changes may cause incorrect results. |
JDK-8078482 | hotspot | compiler | ppc: pass thread to throw_AbstractMethodError |
JDK-8078497 | hotspot | compiler | C2's superword optimization causes unaligned memory accesses |
JDK-8078666 | hotspot | compiler | JVM fastdebug build compiled with GCC 5 asserts with "widen increases" |
JDK-8078866 | hotspot | compiler | compiler/eliminateAutobox/6934604/TestIntBoxing.java assert(p_f->Opcode() == Op_IfFalse) failed |
JDK-8079343 | hotspot | compiler | Crash in PhaseIdealLoop with "assert(!had_error) failed: bad dominance" |
JDK-8080012 | hotspot | compiler | JVM times out with vdbench on SPARC M7-16 |
JDK-8080156 | hotspot | compiler | Integer.toString(int value) sometimes throws NPE |
JDK-8080190 | hotspot | compiler | PPC64: Fix wrong rotate instructions in the .ad file |
JDK-8080281 | hotspot | compiler | 8068945 changes break building the zero JVM variant |
JDK-7176220 | hotspot | gc | Full GC' events miss date stamp information occasionally |
JDK-8027962 | hotspot | gc | Per-phase timing measurements for strong roots processing |
JDK-8031686 | hotspot | gc | G1: assert(_hrs.max_length() == _expansion_regions) failed |
JDK-8033440 | hotspot | gc | jmap reports unexpected used/free size of concurrent mark-sweep generation |
JDK-8048179 | hotspot | gc | Early reclaim of large objects that are referenced by a few objects |
JDK-8049536 | hotspot | gc | os::commit_memory on Solaris uses aligment_hint as page size |
JDK-8049864 | hotspot | gc | TestParallelHeapSizeFlags fails with unexpected heap size |
JDK-8051837 | hotspot | gc | Remove temporary G1UseParallelRSetUpdating and G1UseParallelRSetScanning flags |
JDK-8053998 | hotspot | gc | Hot card cache flush chunk size too coarse grained |
JDK-8057037 | hotspot | gc | Verification in ClassLoaderData::is_alive is too slow |
JDK-8058354 | hotspot | gc | SPECjvm2008-Derby -2.7% performance regression on Solaris-X64 starting with 9-b29 |
JDK-8058801 | hotspot | gc | G1TraceReclaimDeadHumongousObjectsAtYoungGC only prints humongous object liveness output when there is at least one candidate humongous object |
JDK-8060025 | hotspot | gc | Object copy time regressions after JDK-8031323 and JDK-8057536 |
JDK-8061259 | hotspot | gc | ParNew promotion failed is serialized on a lock |
JDK-8061630 | hotspot | gc | G1 iterates over JNIHandles two times |
JDK-8062672 | hotspot | gc | JVM crashes during GC on various asserts which checks that HeapWord ptr is an oop |
JDK-8064473 | hotspot | gc | Improved handling of age during object copy in G1 |
JDK-8065358 | hotspot | gc | Refactor G1s usage of save_marks and reduce related races |
JDK-8066771 | hotspot | gc | Refactor VM GC operations caused by allocation failure |
JDK-8067469 | hotspot | gc | G1 ignores AlwaysPreTouch |
JDK-8067655 | hotspot | gc | Clean up G1 remembered set oop iteration |
JDK-8068036 | hotspot | gc | assert(is_available(index)) failed in G1 cset |
JDK-8069273 | hotspot | gc | Decrease Hot Card Cache Lock contention |
JDK-8069367 | hotspot | gc | Eagerly reclaimed humongous objects left on mark stack |
JDK-8069760 | hotspot | gc | When iterating over a card, G1 often iterates over much more references than are contained in the card |
JDK-8073944 | hotspot | gc | Simplify ArgumentsExt and remove unneeded functionallity |
JDK-8074037 | hotspot | gc | Refactor the G1GCPhaseTime logging to make it easier to add new phases |
JDK-8074561 | hotspot | gc | Wrong volatile qualifier for field ClassLoaderDataGraphKlassIteratorAtomic::_next_klass |
JDK-8075210 | hotspot | gc | Refactor strong root processing in order to allow G1 to evolve separately from GenCollectedHeap |
JDK-8075215 | hotspot | gc | SATB buffer processing found reclaimed humongous object |
JDK-8075466 | hotspot | gc | SATB queue pre-filter verify found reclaimed humongous object |
JDK-8076265 | hotspot | gc | Simplify deal_with_reference |
JDK-8077255 | hotspot | gc | TracePageSizes output reports wrong page size on Windows with G1 |
JDK-8078021 | hotspot | gc | SATB apply_closure_to_completed_buffer should have closure argument |
JDK-8078023 | hotspot | gc | verify_no_cset_oops found reclaimed humongous object in SATB buffer |
JDK-8085965 | hotspot | gc | VM hangs in C2Compiler |
JDK-8086111 | hotspot | gc | BACKOUT - metaspace/shrink_grow/CompressedClassSpaceSize fails with OOM: Compressed class space |
JDK-8087200 | hotspot | gc | Code heap does not use large pages |
JDK-8129108 | hotspot | gc | nmethod related crash in CMS |
JDK-6584008 | hotspot | jvmti | jvmtiStringPrimitiveCallback should not be invoked when string value is null |
JDK-8013942 | hotspot | jvmti | JSR 292: assert(type() == T_OBJECT) failed: type check |
JDK-8042796 | hotspot | jvmti | jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found |
JDK-8046246 | hotspot | jvmti | the constantPoolCacheOopDesc::adjust_method_entries() used in RedefineClasses does not scale |
JDK-8067662 | hotspot | jvmti | "java.lang.NullPointerException: Method name is null" from StackTraceElement.<init> |
JDK-8073705 | hotspot | jvmti | more performance issues in class redefinition |
JDK-8076579 | hotspot | jvmti | Popping a stack frame after exception breakpoint sets last method param to exception |
JDK-6536943 | hotspot | runtime | Bogus -Xcheck:jni warning for SIG_INT action for SIGINT in JVM started from non-interactive shell |
JDK-7127066 | hotspot | runtime | Class verifier accepts an invalid class file |
JDK-8027914 | hotspot | runtime | Client JVM silently exit with fail exit code when running in compact(1,2) with options -Dcom.sun.management and -XX:+ManagementServer |
JDK-8043224 | hotspot | runtime | -Xcheck:jni improvements to exception checking and excessive local refs |
JDK-8046668 | hotspot | runtime | Excessive checked JNI warnings from Java startup |
JDK-8047382 | hotspot | runtime | hotspot build failed with gcc version Red Hat 4.4.6-4 |
JDK-8051045 | hotspot | runtime | HotSpot fails to wrap Exceptions from invokedynamic in a BootstrapMethodError |
JDK-8053995 | hotspot | runtime | Add method to WhiteBox to get vm pagesize. |
JDK-8055231 | hotspot | runtime | ZERO variant build is broken |
JDK-8058345 | hotspot | runtime | Refactor native stack printing from vmError.cpp to debug.cpp to make it available in gdb as well |
JDK-8058935 | hotspot | runtime | CPU detection gives 0 cores per cpu, 2 threads per core in Amazon EC2 environment |
JDK-8064815 | hotspot | runtime | Zero+PPC64: Stack overflow when running Maven |
JDK-8066875 | hotspot | runtime | VirtualSpace does not use large pages |
JDK-8067231 | hotspot | runtime | Zero builds fails after JDK-6898462 |
JDK-8067331 | hotspot | runtime | Zero: Atomic::xchg and Atomic::xchg_ptr need full memory barrier |
JDK-8069412 | hotspot | runtime | Locks need better debug-printing support |
JDK-8071501 | hotspot | runtime | perfMemory_solaris.cpp failing to compile with "Error: dd_fd is not a member of DIR." |
JDK-8072588 | hotspot | runtime | JVM crashes in JNI if toString is declared as an interface method |
JDK-8072863 | hotspot | runtime | Replace fatal() with vm_exit_during_initialization() when an incorrect class is found on the bootclasspath |
JDK-8075118 | hotspot | runtime | JVM stuck in infinite loop during verification |
JDK-8076212 | hotspot | runtime | AllocateHeap() and ReallocateHeap() should be inlined. |
JDK-8077674 | hotspot | runtime | BSD build failures due to undefined macros |
JDK-8078470 | hotspot | runtime | [Linux] Replace syscall use in os::fork_and_exec with glibc fork() and execve() |
JDK-8025636 | hotspot | svc | Hide lambda proxy frames in stacktraces |
JDK-8044416 | hotspot | svc | serviceability/sa/jmap-hashcode/Test8028623.java fails with AssertionFailure: can not get class data for java/lang/UNIXProcess$Platform$$Lambda |
JDK-8044531 | hotspot | svc | Event based tracing locks to rank as leafs where possible |
JDK-8046282 | hotspot | svc | SA update |
JDK-8049881 | hotspot | svc | jstack not working on core files |
JDK-8053902 | hotspot | svc | Fix for 8030115 breaks build on Windows and Solaris |
JDK-8069030 | hotspot | svc | support new PTRACE_GETREGSET |
JDK-8072932 | hotspot | svc | Test fails with java.security.AccessControlException: access denied ("java.security.SecurityPermission" "getDomainCombiner") |
JDK-8073688 | hotspot | svc | Infinite loop reading types during jmap attach. |
JDK-8075331 | hotspot | svc | jdb eval java.util.Arrays.asList(array) shows inconsistent behaviour |
JDK-8081475 | hotspot | svc | SystemTap does not work when JDK is compiled with GCC 5 |
JDK-8080600 | hotspot | test | AARCH64: testlibrary does not support AArch64 |
JDK-8067630 | install | [mac os x] Update '3 Billion Devices' Advert on SetupProgress Dialog | |
JDK-8072868 | install | 8u20 and later should not change the MSI UpgradeCode for each JRE version | |
JDK-8076982 | install | Create HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\<VERSION> registry keys with msi. | |
JDK-8078310 | install | [macosx] StagedXML is missing | |
JDK-8081423 | install | Improve naming consistency in make/installer/bundles/macosx/Makefile | |
JDK-8056992 | install | auto_update | [AU]The auto update window does not read the <moreinfo> tag of au-descriptor.xml file to set the "More information" link |
JDK-8058929 | install | auto_update | [de, fr, it, ko, pt_BR, sv] Layout issue (truncation) in AUWelcome dialog |
JDK-8071490 | install | auto_update | JDK9 nightly build from 01/23 failed |
JDK-8071838 | install | auto_update | Add files skipped from the fix to JDK-8071490 by mistake |
JDK-6580611 | install | install | Install dialogs look bad on Windows when display is set to high DPI |
JDK-6745371 | install | install | MSI/MST files should be deleted after install |
JDK-7198599 | install | install | Incorrect UninstallString windows register key in JDK 1.6, 1.7 and 8 |
JDK-8049608 | install | install | HtmlUI: "Change destination folder" checkbox in WelcomeDialog is not accessible by mouse |
JDK-8049614 | install | install | HtmlUI: checkbox text labels should be clickable |
JDK-8072940 | install | install | 8u60 nightly solaris_sparcv9_5.10-product build fails |
JDK-8075409 | install | install | jre8-40 fails to install on SuSE 11.3 |
JDK-8050123 | other-libs | corba | Incorrect property name documented in CORBA InputStream API |
JDK-8068721 | other-libs | corba | RMI-IIOP communication fails when ConcurrentHashMap is passed to remote method |
JDK-8081590 | performance | The CDS classlist needs to be updated for 8u60 | |
JDK-8054037 | security-libs | java.security | Improve tracing for java.security.debug=certpath |
JDK-8058547 | security-libs | java.security | Memory leak in ProtectionDomain cache |
JDK-8062264 | security-libs | java.security | KeychainStore requires non-null password to be supplied when retrieving a private key |
JDK-8062552 | security-libs | java.security | Support keystore type detection for JKS and PKCS12 keystores |
JDK-8077418 | security-libs | java.security | StackOverflowError during PolicyFile lookup |
JDK-8079129 | security-libs | java.security | NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java |
JDK-7065233 | security-libs | javax.crypto | To interpret case-insensitive string locale independently |
JDK-8069072 | security-libs | javax.crypto | Improve GHASH performance |
JDK-8080102 | security-libs | javax.crypto | Java 8 cannot load its cacerts in FIPS. no such provider: SunEC |
JDK-8062170 | security-libs | javax.crypto:pkcs11 | java.security.ProviderException: Error parsing configuration with space |
JDK-8055207 | security-libs | javax.net.ssl | keystore and truststore debug output could be much better |
JDK-8059588 | security-libs | javax.net.ssl | deadlock in java/io/PrintStream when verbose java.security.debug flags are set |
JDK-8072385 | security-libs | javax.net.ssl | Only the first DNSName entry is checked for endpoint identification |
JDK-8076221 | security-libs | javax.net.ssl | Disable RC4 cipher suites |
JDK-8077102 | security-libs | org.ietf.jgss:krb5 | dns_lookup_realm should be false by default |
JDK-8068937 | tools | jdeps shows "not found" if target class has no reference other than its own package | |
JDK-8080815 | tools | Update 8u jdeps list of internal APIs | |
JDK-8028389 | tools | javac | NullPointerException compiling annotation values that have bodies |
JDK-8037546 | tools | javac | javac -parameters does not emit parameter names for lambda expressions |
JDK-8039262 | tools | javac | Java compiler performance degradation jdk1.7 vs. jdk1.6 should be amended |
JDK-8054220 | tools | javac | Debugger doesn't show variables *outside* lambda |
JDK-8055963 | tools | javac | Inference failure with nested invocation |
JDK-8058227 | tools | javac | Debugger has no access to outer variables inside Lambda |
JDK-8061778 | tools | javac | Wrong LineNumberTable for default constructors |
JDK-8064803 | tools | javac | Javac erroneously uses instantiated signatures when merging abstract most-specific methods |
JDK-8064857 | tools | javac | javac generates LVT entry with length 0 for local variable |
JDK-8066808 | tools | javac | langtools/test/Makefile should not use OS-specific jtreg binary |
JDK-8068489 | tools | javac | remove unnecessary complexity in Flow and Bits, after JDK-8064857 |
JDK-8068517 | tools | javac | Compiler may generate wrong InnerClasses attribute for static enum reference |
JDK-8068639 | tools | javac | Make certain annotation classfile warnings opt-in |
JDK-8069181 | tools | javac | java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 |
JDK-8069545 | tools | javac | javac, shouldn't check nested stuck lambdas during overload resolution |
JDK-8073372 | tools | javac | Redundant CONSTANT_Class entry not generated for inlined constant |
JDK-8075520 | tools | javac | Varargs access check mishandles capture variables |
JDK-8077786 | tools | javac | Check varargs access against inferred signature |
JDK-8078560 | tools | javac | The crash reporting URL listed by javac needs to be updated |
JDK-8079613 | tools | javac | Deeply chained expressions + several overloads + unnecessary inference result in excessive compile times. |
JDK-8080842 | tools | javac | Using Lambda Expression with name clash results in ClassFormatError |
JDK-8072461 | tools | javadoc(tool) | Table's field width in "Use" page generated by javadoc with '-s' is unbalanced |
JDK-8073972 | tools | launcher | Deprecate Multi-Version Java Launcher (mJRE) for JDK8 |
JDK-8077822 | tools | launcher | javac does not recognize '*.java' as file if '-J' option is specified |
JDK-7156085 | xml | javax.xml.parsers | ArrayIndexOutOfBoundsException throws in UTF8Reader of SAXParser |
JDK-8062518 | xml | jaxp | AIOBE occurs when accessing to document function in extended function in JAXP |
JDK-8062924 | xml | jaxp | XSL: wrong answer from substring() function |
JDK-8081392 | xml | jaxp | getNodeValue should return 'null' value for Element nodes |
Area: auto-update (OS X 10.11+ only)
Synopsis: Auto-update error when auto-updating to earlier versions
A change in OS X 10.11 caused the auto-update mechanism to fail when a system running OS X 10.11 is auto-updated from versions 8u40 through 8u60 build 27, inclusive. This issue was addressed in 8u60 build 28 and later. The issue only appears when a JRE release between 8u40 and 8u60 b27 has been installed on Mac OS X 10.11 and is then used to trigger an auto-update sequence. Impacted machines would appear to go through the update flow but at the end of the process the newer JRE would not be installed, the older JRE would remain, and therefore the auto-update mechanism would continue prompting the user to update. Workaround: Manually install a JRE version 8u60 b28 or higher into the affected system.
The following sections summarize changes made in all Java SE 8u51 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8067422 | tools | javac | Lambda method names are unnecessarily unstable |
The full version string for this update release is 1.8.0_51-b16 (where "b" means "build"). The version number is 8u51.
This update release contains several enhancements and changes including the following:
JDK 8u51 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u51 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_51 |
7 | 1.7.0_85 |
6 | 1.6.0_101 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u51) will expire with the release of the next critical patch update scheduled for October 20, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Ephemeral DH keys less than 768 bits deactivated
Ephemeral DH keys less than 768 bits are deactivated in JDK. New algorithm restriction DH keySize < 768
is added to Security Property jdk.tls.disabledAlgorithms
.
JDK-8076328 (not public).
Operating system's restricted environment (Native Sandbox)
JDK 8u51 introduced the following changes to Native Sandbox:
Native sandbox is available on Windows platform only.
Native sandbox can be enabled or disabled through Java Control Panel->Advanced settings->Enable the operating system's restricted environment (native sandbox) or by setting deployment.security.use.native.sandbox
property to true in deployment.properties
file.
Native sandbox is disabled by default.
When native sandbox is enabled, the sandbox applets or web-start applications will run in a restricted environment, that is provided by the operating system. This will not affect the all-permission applications and they will continue to run as before.
Native sandbox will be disabled for applications included the in Exception Site List (ESL) or when Deployment Rule Set (DRS) is used.
Sandbox applets deployed with HTML applet tag which includes all-permissions JAR files from the Class-Path
manifest attribute, will run in native sandbox.
In such cases, a special warning dialog will display, informing the user that the applet may not work properly, when such an applet tries to access the all-permission JAR files.
Custom preloader will be disabled in certain cases when native sandbox is enabled:
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
Area: security-libs/java.security
Synopsis: Add new Comodo roots to root CAs
Four new root certificates have been added for Commodo:
1. COMODO ECC Certification Authority
alias: comodoeccca
DN: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
2. COMODO RSA Certification Authority
alias: comodorsaca
DN: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford,
ST=Greater Manchester, C=GB
3. USERTrust ECC Certification Authority
alias: usertrusteccca
DN: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
4. USERTrust RSA Certification Authority
alias: usertrustrsaca
DN: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
JDK-8077652 (not public)
Area: security-libs/java.security
Synopsis: Add new GlobalSign roots to root CAs
Two root certificates have been added for GlobalSign:
1. GlobalSign ECC Root CA - R4
alias: globalsigneccrootcar4
DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
2. GlobalSign ECC Root CA - R5
alias: globalsigneccrootcar5
DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
JDK-8077653 (not public)
Area: security-libs/java.security
Synopsis: Add Actalis to root CAs
Added one new root certificate:
Actalis Authentication Root CA
alias: actalisauthenticationrootca
DN: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967,
L=Milan, C=IT
JDK-8077651 (not public)
Area: security-libs/java.security
Synopsis: Add new Entrust ECC root
Added one new root certificate:
Entrust Root Certification Authority - EC1
alias: entrustrootcaec1
DN: CN=Entrust Root Certification Authority - EC1,
OU="(c) 2012 Entrust, Inc. - for authorized use only",
OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
JDK-8072961 (not public)
Area: security-libs/java.security
Synopsis: Remove old Valicert Class 1 and 2 Policy roots
Removed two root certificates with 1024-bit keys:
1. ValiCert Class 1 Policy Validation Authority
alias: secomvalicertclass1ca
DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
2. ValiCert Class 2 Policy Validation Authority
alias: valicertclass2ca
DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
JDK-8077354 (not public)
Area: security-libs/java.security
Synopsis: Remove old Thawte roots
Removed two root certificates with 1024-bit keys:
1. Thawte Server CA
alias: thawteserverca
DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
2. Thawte Personal Freemail CA
alias: thawtepersonalfreemailca
DN: EMAILADDRESS=personal-freemail@thawte.com,
CN=Thawte Personal Freemail CA, OU=Certification Services Division,
O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
JDK-8073271 (not public)
Area: security-libs/java.security
Synopsis: Remove more old Verisign, Equifax, and Thawte roots
Removed five root certificates with 1024-bit keys:
1. Verisign Class 3 Public Primary Certification Authority - G2
alias: verisignclass3g2ca
DN: OU=VeriSign Trust Network,
OU="(c) 1998 VeriSign, Inc. - For authorized use only",
OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
2. Thawte Premium Server CA
alias: thawtepremiumserverca
DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
3. Equifax Secure Certificate Authority
alias: equifaxsecureca
DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
4. Equifax Secure eBusiness CA-1
alias: equifaxsecureebusinessca1
DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
5. Equifax Secure Global eBusiness CA-1,
alias: equifaxsecureglobalebusinessca1
DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
JDK-8075091 (not public)
Area: security-libs/java.security
Synopsis: Remove TrustCenter CA roots from cacerts
Removed three root certificates:
1. TC TrustCenter Universal CA I
alias: trustcenteruniversalcai
DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA,
O=TC TrustCenter GmbH, C=DE
2. TC TrustCenter Class 2 CA II
alias: trustcenterclass2caii
DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA,
O=TC TrustCenter GmbH, C=DE
3. TC TrustCenter Class 4 CA II
alias: trustcenterclass4caii
DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA,
O=TC TrustCenter GmbH, C=DE
JDK-8071699 (not public)
Area: security-libs/javax.net.ssl
Synopsis: Deprecate RC4 in SunJSSE provider
RC4 is now considered as a weak cipher. Servers should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms
, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list.
JDK-8043201 (not public)
Area: security-libs/javax.net.ssl
Synopsis: Prohibit RC4 cipher suites
RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods.
JDK-8043202 (not public)
Area: security-libs/javax.net.ssl
Synopsis: Improved certification checking
With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK.
If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks.
JDK-8067694 (not public)
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8071668 | client-libs | java.awt | [macosx] Clipboard does not work with 3rd parties Clipboard Managers |
JDK-8077685 | core-libs | java.util:i18n | (tz) Support tzdata2015d |
JDK-8075602 | deploy | Applet throws java.security AccessControlException in java console when playing it | |
JDK-8079223 | deploy | unnecessary performance degradation caused by fix to JDK-8052111 | |
JDK-8069161 | deploy | plugin | Slow cache performance since JRE 7u06 |
JDK-8076343 | deploy | plugin | JNLP property apple.laf.useScreenMenuBar no longer treated as secure for Mac OS |
JDK-8071897 | deploy | webstart | JRE 8U25 and 8u31 b32 cannot launch Java Web Start with proxy pac but works fine for 7u67 |
JDK-8078815 | deploy | webstart | Launching of jnlp app fails with JNLPException |
JDK-8035938 | hotspot | jvmti | Memory leak in JvmtiEnv::GetConstantPool |
JDK-8064546 | security-libs | javax.crypto | CipherInputStream throws BadPaddingException if stream is not fully read |
JDK-8078439 | security-libs | org.ietf.jgss | SPNEGO auth fails if client proposes MS krb5 OID |
JDK-8073357 | xml | jaxb | schema1.xsd has wrong content. Sequence of the enum values has been changed |
JDK-8073385 | xml | jaxp | Bad error message on parsing illegal character in XML attribute |
JDK-8074297 | xml | jaxp | substring in XSLT returns wrong character if string contains supplementary chars |
Area: deploy/plugin
Synopsis: Java issue with Firefox 38, long delay with MyD loading
Java Plugin is unable to obtain proxy settings from Firefox 38 due to a bug in Mozilla framework. It may cause a long delay during RIA start up or can even cause start up failures. See the related issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=1165286
According to Mozilla, Firefox 39 will contain a fix for this problem.
Workarounds:
JDK-8081459 (not public)
Area: deploy
Synopsis: JNLP files won't launch from IE11 on Windows 10 Creators Update
Web-start applications cannot be launched when clicking JNLP link from IE 11 on Windows 10 Creators Update when 64-bit JRE is installed. Workaround is to uninstall 64-bit JRE and use only 32-bit JRE.
See JDK-8185661.
The following sections summarize changes made in all Java SE 8u45 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8085965 | hotspot | gc | VM hangs in C2Compiler |
8075210 | hotspot | gc | Refactor strong root processing in order to allow G1 to evolve separately from GenCollectedHeap |
8074037 | hotspot | gc | Refactor the G1GCPhaseTime logging to make it easier to add new phases |
8061630 | hotspot | gc | G1 iterates over JNIHandles two times |
8067655 | hotspot | gc | Clean up G1 remembered set oop iteration |
8051837 | hotspot | gc | Remove temporary G1UseParallelRSetUpdating and G1UseParallelRSetScanning flags |
8072384 | core-libs | java.net | Setting IP_TOS on java.net sockets not working on unix |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8072999 | deploy | webstart | DRS certificate based rule does not match with Java WS Application compressed by pack200 |
8076220 (Confidential) |
deploy | plugin | If checksum rule is specified drs tries to calculate checksum for folder (DRS1.2) |
8069161 | deploy | plugin | Slow cache performance since JRE 7u06 |
8072619 (Confidential) |
deploy | plugin | OutOfMemoryError in Java Plugin for IE |
8076189 (Confidential) |
install | install | Update Makefiles to Roll a .dmg File for the .pkg Installer |
8080288 (Confidential) |
deploy | plugin | Applet failed to reload after "javaws -uninstall" |
8072676 | client-libs | javax.swing | [macosx] Jtree icon painted over label when scrollbars present in window |
8079223 | deploy | unnecessary performance degradation caused by fix to JDK-8052111 | |
8077155 | core-libs | java.net | LoginContext Subject ignored by jdk8 sun.net.www.protocol.http.HttpURLConnection |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8073072 (Confidential) |
deploy | plugin | 8u25-b31/8u31-b32 fails to evaluate proxy pac file for some URLs |
8073008 | client-libs | java.awt | press-and-hold input method for accented characters works incorrectly on OS X |
Please note that fixes from the prior BPR (8u40 b32) are included in this BPR.
The full version string for this update release is 1.8.0_45-b14 (where "b" means "build") except for Windows, where the version string is 1.8.0_45-b15. The version number is 8u45.
JDK 8u45 contains IANA time zone data version 2015a. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u45 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_45 |
7 | 1.7.0_79 |
6 | 1.6.0_95 |
5.0 | 1.5.0_85 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u45) will expire with the release of the next critical patch update scheduled for July 14, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u45) on August 14, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
A new blacklist entry is included in this release.
For more details on the entry, see the related Cisco Security Advisory.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes included in this release:
Area: tools/jar
Synopsis: Improve jar file handling
Starting with JDK 8u45 release, the jar
tool no longer allows the leading slash "/" and ".." (dot-dot) path component in zip entry file name when creating new and/or extracting from zip and jar file. If needed, the new command line option "-P"
should be used explicitly to preserve the dot-dot and/or absolute path component.
See 8064601 (not public).
Area: deploy/webstart
Synopsis: jnlp app with nested "resource" section fails with NPE on load in jre8u40
A jnlp application, with nested <resources>
tags within a <java>
or <j2se>
tag, can throw an NPE. The issue is now fixed. The <resources>
tag should be used only if the <java>
is actually used.
See 8072631 (not public).
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8065373 | client-libs | 2d | [macosx] jdk8, jdk7u60 Regression in Graphics2D drawing of derived Fonts |
8065709 | client-libs | java.awt | Deadlock in awt/logging apparently introduced by 8019623 |
7178362 | core-libs | java.net | Socket impls should ignore unsupported proxy types rather than throwing |
8072042 | core-libs | java.util.i18n | (tz) Support tzdata2015a |
8068313 | deploy | Parsing JNLP file should not cause download of extensions. | |
8061648 | deploy | webstart | JavaWS fails with proxy autoconfig due to missing "dnsResolve" |
7014194 | install | install | 32-bit JRE silent install fails on WINDOWS 2008 SERVER 64-bit under System account |
8065553 | security-libs | java.security | Failed Java web start via IPv6 (Java7u71 or later) |
8055045 | security-libs | org.ietf.jgss:krb5 | StringIndexOutOfBoundsException while reading krb5.conf |
8029012 | tools | javac | parameter_index for type annotation not updated after outer.this added |
8046817 | xml | jaxb | JDK 8 schemagen tool does not generate xsd files for enum types |
8062923 | xml | jaxp | XSL: Run-time internal error in 'substring()' |
8062924 | xml | jaxp | XSL: wrong answer from substring() function |
Area: core-libs/jdk.nashorn
Synopsis: Finally blocks inlined incorrectly.
Nashorn has known issues where it incorrectly compiles try/finally constructs. For more information on this issue and a workaround, see Try/finally compilation issues wiki page.
See 8067139.
The following sections summarize changes made in all Java SE 8u40 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from the prior BPR (8u31 b33) are included in this BPR.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8071897 | deploy | webstart | JRE 8U25 and 8u31 b32 cannot launch Java Web Start with proxy pac but works fine for 7u67 |
8066436 (Confidential) |
client-libs | java.awt | Minimize can cause window to disappear on osx |
The full version string for this update release is 1.8.0_40-b26 (where "b" means "build") except for OS X, where the version string is 1.8.0_40-b27. The version number is 8u40.
This update release contains several enhancements and changes including the following:
JDK 8u40 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u40 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_31 |
7 | 1.7.0_75 |
6 | 1.6.0_91 |
5.0 | 1.5.0_81 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u40) will expire with the release of the next critical patch update scheduled for April 14, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u40) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Java Packager Tool Enhancements
JDK 8u40 release contains the following enhancements to the Java Packager:
UserJvmOptionsService
API is available for altering JVM options in self-contained applications. The new settings are used the next time the application is started. See Customizing JVM Options in Self-Contained Applications.Deprecated APIs
The endorsed-standards override mechanism and the extension mechanism are deprecated and may be removed in future releases. There are no runtime changes. Existing applications using the 'endorsed-standards override' or 'extension' mechanisms are recommended to migrate away from using these mechanisms. To help identify any existing uses of these mechanisms, the -XX:+CheckEndorsedAndExtDirs
command-line option is available. It will fail if any of the following conditions is true:
-Djava.endorsed.dirs
or -Djava.ext.dirs
system property is set to alter the default location; or${java.home}/lib/endorsed
directory exists; or${java.home}/lib/ext
contains any JAR files excluding the ones that JDK ships orThe -XX:+CheckEndorsedAndExtDirs
command-line option is supported in JDK 8u40 and later releases.
The Launch-Time JRE Version Selection or the Multiple JRE Launcher feature is deprecated in JDK 8u40. Visit http://openjdk.java.net/jeps/231 for further information. Applications that require specific Java versions deployed using this feature must switch to alternate deployment solutions such as Java WebStart.
JJS Tool Page DifferencesThe Japanese version of the jjs help page is different from the English version. Some of the unsupported options have been removed from the English version of the jjs tool page. The Japanese version of document will be updated in future.
See 8062100 (not public).
For other jjs tool page changes, see Tools Enhancements in JDK 8.
Java SE Tools UpdatedJava SE tools have been updated. See Tools Enhancements in JDK 8 for details.
Change in default values for G1HeapWastePercent and G1MixedGCLiveThresholdPercentThe default value for G1HeapWastePercent
was changed from 10 to 5 to reduce the need for full GCs. For the same reason the default value for G1MixedGCLiveThresholdPercent
was changed from 65 to 85.
The new jdk.nashorn.api.scripting.ClassFilter interface enables you to restrict access to specified Java classes from scripts run by a Nashorn script engine. See Restricting Script Access to Specified Java Classes in the Nashorn User's Guide and 8043717 (not public) for more information.
The Nashorn compiler now has static type inference capabilities for local variables and expressions. While JavaScript is hard to analyze statically, Nashorn is able to generate code optimized for specific types.
Nashorn now supports optimistic typing, which complements static type inference. For types that can't be statically inferred, Nashorn will make optimistic assumptions and gradually deoptimize when assumptions turn out to be wrong. To activate this feature use the --optimistic-types=true
option. See Nashorn Architecture and Performance Improvements for more information.
Function.prototype.bind
and Function.prototype.call
are enhanced to work on everything that can be invoked in Nashorn, such as POJO methods, instances of @FunctionalInterface
classes.
The fix for JDK-8023069 (in JDK 8u20) updated both the SunJSSE and and SunJCE providers, including some internal interfaces.
Some third party JCE providers (such as RSA JSAFE) are using some sun.* internal
interfaces, and therefore will not work with the updated SunJSSE provider. Such providers will need to be updated in order for them to work with the updated SunJSSE provider.
If you have been impacted by this issue, contact your JCE vendor for an update.
See 8058731.
Message digest algorithms are now enabled by default for SunPKCS11 provider on SolarisIf you are using Solaris 10, a change was made to re-enable operations with MD5, SHA1, and SHA2 through the Solaris Crypto Framework. If you experience a CloneNotSupportedException
or PKCS11 error CKR_SAVED_STATE_INVALID
message with JDK 8u40, you should verify and apply the following patches or newer versions of them:
See 8037745.
Troubleshooting Guide Updates for NMT, JMC, and JFRThe Native Memory Tracking (NMT) is a Java Hotspot VM feature that tracks internal memory usage for a HotSpot JVM. Native Memory Tracking can be used to monitor VM internal memory allocations and diagnose VM memory leaks.
VM enhancements page is updated with NMT features. See Java Virtual Machine Enhancements in Java SE 8.
Troubleshooting Guide is updated with NMT features. See Native Memory Tracking.
Troubleshooting Guide is also updated with content for Troubleshooting using Java Mission Control, Debug Memory Leaks using Java Flight Recorder (JFR), and Troubleshooting Performance Issues using JFR.
JavaFX EnhancementsStarting with JDK 8u40 release, JavaFX controls are enhanced to support assistive technologies, meaning that JavaFX controls are now accessible. In addition, a public API is provided to allow developers to write their own accessible controls.
Accessibility support is provided on Windows and Mac OS X platforms and includes:
See 8043344 (not public).
JDK 8u40 release includes new JavaFX UI controls; a spinner control, formatted-text support, and a standard set of alert dialogs.
A Spinner is a single line text field that lets the user select a number or an object value from an ordered sequence. See javafx.scene.control.Spinner class for more information.
A new TextFormatter class provides text formatting capablity for subclasses of TextInputControl (for example, TextField and TextArea). See javafx.scene.control.TextFormatter class for more information.
The Dialog class allows applications to create their own custom dialogs. In addition, an an Alert class is also provided, that extends Dialog, and provides support for a number of pre-built dialog types that can be easily shown to users to prompt for a response. See javafx.scene.control.Dialog, javafx.scene.control.Alert, javafx.scene.control.TextInputDialog, javafx.scene.control.ChoiceDialog classes for more information.
See 8043350 (not public).
Application Class Data Sharing (AppCDS) extends CDS (see Class Data Sharing) to enable you to place classes from the standard extensions directories and the application class path in the shared archive. This is an experimental feature and not licensed for commercial use. See the -XX:+UseAppCDS
option in the java launcher tool page.
Starting with JDK 8u40, the notion of "memory pressure" has been added to the JDK. Memory pressure is a property that represents the total memory usage (RAM) on the system. The higher the memory pressure, the closer the system is to running out of memory. This is an experimental feature and not licensed for commercial use.
As a reaction to increased memory pressure, the JDK will try to reduce its memory usage. This is mainly done by reducing the Java heap size. The actions the JDK will take to reduce memory usage may lead to reduced performance. This is an intentional choice.
The pressure level is provided by the application through a JMX MXBean using a scale from 0 (no pressure) to 10 (almost out of memory). To enable this feature, the jdk.management.cmm.SystemResourcePressureMXBean
should be registered. The memory pressure is then set using the "MemoryPressure" attribute.
A new command line flag -XX:MemoryRestriction
that takes one of the arguments 'none', 'low', 'medium', or 'high', is also available. This flag will set the initial pressure in the JDK and will work also in cases where the MXBean is not registered.
Cooperative Memory Management requires the G1 GC (-XX:+UseG1GC
). This feature is not compatible with the flag -XX:+ExplicitGCInvokesConcurrent
.
Two new VM options are now available for commercial license holders:
For more information, see Java Launcher documentation.
It is now possible to enable Java Flight Recorder at runtime. For details, see the Java Flight Recorder Runtime Guide at http://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/index.html.
The Microsoft Windows Installer (MSI) Enterprise JRE Installer Guide is available at https://docs.oracle.com/javacomponents/msi-jre8/install-guide. The MSI Enterprise JRE Installer requires a commercial license for use in production. To learn more about commercial features and how to enable them, visit https://www.oracle.com/java/technologies/javase-subscription-overview.html.
For a list of bug fixes included in this release, see JDK 8u40 Bug Fixes page.
The following are some of the notable bug fixes included in JDK 8u40 release:
Area: core-svc
Synopsis: Default and static interface methods in JDI, JDWP and JDB
Since JDK 8 it is possible to have directly executable static and default methods in interfaces. These methods are not executable via JDWP or JDI and therefore can not be properly debugged. See JDK 8 Compatibility Guide for more details.
See 8042123.
Area: install
Synopsis: Java Access Bridge can be enabled from Control panel for 32 bit JREs.
Previously the "Enable Java Access Bridge" check box got removed from the Java Control Panel with 64 bit JRE uninstall even when 32 bit JRE was still present on the system.
Starting with JDK 8u40 release, the "Enable Java Access Bridge" checkbox is retained, at Control Panel -> Ease of Access -> Ease of Access Center -> Use the computer without a display, if a 32 bit jre is present. So, a user can enable Java Access bridge via control panel for 32 bit JREs.
See 8030124.
Area: client-libs
Synopsis: Modernizing the JavaFX Media Stack on Mac OS X
An AVFoundation based player platform is added to JavaFX media. The old QTKit based platform is now removable for Mac App Store compatibility.
See 8043697 (not public).
Area: deploy/plugin
Synopsis: Missing DOM APIs
In JDK 8u40 release, the old plugin DOM APIs were inadvertently removed. If an applet requires the use of com.sun.java.browser.dom.DOMService
to communicate with the browser, then users may need to update their applet to use netscape.javascript.JSObject
or continue using JDK 8 Update 31.
This issue has been resolved in build 26 and new 8u40 installers have been posted. If you are experiencing this problem, download and run the updated JDK 8u40 installers.
See 8074564.
Area: client-libs/java.awt
Synopsis: Mac 10.10: Application run with splash screen has focus issues
Applications started through webstart or standalone applications, which use splash screen, cannot get keyboard focus.
Workaround: Launch javaws using the -Xnosplash
option.
This issue has been resolved in build 27 and a new 8u40 installer has been posted. If you are experiencing this problem, download and run the updated JDK 8u40 installer.
See 8074668.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8028241 | client-libs | Java Access Bridge: F key shortcuts not working if Ctrl, Alt, Shift modifier used | |
8040279 | client-libs | [macosx] Do not use the base image in the MultiResolutionBufferedImage constructor | |
8059944 | client-libs | [OGL] Metrics for a method choice copying of texture should be improved | |
8064468 | client-libs | ownedWindowList access requires synchronization in Window.setAlwaysOnTop() method | |
7067052 | client-libs | 2d | Default printer media is ignored |
8028539 | client-libs | 2d | Endless loop in native code of sun.java2d.loops.ScaledBlit |
8034218 | client-libs | 2d | AIX: Provide a better fontconfig.properties file |
8039444 | client-libs | 2d | Swing applications not being displayed properly |
8046007 | client-libs | 2d | Java app receives javax.print.PrintException: Printer is not accepting job. |
8047066 | client-libs | 2d | Test test/sun/awt/image/bug8038000.java fails with ClassCastException |
8048583 | client-libs | 2d | CustomMediaSizeName class matching to standard media is too loose |
8054638 | client-libs | 2d | xrender: text drawn after setColor(Color.white) is actually black |
8056122 | client-libs | 2d | Upgrade JDK to use LittleCMS 2.6 |
8057830 | client-libs | 2d | Crash in Java2D Queue Flusher, OGLSD_SetScratchSurface |
8057934 | client-libs | 2d | Upgrade to LittleCMS 2.6 breaks AIX build |
8059941 | client-libs | 2d | [D3D] The fix for JDK-8029253 should be ported to d3d pipeline |
8059942 | client-libs | 2d | Default implementation of DrawImage.renderImageXform() should be improved for d3d/ogl |
8061392 | client-libs | 2d | PrinterJob NPE when drawing translucent image with null user clip |
8061456 | client-libs | 2d | [OGL] Incorrect clip is used during sw->surface blit in xor mode |
8062164 | client-libs | 2d | Incorrect color conversion, when bicubic interpolation is used |
8026497 | client-libs | demo | Font2DTest demo: unused resource files |
6624085 | client-libs | java.awt | Fourth mouse button (wheel) is treated like second button - isPopupTrigger returns true |
7033533 | client-libs | java.awt | realSync() doesn't work with Xfce |
8003900 | client-libs | java.awt | X11 dependencies should be removed from Mac OS X build. |
8024626 | client-libs | java.awt | CTW CRASH: SIGSEGV in ctw/jre/lib/rt_jar/preloading_1 and ctw/jre/lib/rt_jar/sun_awt_X11_ListHelper |
8026385 | client-libs | java.awt | [macosx] (awt) setjmp/longjmp changes the process signal mask on OS X |
8029253 | client-libs | java.awt | [macosx] Performance problems with Retina display on Mac OS X |
8032864 | client-libs | java.awt | [macosx] sigsegv (0Xb) Being Generated When Starting JDev With Voiceover Running |
8033141 | client-libs | java.awt | Cleanup of sun.awt.X11 package |
8040007 | client-libs | java.awt | GtkFileDialog strips user inputted filepath |
8041734 | client-libs | java.awt | JFrame in full screen mode leaves empty workspace after close |
8043869 | client-libs | java.awt | [macosx] java -splash does not honor @2x hi dpi notation for retina support |
8046495 | client-libs | java.awt | KeyEvent can not be accepted in quick mouse clicking |
8048549 | client-libs | java.awt | [macosx] Disable usage of system menu bar if AWT is embedded in FX |
8049065 | client-libs | java.awt | [JLightweightFrame] Support DnD for SwingNode |
8049198 | client-libs | java.awt | [macosx] Incorrect thread access when showing splash screen |
8049996 | client-libs | java.awt | [macosx] test java/awt/image/ImageIconHang.java fails with NPE |
8051857 | client-libs | java.awt | OperationTimedOut exception inside from XToolkit.syncNativeQueue call |
8057788 | client-libs | java.awt | [macosx] "Pinch to zoom" does not work since jdk7 |
8058197 | client-libs | java.awt | AWT fails on generic non-reparenting window managers |
8059590 | client-libs | java.awt | ArrayIndexOutOfBoundsException occurs when Container with overridden getComponents() is deserialized |
8059998 | client-libs | java.awt | Broken link in java.awt.event Interface KeyListener |
8062021 | client-libs | java.awt | NPE in sun/lwawt/macosx/CPlatformWindow::toFront after 8060146 |
8065627 | client-libs | java.awt | Animated GIFs fail to display on a HiDPI display |
8066986 | client-libs | java.awt | [headless] DataTransferer.getInstance throws ClassCastException in headless mode |
8034085 | client-libs | java.beans | Do not prefer indexed properties |
8034164 | client-libs | java.beans | Introspector ignores indexed part of the property sometimes |
8054157 | client-libs | javax.accessibility | Access Bridge; add definitions for bits 8 and 9 for for new accelerator support |
8057977 | client-libs | javax.accessibility | Java Access Bridge, regression, NPE, occurs randomly |
4991647 | client-libs | javax.imageio | PNGMetadata.getAsTree() sets bitDepth to invalid value |
7058697 | client-libs | javax.sound | Unexpected exceptions in MID parser code |
7058700 | client-libs | javax.sound | Unexpected exceptions and timeouts in SF2 parser code |
8054431 | client-libs | javax.sound | Some of the input validation in the javasound is too strict |
6302052 | client-libs | javax.swing | Reference to nonexistant Class in javadoc |
6521706 | client-libs | javax.swing | A switch operator in JFrame.processWindowEvent() should be rewritten |
7169583 | client-libs | javax.swing | JInternalFrame title not antialiased in Nimbus LaF |
7170310 | client-libs | javax.swing | ScrollBar doesn't become active when tabs are created more than frame size |
8029536 | client-libs | javax.swing | JFileChooser filter uses .toString() instead of getDescription() for filter text on GTK laf |
8033699 | client-libs | javax.swing | Incorrect radio button behavior |
8042835 | client-libs | javax.swing | Unexpected mnemonic in JFileChooser |
8046559 | client-libs | javax.swing | NPE when changing Windows theme |
8048110 | client-libs | javax.swing | Using tables in JTextPane leads to infinite loop in FlowLayout.layoutRow |
8048887 | client-libs | javax.swing | SortingFocusTraversalPolicy throws IllegalArgumentException from the sort method |
8057893 | client-libs | javax.swing | JComboBox actionListener never receives "comboBoxEdited" from getActionCommand |
8058193 | client-libs | javax.swing | [macosx] Potential incomplete fix for 8031485 |
8058870 | client-libs | javax.swing | Mac: JFXPanel deadlocks in jnlp mode |
8059739 | client-libs | javax.swing | Dragged and Dropped data is corrupted for two data types |
8059943 | client-libs | javax.swing | [macosx] Aqua LaF should use BI.TYPE_INT_ARGB_PRE for a better performance |
8065098 | client-libs | javax.swing | JColorChooser no longer supports drag and drop between two JVM instances |
8044533 | core-libs | Deoptimizing negation produces wrong result for zero | |
8044534 | core-libs | Constant folding for unary + should produce int for boolean literals | |
8044638 | core-libs | Tidy up Nashorn codebase for code standards | |
8044816 | core-libs | On-demand compiled top-level program doesn't need :createProgramFunction | |
8046201 | core-libs | Avoid repeated flattening of nested ConsStrings | |
8056926 | core-libs | Improve caching of GuardWithTest combinator | |
7011804 | core-libs | java.io | SequenceInputStream with lots of empty substreams can cause StackOverflowError |
8055949 | core-libs | java.io | ByteArrayOutputStream capacity should be maximal array size permitted by VM |
6853696 | core-libs | java.lang | (ref) ReferenceQueue.remove(timeout) may return null even if timeout has not expired |
8000975 | core-libs | java.lang | (process) Merge UNIXProcess.java.bsd & UNIXProcess.java.linux |
8047340 | core-libs | java.lang | (process) Runtime.exec() fails in Turkish locale |
8048515 | core-libs | java.lang | Read outside array bounds in jdk/src/solaris/native/java/lang/java_props_md.c |
8054841 | core-libs | java.lang | (process) ProcessBuilder leaks native memory |
8060485 | core-libs | java.lang | (str) contentEquals checks the String contents twice on mismatch |
8031373 | core-libs | java.lang.invoke | Fix deprecation and raw lint warnings in java.lang.invoke |
8037209 | core-libs | java.lang.invoke | Improvements and cleanups to bytecode assembly for lambda forms |
8037210 | core-libs | java.lang.invoke | Get rid of char-based descriptions 'J' of basic types |
8038261 | core-libs | java.lang.invoke | JSR292: cache and reuse typed array accessors |
8049555 | core-libs | java.lang.invoke | Move varargsArray from sun.invoke.util package to java.lang.invoke |
8050052 | core-libs | java.lang.invoke | Small cleanups in java.lang.invoke code |
8050053 | core-libs | java.lang.invoke | Improve caching of different invokers |
8050057 | core-libs | java.lang.invoke | Improve caching of MethodHandle reinvokers |
8050166 | core-libs | java.lang.invoke | Get rid of some package-private methods on arguments in j.l.i.MethodHandle |
8050173 | core-libs | java.lang.invoke | Generalize BMH.copyWith API to all method handles |
8050174 | core-libs | java.lang.invoke | Support overriding of isInvokeSpecial flag in WrappedMember |
8050200 | core-libs | java.lang.invoke | Make LambdaForm intrinsics detection more robust |
8050877 | core-libs | java.lang.invoke | Improve code for pairwise argument conversions and value boxing/unboxing |
8050884 | core-libs | java.lang.invoke | Intrinsify ValueConversions.identity() functions |
8050887 | core-libs | java.lang.invoke | Intrinsify constants for default values |
8057020 | core-libs | java.lang.invoke | LambdaForm caches should support eviction |
8057042 | core-libs | java.lang.invoke | LambdaFormEditor: ability to derive new LFs from a base LF |
8057654 | core-libs | java.lang.invoke | Extract checks performed during MethodHandle construction into separate methods |
8057656 | core-libs | java.lang.invoke | Improve MethodType.isCastableTo() & MethodType.isConvertibleTo() checks |
8057657 | core-libs | java.lang.invoke | Annotate LambdaForm parameters with types |
8057922 | core-libs | java.lang.invoke | Improve LambdaForm sharing by using LambdaFormEditor more extensively |
8058291 | core-libs | java.lang.invoke | Missing some checks during parameter validation |
8058293 | core-libs | java.lang.invoke | Bit set computation in MHs.findFirstDupOrDrop/findFirstDrop is broken |
8058661 | core-libs | java.lang.invoke | Compiled LambdaForms should inherit from Object to improve class loading performance |
8058892 | core-libs | java.lang.invoke | FILL_ARRAYS and ARRAYS are eagely initialized in MethodHandleImpl |
8059877 | core-libs | java.lang.invoke | GWT branch frequencies pollution due to LF sharing |
8059880 | core-libs | java.lang.invoke | Get rid of LambdaForm interpretation |
8060483 | core-libs | java.lang.invoke | NPE with explicitCastArguments unboxing null |
8063135 | core-libs | java.lang.invoke | Enable full LF sharing by default |
8066746 | core-libs | java.lang.invoke | MHs.explicitCastArguments does incorrect type checks for VarargsCollector |
8064667 | core-libs | java.lang:class_loading | Add -XX:+CheckEndorsedAndExtDirs flag to JDK 8 |
8065675 | core-libs | java.lang:class_loading | Deprecate the Endorsed-Standards Override Mechanism |
8065702 | core-libs | java.lang:class_loading | Deprecate the Extension Mechanism |
8054987 | core-libs | java.lang:reflect | (reflect) Add sharing of annotations between instances of Executable |
8055063 | core-libs | java.lang:reflect | Parameter#toString() fails w/ AIOOBE for ctr of inner class w/ generic type |
8062771 | core-libs | java.lang:reflect | Core reflection should use final fields whenever possible |
8064391 | core-libs | java.lang:reflect | More thread safety problems in core reflection |
8057793 | core-libs | java.math | BigDecimal is no longer effectively immutable |
7010989 | core-libs | java.net | Duplicate closure of file descriptors leads to unexpected and incorrect closure of sockets |
7150092 | core-libs | java.net | NTLM authentication fail if user specified a different realm |
8029607 | core-libs | java.net | Type of Service (TOS) cannot be set in IPv6 header |
8042622 | core-libs | java.net | Check for CRL results in IllegalArgumentException "white space not allowed" |
8047186 | core-libs | java.net | jdk.net.Sockets throws InvocationTargetException instead of original runtime exceptions |
8048212 | core-libs | java.net | Two tests failed with "java.net.SocketException: Bad protocol option" on Windows after 8029607 |
8050983 | core-libs | java.net | Misplaced parentheses in sun.net.www.http.HttpClient break HTTP PUT streaming |
8057936 | core-libs | java.net | java.net.URLClassLoader.findClass uses exceptions in control flow |
8058216 | core-libs | java.net | NetworkInterface.getHardwareAddress can return zero length byte array when run with preferIPv4Stack |
8062744 | core-libs | java.net | jdk.net.Sockets.setOption/getOption does not support IP_TOS |
8011537 | core-libs | java.nio | (fs) Path.register(..) clears interrupt status of thread with no InterruptedException |
8042470 | core-libs | java.nio | (fs) Path.register doesn't throw IllegalArgumentException if multiple OVERFLOW events are specified |
8042816 | core-libs | java.nio | (fs) Path.register doesn't throw IllegalArgumentException if multiple OVERFLOW events are specified, part 2 |
8054029 | core-libs | java.nio | (fc) FileChannel.size() returns 0 for block devices on Linux |
8055421 | core-libs | java.nio | (fs) bad error handling in java.base/unix/native/libnio/fs/UnixNativeDispatcher.c |
8062501 | core-libs | java.nio | Modifications of server socket channel accept() methods for instrumentation purposes |
8062233 | core-libs | java.rmi | add java/rmi/server/Unreferenced/finiteGCLatency/FiniteGCLatency.java to problem list |
8039915 | core-libs | java.text | Wrong NumberFormat.format() HALF_UP rounding when last digit exactly at rounding position greater than 5 |
8042126 | core-libs | java.time | DateTimeFormatter "MMMMM" returns English value in Japanese locale |
8044671 | core-libs | java.time | NPE from JapaneseEra when a new era is defined in calendar.properties |
8040806 | core-libs | java.util | BitSet.toString() can throw IndexOutOfBoundsException |
8048209 | core-libs | java.util | SynchronizedNavigableSet tailSet uses wrong mutex |
8056248 | core-libs | java.util.concurrent | Improve ForkJoin thread throttling |
8056249 | core-libs | java.util.concurrent | Improve CompletableFuture resource usage |
8066397 | core-libs | java.util.concurrent | Remove network-related seed initialization code in ThreadLocal/SplittableRandom |
8048020 | core-libs | java.util.logging | Regression on java.util.logging.FileHandler |
8059269 | core-libs | java.util.logging | FileHandler may throw NPE if pattern is a simple name and the lock file already exists |
8065991 | core-libs | java.util.logging | LogManager unecessarily calls JavaAWTAccess from within a critical section |
8029452 | core-libs | java.util.stream | Fork/Join task ForEachOps.ForEachOrderedTask clarifications and minor improvements |
8030079 | core-libs | java.util.stream | Fix raw and unchecked warnings java.util.stream |
6904367 | core-libs | java.util:collections | (coll) IdentityHashMap is resized before exceeding the expected maximum size |
8033893 | core-libs | java.util:i18n | jdk build is broken due to the changeset of JDK-8033370 |
8060006 | core-libs | java.util:i18n | No Russian time zones mapping for Windows |
8047062 | core-libs | javax.naming | Improve diagnostic output in com/sun/jndi/ldap/LdapTimeoutTest.java |
8049884 | core-libs | javax.naming | Reduce possible timing noise in com/sun/jndi/ldap/LdapTimeoutTest.java |
8062132 | core-libs | javax.script | Nashorn incorrectly binds "this" for constructor created by another function |
8066932 | core-libs | javax.script | __noSuchMethod__ binds to this-object without proper guard |
8025435 | core-libs | jdk.nashorn | Specialized library functions for optimistic typing |
8028345 | core-libs | jdk.nashorn | Remove nashorn repo "bin" scripts to avoid confusion with JDK bin launcher programs |
8029090 | core-libs | jdk.nashorn | Developers should be able to pass nashorn properties and enable/disable JFR from command line |
8035312 | core-libs | jdk.nashorn | push() on frozen array increases its length property |
8038396 | core-libs | jdk.nashorn | 8037534 breaks richards Octane benchmark |
8038413 | core-libs | jdk.nashorn | NPE in unboxInteger |
8038416 | core-libs | jdk.nashorn | Access to undefined scoped variables deoptimized too much |
8040024 | core-libs | jdk.nashorn | BranchOptimizer produces bad code for NaN FP comparison |
8043002 | core-libs | jdk.nashorn | Improve performance of Nashorn equality operators |
8043003 | core-libs | jdk.nashorn | Use strongly referenced generic invokers |
8043004 | core-libs | jdk.nashorn | Reduce variability at JavaAdapter call sites |
8043133 | core-libs | jdk.nashorn | Fix corner cases of JDK-8041995 |
8043137 | core-libs | jdk.nashorn | Collapse long sequences of NOP in Nashorn bytecode output |
8043232 | core-libs | jdk.nashorn | Index selection of overloaded java new constructors |
8043235 | core-libs | jdk.nashorn | Type-based optimizations interfere with continuation methods |
8043431 | core-libs | jdk.nashorn | Fix yet another corner case of JDK-8041995 |
8043605 | core-libs | jdk.nashorn | Enable history for empty property maps |
8043956 | core-libs | jdk.nashorn | Make code caching work with optimistic typing and lazy compilation |
8044171 | core-libs | jdk.nashorn | Make optimistic exception handlers smaller |
8044502 | core-libs | jdk.nashorn | Get rid of global optimistic flag |
8044518 | core-libs | jdk.nashorn | Ensure exceptions related to optimistic recompilation are not serializable |
8044803 | core-libs | jdk.nashorn | Unnecessary restOf check in CodeGenerator.undefinedCheck |
8044851 | core-libs | jdk.nashorn | nashorn properties leak memory |
8046013 | core-libs | jdk.nashorn | TypeError: Cannot apply "with" to non script object |
8046014 | core-libs | jdk.nashorn | MultiGlobalCompiledScript used to cache method handle and strict mode - not anymore |
8046202 | core-libs | jdk.nashorn | Make persistent code store more flexible |
8046215 | core-libs | jdk.nashorn | Running uncompilable scripts throws NullPointerException |
8046921 | core-libs | jdk.nashorn | Deoptimization type information peristence |
8047331 | core-libs | jdk.nashorn | Assertion in CompiledFunction when running earley-boyer after Merge |
8047764 | core-libs | jdk.nashorn | Indexed or polymorphic set on global affects Object.prototype |
8048009 | core-libs | jdk.nashorn | Type info caching accidentally defeated |
8048079 | core-libs | jdk.nashorn | Persistent code store is broken after optimistic types merge |
8048505 | core-libs | jdk.nashorn | readFully does not handle ConsString file names |
8048586 | core-libs | jdk.nashorn | String concatenation with optimistic types is slow |
8048718 | core-libs | jdk.nashorn | JSON.parse('{"0":0, "64":0}') throws ArrayindexOutOfBoundsException |
8049086 | core-libs | jdk.nashorn | Minor API convenience functions on "Java" object |
8049242 | core-libs | jdk.nashorn | Explicit constructor overload selection should work with StaticClass as well |
8049524 | core-libs | jdk.nashorn | Global object initialization via javax.script API should be minimal |
8050432 | core-libs | jdk.nashorn | javax.script.filename variable should not be enumerable with nashorn engine's ENGINE_SCOPE bindings |
8050964 | core-libs | jdk.nashorn | OptimisticTypesPersistence.java should use java.util.Date instead of java.sql.Date |
8050977 | core-libs | jdk.nashorn | Java8 Javascript Nashorn exception: no current Global instance for nashorn |
8051439 | core-libs | jdk.nashorn | Wrong type calculated for ADD operator with undefined operand |
8051778 | core-libs | jdk.nashorn | Function.prototype.bind doesn't work on all callables |
8053910 | core-libs | jdk.nashorn | ScriptObjectMirror causing havoc with Invocation interface |
8053913 | core-libs | jdk.nashorn | Auto format caused warning in CompositeTypeBasedGuardingDynamicLinker |
8054223 | core-libs | jdk.nashorn | Nashorn: AssertionError when use __DIR__ and ScriptEngine.eval() |
8054411 | core-libs | jdk.nashorn | Add "nashorn.args.prepend" system property |
8054503 | core-libs | jdk.nashorn | test/script/external/test262/test/suite/ch12/12.6/12.6.4/12.6.4-2.js fails with tip |
8054651 | core-libs | jdk.nashorn | Global.initConstructor and ScriptFunction.getPrototype(Object) can have stricter types |
8054898 | core-libs | jdk.nashorn | Avoid creation of empty type info files |
8055034 | core-libs | jdk.nashorn | jjs exits interactive mode if exception was thrown when trying to print value of last evaluated expression |
8055042 | core-libs | jdk.nashorn | Compile-time expression evaluator was missing variables |
8055107 | core-libs | jdk.nashorn | Extension directives to turn on callsite profiling, tracing, AST print and other debug features locally |
8055199 | core-libs | jdk.nashorn | Tidy up Nashorn codebase for code standards (August 2014) |
8055687 | core-libs | jdk.nashorn | Wrong "this" passed to JSObject.eval call |
8055762 | core-libs | jdk.nashorn | Nashorn misses linker for netscape.javascript.JSObject instances |
8055796 | core-libs | jdk.nashorn | JSObject and browser JSObject linkers should provide fallback to call underlying Java methods directly |
8055870 | core-libs | jdk.nashorn | iteration fails if index var is not used |
8055906 | core-libs | jdk.nashorn | jdk.nashorn.internal.codegen.ApplySpecialization$1.leaveIdentNode() should throw stackless Exception |
8055911 | core-libs | jdk.nashorn | Questionable String.intern() in jdk.nashorn.internal.ir.IdentNode() |
8055913 | core-libs | jdk.nashorn | jdk.nashorn.internal.ir.Node.hashCode() delegates to Object.hashCode() and is hot |
8055923 | core-libs | jdk.nashorn | jdk.nashorn.internal.{codegen.CompilationPhase|runtime.Timing} should use System.nanoTime |
8055954 | core-libs | jdk.nashorn | Questionable use of parallelStream() in jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.initialize() |
8056025 | core-libs | jdk.nashorn | jdk.nashorn.internal.codegen.CompilationPhase.setStates() is hot in class installation phase |
8056052 | core-libs | jdk.nashorn | jdk.nashorn.internal.runtime.Source.getContent() does excess Object.clone() |
8056123 | core-libs | jdk.nashorn | Anonymous function statements leak internal function names into global scope |
8056129 | core-libs | jdk.nashorn | AtomicInteger is treated as primitive number with optimistic compilation |
8056978 | core-libs | jdk.nashorn | ClassCastException: cannot cast jdk.nashorn.internal.scripts.JO* |
8057019 | core-libs | jdk.nashorn | Additional arguments to Function.prototype.apply messes up actual arguments passed |
8057021 | core-libs | jdk.nashorn | UserAccessorProperty guards fail with multiple globals |
8057148 | core-libs | jdk.nashorn | Skip nested functions on reparse |
8057551 | core-libs | jdk.nashorn | Make class dumping available outside --compile-only mode |
8057588 | core-libs | jdk.nashorn | Lots of trivial classes are generated by Nashorn compiler |
8057611 | core-libs | jdk.nashorn | jdk/nashorn/internal/scripts/JO* classes are missing from the generated methods dump |
8057691 | core-libs | jdk.nashorn | Nashorn: let & const declarations are not shared between scripts |
8057703 | core-libs | jdk.nashorn | Still, lots of trivial classes are generated by Nashorn compiler |
8057743 | core-libs | jdk.nashorn | Single quotes must be escaped in message resource file |
8057825 | core-libs | jdk.nashorn | emitted socket arg becomes null in avatar.js http tests |
8057930 | core-libs | jdk.nashorn | Remove "eval id" from eval locations |
8057931 | core-libs | jdk.nashorn | Instead of not skipping small functions in parser, make lexer avoid them instead |
8057980 | core-libs | jdk.nashorn | let & const: remaining issues with lexical scoping |
8058100 | core-libs | jdk.nashorn | Reduce the RecompilableScriptFunctionData footprint |
8058179 | core-libs | jdk.nashorn | Global constants get in the way of self-modifying properties |
8058304 | core-libs | jdk.nashorn | Non-serializable fields in serializable classes |
8058422 | core-libs | jdk.nashorn | Users should be able to overwrite "context" and "engine" variables |
8058561 | core-libs | jdk.nashorn | NullPointerException at jdk.nashorn.internal.codegen.LocalVariableTypesCalculator. symbolIsUsed(LocalVariableTypesCalculator.java:224) |
8058610 | core-libs | jdk.nashorn | Pessimistic LMUL used where optimistic should be |
8058615 | core-libs | jdk.nashorn | Overload resolution ambiguity involving ConsString |
8059231 | core-libs | jdk.nashorn | Octane Raytrace fails when optimistic typing turned off |
8059236 | core-libs | jdk.nashorn | Memory leak when executing octane pdfjs with optimistic typing |
8059321 | core-libs | jdk.nashorn | Significant parser/frontend overhead in recompilation of avatar.js |
8059346 | core-libs | jdk.nashorn | Single class loader is used to load compiled bytecode |
8059370 | core-libs | jdk.nashorn | Unnecessary work in deoptimizing recompilation |
8059371 | core-libs | jdk.nashorn | Code duplication in handling of break and continue |
8059372 | core-libs | jdk.nashorn | Code duplication in split emitter |
8059443 | core-libs | jdk.nashorn | Logical NOT operator throws NullPointerException for null Boolean return values |
8059813 | core-libs | jdk.nashorn | Type Info Cache flag must must be documented |
8059938 | core-libs | jdk.nashorn | NPE restoring cached script with optimistic types disabled |
8060011 | core-libs | jdk.nashorn | Concatenating an array and converting it to Java gives wrong result |
8060101 | core-libs | jdk.nashorn | AssertionError: __noSuchProperty__ placeholder called from NativeJavaImporter |
8060471 | core-libs | jdk.nashorn | GlobalConstants.findSetMethod calls DynamicLinker.getLinkedCallSiteLocation, which does Throwables |
8060688 | core-libs | jdk.nashorn | Nashorn: Generated script class name fails --verify-code for names with special chars |
8061113 | core-libs | jdk.nashorn | Boolean used as optimistic call return type |
8061257 | core-libs | jdk.nashorn | nashorn ant build script should have a sanity target |
8061959 | core-libs | jdk.nashorn | Missing ArrayBuffer.isView() Method |
8062024 | core-libs | jdk.nashorn | Issue with date.setFullYear when time other than midnight |
8062308 | core-libs | jdk.nashorn | b36 of 9 introduces regressions over b35 when running lyra |
8062381 | core-libs | jdk.nashorn | String.prototype.charCodeAt called with invalid index throws ClassCastException |
8062386 | core-libs | jdk.nashorn | Different versions of nashorn use same code cache directory |
8062490 | core-libs | jdk.nashorn | JDK-8061391 regresses typescript: OOME with too fat SparseArrayData instances |
8062583 | core-libs | jdk.nashorn | Throwing object with error prototype causes error proto to be caught |
8062624 | core-libs | jdk.nashorn | java.lang.String methods not available on concatenated strings |
8062799 | core-libs | jdk.nashorn | Binary logical expressions can have numeric types |
8062937 | core-libs | jdk.nashorn | GlobalConstants produces wrong result with Object.defineProperty |
8063036 | core-libs | jdk.nashorn | Cosmetics: The recompile log produces double lines for some reason |
8063037 | core-libs | jdk.nashorn | Trivial bugfixing and exception reuse in ApplySpecialization |
8064467 | core-libs | jdk.nashorn | Deoptimization type information persistence doesn't work - "Failed to calculate version dir name" |
8064707 | core-libs | jdk.nashorn | Remove NativeArray link logic fields |
8064789 | core-libs | jdk.nashorn | Nashorn should just warn on code store instantiation error |
8065769 | core-libs | jdk.nashorn | OOM on Window/Solaris in test compile-octane-splitter.js |
8065985 | core-libs | jdk.nashorn | Inlining failure of Number.doubleValue() in JSType.toNumeric() causes 15% peak perf regresion on Box2D |
8066119 | core-libs | jdk.nashorn | Missing resource type.error.not.an.arraybuffer |
8066146 | core-libs | jdk.nashorn | jdk.nashorn.api.scripting package javadoc should be included in jdk docs |
8066669 | core-libs | jdk.nashorn | dust.js performance regression caused by primitive field conversion |
8067136 | core-libs | jdk.nashorn | BrowserJSObjectLinker does not handle call on JSObjects |
8067219 | core-libs | jdk.nashorn | NPE in ScriptObject.clone() when running with object fields |
8068573 | core-libs | jdk.nashorn | POJO setter using [] syntax throws an exception |
8068889 | core-libs | jdk.nashorn | Calling a @FunctionalInterface from JS leaks internal objects |
8069002 | core-libs | jdk.nashorn | REGRESSION: test/script/external/test262/test/suite/ch11/11.2/11.2.3/S11.2.3_A3_T5.js fails with tip |
8042123 | core-svc | Support default and static interface methods in JDI, JDWP and JDB | |
8044473 | core-svc | Allow for extended set of platform MXBeans | |
8064288 | core-svc | sun.management.Flag should loadLibrary() | |
8028430 | core-svc | debugger | JDI: ReferenceType.visibleMethods() return wrong visible methods |
8056049 | core-svc | java.lang.management | getProcessCpuLoad() stops working in one process when a different process exits |
8065397 | core-svc | java.lang.management | Remove ExtendedPlatformComponent.java from EXFILES list |
8049303 | core-svc | javax.management | Transient network problems cause JMX thread to fail silenty |
8039173 | core-svc | tools | Propagate errors from Diagnostic Commands as exceptions in the attach framework |
8044135 | core-svc | tools | Add API to start JMX agent from attach framework |
8049340 | core-svc | tools | sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.java timed out |
8027809 | deploy | ClassNotFound exception when loading jnlp applet in nested resource tag | |
8031989 | deploy | Provide API to get all the JNLP artifacts | |
8037417 | deploy | javaws fails to launch app with empty href in jnlp file if Application-Library-Allowable-Codebase is used | |
8038599 | deploy | Move com.sun.java.browser.dom and com.sun.java.browser.net to deploy | |
8039007 | deploy | jdeps incorrectly reports javax.jnlp as JDK internal APIs | |
8046476 | deploy | VPAT: Application Blocked dialog issues | |
8049088 | deploy | Close icon not highlighted and no name/description readable by screen readers | |
8052106 | deploy | [jcck] extra mnemonics in security dialog. | |
8054971 | deploy | Applet is blocked when requesting sandbox permission and loading loose resource | |
8059136 | deploy | Reverse removal of applet demos [backout 8015376] | |
8062183 | deploy | Change the order of linux proxy detection | |
8068969 | deploy | Add missing information to AppModel | |
8037471 | deploy | deployment_toolkit | The warning message displays the app name and publisher as "UNKNOWN" if cache is disabled |
8046709 | deploy | deployment_toolkit | Java Control Panel Security Level Radio Buttons do not have name, screen read not able to read the name |
8059387 | deploy | javafx | Unexpected SSV warning appears on Linux for FX applet requesting JRE 1.7+ |
8060719 | deploy | javafx | TrustDecider.checkMainJarManifest will fail for fx app with embedded certificate. |
6845304 | deploy | plugin | HTMLStyleElement can't be cast to LinkStyle |
8011182 | deploy | plugin | Unable to enable the last jre remaining on the system |
8023095 | deploy | plugin | Applet with legacy_lifecycle=true and jdwp properties destroyed on browseaway |
8025917 | deploy | plugin | JDK demo applets not running with >=7u40 or (JDK 8 and JDK 9) |
8032835 | deploy | plugin | Security Dialogs should display OU/O field for Publisher if CN field is empty |
8042626 | deploy | plugin | Exception occurs when writing many texts to java console |
8042696 | deploy | plugin | Existing Java method cannot be called from JavaScript in IE |
8043230 | deploy | plugin | MacNPAPIJavaPlugin incorrectly constructed which sometimes causes Applet not to load |
8043231 | deploy | plugin | [mac] Too long pipe names: sometimes duplicate names arisesm when many applets on page |
8023094 | deploy | webstart | web start short cut icon disappear when launch disconnected |
8027019 | deploy | webstart | Sometimes, codebase property is not written in .lap file in cache before loading app |
8029579 | deploy | webstart | "Application Error" dialog will show up after click "OK" on "Application Blocked" dialog |
8046501 | deploy | webstart | DRS - cert based run rule doesn't work when running offline |
8051890 | deploy | webstart | Java Web Start raises "Unable to create a shortcut for <APP_NAME>" dialog |
8055179 | deploy | webstart | Security Dialog for unsigned jnlp still different in jnlp Application case. |
8064358 | deploy | webstart | JnlpxArgs NullPointerException |
8066447 | deploy | webstart | 8u40: URL.openConnection fails with exception if "use browser settings" is set and browser itself uses system settings |
8055175 | globalization | translation | [de] Truncation issue in EULA dialog. |
8058184 | hotspot | Move _highest_comp_level and _highest_osr_comp_level from MethodData to MethodCounters | |
6351437 | hotspot | compiler | PIT : compiler/6329104/Test6329104.sh fails due to execution time variation |
6642881 | hotspot | compiler | Improve performance of Class.getClassLoader() |
6898462 | hotspot | compiler | The escape analysis with G1 cause crash assertion src/share/vm/runtime/vframeArray.cpp:94 |
8023461 | hotspot | compiler | Thread holding lock at safepoint that vm can block on: MethodCompileQueue_lock |
8026796 | hotspot | compiler | Make replace_in_map() on parent maps generic |
8029443 | hotspot | compiler | 'assert(klass->is_loader_alive(_is_alive)) failed: must be alive' during VM_CollectForMetadataAllocation |
8031994 | hotspot | compiler | java/lang/Character/CheckProp test times out |
8034775 | hotspot | compiler | Failing to initialize VM when running with negative value for -XX:CICompilerCount |
8035328 | hotspot | compiler | closed/compiler/6595044/Main.java failed with timeout |
8035605 | hotspot | compiler | Expand functionality of PredictedIntrinsicGenerator |
8035968 | hotspot | compiler | C2 support for SHA on SPARC |
8039498 | hotspot | compiler | Add iterators to GrowableArray |
8040798 | hotspot | compiler | compiler/startup/SmallCodeCacheStartup.java timed out in RT_Baseline |
8041984 | hotspot | compiler | CompilerThread seems to occupy all CPU in a very rare situation |
8041992 | hotspot | compiler | Fix of JDK-8034775 neglects to account for non-JIT VMs |
8042235 | hotspot | compiler | redefining method used by multiple MethodHandles crashes VM |
8042428 | hotspot | compiler | CompileQueue::free_all() code is incorrect |
8042431 | hotspot | compiler | compiler/7200264/TestIntVect.java fails with: Test Failed: AddVI 0 < 4 |
8042737 | hotspot | compiler | Introduce umbrella header prefetch.inline.hpp |
8044538 | hotspot | compiler | assert(which != imm_operand) failed: instruction is not a movq reg, imm64 |
8046289 | hotspot | compiler | compiler/6340864/TestLongVect.java timeout with |
8046698 | hotspot | compiler | assert(false) failed: only Initialize or AddP expected macro.cpp:943 |
8047326 | hotspot | compiler | Consolidate all CompiledIC::CompiledIC implementations and move it to compiledIC.cpp |
8047362 | hotspot | compiler | Add a version of CompiledIC_at that doesn't create a new RelocIterator |
8047373 | hotspot | compiler | Clean the ExceptionCache in one pass |
8047383 | hotspot | compiler | SIGBUS in C2 compiled method weblogic.wsee.jaxws.framework.jaxrpc.EnvironmentFactory$SimulatedWsdlDefinitions.<init> |
8048703 | hotspot | compiler | ReplacedNodes dumps it's content to tty |
8048879 | hotspot | compiler | "unexpected yanked node" opto/postaloc.cpp:139 |
8049252 | hotspot | compiler | VerifyStack logic in Deoptimization::unpack_frames does not expect to see invoke bc at the top frame during normal deoptimization |
8049528 | hotspot | compiler | Method marked w/ @ForceInline isn't inlined with "executed < MinInliningThreshold times" message |
8049529 | hotspot | compiler | LogCompilation: annotate make_not_compilable with compilation level |
8049530 | hotspot | compiler | Provide descriptive failure reason for compilation tasks removed for the queue |
8049532 | hotspot | compiler | LogCompilation: C1: inlining tree is flat (no depth is stored) |
8050079 | hotspot | compiler | crash while compiling java.lang.ref.Finalizer::runFinalizer |
8050972 | hotspot | compiler | Concurrency problem in PcDesc cache |
8051344 | hotspot | compiler | JVM crashed in Compile::start() during method parsing w/ UseRTMDeopt turned on |
8052081 | hotspot | compiler | Optimize code generated by C2 for Intel's Atom processor |
8054224 | hotspot | compiler | Recursive method that was compiled by C1 is unable to catch StackOverflowError |
8054376 | hotspot | compiler | Move RTM flags from Experimental to Product |
8054402 | hotspot | compiler | "klass->is_loader_alive(_is_alive)) failed: must be alive" for anonymous classes |
8054478 | hotspot | compiler | C2: Incorrectly compiled char[] array access crashes JVM |
8054927 | hotspot | compiler | Missing MemNode::acquire ordering in some volatile Load nodes |
8055286 | hotspot | compiler | Extend CompileCommand=option to handle numeric parameters |
8055494 | hotspot | compiler | Add C2 x86 intrinsic for BigInteger::multiplyToLen() method |
8055946 | hotspot | compiler | assert(result == NULL || result->is_oop()) failed: must be oop |
8056071 | hotspot | compiler | compiler/whitebox/IsMethodCompilableTest.java fails with 'method() is not compilable after 3 iterations' |
8056124 | hotspot | compiler | Hotspot should use PICL interface to get cacheline size on SPARC |
8056964 | hotspot | compiler | JDK-8055286 changes are incomplete. |
8057129 | hotspot | compiler | Fix AIX build after the Extend CompileCommand=option change 8055286 |
8057750 | hotspot | compiler | CTW should not make MH intrinsics not entrant |
8057758 | hotspot | compiler | Tests run TypeProfileLevel=222 crash with guarantee(0) failed: must find derived/base pair |
8058148 | hotspot | compiler | MaxNodeLimit and LiveNodeCountInliningCutoff should be increased |
8058536 | hotspot | compiler | java/lang/instrument/NativeMethodPrefixAgent.java fails due to VirtualMachineError: out of space in CodeCache for method handle intrinsic |
8058564 | hotspot | compiler | Tiered compilation performance drop in PIT |
8058744 | hotspot | compiler | Crash in C1 OSRed method w/ Unsafe usage |
8058825 | hotspot | compiler | EA: ConnectionGraph::split_unique_types does incorrect scalar replacement |
8058828 | hotspot | compiler | Wrong ciConstant type for arrays from ConstantPool::_resolved_reference |
8058847 | hotspot | compiler | C2: EliminateAutoBox regression after 8042786 |
8059139 | hotspot | compiler | It should be possible to explicitly disable usage of TZCNT instr w/ -XX:-UseBMI1Instructions |
8059226 | hotspot | compiler | Names of rtm_state_change and unstable_if deoptimization reasons were swapped in 8u40 |
8059299 | hotspot | compiler | assert(adr_type != NULL) failed: expecting TypeKlassPtr |
8059556 | hotspot | compiler | C2: crash while inlining MethodHandle invocation w/ null receiver |
8059592 | hotspot | compiler | Recent bugfixes in ppc64 port. |
8059621 | hotspot | compiler | JVM crashes with "unexpected index type" assert in LIRGenerator::do_UnsafeGetRaw |
8059780 | hotspot | compiler | SPECjvm2008-MPEG performance regressions on x64 platforms |
8060147 | hotspot | compiler | SIGSEGV in Metadata::mark_on_stack() while marking metadata in ciEnv |
8062169 | hotspot | compiler | Multiple OSR compilations issued for same bci |
8062950 | hotspot | compiler | Bug in locking code when UseOptoBiasInlining is disabled: assert(dmw->is_neutral()) failed: invariant |
8065618 | hotspot | compiler | C2 RA incorrectly removes kill projections |
8066045 | hotspot | compiler | opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1 |
8066103 | hotspot | compiler | C2's range check smearing allows out of bound array accesses |
8066199 | hotspot | compiler | C2 escape analysis prevents VM from exiting quickly |
8066775 | hotspot | compiler | opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1 |
8066900 | hotspot | compiler | Array Out Of Bounds Exception causes variable corruption |
8067144 | hotspot | compiler | SIGSEGV with +TraceDeoptimization in Deoptimization::print_objects |
7132678 | hotspot | gc | G1: verify that the marking bitmaps have no marks for objects over TAMS |
8019342 | hotspot | gc | G1: High "Other" time most likely due to card redirtying |
8024366 | hotspot | gc | Make UseNUMA enable UseNUMAInterleaving |
8026784 | hotspot | gc | Error message in AdaptiveFreeList<Chunk>::verify_stats is wrong |
8027553 | hotspot | gc | Change the in_cset_fast_test functionality to use the G1BiasedArray abstraction |
8027959 | hotspot | gc | Early reclamation of large objects in G1 |
8028710 | hotspot | gc | G1 does not retire allocation buffers after reference processing work |
8032379 | hotspot | gc | Remove the is_scavenging flag to process_strong_roots |
8033764 | hotspot | gc | Remove the usage of StarTask from BufferingOopClosure |
8033923 | hotspot | gc | Use BufferingOopClosure for G1 code root scanning |
8034056 | hotspot | gc | assert(_heap_alignment >= _space_alignment) failed: heap_alignment less than space_alignment |
8034761 | hotspot | gc | Remove the do_code_roots parameter from process_strong_roots |
8034764 | hotspot | gc | Use process_strong_roots to adjust the StringTable |
8035393 | hotspot | gc | Use CLDClosure instead of CLDToOopClosure in frame::oops_interpreted_do |
8035400 | hotspot | gc | Move G1ParScanThreadState into its own files |
8035401 | hotspot | gc | Fix visibility of G1ParScanThreadState members |
8035412 | hotspot | gc | Cleanup ClassLoaderData::is_alive |
8035648 | hotspot | gc | Don't use Handle in java_lang_String::print |
8035746 | hotspot | gc | Add missing Klass::oop_is_instanceClassLoader() function |
8037344 | hotspot | gc | Use the "next" field to iterate over fine remembered instead of using the hash table |
8037958 | hotspot | gc | ConcurrentMark::cleanup leaks BitMaps if VerifyDuringGC is enabled |
8038265 | hotspot | gc | CMS: enable time based triggering of concurrent cycles |
8038399 | hotspot | gc | Remove dead oop_iterate MemRegion variants from SharedHeap, Generation and Space classes |
8038404 | hotspot | gc | Move object_iterate_mem from Space to CMS since it is only ever used by CMS |
8038405 | hotspot | gc | Clean up some virtual fucntions in Space class hierarchy |
8038412 | hotspot | gc | Move object_iterate_careful down from Space to ContigousSpace and CFLSpace |
8038423 | hotspot | gc | G1: Decommit memory within the heap |
8038829 | hotspot | gc | G1: More useful information in a few assert messages |
8038928 | hotspot | gc | gc/g1/TestGCLogMessages.java fail with "[Evacuation Failure' found" |
8039147 | hotspot | gc | Cleanup SuspendibleThreadSet |
8039596 | hotspot | gc | Remove HeapRegionRemSet::clear_incoming_entry |
8040002 | hotspot | gc | Clean up code and code duplication in re-diryting cards for verification |
8040722 | hotspot | gc | G1: Clean up usages of heap_region_containing |
8040792 | hotspot | gc | G1: Memory usage calculation uses sizeof(this) instead of sizeof(classname) |
8040977 | hotspot | gc | G1 crashes when run with -XX:-G1DeferredRSUpdate |
8042255 | hotspot | gc | make gc src file exclusion more automatic |
8043607 | hotspot | gc | Add a GC id as a log decoration similar to PrintGCTimeStamps |
8043722 | hotspot | gc | Swapped usage of idx_t and bm_word_t types in parMarkBitMap.cpp |
8043723 | hotspot | gc | max_heap_for_compressed_oops() declared with size_t, but defined with uintx |
8046670 | hotspot | gc | Make CMS metadata aware closures applicable for other collectors |
8047323 | hotspot | gc | Remove unused _copy_metadata_obj_cl in G1CopyingKeepAliveClosure |
8047818 | hotspot | gc | G1 HeapRegions can no longer be ContiguousSpaces |
8047819 | hotspot | gc | G1 HeapRegionDCTOC does not need to inherit ContiguousSpaceDCTOC |
8047820 | hotspot | gc | G1 Block offset table does not need to support generic Space classes |
8047821 | hotspot | gc | G1 Does not use the save_marks functionality as intended |
8047976 | hotspot | gc | Ergonomics for GC thread counts should update the flags |
8048085 | hotspot | gc | Aborting marking just before remark results in useless additional clearing of the next mark bitmap |
8048088 | hotspot | gc | Conservative maximum heap alignment should take vm_allocation_granularity into account |
8048112 | hotspot | gc | G1 Full GC needs to support the case when the very first region is not available |
8048214 | hotspot | gc | Linker error when compiling G1SATBCardTableModRefBS after include order changes |
8048268 | hotspot | gc | G1 Code Root Migration performs poorly |
8048269 | hotspot | gc | Add flag to turn off class unloading after G1 concurrent mark |
8049051 | hotspot | gc | Use of during_initial_mark_pause() in G1CollectorPolicy::record_collection_pause_end() prevents use of seperate object copy time prediction during marking |
8049411 | hotspot | gc | Minimal VM build broken after gcId.cpp was added |
8049421 | hotspot | gc | G1 Class Unloading after completing a concurrent mark cycle |
8049426 | hotspot | gc | Minor cleanups after G1 class unloading |
8049831 | hotspot | gc | Metadata Full GCs are not triggered when CMSClassUnloadingEnabled is turned off |
8050973 | hotspot | gc | CMS/G1 GC: add missing Resource and Handle mark |
8051973 | hotspot | gc | Eager reclaim leaves marks of marked but reclaimed objects on the next bitmap |
8052170 | hotspot | gc | G1 asserts at collection exit with -XX:-G1DeferredRSUpdate |
8052172 | hotspot | gc | Evacuation failure handling in G1 does not evacuate all objects if -XX:-G1DeferredRSUpdate is set |
8054341 | hotspot | gc | Remove some obsolete code in G1CollectedHeap class |
8054808 | hotspot | gc | Bitmap verification sometimes fails after Full GC aborts concurrent marking |
8054818 | hotspot | gc | Refactor HeapRegionSeq to manage heap region and auxiliary data |
8054819 | hotspot | gc | Rename HeapRegionSeq to HeapRegionManager |
8054970 | hotspot | gc | gc src file exclusion should exclude alternative sources |
8055006 | hotspot | gc | Store original value of Min/MaxHeapFreeRatio |
8055525 | hotspot | gc | Bigapp weblogic+medrec fails to startup after JDK-8038423 |
8055635 | hotspot | gc | Missing include in g1RegionToSpaceMapper.hpp results in unresolved symbol of fastdebug build without precompiled headers |
8055816 | hotspot | gc | Remove dead code in g1BlockOffsetTable |
8055919 | hotspot | gc | Remove dead code in G1 concurrent marking code |
8056043 | hotspot | gc | G1 does not uncommit within the heap after JDK-8038423 |
8056240 | hotspot | gc | Investigate increased GC remark time after class unloading changes in CRM Fuse |
8057143 | hotspot | gc | Incomplete renaming of variables containing "hrs" to "hrm" related to HeapRegionSeq |
8057531 | hotspot | gc | refactor gc argument processing code slightly |
8057536 | hotspot | gc | Refactor G1 to allow context specific allocations |
8057658 | hotspot | gc | Enable G1 FullGC extensions |
8057710 | hotspot | gc | Refactor G1 heap region default sizes |
8057713 | hotspot | gc | Destroy resource context and clean out allocation context |
8057722 | hotspot | gc | G1: Code root hashtable updated incorrectly when evacuation failed |
8057768 | hotspot | gc | Make heap region region type in G1 HeapRegion explicit |
8057799 | hotspot | gc | G1: Unnecessary NULL check in G1KeepAliveClosure |
8057818 | hotspot | gc | collect allocation context statistics at gc pauses |
8057824 | hotspot | gc | methods to copy allocation context statistics |
8057827 | hotspot | gc | notify an obj when allocation context stats are available |
8057916 | hotspot | gc | Sort includes and verify copyright for new files |
8058209 | hotspot | gc | Race in G1 card scanning could allow scanning of memory covered by PLABs |
8058235 | hotspot | gc | identify GCs initiated to update allocation context stats |
8058475 | hotspot | gc | TestCMSClassUnloadingEnabledHWM.java fails with '.*CMS Initial Mark.*' missing from stdout/stderr |
8058568 | hotspot | gc | GC cleanup phase can cause G1 skipping a System.gc() |
8059452 | hotspot | gc | G1: Change the default values for G1HeapWastePercent and G1MixedGCLiveThresholdPercent |
8059466 | hotspot | gc | Force young GC to initiate marking cycle when stat update is requested |
8059758 | hotspot | gc | Footprint regressions with JDK-8038423 |
8060116 | hotspot | gc | After JDK-8047976 gc/g1/TestSummarizeRSetStatsThreads fails |
8060467 | hotspot | gc | CMS: small OldPLABSize and -XX:-ResizePLAB cause assert(ResizePLAB || n_blks == OldPLABSize) failed: Error |
8062036 | hotspot | gc | ConcurrentMarkThread::slt may be invoked before ConcurrentMarkThread::makeSurrogateLockerThread causing intermittent crashes |
8062063 | hotspot | gc | Usage of UseHugeTLBFS, UseLargePagesInMetaspace and huge SurvivorAlignmentInBytes cause crashes in CMBitMapClosure::do_bit |
8064556 | hotspot | gc | G1: ParallelGCThreads=0 may cause assert(!MetadataOnStackMark::has_buffer_for_thread(Thread::current())) failed: Should be empty |
8065227 | hotspot | gc | Report allocation context stats at end of cleanup |
8065305 | hotspot | gc | Make it possible to extend the G1CollectorPolicy |
8065634 | hotspot | gc | Crash in InstanceKlass::clean_method_data when _method is NULL |
8040011 | hotspot | jfr | Metaspace events are missing from JFC files |
8034935 | hotspot | jvmti | JSR 292 support for PopFrame has a fragile coupling with DirectMethodHandle |
8057043 | hotspot | jvmti | Type annotations not retained during class redefine / retransform |
6311046 | hotspot | runtime | -Xcheck:jni should support checking of GetPrimitiveArrayCritical |
8025842 | hotspot | runtime | Convert warning("Thread holding lock at safepoint that vm can block on") to fatal(...) |
8031376 | hotspot | runtime | TraceClassLoading expects there to be a (Java) caller when you load a class with the bootstrap class loader |
8035893 | hotspot | runtime | JVM_GetVersionInfo fails to zero structure |
8038268 | hotspot | runtime | VM Crashes in MetaspaceShared::generate_vtable_methods while creating CDS archive with limiting SharedMiscCodeSize |
8038422 | hotspot | runtime | CDS test failed: assert((size % os::vm_allocation_granularity()) == 0) failed when limiting SharedMiscDataSize |
8042195 | hotspot | runtime | Introduce umbrella header orderAccess.inline.hpp |
8043275 | hotspot | runtime | interface initialization for default methods |
8046662 | hotspot | runtime | Check JNI ReleaseStringChars / ReleaseStringUTFChars verify_guards test inverted |
8046715 | hotspot | runtime | Add a way to verify an extended set of command line options |
8048169 | hotspot | runtime | Change 8037816 breaks HS build on PPC64 and CPP-Interpreter platforms |
8050942 | hotspot | runtime | PPC64: implement template interpreter for ppc64le |
8051002 | hotspot | runtime | Incorrectly merged share/vm/classfile/classFileParser.cpp was pushed to 8u20 |
8054368 | hotspot | runtime | nsk/jdi/VirtualMachine/exit/exit002 crash with detail tracking on (NMT2) |
8054546 | hotspot | runtime | NMT2 leaks memory |
8054547 | hotspot | runtime | Re-enable warning for incompatible java launcher |
8055007 | hotspot | runtime | NMT2: emptyStack missing in minimal build |
8055051 | hotspot | runtime | runtime/NMT/CommandLineEmptyArgument.java fails |
8055061 | hotspot | runtime | assert at share/vm/services/virtualMemoryTracker.cpp:332 Error: ShouldNotReachHere() when running NMT tests |
8055236 | hotspot | runtime | Deadlock during NMT2 shutdown on Windows |
8055289 | hotspot | runtime | Internal Error: mallocTracker.cpp:146 fatal error: Should not use malloc for big memory block, use virtual memory instead |
8055684 | hotspot | runtime | runtime/NMT/CommandLineEmptyArgument.java fails |
8056084 | hotspot | runtime | Refactor Hashtable to allow implementations without rehashing support |
8056175 | hotspot | runtime | Change "8048150: Allow easy configurations for large CDS archives" triggers conversion warning with older GCC |
8056971 | hotspot | runtime | Minor class loading clean-up |
8057623 | hotspot | runtime | add an extension class for argument handling |
8058251 | hotspot | runtime | assert(_count > 0) failed: Negative counter when running runtime/NMT/MallocTrackingVerify.java |
8058818 | hotspot | runtime | Allocation of more then 1G of memory using Unsafe.allocateMemory is still causing a fatal error on 32bit platforms |
8059100 | hotspot | runtime | SIGSEGV VirtualMemoryTracker::remove_released_region |
8059216 | hotspot | runtime | Make PrintGCApplicationStoppedTime print information about stopping threads |
8059803 | hotspot | runtime | Update use of GetVersionEx to get correct Windows version in hs_err files |
8061651 | hotspot | runtime | Add an interface to the JVM's Class/Resource Lookup Index Cache for improving sun.misc.URLClassPath search time |
8064375 | hotspot | runtime | Change certain errors to warnings in CDS output |
8064701 | hotspot | runtime | Some CDS optimizations should be disabled if bootclasspath is modified by JVMTI |
8065346 | hotspot | runtime | WB_AddToBootstrapClassLoaderSearch calls JvmtiEnv::create_a_jvmti when not in _thread_in_vm state |
8065765 | hotspot | runtime | Missing space in output message from -XX:+CheckEndorsedAndExtDirs |
8066670 | hotspot | runtime | -XX:+PrintSharedArchiveAndExit does not exit the VM when the archive is invalid |
8029070 | hotspot | svc | memory leak in jmm_SetVMGlobal |
8032247 | hotspot | svc | SA: Constantpool lookup for invokedynamic is not implemented |
8035650 | hotspot | svc | Exclude AIX from VS.NET make/windows/projectcreator.make |
8044398 | hotspot | svc | Attach code should propagate errors in Diagnostic Commands as errors |
8046783 | hotspot | svc | Add hidden field to methods for event based tracing |
8055662 | hotspot | svc | Update mapfile for libjfr |
8055677 | hotspot | svc | java/lang/instrument/RedefineBigClass.sh RetransformBigClass.sh start failing after JDK-8055012 |
8057535 | hotspot | svc | add a thread extension class |
8057564 | hotspot | svc | JVM hangs at getAgentProperties after attaching to VM with lower IntegrityLevel |
8061621 | hotspot | svc | *** java.lang.instrument ASSERTION FAILED ***: "!errorOutstanding" with message transform method call failed at JPLISAgent.c line: 844 |
8065361 | hotspot | svc | Fixup headers and definitions for INCLUDE_TRACE |
8069590 | hotspot | svc | AIX port of "8050807: Better performing performance data handling" |
8041383 | install | Restore Java-Security Dialog truncated | |
8048122 | install | VPAT: Mnemonics not set for integrated JRE Uninstall Tool buttons | |
8049060 | install | JDK installer "Java Setup" dialog a11y issue | |
8060057 | install | No checkbox "Enable JAB" after installation of public JRE 8 (only x86 JRE) | |
8062502 | install | Make the MacJREInstallerTests scheme shared across project | |
8065940 | install | not compressing the non-english msi's will speed up the build | |
8067251 | install | RegisterDeploy ping not working correctly | |
8055701 | install | auto_update | Incomplete letters displayed in Java update Welcome dialog |
8062407 | install | auto_update | jucheck incorrectly uses cached iftw-au.exe if already present in %TEMP% |
8037813 | install | install | Image on in-progress dialog is not localized |
8039950 | install | install | JRE installer accessibility issues |
8051701 | install | install | [de] Minor truncation in Uninstall out-of-date versions dialog |
8057085 | install | install | 64bit offline isn't compressed |
8054633 | other-libs | corba | [since-tag]: javadoc for corba classes has invalid @since tag |
7095856 | other-libs | corba:rmi-iiop | OutputStreamHook doesn't handle null values |
8061830 | other-libs | other | [asm] refresh internal ASM version v5.0.3 |
8028727 | security-libs | [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions | |
8063700 | security-libs | -Xcheck:jni changes cause many JCK failures in api/javax_crypto tests in SunPKCS11 | |
7107611 | security-libs | java.security | sun.security.pkcs11.SessionManager is scalability blocker |
8032573 | security-libs | java.security | CertificateFactory.getInstance("X.509").generateCertificates(InputStream) does not throw CertificateException for invalid input |
8035974 | security-libs | java.security | Refactor DigestBase.engineUpdate() method for better code generation by JIT compiler |
8039921 | security-libs | java.security | SHA1WithDSA with key > 1024 bits not working |
8042053 | security-libs | java.security | Broken links to jarsigner and keytool docs in java.security package summary |
8044215 | security-libs | java.security | Unable to initiate SpNego using a S4U2Proxy GSSCredential (Krb5ProxyCredential) |
8058657 | security-libs | java.security | Add @jdk.Exported to com.sun.jarsigner.ContentSigner API |
8036970 | security-libs | javax.crypto | Accessing Tomcat 8.0.3 via HTTPS doesn't work using TLS 1.2 GCM with ucrypto provider |
8056026 | security-libs | javax.crypto | Debug security logging should print Provider used for each crypto operation |
8037745 | security-libs | javax.crypto:pkcs11 | Consider re-enabling PKCS11 mechanisms previously disabled due to Solaris bug 7050617 |
8041142 | security-libs | javax.crypto:pkcs11 | Re-enabling CBC_PAD PKCS11 mechanisms for Solaris |
8042982 | security-libs | javax.net.ssl | Unexpected RuntimeExceptions being thrown by SSLEngine |
8052406 | security-libs | javax.net.ssl | SSLv2Hello protocol may be filtered out unexpectedly |
8028780 | security-libs | javax.security | JDK KRB5 module throws OutOfMemoryError when CCache is corrupt |
8048512 | security-libs | javax.security | Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp |
8046343 | security-libs | javax.smartcardio | (smartcardio) CardTerminal.connect('direct') does not work on MacOSX |
8049244 | security-libs | javax.xml.crypto | XML Signature performance issue caused by unbuffered signature data |
8048194 | security-libs | org.ietf.jgss | GSSContext.acceptSecContext fails when a supported mech is initiator preferred |
8048073 | security-libs | org.ietf.jgss:krb5 | Cannot read ccache entry with a realm-less service name |
8054817 | security-libs | org.ietf.jgss:krb5 | File ccache only recognizes Linux and Solaris defaults |
8029548 | tools | (jdeps) use @jdk.Exported to determine supported vs JDK internal API | |
8048063 | tools | (jdeps) Add filtering capability | |
8050804 | tools | (jdeps) Recommend supported API to replace use of JDK internal API | |
8056051 | tools | int[]::clone causes "java.lang.NoClassDefFoundError:Array" | |
8068495 | tools | Update the protocol for references of docs.oracle.com to HTTPS in langtools. | |
8033421 | tools | javac | @SuppressWarnings("deprecation") does not work when overriding deprecated method |
8033483 | tools | javac | Should ignore nested lambda bodies during overload resolution |
8036953 | tools | javac | Fix timing of varargs access check, per JDK-8016205 |
8037404 | tools | javac | javac NPE or VerifyError for code with constructor reference of inner class |
8038776 | tools | javac | VerifyError when running successfully compiled java class |
8042347 | tools | javac | javac, Gen.LVTAssignAnalyzer should be refactored, it shouldn't be a static class |
8043926 | tools | javac | javac, code valid in 7 is not compiling for 8 |
8044546 | tools | javac | Crash on faulty reduce/lambda |
8044737 | tools | javac | Lambda: NPE while obtaining method reference through lambda expression |
8044748 | tools | javac | JVM cannot access constructor though ::new reference although can call it directly |
8046060 | tools | javac | Different results of floating point multiplication for lambda code block |
8047341 | tools | javac | lambda reference to inner class in base class causes LambdaConversionException |
8048121 | tools | javac | javac complex method references: revamp and simplify |
8049075 | tools | javac | javac, wildcards and generic vararg method invocation not accepted |
8051402 | tools | javac | javac, type containment should accept that CAP <= ? extends CAP and CAP <= ? super CAP |
8051958 | tools | javac | Cannot assign a value to final variable in lambda |
8054210 | tools | javac | NullPointerException when compiling specific code. |
8054448 | tools | javac | (ann) Cannot reference field of inner class in an anonymous class |
8055514 | tools | javac | Wrong, confusing error when non-static varargs referenced in static context |
8056014 | tools | javac | Type inference may be skipped for a complex receiver generic method in a parameter position |
8056984 | tools | javac | Exception in compiler: java.lang.AssertionError: isSubClass T |
8057794 | tools | javac | Compiler Error when obtaining .class property |
8057800 | tools | javac | Method reference with generic type creates NPE when compiling |
8058112 | tools | javac | Invalid BootstrapMethod for constructor/method reference |
8058511 | tools | javac | StackOverflowError at com.sun.tools.javac.code.Types.lub |
8059710 | tools | javac | javac, the same approach used in fix for JDK-8058708 should be applied to Code.closeAliveRanges |
8059921 | tools | javac | Missing compile error in Java 8 mode for Interface.super.field access |
8062359 | tools | javac | javac Attr crashes with NPE in TypeAnnotationsValidator visitNewClass |
8062747 | tools | javac | Compiler error when anonymous class uses method with parametrized exception |
8063052 | tools | javac | Inference chokes on wildcard derived from method reference |
8066541 | tools | javac | An unknown compilation problem occurred |
8067039 | tools | javac | Revert changes to annotation attribute generation |
8067111 | tools | javac | Exception in compiler: java.lang.AssertionError: isSubClass E |
8042469 | tools | launcher | Launcher changes for native memory tracking scalability enhancement |
8058101 | tools | visualvm | Integrate new version of Java VisualVM based on VisualVM 1.3.8 into JDK |
8037948 | xml | Improve documentation for org.w3c.dom package | |
8049514 | xml | javax.xml.validation | FEATURE_SECURE_PROCESSING can not be turned off on a validator through SchemaFactory |
8066077 | xml | jax-ws | java.util.MissingResourceException |
8032908 | xml | jaxp | getTextContent doesn't return string in JAXP |
8062608 | xml | jaxp | BCEL corrupts debug data of methods that use generics |
Area: hotspot/gc
Synopsis: Performance degradation on G1 on Solaris when large pages are requested
When using G1 on Solaris where large pages are requested, the VM does not always use large pages when it could. This may result in significant throughput degradation, particularly on the Solaris x64 platform.
See 8058354.
Area: hotspot/compiler
Synopsis: Nondeterministic arithmetic when converting long strings to integers and performing OSR
For JRE 6 and above, when performing OSR on loops with huge stride and/or initial values, in a very rare case the tiered/server compilers can produce non-canonical loop shapes that can produce nondeterministic answers, when answers should be deterministic.
Workaround: Launch Java using the -XX:-UseOnStackReplacement
flag.
See 8072753.
Area: Control
Synopsis: Behavior and access of Control#getUserAgentStylesheet
method changed in 8u40.
In JDK 8u40, the getUserAgentStylesheet()
method moved from the Control
class to the Region
superclass.
The method was promoted from protected to public, which preserves binary compatibility, but breaks source compatibility for subclasses of Control
that override this method. The solution is to make the overridden method public in the subclass of Control
.
The semantics of the method are also changed such that any CSS that is applied from CSS files imported via the getUserAgentStylesheet()
method is only applied to the Region
in which it is a user agent stylesheet. Previously, a CSS file imported in this way could make changes throughout the application user interface, which could result in unintended style clobbering. This is no longer possible from JDK 8u40 onwards, and applications which might have been relying on this unintended behavior, may see differences in styling as a result.
See RT-38640.
Area: Control
Synopsis: PopupControl$CSSBridge
changed to extend Pane in 8u40.
In JDK 8u40, the object inheritance hierarchy of the protected javafx.scene.control.PopupControl$CSSBridge
inner class has changed in an incompatible manner. Prior to JDK 8u40, PopupControl$CSSBridge
extended from Group
and now it extends from Pane
.
This is primarily an internal class for custom PopupControls
such as Tooltip
, but it is possible that a third-party control might subclass this class. Such applications that subclass PopupControl$CSSBridge
might be affected if they were calling or overriding methods in Group
that are not in Pane
.
See RT-33696.
The following sections summarize changes made in all Java SE 8u31 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8062032 (Confidential) |
deploy | plugin | Client certificate authentication issues with TLS 1.2 and browser keystore |
8068283 | client-libs | java.awt | Mac OS Incompatibility between JDK 6 and 8 regarding input method handling |
8037417 | deploy | javaws fails to launch app with empty href in jnlp file if Application-Library-Allowable-Codebase is used | |
8063047 (Confidential) |
deploy | webstart | Need jnlp information from cached webstart application |
8062375 (Confidential) |
deploy | webstart | Warning message doesn't contain additional info: "Launched from downloaded JNLP file" when launched from shortcut or cache viewer |
8037471 | deploy | deployment_toolkit | The warning message displays the app name and publisher as "UNKNOWN" if cache is disabled |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8065858 (Confidential) |
deploy | plugin | Applet doesn't load after upgrade to JDK 8u25 |
Please note that fixes from the prior BPR (8u25 b32) are included in this BPR.
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8061648 | deploy | webstart | JavaWS fails with proxy autoconfig due to missing "dnsResolve" |
The full version string for this update release is 1.8.0_31-b13 (where "b" means "build"). The version number is 8u31.
This update release contains several enhancements and changes including the following:
JDK 8u31 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u31 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_31 |
7 | 1.7.0_75 |
6 | 1.6.0_91 |
5.0 | 1.5.0_81 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u31) will expire with the release of the next critical patch update scheduled for April 14, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u31) on May 14, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
SSLv3 is disabled by default
Starting with JDK 8u31 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security
property jdk.tls.disabledAlgorithms
in <JRE_HOME>/lib/security/java.security
file.
If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms
property in the java.security
file or by dynamically setting this Security property to "true" before JSSE is initialized.
It should be noted that SSLv3 is obsolete and should no longer be used.
Changes to Java Control Panel
Starting with JDK 8u31 release, SSLv3 protocol is removed from Java Control Panel Advanced options.
If the user needs to use SSLv3 for applications, re-enable it manually as follows:
deployment.security.SSLv3=true
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8040617 | client-libs | 2d | [macosx] Large JTable cell results in a OutOfMemoryException |
8041990 | client-libs | java.awt | [macosx] Language specific keys does not work in applets whenopened outside the browser |
8043610 | client-libs | java.awt | Sorting columns in JFileChooser fails with AppContext NPE |
8051359 | client-libs | javax.swing | [headless] JPopupMenu creation in headless mode with JDK9b23causes NPE |
8055949 | core-libs | java.io | ByteArrayOutputStream capacity should be maximal array sizepermitted by VM |
8055222 | core-libs | java.util:i18n | Currency update needed for ISO 4217 Amendment #159 |
8064560 | core-libs | java.util:i18n | (tz) Support tzdata2014j |
8033245 | deploy | RFE: Instructions Not Clear For Adding Site To ESL | |
8048089 | deploy | ClientConfig.refreshIfNeeded() doesn't restore properties with"active." prefix. | |
8050838 | deploy | JRE Install Error in localized Windows 8.1 after join in ADdomain | |
8044290 | deploy | webstart | Shortcuts are not created for javaws x64 with JRE 7u55 onWindows OS |
8056979 | deploy | webstart | Roaming user profiles by USER_JPI_PROFILE env variablesdoesn't work anymore |
8061342 | deploy | webstart | javaws help message in Japanese is corrupted |
8061643 | deploy | webstart | JavaWS fails with proxy autoconfig due to missing "resolve"permission |
8062392 | deploy | webstart | Jnlp fails to load with CouldNotLoadArgumentException |
8054883 | hotspot | compiler | Segmentation error while running program |
8026303 | hotspot | gc | CMS: JVM intermittently crashes with "FreeList of size258 violates Conservation Principle" assert |
8044406 | hotspot | gc | JVM crash with JDK8 (build 1.8.0-b132) with G1 GC |
8058715 | hotspot | runtime | stability issues when being launched as an embedded JVM viaJNI |
8060169 | hotspot | runtime | Update the Crash Reporting URL in the Java crash log |
8059079 | install | install | Typo in Installer Removal Tool UE, "hightly" |
8050386 | tools | javac | javac, follow-up of fix for 8049305 |
8059327 | xml | javax.xml.parsers | XML parser returns corrupt attribute value |
8038966 | xml | jax-ws | JAX-WS handles wrongly xsd:any arguments for Web services |
8036981 | xml | jaxb | JAXB not preserving formatting for xsd:any Mixed content |
8029837 | xml | jaxp | NPE seen in XMLDocumentFragmentScannerImpl.setProperty since7u40b33 |
The following sections summarize changes made in all Java SE 8u25 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8061643 | deploy | webstart | JavaWS fails with proxy autoconfig due to missing "resolve" permission |
Please note that fixes from the prior BPR (8u20 b32) are included in this BPR.
The full version string for this update release is 1.8.0_25-b17 (where "b" means "build") except for Windows, where the version string is 1.8.0_25-b18 . The version number is 8u25.
JDK 8u25 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u25 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_25 |
7 | 1.7.0_71 |
6 | 1.6.0_85 |
5.0 | 1.5.0_75 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u25) will expire with the release of the next critical patch update scheduled for January 20, 2015.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u25) on February 20, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
Oracle recommends that users and developers disable use of the SSLv3 protocol. Please follow the Instructions to disable SSL v3.0 in Oracle JDK and JRE.
Starting with JDK 8u25, unsafe server certificate change in SSL/TLS renegotiations is not allowed by default. Server certificate change in an SSL/TLS renegotiation may be unsafe and should be restricted:
If unsafe server certificate change is really required, please set the system property, jdk.tls.allowUnsafeServerCertChange
, to "true" before JSSE is initialized. Note that this would re-establish the unsafe server certificate change issue.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes in this release:
Area: security-libs/javax.net.ssl
Synopsis: Decrease the preference mode of RC4 in the enabled cipher suite list
This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider.
See 8043200 (not public).
Area: client-libs
Synopsis: JRE 8u20 crashes while using Japanese IM on Windows
The VM crashes while using Swing controls when some Japanese or Chinese characters are input on Windows platform. The issue is now fixed.
See 8058858 (not public).
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8047288 | client-libs | java.awt | [macosx] Endless loop in EDT on Mac |
8051588 | client-libs | java.awt | [headless] DataTransferer.getInstance throws ClassCastException in headless mode |
8057184 | client-libs | javax.swing | JCK8's api/javax_swing/JDesktopPane/descriptions.html#getset failed with GTKLookAndFeel on Linux and Solaris run v.s. JDK8+ |
8057770 | client-libs | javax.swing | api/javax_swing/JScrollPane/indexTGF.html#UpdateUI failed with MotifLookAndFeel on all platform |
8048207 | core-libs | java.util | CheckedQueue.offer calls wrong method on wrapped queue |
8054904 | deploy | Webstart cache path error for Java >= 7u65 | |
8051891 | deploy | webstart | SWT cannot load native look&feel |
8046233 | hotspot | runtime | VerifyError on backward branch |
8051012 | hotspot | runtime | Regression in verifier for <init> method call from inside of a branch |
8035613 | xml | jaxb | With active Securitymanager JAXBContext.newInstance fails |
The following sections summarize changes made in all Java SE 8u20 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8047288 | client-libs | java.awt | [macosx] Endless loop in EDT on Mac |
Bug Fixes
The full version string for this update release is 1.8.0_20-b26 (where "b" means "build"). The version number is 8u20.
This update release contains several enhancements and changes including the following:
JDK 8u20 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u20 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_11 |
7 | 1.7.0_65 |
6 | 1.6.0_81 |
5.0 | 1.5.0_71 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u20) will expire with the release of the next critical patch update scheduled for October 14, 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u20) on November 14, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
This JDK release includes Java Mission Control (JMC) version 5.4. For more information, see JMC 5.4 Release Notes.
Advanced Management Console (AMC) 1.0 is a commercial product available for Java users who license Java SE Advanced or Java SE Suite. AMC is downloaded separately from the JDK and is available to customers from My Oracle Support (MOS) or can be downloaded from OTN for trial purposes.
A primary benefit of Advanced Management Console is the ability to learn which applications are being run in the enterprise as well as the JREs that are being used. Additional information, such as the location of the application, vendor, permission level, number of JAR files and extensions, and number of times the application has been run is also provided. Information from Java Usage Tracker is collected by the AMC Collector, stored in the AMC database and displayed in the AMC UI.
Deployment rules can be created directly from this information and packaged into rule sets. The guided rule creation and packaging support greatly simplifies developing Deployment Rule Sets. The AMC UI can also be used to determine which rules and rule sets an application matches, helping system administrators understand the impact of installing a particular rule set prior to physically testing it in user environments.
For a summary of this feature, see Advanced Management Console documentation.
core-libs/java.lang:reflect
The javadoc for the Class.getMethod
and Class.getMethods
refer to the definition of inheritance in the Java Language Specification. Java SE 8 changed these rules in order to support default methods and reduce the number of redundant methods inherited from superinterfaces (see JLS 8, 8.4.8).
Class.getMethod
and Class.getMethods
were not updated with the 8 release to match the new inheritance definition (both may return non-inherited superinterface methods). Typically, the distinction is of no consequence; and for compatibility, it is preferred that the identity and number of returned methods match Java SE 7 as closely as possible. However, when the overriding method is a default method, it is important to filter out other overridden methods. As of 8u20, the implementation has been changed to perform this filtering step when the overrider is a default method.
See JDK-8029674.
security-libs/org.ietf.jgss:krb5
An interoperability issue is found between Java and the native Kerberos implementation on BSD (including macOS) on the kdc_timeout
setting in krb5.conf
, where Java interpreted it as milliseconds and BSD as seconds when no unit is specified. This code change adds support for the "s
" (second) unit. Therefore if the timeout is 5 seconds, Java accepts both "5000
" and "5s
". Customers concerned about interoperability between Java and BSD should use "5s
".
See JDK-8036779.
The flags MinHeapFreeRatio
and MaxHeapFreeRatio
have been made manageable. This means they can be changed at runtime using the management API in Java. Support for these flags have also been added to the ParallelGC
as part of the adaptive size policy.
A new Microsoft Windows Installer (MSI) Enterprise JRE Installer which enables user to install the JRE across the enterprise, is available. See Downloading the Installer section in JRE Installation for Microsoft Windows for more information. The MSI Enterprise JRE Installer is only available as part of Java SE Advanced or Java SE Suite. For information about these commercial products, see Java SE Advanced and Java SE Suite.
The following new configuration parameters are added to support commercial features, for use by Java SE Advanced or Java SE Suite licensees only.
USAGETRACKER_CFG=
DEPLOYMENT_RULE_SET=
See Installing With a Configuration File for more information about these and other installer parameters.
The Java Uninstall Tool is integrated with the installer to provide an option to remove older versions of Java from the system. The change is applicable to 32 bit and 64 bit Windows platforms. See Uninstalling the JRE.
Starting with JDK 8u20 release, the JRE will be installed in a version specific directory. For example:
C:\Program Files\Java\jre1.8.0_20
The version specific directory naming is intentional and it does not indicate that the JRE install is static.
As with the earlier releases, static JRE install is performed only if STATIC=1
option is passed (via command line or config file) by the user.
Existing Java applications that depend on the physical location of the JRE should be updated to reflect the new installation directory format.
The Update
tab in the Java Control Panel now enables the users to automatically update 64-bit JREs (in addition to 32-bit versions) that are installed on their system.
The Medium
security level has been removed. Now only High
and Very High
levels are available.
Applets that do not conform with the latest security practices can still be authorized to run by including the sites that host them to the Exception Site List.
The exception site list provides users with the option of allowing the same applets that would have been allowed by selecting the Medium
option but on a site-by-site basis therefore minimizing the risk of the using more permissive settings.
The javac
compiler has been updated to implement definite assignment analysis for blank final field access using "this". See JDK 8 Compatibility Guide for more details.
The minimum version of Java required for Java Plugin and Java Webstart is now Java 5. Applets that do not run in Java 5 or later must be ported to a later version of Java to continue to function. Applets written for earlier versions but able to run in at least Java 5 will continue to work.
UsageTracker
output formattingUsageTracker
output formatting has been changed to use quoting, to avoid confusion in the log. This may require changes to the way such information is read. The feature can be configured to behave as in previous versions, although the new format is recommended.
See Java Usage Tracker documentation.
"-B"
option has been added to the javapackager deploy command to enable you to pass arguments to the bundlers that are used to create self-contained applications. See javapackager
(Windows)/(Unix) documentation for information<fx:bundleArgument>
helper parameter argument has been added to JavaFX Ant Task Reference. It enables you to specify an argument (in the <fx:deploy> element) for the bundler that is used to create self-contained applications.javax.smartcardio.Card.disconnect(boolean reset)
method behaviorPrior to the JDK 8u20 and JDK 7u72 releases, the javax.smartcardio.Card.disconnect(boolean reset)
method had inverted logic for the 'reset'
boolean value passed to it. The card was reset upon a disconnect if false was passed to it and vice versa. Starting with JDK 7u72 and JDK 8u20, the correct behavior as per API documentation has been implemented.
In order to provide backwards compatibility to users who rely on the old behavior, a new system property has been introduced. The following command-line option can be used to enforce the old broken behavior:
-Dsun.security.smartcardio.invertCardReset=true
This property is set by default for 7u72 and later JDK 7 update releases. By default, no behavioral change will be noticed in this area for JDK 7 update releases.
Also the following command-line option can be used to enforce the new correct behavior:
-Dsun.security.smartcardio.invertCardReset=false
This is default for 8u20 and later JDK 8 update releases. In future Java releases, the property will be ignored/disabled and default disconnect method behavior will be as specified by API.
Starting with JDK 8u20, the RPM package name has been changed to include the Java product version.
For example, whereas the rpm name used to be returned simply as "jre", it is now returned as follows:
rpm -qp --qf "%{name}\n" ./jre-8u20-linux-x64.rpm
jre1.8.0_20
New Garbage Collection Tuning Guide added to JDK 8 documentation
The Java HotSpot Virtual Machine Garbage Collection Tuning Guide has been added to the Java SE 8 Developer Guides. This guide describes the garbage collectors included with the Java HotSpot VM and helps you decide which garbage collector can best optimize the performance of your application, especially if it handles large amounts of data (multiple gigabytes), has many threads, and has high transaction rates.
New Deployment Guide
The Java SE Deployment Guide combines information for Java SE and JavaFX deployment into a single guide. This guide provides information about the Java packaging tools, creating self-contained applications, and deploying Java and JavaFX applications that are embedded in a web page or launched from a browser.
Updated Troubleshooting Guide
The Java SE Troubleshooting Guide combines and replaces the Desktop Technologies Troubleshooting Guide and the HotSpot Virtual Machine Troubleshooting Guide, to provide a single location for diagnosing and solving problems that may occur with Java applications created on the Java SE 8 Platform and on Java HotSpot VM. The document introduces the new and improved troubleshooting tools and techniques like Java Mission Control, Java Flight Recordings, and JCMD.
Installation Guide has been updated with changes to Installing With a Configuration File.
Options related to string deduplication have been added to the java command tool page. String deduplication reduces the memory footprint of String objects on the Java heap by taking advantage of the fact that many String objects are identical. Instead of each String object pointing to its own character array, identical String objects can point to and share the same character array. See the option -XX:+UseStringDeduplication
for more information.
The following are some of the notable bug fixes in this release:
Area: tools/javac
Synopsis: Implement eager resolution of return types
The compiler specification, see JLS8 18.5.2, modified the treatment of nested generic method invocations for which the return type is an inference variable. The compiler has been adapted to implement the new logic. This is important to minimize incompatibility with the javac 7 inference algorithm. Three cases are considered:
The compiler update implies an eager resolution for generic method invocations, provided that the return type is an inference variable.
See 8030741.
Area: security-libs/org.ietf.jgss:krb5
Synopsis: sun.security.krb5.KdcComm
interprets kdc_timeout
as msec instead of sec
An interop issue is found between Java and native Kerberos implementation on BSD (including Apple OS X) regarding the kdc_timeout
setting in krb5.conf
, which Java interprets as milliseconds and BSD as seconds (when no unit is specified). This release adds support for the "s" (seconds) unit. Therefore if the timeout is 5 seconds, Java accepts both "5000" and "5s". Customers concerned about the interop between Java and BSD should use the later format.
See 8044399.
Area: other-libs/corba
Synopsis: org.omg.CORBA.ORBSingletonClass
loading no longer uses context class loader
The system property org.omg.CORBA.ORBSingletonClass
is used to configure the system-wide/singleton ORB. The handling of this system property has changed in 7u55 release to require that the system wide/singleton ORB be visible to the system class loader.
In this release the handling of this system property has been changed to match the behavior found in JDK versions prior to 7u55 release, i.e. the singleton ORB is once again located using the thread context class loader of the first thread to call the no-argument ORB.init
method. The change was made to support applications which have been designed to depend on this behavior. Note that this change is applicable to 8u20, 7u65, 6u85 and 5.0u75 releases. For JDK 9, the new behavior where the system wide/singleton ORB needs to be visible to the system class loader, will continue.
See 8042789.
Area: core-libs/java.util.collections
Synopsis: Collection.sort defers now defers to List.sort
Previously Collection.sort
copied the elements of the list to sort into an array, sorted that array, then updated list, in place, with those elements in the array, and the default method List.sort
deferred to Collection.sort. This was a non-optimal arrangement.
From 8u20 release onwards Collection.sort
defers to List.sort
. This means, for example, existing code that calls Collection.sort
with an instance of ArrayList
will now use the optimal sort implemented by ArrayList.
See 8032636.
Area: core-libs/java.net
Synopsis: Digest authentication interop issue
With older versions of Apache Tomcat, certain protocol parameters are expected to be surrounded by double quotes(""). This was the behavior in JDK 7, but was corrected in JDK 8 to be compatible with RFC2617. This caused digest authentication interoperability issues.
Setting the networking property http.auth.digest.quoteParameters
to true restores the JDK 7 behavior for compatibility with the older versions of Tomcat.
See 8034170(not public).
Area: tools/javac
Synopsis: javac crashes when mixing lambdas and inner classes
Previously the following sample code was making the compiler fail with a NPE:
class LambdaExpressionWithNonExistentIdCrashesJavacTest {
void foo() {
bar(()-> {
new NonExistentClass(){
public void any() {}
};
});
}
void bar(Runnable r) {}
}
where the NonExistentClass
was an existing but inaccessible class. Starting with JDK 8u20, javac
produces an error message indicating correctly that symbol "NonExistentClass"
can't be found.
See 8030816.
Area: tools/javac
Synopsis: ElementType.TYPE_USE
is introduced in JDK 8 and should be considered a logical superset of ElementType.TYPE
and ElementType.ANNOTATION_TYPE
. However, the javac
command does not currently recognize ElementType.TYPE_USE
as a superset.
javac
has been corrected to recognize ElementType.TYPE_USE
appropriately.
See 8029017.
Area: tools/javac
Synopsis: javac generates incorrect exception table for multi-catch statements inside a lambda
Handling of try-catch with multiple catches inside a lambda has been corrected.
See 8036942.
Area: core-libs/java.lang.reflect
Synopsis: Default methods affect the result of Class.getMethod
and Class.getMethods
Class.getMethod
and Class.getMethods
were not updated with the 8 release to match the new inheritance definition (both may return non-inherited superinterface methods). Starting with JDK 8u20, the implementation has been changed to match defintion. See JDK 8 Compatibility Guide for more details.
See 8046505.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8028212 | client-libs | Custom cursor HiDPI support | |
8029979 | client-libs | Allow multiple calls to DropTargetDropEvent.acceptDrop() | |
8012351 | client-libs | 2d | Bold fonts everywhere in GTK L&F on Ubuntu with JDK 7 |
8015100 | client-libs | 2d | [macosx] Applet graphics corrupted when applet width/height exceeds screen dimensions |
8017472 | client-libs | 2d | [macosx] Transparency demo is not correctly dragged on the second monitor |
8031134 | client-libs | 2d | PPC64: implement printing on AIX |
8032693 | client-libs | 2d | javax.print.PrintService does not find any CUPS-Printers on Linux |
8036022 | client-libs | 2d | D3D: rendering with XOR composite causes InternalError. |
8038106 | client-libs | 2d | PIT: access problem to a PrinterJob on OS X |
8039418 | client-libs | 2d | [macosx] Calling JNI functions in the scope of Get/ReleasePrimitiveArrayCritical |
8039774 | client-libs | 2d | [OGL] Image painting is broken if 'sun.java2d.accthreshold' is set to 0 |
8041129 | client-libs | 2d | [OGL] surface->sw blit is extremely slow |
8041644 | client-libs | 2d | [OGL] clip is ignored during surface->sw blit |
6744401 | client-libs | java.awt | Consider removal of code disabling JIT in Toolkit.getDefaultToolkit |
6788138 | client-libs | java.awt | leak in Java_sun_awt_X11_XlibWrapper_getStringBytes? |
7124255 | client-libs | java.awt | [macosx] java.awt.List: method select(int) doesn't work before be visible |
7124417 | client-libs | java.awt | [macosx] failure in Window.initGC on Mac with monitor sleeping |
7154841 | client-libs | java.awt | [macosx] Popups appear behind taskbar |
7157680 | client-libs | java.awt | XAWT: Native components should not paint native part on UPDATE event |
8007220 | client-libs | java.awt | [macosx] Setting popupmenu on TrayIcon do not work if done *after* adding TrayIcon |
8010999 | client-libs | java.awt | [macosx] a constrain of the top level window should be improved |
8012224 | client-libs | java.awt | AWT_TopLevels/TopLevelEvents/Automated/WindowIconifyDeiconifyEventsTest02 fails on Ubuntu 12.04 Unity shell |
8013116 | client-libs | java.awt | Robot moves mouse to point which differs from set in mouseMove on Unity shell |
8017626 | client-libs | java.awt | [OGL] Translucent VolatileImages don't paint correctly |
8023148 | client-libs | java.awt | [macosx] java.util.NoSuchElementException at java.util.LinkedList.getFirst |
8024061 | client-libs | java.awt | Exception thrown when drag and drop between two components is executed quickly |
8024185 | client-libs | java.awt | [macosx] Fullscreen button freezes application when started with -splash |
8024926 | client-libs | java.awt | [macosx] AquaIcon HiDPI support |
8026869 | client-libs | java.awt | [macosx] Support apple.awt.use-file-dialog-packages property |
8027561 | client-libs | java.awt | [macosx] Cleanup "may not respond to selector" warnings in native code |
8027778 | client-libs | java.awt | [macosx] Full screen not working properly on 7u45 and jdk8 |
8028617 | client-libs | java.awt | Dvorak keyboard mapping not honored when ctrl key pressed |
8030100 | client-libs | java.awt | java.awt.Desktop: Enable check for supported URI schemes on Linux |
8030987 | client-libs | java.awt | sun_awt_X11_GtkFileDialogPeer.h can be removed |
8031090 | client-libs | java.awt | [macosx] LWToolkit should not depends from the macosx. |
8031471 | client-libs | java.awt | Test closed/java/awt/dnd/FileDialogDropTargetTest/FileDialogDropTargetTest.java fails on Solaris zones virtual hosts |
8031694 | client-libs | java.awt | [macosx] TwentyThousandTest test intermittently hangs |
8031964 | client-libs | java.awt | [macosx] Dragging images from the browser does not work |
8032078 | client-libs | java.awt | [macosx] CPlatformWindow.setWindowState throws RuntimeException, if windowState=ICONIFIED:MAXIMIZED_BOTH |
8032219 | client-libs | java.awt | [macosx] Scrollbars looks bad under retina in Motif and Metal L&F |
8032435 | client-libs | java.awt | Cleanup of sun.awt.windows package |
8032595 | client-libs | java.awt | [macosx] setResizable(false) makes a frame slide down |
8032667 | client-libs | java.awt | [macosx] Components cannot be rendered in HiDPI to BufferedImage |
8032788 | client-libs | java.awt | ImageIcon constructor throws an NPE and hangs when passed a null String parameter |
8032961 | client-libs | java.awt | A JTextField of an applet loses the abillity to receive the focus under certain circumstances. |
8033534 | client-libs | java.awt | [macosx] Get MultiResolution image from native system |
8034068 | client-libs | java.awt | Label.toString performance improvement |
8035069 | client-libs | java.awt | [macosx] Loading resolution variants by demand |
8036103 | client-libs | java.awt | Cleanup of java.awt and java.awt.peer packages |
8036110 | client-libs | java.awt | In TextField can only select text visible or to the left of the cursor |
8036882 | client-libs | java.awt | [macosx] Native memory leak in Java_sun_lwawt_macosx_CImage_nativeGetNSImageRepresentationSizes |
8037287 | client-libs | java.awt | Windows build failed after JDK-8030787 |
8038113 | client-libs | java.awt | [macosx] JTree icon is not rendered in high resolution on Retina |
8038765 | client-libs | java.awt | [macosx] Toolkit.sync should be implemented |
8038999 | client-libs | java.awt | In Java 8 java.awt.datatransfer.DataFlavor.equals is no longer symmetric |
8039267 | client-libs | java.awt | Test closed/java/awt/Choice/ChoiceLocationTest/ChoiceLocationTest.html should be removed |
8041987 | client-libs | java.awt | [macosx] setDisplayMode crashes |
8042103 | client-libs | java.awt | Deserialization of empty java.awt.geom.Path2D will cause an exception |
8042440 | client-libs | java.awt | awt_Plugin no longer needed |
8047061 | client-libs | java.awt | [macosx] Crash when setting display mode |
8048265 | client-libs | java.awt | AWT crashes inside CCombinedSegTable::In called from Java_sun_awt_windows_WDefaultFontCharset_canConvert |
8019990 | client-libs | java.awt:i18n | IM candidate window appears on the South-East corner of the display. |
8039776 | client-libs | java.beans | Introspector throws NullPointerException for subclasses' mismatched get/setter |
8040656 | client-libs | java.beans | Classes with overriden methods with covariant returns return random read methods |
8009883 | client-libs | javax.accessibility | REGRESSION: test/closed/javax/swing/AbstractButton/4246045/bug4246045.java fails |
8032443 | client-libs | javax.accessibility | Java Access Bridge version strings need to be fixed |
8036819 | client-libs | javax.accessibility | JAB: mneumonics not read for textboxes |
8036983 | client-libs | javax.accessibility | JAB:Multiselection Ctrl+CursorUp/Down and ActivateDescenderPropertyChanged event |
8040756 | client-libs | javax.accessibility | Add lint check fixes to Java Access Bridge files |
8042672 | client-libs | javax.accessibility | JAB throw NPE when trying to do reference increment on a NULL object |
8037117 | client-libs | javax.sound | Javadoc cleanup of javax.sound.midi.spi package |
7100952 | client-libs | javax.swing | closed/javax/swing/JComboBox/6246463/bug6246463.java deadlocks on MacOS |
7124250 | client-libs | javax.swing | [macosx] JOptionPane dialogs show wrong icons |
8010718 | client-libs | javax.swing | [macosx] JFileChooser current filter nullified by addChoosableFileFilter |
8019180 | client-libs | javax.swing | Use JComboBox as it's own ActionListener leads to unexpected behaviour |
8028616 | client-libs | javax.swing | Htmleditorkit parser doesn't handle leading slash (/) |
8029196 | client-libs | javax.swing | Focus border of JButton.buttonType=roundRect is cut off |
8029455 | client-libs | javax.swing | [JLightweightFrame] support scaled painting |
8031485 | client-libs | javax.swing | [macosx] Combo box consuming escape key events |
8031573 | client-libs | javax.swing | [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina |
8032872 | client-libs | javax.swing | [macosx] Cannot select from JComboBox in a JWindow |
8032874 | client-libs | javax.swing | ArrayIndexOutOfBoundsException in JTable while clearing data in JTable |
8032878 | client-libs | javax.swing | Editable combos in table do not behave as expected |
8033233 | client-libs | javax.swing | [JLightweightFrame] support default JViewport BLIT_SCROLL_MODE |
8033786 | client-libs | javax.swing | White flashing when opening Dialogs and Menus using Nimbus with dark background |
8034955 | client-libs | javax.swing | JLabel/JToolTip throw ClassCastException for "<html>a<title>" |
8039464 | client-libs | javax.swing | The scrollbar in JScrollPane has no right border if used WindowsLookAndFeel |
8040291 | client-libs | javax.swing | [macosx] Http-Images are not fully loaded when using ImageIcon |
8041725 | client-libs | javax.swing | Nimbus JList selection colors persist across L&F changes |
8041917 | client-libs | javax.swing | unexcepted behavior of LineBorder while using Boolean variable true |
8043705 | client-libs | javax.swing | Can't exit color chooser dialog when running as an applet |
8048506 | client-libs | javax.swing | [macosx] javax.swing.PopupFactory issue with null owner |
8024854 | core-libs | PPC64: Basic changes and files to build the class library on AIX | |
8024900 | core-libs | PPC64: Enable new build on AIX (jdk part) | |
8028537 | core-libs | PPC64: Updated the JDK regression tests to run on AIX | |
8030875 | core-libs | Macros for checking and returning on exceptions | |
8031581 | core-libs | PPC64: Addons and fixes for AIX to pass the jdk regression tests | |
8031737 | core-libs | CHECK_NULL and CHECK_EXCEPTION macros cleanup | |
8035881 | core-libs | PPC64: Fix AIX build in ppc-aix-port/stage after syncing 7133499 and 8028293 from jdk8u | |
8033911 | core-libs | java.io | Simplify instrumentation of FileInputStream and RandomAccessFile |
8033917 | core-libs | java.io | Keep track of file paths in file streams and channels for instrumentation purposes |
8027348 | core-libs | java.lang | (process) Enhancement of handling async close of ProcessInputStream |
8034944 | core-libs | java.lang | (process) Improve subprocess handling on Solaris |
8035640 | core-libs | java.lang | JNU_CHECK_EXCEPTION should support c++ JNI syntax |
8039916 | core-libs | java.lang | AnnotatedType.getType() of a Executable parameters may return wrong type |
8041791 | core-libs | java.lang | String.toLowerCase regression - violates Unicode standard |
8047777 | core-libs | java.lang | (process) ProcessEnvironment_md.c not compiling on 8uX |
8027827 | core-libs | java.lang.invoke | Improve performance of catchException combinator |
8032400 | core-libs | java.lang.invoke | JSR292: invokeSpecial: InternalError attempting to lookup a method |
8034120 | core-libs | java.lang.invoke | MethodHandles.catchException doesn't handle VarargsCollector right |
8036117 | core-libs | java.lang.invoke | MethodHandles.catchException doesn't handle VarargsCollector right (8034120 failed) |
8044206 | core-libs | java.lang.invoke | LambdaMetafactory.altMetafactory javadoc refers to wrong method |
8046903 | core-libs | java.lang.invoke | VM anonymous class members can't be statically invocable |
8029674 | core-libs | java.lang:reflect | (reflect) getMethods returns default methods that are not members of the class |
8033584 | core-libs | java.lang:reflect | Remove java/lang/reflect/Method/invoke/TestPrivateInterfaceMethodReflect.java from exclude list |
8038994 | core-libs | java.lang:reflect | AnnotatedType.getType() of a TypeVariable boundary without annotations return null |
4891331 | core-libs | java.math | BigInteger a.multiply(a) should use squaring code |
8025710 | core-libs | java.net | Proxied HTTPS connections reused by HttpClient can send CONNECT to the server |
8032832 | core-libs | java.net | Applet/browser deadlocks, when IIS integrated authentication is used |
8034181 | core-libs | java.net | (sctp) SIGBUS in SctpChannelImpl receive |
8034912 | core-libs | java.net | backport of 8031737 to jdk8u breaks linux buld. |
8040747 | core-libs | java.net | Improve performance of IP address parsing |
8040837 | core-libs | java.net | Avoid provoking NumberFormatException when initializing InetAddrCachePolicy |
8041621 | core-libs | java.net | java/net/Inet4Address/textToNumericFormat.java fails on Solaris and Mac |
8043954 | core-libs | java.net | Behavior difference when connect() is interrupted by signal on AIX |
8044590 | core-libs | java.net | Broken links in jre.api.net.socketoptions |
8044766 | core-libs | java.net | New jdk.net classes have @since 1.9 tags in 8u20 |
8046588 | core-libs | java.net | test for SO_FLOW_SLA availability does not check for EACCESS |
7133499 | core-libs | java.nio | (fc) FileChannel.read not preempted by asynchronous close on OS X |
8031997 | core-libs | java.nio | PPC64: Make the various POLL constants system dependant |
8032220 | core-libs | java.nio | Files.createDirectories throws exception with confusing message for root directories that exist |
8034801 | core-libs | java.nio | AIX: (ch) Fix synchronization issue in AixPollPort.java |
8037945 | core-libs | java.nio | Paths.get("").normalize() throws ArrayIndexOutOfBoundsException |
8043495 | core-libs | java.nio | (fc) Provide native implementation of FileChannel.transferTo for AIX |
8039751 | core-libs | java.nio.charsets | UTF-8 decoder fails to handle some edge cases correctly |
8032491 | core-libs | java.time | DateTimeFormatter fixed width adjacent value parsing does not match spec |
8032494 | core-libs | java.time | DateTimeFormatter spec includes irrelevant detail on parsing pattern |
8032502 | core-libs | java.time | java.time add @param tags to readObject |
8032558 | core-libs | java.time | Instant spec includes incorrect assertion wrt valid range |
8032749 | core-libs | java.time | Typo in java.time.Clock |
8032888 | core-libs | java.time | Error message typo in TemporalAccessor |
8033662 | core-libs | java.time | java.time.format.DateTimeFormatter doesn't set zone when parsing |
8035099 | core-libs | java.time | LocalTime with(MILLI_OF_DAY/MICRO_OF_DAY) incorrect |
8035106 | core-libs | java.time | Typo in java.time.format.Parsed error message |
8036785 | core-libs | java.time | ChronoLocalDate refers to generics that have been removed |
8036818 | core-libs | java.time | DateTimeFormatter withResolverFields() fails to accept null |
8040058 | core-libs | java.time | IsoFields.WEEK_BASED_YEAR adjustInto incorrect |
8046416 | core-libs | java.time | Unable to parse an Instant from fields |
8046707 | core-libs | java.time | Performance of java.time could be better |
8039527 | core-libs | java.util | Broken links in ConcurrentMap javadoc |
8040809 | core-libs | java.util | '}' left in the spec for j.u.Random.doubles(..) |
8011645 | core-libs | java.util.concurrent | CopyOnWriteArrayList.COWSubList.subList does not validate range properly |
8029646 | core-libs | java.util.jar | [pack200] should support the new zip64 format. |
8038491 | core-libs | java.util.jar | Improve synchronization in ZipFile.read() |
8044725 | core-libs | java.util.jar | Bug in zlib 1.2.5 prevents inflation of some gzipped files |
8044727 | core-libs | java.util.jar | Problem reading the contents of some zip files |
8037857 | core-libs | java.util.stream | Methods j.u.Arrays.spliterator/stream(X[], int, int) throw IAE instead of specified AIOOBE when endIndex < startIndex |
8042355 | core-libs | java.util.stream | stream with sorted() causes downstream ops not to be lazy |
8030848 | core-libs | java.util:collections | Collections.sort(List l, Comparator) should defer to List.sort(Comparator ) |
8035284 | core-libs | java.util:collections | AbstractMap unnecessarily initializes two volatiles to null |
8035584 | core-libs | java.util:collections | ArrayList(c) should avoid inflation if c is empty |
8037106 | core-libs | java.util:collections | Optimize Arrays.asList(...).forEach |
8046085 | core-libs | java.util:collections | HashMap.put with null key may throw NullPointerException |
8047795 | core-libs | java.util:collections | Collections.checkedList checking bypassed by List.replaceAll |
8033627 | core-libs | java.util:i18n | UTC+02:00 time zones are not detected correctly on Windows |
8034220 | core-libs | java.util:i18n | AIX: Provide better time zone mappings (i.e. tzmappings file) |
8035726 | core-libs | java.util:i18n | A sentence is truncated in the API doc for j.u.Locale.LanguageRange.parse(String, Map). |
8042360 | core-libs | java.util:i18n | Subtag syntax check is incomplete in Locale.LanguageRange |
8038080 | core-libs | javax.annotation.processing | annotation processors don't visit declaration parameter annotations |
8042857 | core-libs | javax.naming | 14 stuck threads waiting for notification on LDAPRequest |
8031359 | core-libs | javax.script | Invocable.getInterface() works incorrectly if interface has default methods |
8041697 | core-libs | javax.script | CompiledScript slower when eval with binding |
8011964 | core-libs | jdk.nashorn | need indexed access to externally-managed ByteBuffer |
8015958 | core-libs | jdk.nashorn | DataView constructor is not defined |
8021350 | core-libs | jdk.nashorn | Share script classes between threads/globals within context |
8027933 | core-libs | jdk.nashorn | Add --const-as-var option |
8029003 | core-libs | jdk.nashorn | setField in ScriptObject is incorrect for non extensible objects |
8029031 | core-libs | jdk.nashorn | "ant clean jar" on nashorn repo results in number of ASM deprecated warnings |
8029332 | core-libs | jdk.nashorn | Do not require nasgen-generated functions to return Object |
8029364 | core-libs | jdk.nashorn | NashornException to expose thrown object |
8029667 | core-libs | jdk.nashorn | Prototype linking is incorrect |
8029953 | core-libs | jdk.nashorn | Backport ASM warning fixes to JDK 8 |
8030182 | core-libs | jdk.nashorn | scopeCall with -1 as line number |
8030197 | core-libs | jdk.nashorn | Nashorn: Object.defineProperty() can be lured to change fixed NaN property |
8030199 | core-libs | jdk.nashorn | Nashorn: Uint8ClampedArray - Incorrect ToUint8Clamp implementation |
8030200 | core-libs | jdk.nashorn | Wrong result for Number.prototype.toString() for certain radix/inputs |
8030202 | core-libs | jdk.nashorn | Nashorn: Multiple RegExp#ignoreCase issues |
8030809 | core-libs | jdk.nashorn | Anonymous functions should not be shown with internal names in script stack trace |
8031106 | core-libs | jdk.nashorn | Nashorn: IndexOutOfBoundsException in NashornCallSiteDescriptor.getNameToken() |
8031317 | core-libs | jdk.nashorn | SyntaxError when property setter has no parameter |
8031715 | core-libs | jdk.nashorn | Indexed access to java package not working |
8031983 | core-libs | jdk.nashorn | Error objects should capture stack at the constructor |
8032004 | core-libs | jdk.nashorn | instance property "message" of Error objects should be non-enumerable |
8032060 | core-libs | jdk.nashorn | PropertyMap of Error objects is not stable |
8032068 | core-libs | jdk.nashorn | implement @sourceURL and #sourceURL directives |
8033763 | core-libs | jdk.nashorn | Add tests to assert map identity of certain objects |
8033924 | core-libs | jdk.nashorn | Default permissions are not given for eval code |
8033951 | core-libs | jdk.nashorn | nasgen needs the newly build nasgen and nashorn classes in the bootclasspath |
8034055 | core-libs | >jdk.nashorn | delete on global object not properly guarded |
8035948 | core-libs | jdk.nashorn | Redesign property listeners for shared classes |
8037400 | core-libs | jdk.nashorn | Remove getInitialMap getters and GlobalObject interface. |
8037562 | core-libs | jdk.nashorn | Nashorn: JSON.parse comes up with nonexistent entries if there are gaps between the keys |
8038456 | core-libs | jdk.nashorn | improve nasgen type checks and use specific return type for @Function, @SpecializedFunctio methods |
8038615 | core-libs | jdk.nashorn | test262 repo is now a git repo in github |
8038638 | core-libs | jdk.nashorn | Persistent store for compiled scripts |
8039047 | core-libs | jdk.nashorn | Parser accepts conditional catch clauses even when --no-syntax-extensions / -nse option is passed |
8039181 | core-libs | jdk.nashorn | Persistent code store does not use absolute paths internally |
8039387 | core-libs | jdk.nashorn | Nashorn supports indexed access of List elements, but length property is not supported |
8040078 | core-libs | jdk.nashorn | Avoid repeated reading of source for cached loads |
8041953 | core-libs | jdk.nashorn | JDK-8031359.js fails in 8u-dev |
8041998 | core-libs | jdk.nashorn | RegExp implementation is not thread-safe |
8042364 | core-libs | jdk.nashorn | Make __proto__ ES6 draft compliant |
8042600 | core-libs | jdk.nashorn | Add more samples in nashorn/samples directory |
8043443 | core-libs | jdk.nashorn | Test framework changes to run script tests without security manager |
8043930 | core-libs | jdk.nashorn | TypeError when attemping to create an instance of non-public class could be better |
8044000 | core-libs | jdk.nashorn | Access to undefined property yields "null" instead of "undefined" |
8044415 | core-libs | jdk.nashorn | ant makefile should have a target to generate javadoc only for jdk.nashorn.api and sub-packages |
8044517 | core-libs | jdk.nashorn | Run & debug single Nashorn test |
8044520 | core-libs | jdk.nashorn | Nashorn cannot execute node.js's express module |
8044612 | core-libs | jdk.nashorn | StringIndexOutOfBoundException in NativeRegExp.appendReplacement |
8044695 | core-libs | jdk.nashorn | __stack__ becomes visible in Error properties |
8044750 | core-libs | jdk.nashorn | megamorphic getter for scope objects does not call __noSuchProperty__ hook |
8044798 | core-libs | jdk.nashorn | API for debugging Nashorn |
8030036 | core-svc | debugger | Updates to ProblemList.txt after same-binaries run |
8032901 | core-svc | debugger | WaitForMultipleObjects() return value not handled appropriately |
7142035 | core-svc | java.lang.instrument | assert in j.l.instrument agents during shutdown when daemon thread is running |
8027230 | core-svc | java.lang.instrument | Overflow in java.lang.instrument.Instrumentation.getObjectSize() method |
6486771 | core-svc | java.lang.management | Fix snmp tests connection timeout problem. |
8038940 | core-svc | javax.management | c.s.j.r.i.ClientNotifForwarder$LinearExecutor prone to data races |
8028623 | core-svc | tools | SA: hash codes in SymbolTable mismatching java_lang_String::hash_code for extended characters. |
8030103 | core-svc | tools | Java Usage Tracker: need to escape separator chars |
8009764 | deploy | Java Web Start app run on Java SE 8 b79 shows "trust level" SecurityExceptions | |
8027821 | deploy | For signed jars without manifest "Permissions", there is still security warning dialog before Application Error (Or blocked) Dialog. | |
8031993 | deploy | Provide API to check if a given DRS allows or blocks a given application | |
8035706 | deploy | [parfait] Refix Parfait Bugs | |
8036634 | deploy | More Information hyperlink in Blocked Application Dialog needs to use a new URL | |
8037518 | deploy | Unit Test Failures due to RDF and other 8u5 changes. | |
8038986 | deploy | Nashorn fails to evaluate autoconfig-script when used via JavaWS | |
8039113 | deploy | Remove unused code left after JDK-8001167 changes | |
8039364 | deploy | Wrong port in HTTPS connection warning | |
8040668 | deploy | Automate Securitypack.jar creation | |
8041123 | deploy | DRS: messaging is incorrect when blocking due to DRS version mismatch | |
8041128 | deploy | DRS ruleset path matching problem | |
8042124 | deploy | fix to JDK-8033756 is incomplete | |
8042571 | deploy | Cannot run FX applets if Java 7 and 8 are installed and Java 8 is disabled via JCP | |
8043030 | deploy | Fix JUnit compilation error | |
8043134 | deploy | refactoring existing DRS functionality - splitting RuleId class into smaller classes | |
8043449 | deploy | Remove AppInfo.getFutureBlock*** methods | |
8043547 | deploy | SecurityBaseLine test doesn't fully restore the baseline configuration after completion | |
8043887 | deploy | Multiple applet jars are reported to Java Usage Tracker incorrectly | |
8028619 | deploy | deployment_toolkit | Display issue of java control panel in ko and ja locale |
8031490 | deploy | deployment_toolkit | Broken Java SE 7 jnlp samples (app2 and app3) |
8042641 | deploy | deployment_toolkit | jcontrol script should use pwd with -P flag |
8046006 | deploy | javafx | 8u20: FX app fails to connect domain:80 while this domain is allowed in cross domain file |
8050428 | deploy | javafx | JavaFX client authentication dialog is not a JavaFX-based dialog |
8051494 | deploy | javafx | One More File for JavaFX client authentication dialog is not a JavaFX-based dialog |
7094099 | deploy | plugin | DropDown List of JComboBox detached |
8004653 | deploy | plugin | AuthCacheBridge should not be in sun.net.www.protocol.http package |
8026841 | deploy | plugin | Java update needed dialog on mac doesn't have a title |
8028753 | deploy | plugin | Confusing Error messages shown by ESL under some blocked scenarios |
8029248 | deploy | plugin | Layout problem on Exception site list dialog in ja, ko, de, es, fr, pt_BR |
8029872 | deploy | plugin | "Always allow this application to access the printer" option doesn't work for jnlp application |
8032883 | deploy | plugin | java.lang.UnsupportedClassVersionError occurs while accessing an applet |
8033806 | deploy | plugin | Java Control Panel appears at center and then slides to bottom left of screen |
8034819 | deploy | plugin | Java Control Panel does not honor system date/time settings |
8035321 | deploy | plugin | REGRESSION: There is no '-Daaa=/home/test' for javaplugin.vm.options after clicking on the JCP and pressing 's' key to dump system properties |
8035572 | deploy | plugin | build broken: imports were missed |
8036620 | deploy | plugin | JAR file is downloaded on DownloadService.removeResource, if it is not in Deployment Cache |
8038006 | deploy | plugin | RDF: Security dialog popup while Java <--> JavaScript communication |
8039034 | deploy | plugin | 8u20: No blocked dialog for plugin and javafx apps when no jre matches the rule specified by Admin(DRS with force) |
8040786 | deploy | plugin | Text is truncated in JavaScript to Java security warning dialog on OS X |
8043229 | deploy | plugin | NPE in sun.lwawt.macosx.CEmbeddedFrame.getLayerPtr during applet startup |
8043478 | deploy | plugin | Oracle Linux 5.x: Expired JRE disabled in the browser automatically and no native dialog prompting for the JRE update |
8044055 | deploy | plugin | jfxrt.jar has a duplicate JSObject class without getWindow(Applet) |
8048906 | deploy | plugin | Broken exception site list GUI- Unable to add a site to the list |
8050875 | deploy | plugin | regression - java_arguments not accepted after Update to 7u65 |
6438917 | deploy | webstart | JNLP parser accepts illegal XML in comments |
8022939 | deploy | webstart | REGRESSION:NullPointerException at com.sun.javaws.Launcher.prepareToLaunch() |
8025726 | deploy | webstart | Certificate rule in DRS does not work for Java Web Start app when caching is turned off |
8029785 | deploy | webstart | When any applet-desc is launched via java web start and gets an error, it does not exit (process keeps running) |
8034816 | deploy | webstart | Old version of jnlp file is used |
8035058 | deploy | webstart | "Don't ask again..." doesn't work for expired native dialog on Ubuntu |
8035386 | deploy | webstart | backout parfait changes for javaws crash |
8036050 | deploy | webstart | launcher.c DetermineVersion() does not use jreversion or jrelocation |
8039120 | deploy | webstart | Backout 8034028 [parfait] JNI exception pending in deploy/src/common/macosx/native/MacOSXBundleUtil.m |
8039126 | deploy | webstart | Refix [parfait] JNI exception pending in deploy/src/common/macosx/native/MacOSXBundleUtil.m |
8043453 | deploy | webstart | deploy.dll needs to stop copying javaws.exe to the system dir |
8043582 | deploy | webstart | App gets blocked instead of showing multiple click dialog when no ocsp and crl info in certificate |
8043641 | deploy | webstart | ExtensionInstallerService.updateProgress() doesn't force the progress bar to be visible after calling hideProgressBar() as specified |
8017142 | globalization | locale-data | Time display for Spanish(Chile, Ecuador ) locale doesn't show 24-hour format |
8037343 | globalization | locale-data | Wrong dateformat for locale es_DO |
8041424 | globalization | translation | 8u20 l10n resource file translation update 1 |
8049128 | globalization | translation | 8u20 l10n resource file translation update 2 - jaxp |
6653795 | hotspot | compiler | C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems |
8002074 | hotspot | compiler | Support for AES on SPARC |
8003854 | hotspot | compiler | PPC64 (part 115): expand nodes after register allocation |
8005873 | hotspot | compiler | JRuby test_respond_to.rb asserts with: MT-unsafe modification of inline cache |
8007270 | hotspot | compiler | Make IsMethodCompilable test work with tiered |
8011391 | hotspot | compiler | C1: assert(code_offset() - offset == NativeInstruction::nop_instruction_size) failed: only one instruction can go in a delay slot |
8016696 | hotspot | compiler | PPC64 (part 4): add relocation for trampoline stubs |
8019517 | hotspot | compiler | PPC64 (part 102): cppInterpreter: implement G1 support |
8019518 | hotspot | compiler | PPC64 (part 104) : cppInterpreter: implement support for compressed Oops |
8019519 | hotspot | compiler | PPC64 (part 105): cppInterpreter: implement support for early return |
8019929 | hotspot | compiler | PPC64 (part 107): Extend ELF-decoder to support PPC64 function descriptor tables |
8019972 | hotspot | compiler | PPC64 (part 9): platform files for interpreter only VM |
8019973 | hotspot | compiler | PPC64 (part 11): Fix IA64 preprocessor conditionals on AIX. |
8020121 | hotspot | compiler | PPC64 (part 105-2): fix build in cppInterpreter after 8019519 |
8022494 | hotspot | compiler | Make compilation IDs sequential |
8023033 | hotspot | compiler | PPC64 (part 13): Basic shared changes for AIX |
8023038 | hotspot | compiler | PPC64 (part 15): Platform files for AIX/PPC64 support |
8024342 | hotspot | compiler | PPC64 (part 111): Support for C calling conventions that require 64-bit ints. |
8024344 | hotspot | compiler | PPC64 (part 112): C argument in register AND stack slot. |
8024468 | hotspot | compiler | PPC64 (part 201): cppInterpreter: implement bytecode profiling |
8024469 | hotspot | compiler | PPC64 (part 202): cppInterpreter: support for OSR. |
8024921 | hotspot | compiler | PPC64 (part 113): Extend Load and Store nodes to know about memory ordering. |
8024922 | hotspot | compiler | PPC64 (part 116): Extend adlc to generate fields into nodes. |
8025277 | hotspot | compiler | Add -XX: flag to print code cache sweeper statistics |
8025644 | hotspot | compiler | java/util/stream/test/org/openjdk/tests/java/util/stream/ToArrayOpTest.java fails with TestData$OfRef): failure java.lang.AssertionError: expected [true] but found [false] |
8026253 | hotspot | compiler | New type profiling points: sparc support |
8026478 | hotspot | compiler | -XX:+VerifyAdapterSharing is broken |
8027388 | hotspot | compiler | JVM crashes with SIGSEGV (0xb) at pc=0x00000001077cbbf6 |
8027422 | hotspot | compiler | assert(_gvn.type(obj)->higher_equal(tjp)) failed: cast_up is no longer needed |
8027571 | hotspot | compiler | fatal error: meet not symmetric |
8027754 | hotspot | compiler | Enable loop optimizations for loops with MathExact inside |
8027966 | hotspot | compiler | Adapt PPC to 8023657: New type profiling points: arguments to call |
8027969 | hotspot | compiler | Adapt PPC to 8026328: Setting a breakpoint on invokedynamic crashes the JVM |
8028064 | hotspot | compiler | tiered may collect wrong receiver type at virtual call |
8028401 | hotspot | compiler | PPC64 (part 117): Improve usability of adlc and format() functionality. |
8028468 | hotspot | compiler | Add inlining information into ciReplay |
8028471 | hotspot | compiler | PPC64 (part 215): opto: Extend ImplicitNullCheck optimization. |
8028515 | hotspot | compiler | PPC64 (part 113.2): opto: Introduce LoadFence/StoreFence. |
8028580 | hotspot | compiler | PPC64 (part 114/120): Support for Call nodes with constants. |
8028767 | hotspot | compiler | PPC64: (part 121): smaller shared changes needed to build C2 |
8029015 | hotspot | compiler | PPC64 (part 216): opto: trap based null and range checks |
8029025 | hotspot | compiler | PPC64 (part 203): opto: Move static _in_dump_cnt to Compile object. |
8029091 | hotspot | compiler | Bug in calculation of code cache sweeping interval |
8029302 | hotspot | compiler | Performance regression in Math.pow intrinsic |
8029436 | hotspot | compiler | CICompilerCount is not updated when the number of compiler threads is adjusted to the number of CPUs |
8029873 | hotspot | compiler | compiler/uncommontrap/TestStackBangRbp.java crashes with SIGSEGV |
8029940 | hotspot | compiler | PPC64 (part 122): C2 compiler port |
8030662 | hotspot | compiler | "assert(counter_changed) failed: failed dependencies, but counter didn't change" still fails |
8030783 | hotspot | compiler | Provide regression test for 8026478: -XX:+VerifyAdapterSharing is broken |
8030863 | hotspot | compiler | PPC64: (part 220): ConstantTableBase for calls between args and jvms |
8031115 | hotspot | compiler | intrinsics for Math.decrementExact(J) and incrementExact(J) don't work |
8031188 | hotspot | compiler | Fix for 8029015: PPC64 (part 216): opto: trap based null and range checks |
8031475 | hotspot | compiler | Missing oopmap in patching stubs |
8031752 | hotspot | compiler | Failed speculative optimizations should be reattempted when root of compilation is different |
8031754 | hotspot | compiler | Type speculation should favor profile data from outermost inlined method |
8032490 | hotspot | compiler | Remove -XX:+-UseOldInlining |
8032633 | hotspot | compiler | Enable type speculation by default |
8033117 | hotspot | compiler | PPC64: Adapt to 8002074: Support for AES on SPARC |
8033168 | hotspot | compiler | PPC64: gcc 4.8 warning in output_c.cpp |
8033626 | hotspot | compiler | assert(ex_map->jvms()->same_calls_as(_exceptions->jvms())) failed: all collected exceptions must come from the same place |
8033805 | hotspot | compiler | Move Fast_Lock/Fast_Unlock code from .ad files to macroassembler |
8034188 | hotspot | compiler | OSR methods may not be recompiled at proper compilation level after deoptimization |
8035394 | hotspot | compiler | PPC64: Make usage of intrinsic dsqrt depend on processor recognition. |
8035585 | hotspot | compiler | Restore UseOldInlining in jdk8u |
8035647 | hotspot | compiler | PPC64: Support for elf v2 abi. |
8035828 | hotspot | compiler | Turn on @Stable support in VM |
8035841 | hotspot | compiler | assert(dp_src->tag() == dp_dst->tag()) failed: should be same tags 1 != 0 at ciMethodData.cpp:90 |
8035887 | hotspot | compiler | VM crashes trying to force inlining the recursive call |
8035936 | hotspot | compiler | SIGBUS in StubRoutines::aesencryptBlock, solaris-sparc |
8035970 | hotspot | compiler | PPC64: fix ad file after 8027754: Enable loop optimizations for loops with MathExact inside |
8036619 | hotspot | compiler | Shark: add LLVM 3.4 support |
8036667 | hotspot | compiler | "assert(adr->is_AddP() && adr->in(AddPNode::Offset)->is_Con()) failed: offset is a constant" with FoldStableValues on |
8037821 | hotspot | compiler | Account for trampoline stubs when estimating code buffer sizes |
8038048 | hotspot | compiler | assert(null_obj->escape_state() == PointsToNode::NoEscape,etc) runThese -full |
8038181 | hotspot | compiler | Can't build product VM without precompiled header |
8038222 | hotspot | compiler | Assembler::bsrl fails on assert when -UseCountLeadingZerosInstruction is used on CPU with LZCNT support |
8038240 | hotspot | compiler | new WB API to get nmethod |
8038286 | hotspot | compiler | nm->set_rtm_state() should be called after (nm != NULL) check |
8038297 | hotspot | compiler | Avoid placing CTI immediately following cbcond instruction on T4 |
8038633 | hotspot | compiler | crash in VM_Version::get_processor_features() on startup |
8038939 | hotspot | compiler | Some options related to RTM locking optimization works inconsistently |
8039043 | hotspot | compiler | Implicit null check is in the wrong place in C1 -UseCompressedOops |
8039298 | hotspot | compiler | C2: assert(base == NULL || t_adr->isa_rawptr() || !phase->type(base)->higher_equal(TypePtr::NULL_PTR)) failed: NULL+offs not RAW address? |
8039597 | hotspot | compiler | WhiteBox :: clean type profiling data |
8039975 | hotspot | compiler | SIGSEGV in MethodData::next_data(ProfileData*) |
8040085 | hotspot | compiler | dtrace/jsdt tests crash on solaris. found an unadvertised bad scavengable oop in the code cache |
8041351 | hotspot | compiler | Crash in src/share/vm/opto/loopnode.cpp:3215 - assert(!had_error) failed: bad dominance |
8041458 | hotspot | compiler | JVM crashes with collect_args_for_profiling |
8041481 | hotspot | compiler | JVM crashes with collect_args_for_profiling |
8041957 | hotspot | compiler | -XX:UseAVX=0 cause assert(UseAVX) failed |
8041959 | hotspot | compiler | Skip replay parsing errors with ReplayIgnoreInitErrors |
8042052 | hotspot | compiler | assert(t != NULL) failed: must set before get |
8042281 | hotspot | compiler | compiler/7184394/TestAESMain.java fails with: javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes |
8042309 | hotspot | compiler | Some bugfixes for the ppc64 port. |
8042786 | hotspot | compiler | Proper fix for 8032566 |
8043274 | hotspot | compiler | Test compiler/7184394/TestAESMain.java gets NPE on solaris |
8043354 | hotspot | compiler | OptimizePtrCompare too aggressive when allocations are present |
8043413 | hotspot | compiler | REGRESSION: Hotspot causes segmentation fault in jdk8ux, but not in jdk7ux |
8044090 | hotspot | compiler | C1: Old value instead of new one is passed to post-barrier in UnsafeGetAndSetObject |
8046275 | hotspot | compiler | Fastdebug build failing on jdk9/hs/ control jobs after pulling some hs-comp changes |
8046516 | hotspot | compiler | Segmentation fault in JVM (easily reproducible) |
8050978 | hotspot | compiler | Fix bad field access check in C1 and C2 |
6991197 | hotspot | gc | G1: specialize deal_with_reference() for narrowOop* |
7090324 | hotspot | gc | gclog rotation via external tool |
8016302 | hotspot | gc | Change type of the number of GC workers to unsigned int (2) |
8027295 | hotspot | gc | Free CSet takes ~50% of young pause time |
8027364 | hotspot | gc | PSScavenge accounts too large code section to StringTable unlink |
8027454 | hotspot | gc | Do not traverse string table during G1 remark when treating them as strong roots during initial mark |
8027455 | hotspot | gc | Improve symbol table scan times during gc pauses |
8027476 | hotspot | gc | Improve performance of Stringtable unlink |
8027559 | hotspot | gc | Decrease code size and templatizing in G1ParCopyClosure::do_oop_work |
8027746 | hotspot | gc | Remove do_gen_barrier template parameter in G1ParCopyClosure |
8027964 | hotspot | gc | Adapt PPC to 6843347: Boundary values in some public GC options cause crashes |
8027965 | hotspot | gc | Adapt PPC to 8015107: NPG: Use consistent naming for metaspace concepts |
8028391 | hotspot | gc | Make the Min/MaxHeapFreeRatio flags manageable |
8029075 | hotspot | gc | String deduplication in G1 |
8029162 | hotspot | gc | G1: Shared SATB queue never enabled |
8029255 | hotspot | gc | G1: Reference processing should not enqueue references on the shared SATB queue |
8030177 | hotspot | gc | G1: Enable TLAB resizing |
8031703 | hotspot | gc | Missing post-barrier in ReferenceProcessor |
8033106 | hotspot | gc | Wrong predicate for checking whether the correct amount of symbol table entries have been processed in G1 |
8033426 | hotspot | gc | Scale initial NewSize using NewRatio if not set on command line |
8033545 | hotspot | gc | Missing volatile specifier in Bitmap::par_put_range_within_word |
8034079 | hotspot | gc | G1: Refactor the HeapRegionSet hierarchy |
8034852 | hotspot | gc | Shrinking of Metaspace high-water-mark causes incorrect OutOfMemoryErrors or back-to-back GCs |
8034868 | hotspot | gc | Extract G1 From Card Cache into separate class |
8034948 | hotspot | gc | Back out JDK-6976350 since it does not fix any issue |
8035057 | hotspot | gc | NewSize ergonomics wrong when setting small or unaligned size on command line |
8035326 | hotspot | gc | Assume non-NULL references in G1CollectedHeap::in_cset_fast_test |
8035329 | hotspot | gc | Move G1ParCopyClosure::copy_to_survivor_space into G1ParScanThreadState |
8035330 | hotspot | gc | Remove G1ParScanPartialArrayClosure and G1ParScanHeapEvacClosure |
8035398 | hotspot | gc | Add card redirty time in "Other" time in G1 |
8035406 | hotspot | gc | Improve data structure for Code Cache remembered sets |
8035654 | hotspot | gc | Add times for evacuation failure handling in "Other" time |
8035667 | hotspot | gc | EventMetaspaceSummary doesn't report committed Metaspace memory |
8035815 | hotspot | gc | Cache-align and pad the from card cache |
8035822 | hotspot | gc | Unable to test minimalVM |
8036025 | hotspot | gc | Sort the freelist in order to shrink the heap |
8036672 | hotspot | gc | G1: alloc_purpose in copy_to_survivor_space() used incorrectly |
8036673 | hotspot | gc | G1: Abort weak reference processing if mark stack overflows |
8036696 | hotspot | gc | Add metaspace gc threshold to metaspace summary trace event |
8036698 | hotspot | gc | Add trace event for updates to metaspace gc threshold |
8036699 | hotspot | gc | Add trace event when a metaspace allocation fails |
8036701 | hotspot | gc | Add trace event when a metaspace throws out of memory error |
8036703 | hotspot | gc | Add trace event with statistics for the metaspace chunk free lists |
8036860 | hotspot | gc | Pad and cache-align the BiasedMappedArray |
8037112 | hotspot | gc | gc/g1/TestHumongousAllocInitialMark.java caused SIGSEGV |
8037407 | hotspot | gc | G1: Remove heapRegionSets.cpp |
8037962 | hotspot | gc | metaspaceTracer.cpp misses a symbol |
8038498 | hotspot | gc | Fix includes and C inlining after 8035330 |
8038934 | hotspot | gc | Remove prefix allocated_ from methods and variables in Metaspace |
8039042 | hotspot | gc | G1: Phantom zeros in cardtable |
8039089 | hotspot | gc | List verification enabled in product builds |
8040245 | hotspot | gc | G1: VM hangs during shutdown |
8040803 | hotspot | gc | G1: Concurrent mark hangs when mark stack overflows |
8040804 | hotspot | gc | G1: Concurrent mark stuck in loop calling os::elapsedVTime() |
8042310 | hotspot | gc | TestStringDeduplicationMemoryUsage test failing |
8042933 | hotspot | gc | assert(capacity_until_gc >= committed_bytes) failed |
8043239 | hotspot | gc | G1: Missing post barrier in processing of j.l.ref.Reference objects |
8044796 | hotspot | gc | G1: Enabled G1CollectedHeap::stop() |
8031693 | hotspot | jfr | Two nsk/hprof/options/cpu failed with Stack Overflow in JFR on Linux-amd64 in Promotion testing of JDK8 b123 |
8034176 | hotspot | jfr | Update mapfile for libjfr |
8042311 | hotspot | jfr | oracle/jrockit/jfr/JIInliner.java imports wrong ASM |
8025841 | hotspot | jvmti | JVMTI: "vtable stub" dynamic code notification is misplaced |
8030027 | hotspot | jvmti | nsk/jvmti/scenarios/hotswap/HS101/hs101t006 Crashed the vm on Linux-amd64: SIGSEGV in JavaThread::last_java_vframe(RegisterMap*)+0xfa |
8031968 | hotspot | jvmti | Mac OS X: VM starts the agent by calling both Agent_OnAttach and Agent_OnAttach_L functions if its agent library is dynamically linked. |
8035150 | hotspot | jvmti | ShouldNotReachHere() in ConstantPool::copy_entry_to |
8035423 | hotspot | jvmti | AIX: Fix os::get_default_process_handle() in os_aix.cpp after 8031968 |
6498581 | hotspot | runtime | ThreadInterruptTest3 produces wrong output on Windows |
8016491 | hotspot | runtime | PPC64 (part 2): Clean up PPC defines. |
8016586 | hotspot | runtime | PPC64 (part 3): basic changes for PPC64 |
8016644 | hotspot | runtime | Improve UnsupportedClassVersionError message |
8017313 | hotspot | runtime | PPC64 (part 6): stack handling improvements |
8017317 | hotspot | runtime | PPC64 (part 7): cppInterpreter: implement support for biased locking |
8020775 | hotspot | runtime | PPC64 (part 12): posix signal printing |
8024379 | hotspot | runtime | PPC64: Adapt PPC64 port to 8003424 |
8026300 | hotspot | runtime | VM warning: increase O_BUFLEN in ostream.hpp -- output truncated occurs with fastdebug VM when printing flags |
8026334 | hotspot | runtime | hs_err improvement: Print elapsed time in a humanly readable format |
8026487 | hotspot | runtime | PPC64: Implement 'os::fork_and_exec' on AIX |
8027146 | hotspot | runtime | Class loading verification failure if GC occurs in Universe::flush_dependents_on |
8027314 | hotspot | runtime | Java should recognize Diagnostic options if -XX:+UnlockDiagnosticVMOptions is not specified and print an informative message |
8027968 | hotspot | runtime | Adapt PPC to 8024927: Nashorn performance regression with CompressedOops |
8028073 | hotspot | runtime | race condition in ObjectMonitor implementation causing deadlocks |
8028280 | hotspot | runtime | ParkEvent leak when running modified runThese which only loads classes |
8028470 | hotspot | runtime | PPC64 (part 214): linux: extend signal handler to catch SIGTRAP on ppc64. |
8028497 | hotspot | runtime | SIGSEGV at ClassLoaderData::oops_do(OopClosure*, KlassClosure*, bool) |
8028514 | hotspot | runtime | PPC64: Fix C++ Interpreter after '7195622: CheckUnhandledOops has limited usefulness now' |
8028553 | hotspot | runtime | The JVM should not throw VerifyError when 'overriding' a static final method in a superclass. |
8029101 | hotspot | runtime | PPC64 (part 211): ordering of Independent Reads of Independent Writes |
8029178 | hotspot | runtime | Parallel class loading test anonymous-simple gets SIGSEGV in Metaspace::contains |
8029957 | hotspot | runtime | PPC64 (part 213): cppInterpreter: memory ordering for object initialization |
8030955 | hotspot | runtime | assert(_prologue != NULL) failed: prologue pointer must be initialized |
8031045 | hotspot | runtime | Access checks should precede additional per-instruction checks |
8031290 | hotspot | runtime | Adjust call to getisax() for additional words returned |
8032010 | hotspot | runtime | Attempt to resolve abstract method in concrete class fails with AbstractMethodError |
8032024 | hotspot | runtime | Test not added for bug 8025937: assert(existing_f1 == NULL || existing_f1 == f1) failed: illegal field,change |
8032634 | hotspot | runtime | Add #ifdef PPC64 around OrderAccess operations on _thread_state. |
8033126 | hotspot | runtime | Can't call default methods from JNI |
8033150 | hotspot | runtime | invokestatic: IncompatibleClassChangeError trying to invoke static method from a parent in presence of conflicting defaults |
8033696 | hotspot | runtime | "assert(thread != NULL) failed: just checking" due to Thread::current() and JNI pthread interaction |
8033792 | hotspot | runtime | AltHashing used jint for imprecise bit shifting |
8033931 | hotspot | runtime | Several nightly tests failing with assert(imin < imax) failed: Unexpected page size |
8034171 | hotspot | runtime | Remove use of template template parameters from binaryTreeDictionary. |
8034797 | hotspot | runtime | AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 |
8034860 | hotspot | runtime | Fatal error due to incorrect thread state during nightly testing |
8035396 | hotspot | runtime | Introduce accessor for tmp_oop in frame. |
8035983 | hotspot | runtime | Fix "Native frames:" in crash report (hs_err file) |
8036767 | hotspot | runtime | PPC64: Support for little endian execution model |
8036823 | hotspot | runtime | Stack trace sometimes shows 'locked' instead of 'waiting to lock' |
8036976 | hotspot | runtime | PPC64: implement the template interpreter |
8038201 | hotspot | runtime | Clean up misleading usage of malloc() in init_system_properties_values() |
8038274 | hotspot | runtime | update 8u fix for 8028073 now that 8028280 is backported to 8u |
8039146 | hotspot | runtime | Fix 64-bit store to int JNIHandleBlock::_top |
8039150 | hotspot | runtime | host_klass invariant fails when verifying newly loaded JSR-292 anonymous classes |
8039904 | hotspot | runtime | dtrace/hotspot/Monitors/Monitors001 fails with "assert(s > 0) failed: Bad size calculated" |
8040140 | hotspot | runtime | System.nanoTime() is slow and non-monotonic on OS X |
8041918 | hotspot | runtime | BootstrapMethods attribute cannot be empty |
8042059 | hotspot | runtime | Various fixes to linux/sparc |
8051378 | hotspot | runtime | AIX: Change "8030763: Validate global memory allocation" breaks the HotSpot build |
8030184 | hotspot | svc | Remove unneeded "content_type" declarations from tracetypes.xml |
8032250 | hotspot | svc | Add trace event for VM flag changes |
8032466 | hotspot | svc | serviceability/sa/jmap-hashcode/Test8028623.java fails with compilation errors |
8032518 | hotspot | svc | fatal error has been detected by the Java Runtime Environment (access violation) |
8037340 | hotspot | svc | Linux semaphores to use CLOCK_REALTIME |
8041723 | hotspot | svc | Event Based tracing ids to be reassigned for CDS klasses |
8046408 | hotspot | svc | Build failure from multiple ptrace.h |
8047812 | hotspot | svc | Ensure ClassLoaderDataGraph::classes_unloading_do only delivers klasses from CLDs with non-reclaimed class loader oops |
8003653 | install | Java items on Start Menu still exist even after all JREs from the system are removed. | |
8003661 | install | $(CD) $(CURRENTDIR)/jre/; directory does not exist | |
8027686 | install | Fail to install on MacOS 10.10 | |
8027770 | install | need to consolidate our registry manipulation approach | |
8031597 | install | Need msi with one-file-per-componet | |
8032038 | install | need to fix new msi wrapper extraction issue | |
8034956 | install | fully commit to new msi design | |
8036950 | install | need to turn on new patching mechanism during install runtime | |
8037542 | install | uninstaller not removing AU2.0 | |
8037870 | install | "Back" button should not be shown on the JDK public jre's changefolder dialog. | |
8039182 | install | jds catch breaks the installer.exe | |
8039249 | install | Registry class enhancements | |
8039281 | install | ErrorHandling macros log wrong source position | |
8044173 | install | VPAT: "Uninstall out-of-date versions" dialogs - JAWS issues | |
8049056 | install | Deployment .jar files are missing in JAVA_HOME\lib, when installer calls RegisterDeployEx() from deploy.dll | |
8041144 | install | auto_update | AU should be easier to setup after a DS build |
8042957 | install | auto_update | The new au64 project has several issues |
7058601 | install | install | Registry key shows incorrect location of jvm.dll on Win 7 64 bit installation |
8021612 | install | install | [macosx] The JRE installer does not look right with 8 b100 promotion build. |
8031405 | install | install | jdk9/dev build fails in install on solaris after JDK_MINOR_VERSION was changed to 9 |
8034219 | install | install | 8u5 JDK welcome dialog: Update text is missed |
8037044 | install | install | unpack200.exe calls are broken on windows |
8037267 | install | install | zh-SG (Chinese Singapore) locale should be handled as Chinese Simplified |
8038395 | install | install | enterprise MSI PIT has 2 major issues |
8039085 | install | install | Unittests for new functionality in FileUtils is required |
8039347 | install | install | 8u20 Patch Installer Failure |
8039397 | install | install | msi installers should support rollback |
8040924 | install | install | [MSI] Start menu is not created when install MSI with NOSTARTMENU=0 |
8040925 | install | install | [MSI] FIU dialog appears when uninstall MSI with Java App running |
8040927 | install | install | [MSI] Access Bridge is installed when install test jre with STATIC=1 after higher version installed |
8040930 | install | install | [MSI] Some files left after uninstalled 32bit JRE if 64bit JRE exists |
8041553 | install | install | 8u20-b10: Jre can't be installed to folders containing non-ASCII chara |
8042080 | install | install | SDK installer can not run on windows zh_CN and ja |
8043777 | install | install | VPAT: "Uninstall out-of-date versions" dialogs - keyboard a11y issue |
8044035 | install | install | RPM internal names must match the standard bundle file name patterns |
8048064 | install | install | out-of-date dialogs are not displayed correctly in sv |
8048909 | install | uninstall | msi uninstaller not localized |
8029073 | other-libs | corba | (corba) New connection reclaimed when number of connection is greater than highwatermark |
8042789 | other-libs | corba | org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader |
8037221 | other-libs | other | [asm] refresh internal ASM version |
8044046 | other-libs | other | [asm] refresh internal ASM version to v5.0.3 |
8021804 | security-libs | java.security | Certpath validation fails if validity period of root cert does not include validity period of intermediate cert |
8025708 | security-libs | java.security | Certificate Path Building problem with AKI serial number |
8031025 | security-libs | java.security | SQE test CertPath/CertPathBuilderTest/* failed with java.lang.IndexOutOfBoundsException |
8037258 | security-libs | java.security | AIOB while parsing CRL for revoked certificate |
8039358 | security-libs | java.security | com.sun.jarsigner.ContentSignerParameters.getTSAPolicyID() should be a default method |
8028627 | security-libs | javax.crypto | Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings |
8042449 | security-libs | javax.net.ssl | Issue for negative byte major record version |
7047033 | security-libs | javax.smartcardio | (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true |
7195480 | security-libs | javax.smartcardio | javax.smartcardio does not detect cards on Mac OS X |
8039118 | security-libs | javax.smartcardio | Windows build failure (j2pcsc.dll : fatal error unresolved external symbol throwByName) |
8043507 | security-libs | javax.smartcardio | (smartcardio) javax.smartcardio.CardTerminals.list() fails on MacOSX |
8043720 | security-libs | javax.smartcardio | (smartcardio) Native memory should be handled more accurately |
8049250 | security-libs | javax.smartcardio | (smartcardio) Need a flag to invert the Card.disconnect(reset) argument |
8031046 | security-libs | org.ietf.jgss:krb5 | Native Windows ccache might still get unsupported ticket |
8036779 | security-libs | org.ietf.jgss:krb5 | sun.security.krb5.KdcComm interprets kdc_timeout as msec instead of sec |
8036971 | security-libs | org.ietf.jgss: | krb5.conf does not accept directive lines before the first section |
8039431 | tools | Integrate new version of Java VisualVM based on VisualVM 1.3.7 into JDK | |
8036709 | tools | jar | Java 7 jarsigner displays warning about cert policy tree |
8015101 | tools | javac | Covariance of return type implied by upper bounding on type parameter is ignored |
8027477 | tools | javac | Enable repeating annotations test cases since JDK-8004912 is fixed |
8027886 | tools | javac | javac allows illegal receiver parameters |
8028503 | tools | javac | javac, for method references a primitive type can be added as a bound |
8028576 | tools | javac | Incorrect RuntimeVisibleTypeAnnotations for exception parameters when not generating debuging info |
8029002 | tools | javac | javac should take multiple upper bounds into account in incorporation |
8029017 | tools | javac | ElementType.TYPE_USE should be a logical superset of ElementType.TYPE and ANNOTATION_TYPE |
8029042 | tools | javac | Receiver parameter not supported on local class constructor |
8029240 | tools | javac | Default methods not always visible under -source 7 |
8029718 | tools | javac | Should always use lambda body structure to disambiguate overload resolution |
8029725 | tools | javac | Lambda reference to containing local class causes javac infinite recursion |
8029800 | tools | javac | Flags.java uses String.toLowerCase without specifying Locale |
8029852 | tools | javac | Bad code generated (VerifyError) when lambda instantiates enclosing local class and has captured variables |
8030049 | tools | javac | RoundEnvironment.getElementsAnnotatedWith receives wrong elements |
8030218 | tools | javac | javac, compile time error isn't shown when final static field is not assigned, follow-up |
8030741 | tools | javac | Inference: implement eager resolution of return types, consistent with JDK-8028800 |
8030816 | tools | javac | javac crashes when mixing lambdas and inner classes |
8030855 | tools | javac | Default methods should be visible under source previous to 8 |
8031023 | tools | javac | [javac] LambdaToMethod is missing forceSerializedRepresentation logic and switch |
8031425 | tools | javac | Two langtools/javac tests fail by timeout on Windows |
8031967 | tools | javac | For some sources compiler compiles for ever |
8033287 | tools | javac | Reduce the size of the endPosTable |
8033437 | tools | javac | javac, inconsistent generic types behaviour when compiling together vs. separate |
8033718 | tools | javac | Inference ignores capture variable as upper bound |
8034048 | tools | javac | javac crash with method references plus lambda plus var args |
8034147 | tools | javac | javac crashes with a NullPointerException during bounds checking |
8034223 | tools | javac | Most-specific should not have any special treatment for boxed vs. unboxed types |
8034854 | tools | javac | outer_class_info_index of synthetic class is not zero |
8034924 | tools | javac | Incorrect inheritance of inaccessible static method |
8035890 | tools | javac | jdk8 javac -source 7 compiles test case it should not |
8036007 | tools | javac | javac crashes when encountering an unresolvable interface |
8036942 | tools | javac | javac generates incorrect exception table for multi-catch statements inside a lambda |
8037379 | tools | javac | fix for JDK-8029569 doesn't cover all possible cases |
8037385 | tools | javac | constant pool errors with -target 1.7 and static default methods |
8037934 | tools | javac | Javac generates invalid signatures for local types |
8037935 | tools | javac | Javac: final local String var referenced in binary/unary op in lambda produces code that does not verify |
8037937 | tools | javac | javac: AssertionError during LVT generation, wrong variable ranges |
8038023 | tools | javac | Compiler crash: ClassCastException |
8038182 | tools | javac | javac crash with FunctionDescriptorLookupError for invalid functional interface |
8038420 | tools | javac | Lambda returning post-increment generates wrong code |
8038788 | tools | javac | javac behaves incorrectly for annotations after method type parameters in some cases |
8038975 | tools | javac | Access control in enhanced for |
8039026 | tools | javac | Definitely unassigned field can be accessed |
8040822 | tools | javac | Duplicated notifications can be sent to TaskListener |
8041663 | tools | javac | Sensitive dependence on location of nested interface |
8041704 | tools | javac | wrong error message when mixing lambda expression and inner class |
8041713 | tools | javac | Type inference of non-existent method references crashes the compiler |
8042338 | tools | javac | Refactor Types.upperBound to treat wildcards and variables separately |
8042656 | tools | javac | Inference produces spurious error for intersection type bounds check |
8042741 | tools | javac | Java 8 compiler throws NullPointerException depending location in source file |
8042759 | tools | javac | Lambda returning implicitly-typed lambdas considered pertinent to applicability |
8042785 | tools | javac | javac, bridge methods are not getting the flags from the original method |
8042803 | tools | javac | Types.wildLowerBound and cvarLowerBound should call unannotatedType() |
8043186 | tools | javac | javac test langtools/tools/javac/util/StringUtilsTest.java fails |
8043253 | tools | javac | Slow javac compile times in JDK 8 |
8043725 | tools | javac | javac fails with StackOverflowException |
8044487 | tools | javac | Fix for 8042785 causes regression tests to fail with java.lang.VerifyError |
8046762 | tools | javac | Revert some inference fixes in JDK-8033718 |
8046916 | tools | javac | Type parameter annotations don't work with multiple type parameters |
8029145 | tools | javadoc(tool) | javadoc fails with java.lang.IllegalStateException: endPosTable already set |
8031212 | tools | javadoc(tool) | doclint incorrectly rejects some @see tags in javadoc comments |
8037484 | tools | javadoc(tool) | [javadoc] fails with java.lang.IllegalStateException: endPosTable already set |
8037881 | tools | javadoc(tool) | javax.crypto is not listed in the compact* profiles javadoc |
8038976 | tools | javadoc(tool) | javadoc requires a trailing / for links where java 7's javadoc didn't |
8039231 | tools | javadoc(tool) | [javadoc] test failure caused by javax.crypto fix |
8032814 | tools | javap | LineNumberTable/LocalVariableTable tables duplication for the "-v -l" combination of options |
8032819 | tools | javap | Extra empty line between field declarations for the "-v -c" and "-v -l" combination of options |
8032869 | tools | javap | remove support for legacy options in javap |
8033114 | tools | javap | The values of non-static final fields are printed for the -constants option |
8033180 | tools | javap | An inappropriate newline symbol in the help section |
8033581 | tools | javap | Incorrect comment alignment |
8033686 | tools | javap | Internal error for zero indent |
8033711 | tools | javap | An exception is thrown if using the "-classpath" option with no arguments |
8033726 | tools | javap | StackMapTable does not unindent properly |
8033798 | tools | javap | javap output has unnecessary trailing whitespace |
8033913 | tools | javap | Incorrect indentation of StackMapTable entries |
8033930 | tools | javap | Unnecessary new line after the StackMapTable |
8035104 | tools | javap | reorder class file attributes in javap listing |
8035364 | tools | javap | An extra space in the comments of constant pool entries |
8030698 | tools | jconsole | Some messages in jconsole in 7u40 (and later) aren't displayed correctly |
8029388 | tools | launcher | java.exe consumes argument intended for launched java class |
8046502 | tools | visualvm | visualvm ClassNotFoundException on CPU profile |
8033113 | xml | jax-ws | wsimport fails on WSDL:header parameter name customization |
8038307 | xml | jax-ws | JAX-WS conformance tests fail when running JCK-devtools-8 suite against RI in EBCDIC emulation mode |
8039899 | xml | jax-ws | Missing licence headers in test for JDK-8033113 |
8043129 | xml | jax-ws | JAF initialisation in SAAJ clashing with the one in javax.mail |
8027359 | xml | jaxp | XML parser returns incorrect parsing results |
8032392 | xml | jaxp | Spec: javax.xml.stream.XMLEventFactory/XMLOutputFactory/XMLInputFactory.newFactory(String, ClassLoader) referring to ServiceLoader.load(Class, ClassLoader) |
8032909 | xml | jaxp | XSLT string-length returns incorrect length when string includes complementary chars |
8011795 | xml | org.w3c.dom | DOM Serializer prints stack traces to System.err |
JDK
Area: install
Synopsis: 64 bit JRE Offline Installer is uncompressed
The 64 bit JRE offline installer for Windows was released as an uncompressed binary in 8u20. In its uncompressed state, the binary is 91.68MB in size.
Only the Windows offline 64 bit JRE bundle is impacted. This does not apply to any other JRE/JDK Windows installers (e.g. 32 bit offline, 32 bit online, or any auto-update bundle, 32 bit or 64 bit).
JavaFX
Area: media
Synopsis: [Linux] JavaFX Media does not run on Ubuntu 14.04
The JavaFX Media component in 8u20 requires the following packages which are not shipped with Ubuntu 14.04:
Ubuntu 14.04 ships with newer, incompatible versions of these packages.
Workaround: install the specific versions of the required packages.
Area: client-libs
Synopsis: JRE 8u20 crashes while using Japanese IM on Windows
The VM crashes while using Swing controls when some Japanese or Chinese characters are input on Windows platform. There is no workaround.
See 8058858 (not public).
The following sections summarize changes made in the Java SE 8u11 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Please note that fixes from the prior BPR (8u5 b31) are included in this BPR.
The full version string for this update release is 1.8.0_11-b12 (where "b" means "build"). The version number is 8u11.
This update release contains the following enhancements and changes:
JDK 8u11 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u11 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_11 |
7 | 1.7.0_65 |
6 | 1.6.0_81 |
5.0 | 1.5.0_71 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u11) will expire with the release of the next critical patch update scheduled for October 14, 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u11) on November 15, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
A new command-line tool, Java Dependency Analysis Tool (jdeps), is now available that can be used by developers to understand the static dependencies of their applications and libraries. It also provides an -jdkinternals
option to find dependencies of any JDK internal APIs that are unsupported and private to JDK implementation.
See jdeps man page and the jdeps Open JDK wiki page.
Currently, to disable sponsor offers at the time of installation, the user can deselect the option during installation or can pass SPONSORS=0
as a command line option.
In this release, a new Java Control Panel(JCP) option to disable sponsors is available. To use this option, go to JCP's "Advanced" tab, and check or uncheck "Suppress sponsor offers when updating Java".
This option is applicable to 32 and 64 bit Windows operating systems.
Entry-Point
From this release, a new JAR file attribute, Entry-Point
is available. The Entry-Point attribute is used to identify the classes that are allowed to be used as 'entry points' to the RIA. Identifying the entry points helps to prevent unauthorized code from being run when a JAR file has more than one class with a main() method, multiple Applet classes, or multiple JavaFX Application classes. Set this attribute to the fully qualified class name that can be used as the entry point for the RIA. To specify more than one class, separate the classes by a space, for example: Entry-Point: apps.test.TestUI apps.test.TestCLI
If the JAR manifest is signed and the main-class or applet-class entry point specified in the JNLP file or application descriptor differs from the class specified for the Entry-Point attribute, then the RIA is blocked. If the Entry-Point attribute is not present, any class with a main() method, or any Applet or JavaFX Application class in the JAR file can be used to start the RIA.
maxElementDepth
A new property, maxElementDepth
, is added to provide applications the ability to set limit on maximum element depth in an xml file that they parse. This may be helpful for applications that may use too much resources when processing an xml file with excessive element depth.
jdk.xml.maxElementDepth
See 8031541 (not public).
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes in this release:
Area: client-libs/AWT
Synopsis: Using RMI from a restricted environment may cause a NullPointerException.
If an application uses RMI and runs in a restricted environment (ie. Java Plugin, Java Web Start), it may not work. In particular, if you run a UI from an RMI callback, a NullPointerException is likely to be thrown.
See 8019274.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8023990 | client-libs | 2d | Regression: postscript size increase from 6u18 |
8041572 | client-libs | java.awt | [macosx] huge native memory leak in AWTWindow.m |
8041987 | client-libs | java.awt | [macosx] setDisplayMode crashes |
8019990 | client-libs | java.awt:i18n | IM candidate window appears on the South-East corner of the display |
8035897 | core-libs | java.net | Better memory allocation for file descriptors greater than 1024 on macosx |
8043012 | core-libs | java.util:i18n | (tz) Support tzdata2014c |
8019274 | deploy | RMI thread can no longer call out to AWT thread for webstart app | |
8032781 | deploy | deployment_toolkit | Run rule not working in case of html applet |
8030636 | deploy | plugin | Accessibility class in jar on -xbootclasspath/a is not loaded by jvm |
8031996 | deploy | plugin | Java.Lang.Reflect.InvocationTargetException When Cache Has Disabled |
8032206 | deploy | plugin | Applet with jnlp.Packenabled=True And jnlp.versionEnabled=True Fails |
8034230 | deploy | plugin | Applet caller check should not compare URLs |
8035449 | deploy | plugin | security prompt is shown twice when 'Do not show' checkbox is checked |
8041339 | deploy | webstart | JNLP with java-vm-args whose length exceeded 512 chars failed to get loaded with CouldNotLoadArgumentException |
8035613 | xml | jaxb | With active Securitymanager JAXBContext.newInstance fails |
Area: xml/jax-ws
Synopsis: JAF initialization in SAAJ clashing with the one in javax.mail
After initialization of SAAJ components, the javax.mail
library may fail to work under certain circumstances, which in turn could break the javax.mail's JAF setup.
A possible workaround is to re-add the javax.mail handler before using javax.mail
API:
MailcapCommandMap mailMap = (MailcapCommandMap)
CommandMap.getDefaultCommandMap();
mailMap.addMailcap("multipart/mixed;;x-java-content-
handler=com.sun.mail.handlers.multipart_mixed");
See 8043129.
The following sections summarize changes made in all Java SE 8u5 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.
To determine the version of your JDK software, use the following command:
java -version
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8028192 (Confidential) |
security-libs | java.net.ssl | PKCS11 is not working correctly. |
8038202 (Confidential) |
deploy | plugin | Inconsistent behavior on systems using Deployment Rule Set |
The full version string for this update release is 1.8.0_5-b13 (where "b" means "build"). The version number is 8u5.
This update release contains enhancements and changes including the following:
JDK 8u5 contains Olson time zone data version 2013i. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u5 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_5 |
7 | 1.7.0_55 |
6 | 1.6.0_75 |
5.0 | 1.5.0_65 |
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u5) will expire with the release of the next critical patch update scheduled for July 15, 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u5) on August 15, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
The frequency of some security dialogs has been reduced on systems that run the same RIA multiple times.
See 8029649.
Caller-Allowable-Codebase
Attribute.If a stand-alone asterisk (*) is specified as the value for the Caller-Allowable-Codebase
attribute, then calls from JavaScript code to RIA will show a security warning, and users have the choice to allow the call or block the call.
For more information, see JAR File Manifest Attributes for Security documentation.
See 8033707.
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
The following are some of the notable bug fixes in this release:
Area: deploy/plugin
Synopsis: java plugin compatibility with windows 8.1 / IE 11 enhanced protected mode
Starting in this release Java Plug-in is compatible with Windows Enhanced Protected Mode (EPM) on Windows 8.1 and IE 11. You should no longer see any warning related to EPM when trying to run an applet in Internet Explorer (IE). There is a special case for 64-bit Windows - EPM requires both 32-bit and 64-bit Plug-in installed. Please make sure you have both 32-bit and 64-bit JRE installed, otherwise there will be a warning from IE, but Java Plug-in will still run under EPM.
See JDK-8024903 (not public).
Area: other-libs/corba
Synopsis: Enhanced CORBA initializations
The system property org.omg.CORBA.ORBSingletonClass
is used to configure the system-wide/singleton ORB. The handling of this system property has changed to require that the system wide/singleton ORB be visible to the system class loader. This is a change from previous releases where the singleton ORB was located using the thread context class loader of the first thread to call the no-argument ORB.init
method. The implication of this change is that the system-wide/singleton ORB needs to be deployed on the class path or in the extension directory.
Applications that bundle their own ORB and only configure the property org.omg.CORBA.ORBClass
should not be impacted by this change. The per-application ORB will be located via the thread context class loader of the thread calling the 2-argument ORB.init
method as before.
See 8025005 (not public).
Area: xml/jaxp
Synopsis: Custom entities mapping files are no longer loaded with full permission
Legacy code may use the JDK internal API SerializerFactory
to create a Serializer
. In the process, a custom entity mapping file may be specified through the format parameter. The custom file was then loaded with full permission. As of this release, files that complies with java.util.ResourceBundle
format, that is, with a ".properties"
extension, will continue to be loaded with full permission. However, any other custom mapping files will require specific file access permission when the program is running with a SecurityManager
.
The workaround to any issues caused by lack of permission to using an arbitrary file as the entity mapping file is, either changing the file to a resource bundle, or granting file read permission.
See 8029282 (not public).
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-6571600 | client-libs | java.awt | JNI use results in UnsatisfiedLinkError looking for libmawt.so |
JDK-8030822 | core-libs | java.time | (tz) Support tzdata2013i |
JDK-8036568 | core-libs | java.util:collections | Serial incompatibility in java.util.TreeMap.NavigableSubMap |
JDK-8028691 | deploy | plugin | loading browser proxy via config script should not trigger JAR download |
JDK-8029649 | deploy | plugin | Reduce dialog frequency when app is run multiple times |
JDK-8033705 | deploy | plugin | Array out of bounds exception in PluginMain.performSSVValidation |
JDK-8033779 | deploy | plugin | JRE 7u51 Plugin Failing to Run Older JRE Version < 1.6.0 |
JDK-8028577 | deploy | webstart | [regression] Unsigned warning dialog is shown twice for applet with extension launched thru javaws |
JDK-8029922 | deploy | webstart | 32-bit only Java Web Start apps fail to run on 32- and 64-bit JRE configs |
JDK-8031579 | deploy | webstart | Spurious Missing Manifest Permissions Attribute Warning When Launching versioned Java Web Start app |
JDK-8035283 | hotspot | compiler | Second phase of branch shortening doesn't account for loop alignment |
Area: Install
Synopsis: Patching of JDK8 SUNWj8*
Packages is not Supported on Solaris:
In order to update SunWj8*
Solaris pkgs consecutively for JDK 8 family releases, JDK 8u5 must be installed as a base package. For example, SUNWj8*
pkgs cannot be patched for JDK 8 to JDK 8u5 updates. Full packages must be downloaded and installed.
The following packages cannot be patched directly from the JDK8 release:
SUNWj8cfg, SUNWj8dev, SUNWj8dmo, SUNWj8jmp, SUNWj8man, SUNWj8rt
Patching support of the above packages will resume in JDK 8u5 and later releases of Java.
The Java Platform, Standard Edition 8 Development Kit (JDK 8) is a feature release of the Java SE platform. It contains new features and enhancements in many functional areas.
See the following links to release information about enhancements, changes, bugs, installation, runtime deployment, and documentation. Release Notes files are located on our website only and are not in the documentation download bundle, unless otherwise noted.
The expiration date for JRE 8 is 05/15/2014. After this date, Java will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.