Enterprise Performance Pack Release Notes

Java SE 8u401 Enterprise Performance Pack - Bug Fixes and Updates

The following sections summarize changes made in Java SE 8u401 Enterprise Performance Pack. Bug fixes and any other changes are listed below in date order, most current update first. Note that bug fixes in the previous BPR are also included in the current update release.

Changes in Java SE 8u401-Perf b31

Bug Fixes

January 16, 2024

This BPR contains all of the fixes included in the previous JDK 8 Enterprise Performance Pack BPR.

Java™ SE Development Kit 8, Update 401 Enterprise Performance Pack (JDK 8u401-PERF)

January 16, 2024

The full version string for this update release is 8u401-perf-b10 (where "b" means "build"). The version number is 8u401-perf.

IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 8u401 are specified in the following table:

Java Family Version	Security Baseline (Full Version String)
8	8u401-perf-b10

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u401) be used after the next critical patch update scheduled for April 16, 2024.

Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider Java Management Service (JMS).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u401-perf) on 2024-05-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features

security-libs/javax.xml.crypto

➜ New System Property to Toggle XML Signature Secure Validation Mode (JDK-8301260)

A new system property named org.jcp.xml.dsig.secureValidation has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the XMLCryptoContext property value.

Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.

Known Issues

hotspot/compiler

➜ Potential Performance Regression Due to Limited Range Check Elimination (JDK-8314468 (not public))

When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.

This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine or -XX:TieredStopAtLevel=[1,2,3].

Other Notes

security-libs/java.security

➜ Added Four Root Certificates from DigiCert, Inc. (JDK-8318759)

The following root certificates have been added to the cacerts truststore:

+ DigiCert, Inc.

  + digicertcseccrootg5
    DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicertcsrsarootg5
    DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlseccrootg5
    DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlsrsarootg5
    DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US

security-libs/java.security

➜ Added Three Root Certificates from eMudhra Technologies Limited (JDK-8319187)

The following root certificates have been added to the cacerts truststore:

+ eMudhra Technologies Limited

  + emsignrootcag1
    DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsigneccrootcag3
    DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsignrootcag2
    DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

security-libs/java.security

➜ Added ISRG Root X2 CA Certificate from Let's Encrypt (JDK-8317374)

The following root certificate has been added to the cacerts truststore:

+ Let's Encrypt

  + letsencryptisrgx2
    DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US

security-libs/javax.net.ssl

➜ Call X509KeyManager.chooseClientAlias Once for All Key Types (JDK-8262186)

The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias() only once during handshaking for client authentication, even if there are multiple algorithms requested .

Changes in Java SE 8u401-Perf

Bug Fixes

JDK 8u401 Enterprise Performance Pack includes the following fixes from JDK 17:

#	BugId	Component	Summary
1	JDK-8299658	hotspot/compiler	C1 compilation crashes in LinearScan::resolve_exception_edge
2	JDK-8301489	hotspot/compiler	C1: ShortLoopOptimizer might lift instructions before their inputs
3	JDK-8313626	hotspot/compiler	C2 crash due to unexpected exception control flow
4	JDK-8313402	hotspot/compiler	C1: Incorrect LoadIndexed value numbering
5	JDK-8312909	hotspot/compiler	C1 should not inline through interface calls with non-subtype receiver
6	JDK-8303279	hotspot/compiler	C2: crash in SubTypeCheckNode::sub() at IGVN split if
7	JDK-8304954	hotspot/compiler	SegmentedCodeCache fails when using large pages
8	JDK-8316178	hotspot/compiler	Better diagnostic header for CodeBlobs
9	JDK-8315377	hotspot/compiler	C2: assert(u->find_out_with(Op_AddP) == nullptr) failed: more than 2 chained AddP nodes?
10	JDK-8316514	hotspot/compiler	Better diagnostic header for VtableStub
11	JDK-8314024	hotspot/compiler	SIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info
12	JDK-8313262	hotspot/compiler	C2: Sinking node may cause required cast to be dropped
13	JDK-8312440	hotspot/compiler	assert(cast != nullptr) failed: must have added a cast to pin the node
14	JDK-8313756	hotspot/compiler	[BACKOUT] 8308682: Enhance AES performance
15	JDK-8313760	hotspot/compiler	[REDO] Enhance AES performance
16	JDK-8308103	hotspot/compiler	Massive (up to ~30x) increase in C2 compilation time since JDK 17
17	JDK-8307683	hotspot/compiler	Loop Predication should not hoist range checks with trap on success projection by negating their condition
18	JDK-8309119	hotspot/compiler	[17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication
19	JDK-8275333	hotspot/gc	Print count in "Too many recored phases?" assert
20	JDK-8316906	hotspot/gc	Clarify TLABWasteTargetPercent flag
21	JDK-8270894	hotspot/runtime	Use acquire semantics in ObjectSynchronizer::read_stable_mark()
22	JDK-8305994	hotspot/runtime	Guarantee eventual async monitor deflation
23	JDK-8309228	hotspot/runtime	Clarify EXPERIMENTAL flags comment in hotspot/share/runtime/globals.hpp
24	JDK-8306825	hotspot/runtime	Monitor deflation might be accidentally disabled by zero intervals
25	JDK-8279545	hotspot/runtime	Buffer overrun in reverse_words of sharedRuntime_x86_64.cpp:3517
26	JDK-8283326	hotspot/runtime	Implement SafeFetch statically
27	JDK-8314679	hotspot/svc-agent	SA fails to properly attach to JVM after having just detached from a different JVM