diff --git a/.gitignore b/.gitignore
index b701844..1e967ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -220,3 +220,4 @@
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 2645cdb..edf401b 100644
--- a/NEWS
+++ b/NEWS
@@ -21,16 +21,20 @@ Live versions of these release notes can be found at:
   - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
   - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
   - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
+  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
   - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
   - JDK-8160217: JavaSound should clean up resources better
   - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
   - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
+  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
   - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
   - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
   - JDK-8202343: Disable TLS 1.0 and 1.1
+  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
   - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
   - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
   - JDK-8217338: [Containers] Improve systemd slice memory limit support
+  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
   - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
   - JDK-8223186: HotSpot compile warnings from GCC 9
   - JDK-8225805: Java Access Bridge does not close the logger
@@ -44,6 +48,8 @@ Live versions of these release notes can be found at:
   - JDK-8234728: Some security tests should support TLSv1.3
   - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
   - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
+  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
+  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
   - JDK-8242141: New System Properties to configure the TLS signature schemes
   - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
   - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
@@ -57,10 +63,12 @@ Live versions of these release notes can be found at:
   - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
   - JDK-8253932: SSL debug log prints incorrect caller info
   - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
+  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
   - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
   - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
   - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
   - JDK-8258079: Eliminate ParNew's use of klass_or_null()
+  - JDK-8256682: JDK-8202343 is incomplete
   - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
   - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
   - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
@@ -69,6 +77,7 @@ Live versions of these release notes can be found at:
   - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
   - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
   - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
+  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
   - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
   - Revert differences against upstream 8u
 
@@ -116,6 +125,15 @@ jdk.disabled.namedCurves` either from specific or from all
 curves, remove the specific named curve(s) from the
 `jdk.disabled.namedCurves` property.
 
+JDK-8244286: Tools Warn If Weak Algorithms Are Used
+===================================================
+The `keytool` and `jarsigner` tools have been updated to warn users
+when weak cryptographic algorithms are used in keys, certificates, and
+signed JARs before they are disabled. The weak algorithms are set in
+the `jdk.security.legacyAlgorithms` security property in the
+`java.security` configuration file. In this release, the tools issue
+warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
+
 security-libs/javax.net.ssl:
 
 JDK-8256490: Disable TLS 1.0 and 1.1
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index d60b160..58c87bd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project	aarch64-port
 %global shenandoah_repo		jdk8u-shenandoah
-%global shenandoah_revision    	aarch64-shenandoah-jdk8u292-b02
+%global shenandoah_revision    	aarch64-shenandoah-jdk8u292-b03
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
 %global repo            %{shenandoah_repo}
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Thu Mar 04 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b03-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b03 (EA)
+- Update release notes for 8u292-b03.
+
 * Tue Mar 02 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b02-0.0.ea
 - Update to aarch64-shenandoah-jdk8u292-b02 (EA)
 - Update release notes for 8u292-b02.
diff --git a/sources b/sources
index 14dc49a..b463d0a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz) = 8b08ade80d5ee2fc9c175242b0f3ecddb342791bfab56779ca2f8b30de48c4f5e116dd23a8c5ad495c38a84d96738e7ba2011b6a96752cf71105d19a53cfe821
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz) = 9dabe45a32d25fd4332006e2b5b17a6bf43693cee3cb82a371c91857d647f86c5c50453b4a95a1c65121ca21fb4a74f9779925a07707f2b3d2e06b946b84b9ea