diff --git a/.gitignore b/.gitignore
index 529115c..90fdc3b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -259,3 +259,4 @@
 /openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07-4curve.tar.xz
 /openjdk-shenandoah-jdk8u-shenandoah-jdk8u345-b01-4curve.tar.xz
 /openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b07-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz
diff --git a/NEWS b/NEWS
index a9c038b..3183a73 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,16 @@ Live versions of these release notes can be found at:
   * https://bit.ly/openjdk8u352
   * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.txt
 
+* Security fixes
+  - JDK-8282252: Improve BigInteger/Decimal validation
+  - JDK-8285662: Better permission resolution
+  - JDK-8286511: Improve macro allocation
+  - JDK-8286519: Better memory handling
+  - JDK-8286526, CVE-2022-21619: Improve NTLM support
+  - JDK-8286533, CVE-2022-21626: Key X509 usages
+  - JDK-8286910, CVE-2022-21624: Improve JNDI lookups
+  - JDK-8286918, CVE-2022-21628: Better HttpServer service
+  - JDK-8288508: Enhance ECDSA usage
 * Other changes
   - JDK-7131823: bug in GIFImageReader
   - JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate
@@ -21,6 +31,7 @@ Live versions of these release notes can be found at:
   - JDK-8136354: [TEST_BUG] Test  java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script
   - JDK-8139668: Generate README-build.html from markdown
   - JDK-8143847: Remove REF_CLEANER reference category
+  - JDK-8147862: Null check too late in sun.net.httpserver.ServerImpl
   - JDK-8150669: C1 intrinsic for Class.isPrimitive
   - JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows
   - JDK-8173339: AArch64: Fix minimum stack size computations
@@ -97,6 +108,19 @@ change might only impact existing code that would depend on
 PhantomReference being enqueued rather than when the referent be freed
 from the heap.
 
+core-libs/java.net:
+
+JDK-8286918: Better HttpServer service
+======================================
+The HttpServer can be optionally configured with a maximum connection
+limit by setting the jdk.httpserver.maxConnections system property. A
+value of 0 or a negative integer is ignored and considered to
+represent no connection limit. In the case of a positive integer
+value, any newly accepted connections will be first checked against
+the current count of established connections and, if the configured
+limit has been reached, then the newly accepted connection will be
+closed immediately.
+
 security-libs/javax.net.ssl:
 
 JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 3d60f08..2d9d72a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -347,7 +347,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project      openjdk
 %global shenandoah_repo         shenandoah-jdk8u
-%global openjdk_revision        jdk8u352-b07
+%global openjdk_revision        jdk8u352-b08
 %global shenandoah_revision     shenandoah-%{openjdk_revision}
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
@@ -363,12 +363,12 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      2
+%global rpmrelease      1
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global milestone          fcs
 %global milestone_version  %{nil}
@@ -2891,6 +2891,11 @@ cjc.mainProgram(args)
 %endif
 
 %changelog
+* Wed Oct 19 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-1
+- Update to shenandoah-jdk8u352-b08 (GA)
+- Update release notes for shenandoah-8u352-b08.
+- Switch to GA mode for final release.
+
 * Sun Oct 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b07-0.2.ea
 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
 - Add test to ensure timezones can be translated
diff --git a/sources b/sources
index 44fb427..237849a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b07-4curve.tar.xz) = 9525cdd009037328e061965c751fae7fb61887d87efadfbc8b361aeee74a3cbb0bc2405f0bd33d3c943862a2eab5d30576e071063a87ec326b1781d29e7974ea
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz) = 64a3679f3c5159b5742aac14a1a07d860a33c98a06b705bd106f0e997e591751c2645e9037cb9b4f6093aac69456f28dacf90451f0b083e803db4e5cb35d349f