36a26ce298
Update release notes for 8u292-b03.
1022 lines
61 KiB
Plaintext
1022 lines
61 KiB
Plaintext
Key:
|
|
|
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
|
|
|
New in release OpenJDK 8u292 (2021-04-20):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/openjdk8u292
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
|
|
|
|
* Other changes
|
|
- JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
|
|
- JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
|
|
- JDK-8035166: Remove dependency on EC classes from pkcs11 provider
|
|
- JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
|
|
- JDK-8038723: Openup some PrinterJob tests
|
|
- JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
|
|
- JDK-8078450: Implement consistent process for quarantine of tests
|
|
- JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
|
|
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
|
|
- JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
|
|
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
|
|
- JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
|
|
- JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
|
|
- JDK-8160217: JavaSound should clean up resources better
|
|
- JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
|
|
- JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
|
|
- JDK-8172404: Tools should warn if weak algorithms are used before restricting them
|
|
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
|
|
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
|
|
- JDK-8202343: Disable TLS 1.0 and 1.1
|
|
- JDK-8209333: Socket reset issue for TLS 1.3 socket close
|
|
- JDK-8211339: NPE during SSL handshake caused by HostnameChecker
|
|
- JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
|
|
- JDK-8217338: [Containers] Improve systemd slice memory limit support
|
|
- JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
|
|
- JDK-8221408: Windows 32bit build build errors/warnings in hotspot
|
|
- JDK-8223186: HotSpot compile warnings from GCC 9
|
|
- JDK-8225805: Java Access Bridge does not close the logger
|
|
- JDK-8226899: Problemlist compiler/rtm tests
|
|
- JDK-8227642: [TESTBUG] Make docker tests podman compatible
|
|
- JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
|
|
- JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
|
|
- JDK-8230388: Problemlist additional compiler/rtm tests
|
|
- JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
|
|
- JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
|
|
- JDK-8234728: Some security tests should support TLSv1.3
|
|
- JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
|
|
- JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
|
|
- JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
|
|
- JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
|
|
- JDK-8242141: New System Properties to configure the TLS signature schemes
|
|
- JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
|
|
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method
|
|
- JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
|
|
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
|
|
- JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
|
|
- JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
|
|
- JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
|
|
- JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
|
|
- JDK-8253368: TLS connection always receives close_notify exception
|
|
- JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
|
|
- JDK-8253932: SSL debug log prints incorrect caller info
|
|
- JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
|
|
- JDK-8255880: UI of Swing components is not redrawn after their internal state changed
|
|
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
|
|
- JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
|
|
- JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
|
|
- JDK-8258079: Eliminate ParNew's use of klass_or_null()
|
|
- JDK-8256682: JDK-8202343 is incomplete
|
|
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
|
|
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
|
|
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
|
|
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
|
|
- JDK-8258933: G1 needs klass_or_null_acquire
|
|
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
|
|
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
|
|
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
|
|
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function
|
|
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
|
|
- Revert differences against upstream 8u
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
|
|
===================================================================================
|
|
Weak named curves are disabled by default by adding them to the
|
|
following `disabledAlgorithms` security properties:
|
|
|
|
* jdk.tls.disabledAlgorithms
|
|
* jdk.certpath.disabledAlgorithms
|
|
* jdk.jar.disabledAlgorithms
|
|
|
|
Red Hat has always disabled many of the curves provided by upstream,
|
|
so the only addition in this release is:
|
|
|
|
* secp256k1
|
|
|
|
The curves that remain enabled are:
|
|
|
|
* secp256r1
|
|
* secp384r1
|
|
* secp521r1
|
|
* X25519
|
|
* X448
|
|
|
|
When large numbers of weak named curves need to be disabled, adding
|
|
individual named curves to each `disabledAlgorithms` property would be
|
|
overwhelming. To relieve this, a new security property,
|
|
`jdk.disabled.namedCurves`, is implemented that can list the named
|
|
curves common to all of the `disabledAlgorithms` properties. To use
|
|
the new property in the `disabledAlgorithms` properties, precede the
|
|
full property name with the keyword `include`. Users can still add
|
|
individual named curves to `disabledAlgorithms` properties separate
|
|
from this new property. No other properties can be included in the
|
|
`disabledAlgorithms` properties.
|
|
|
|
To restore the named curves, remove the `include
|
|
jdk.disabled.namedCurves` either from specific or from all
|
|
`disabledAlgorithms` security properties. To restore one or more
|
|
curves, remove the specific named curve(s) from the
|
|
`jdk.disabled.namedCurves` property.
|
|
|
|
JDK-8244286: Tools Warn If Weak Algorithms Are Used
|
|
===================================================
|
|
The `keytool` and `jarsigner` tools have been updated to warn users
|
|
when weak cryptographic algorithms are used in keys, certificates, and
|
|
signed JARs before they are disabled. The weak algorithms are set in
|
|
the `jdk.security.legacyAlgorithms` security property in the
|
|
`java.security` configuration file. In this release, the tools issue
|
|
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
|
|
|
|
security-libs/javax.net.ssl:
|
|
|
|
JDK-8256490: Disable TLS 1.0 and 1.1
|
|
====================================
|
|
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
|
|
considered secure and have been superseded by more secure and modern
|
|
versions (TLS 1.2 and 1.3).
|
|
|
|
These versions have now been disabled by default. If you encounter
|
|
issues, you can, at your own risk, re-enable the versions by removing
|
|
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
|
|
security property in the `java.security` configuration file.
|
|
|
|
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
|
|
=========================================================================
|
|
Two new system properties have been added to customize the TLS
|
|
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
|
|
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
|
|
has been added for the server side.
|
|
|
|
Each system property contains a comma-separated list of supported
|
|
signature scheme names specifying the signature schemes that could be
|
|
used for the TLS connections.
|
|
|
|
The names are described in the "Signature Schemes" section of the
|
|
*Java Security Standard Algorithm Names Specification*.
|
|
|
|
New in release OpenJDK 8u282 (2021-01-19):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/openjdk8u282
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
|
|
|
|
* Security fixes
|
|
- JDK-8247619: Improve Direct Buffering of Characters
|
|
* Other changes
|
|
- JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
|
|
- JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
|
|
- JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
|
|
- JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
|
|
- JDK-8030350: Enable additional compiler warnings for GCC
|
|
- JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
|
|
- JDK-8036122: Fix warning 'format not a string literal'
|
|
- JDK-8039279: Move awt tests to openjdk repository
|
|
- JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
|
|
- JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
|
|
- JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
|
|
- JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
|
|
- JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
|
|
- JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
|
|
- JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
|
|
- JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
|
|
- JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
|
|
- JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
|
|
- JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
|
|
- JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
|
|
- JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
|
|
- JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
|
|
- JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
|
|
- JDK-8051440: move tests about maximizing undecorated to OpenJDK
|
|
- JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
|
|
- JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
|
|
- JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
|
|
- JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
|
|
- JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
|
|
- JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
|
|
- JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
|
|
- JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
|
|
- JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
|
|
- JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
|
|
- JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
|
|
- JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
|
|
- JDK-8062808: Turn on the -Wreturn-type warning
|
|
- JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
|
|
- JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
|
|
- JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
|
|
- JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
|
|
- JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
|
|
- JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
|
|
- JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
|
|
- JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
|
|
- JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
|
|
- JDK-8068275: Some tests failed after JDK-8063104
|
|
- JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
|
|
- JDK-8074807: Fix some tests unnecessary using internal API
|
|
- JDK-8076315: move 4 manual functional swing tests to regression suite
|
|
- JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
|
|
- JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
|
|
- JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
|
|
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
|
|
- JDK-8148916: Mark bug6400879.java as intermittently failing
|
|
- JDK-8148983: Fix extra comma in changes for JDK-8148916
|
|
- JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
|
|
- JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
|
|
- JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
|
|
- JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
|
|
- JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
|
|
- JDK-8165808: Add release barriers when allocating objects with concurrent collection
|
|
- JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
|
|
- JDK-8166583: Add oopDesc::klass_or_null_acquire()
|
|
- JDK-8166663: Simplify oops_on_card_seq_iterate_careful
|
|
- JDK-8166862: CMS needs klass_or_null_acquire
|
|
- JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
|
|
- JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
|
|
- JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
|
|
- JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
|
|
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
|
|
- JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
|
|
- JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
|
|
- JDK-8207766: [testbug] Adapt tests for Aix.
|
|
- JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
|
|
- JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
|
|
- JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
|
|
- JDK-8217362: Emergency dump does not work when disk=false is set
|
|
- JDK-8217766: Container Support doesn't work for some Join Controllers combinations
|
|
- JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
|
|
- JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
|
|
- JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
|
|
- JDK-8220657: JFR.dump does not work when filename is set
|
|
- JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
|
|
- JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
|
|
- JDK-8221710: [TESTBUG] more configurable parameters for docker testing
|
|
- JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
|
|
- JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
|
|
- JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
|
|
- JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
|
|
- JDK-8229868: Update Apache Santuario TPRM version
|
|
- JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
|
|
- JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
|
|
- JDK-8232114: JVM crashed at imjpapi.dll in native code
|
|
- JDK-8233548: Update CUP to v0.11b
|
|
- JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
|
|
- JDK-8234339: replace JLI_StrTok in java_md_solinux.c
|
|
- JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
|
|
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
|
|
- JDK-8242335: Additional Tests for RSASSA-PSS
|
|
- JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
|
|
- JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
|
|
- JDK-8245400: Upgrade to LittleCMS 2.11
|
|
- JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
|
|
- JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
|
|
- JDK-8249176: Update GlobalSignR6CA test certificates
|
|
- JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
|
|
- JDK-8250636: iso8601_time returns incorrect offset part on MacOS
|
|
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
|
|
- JDK-8250928: JFR: Improve hash algorithm for stack traces
|
|
- JDK-8251365: Build failure on AIX after 8250636
|
|
- JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
|
|
- JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
|
|
- JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
|
|
- JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
|
|
- JDK-8252497: Incorrect numeric currency code for ROL
|
|
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
|
|
- JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
|
|
- JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
|
|
- JDK-8253036: Support building the Zero assembler port on AArch64
|
|
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect
|
|
- JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
|
|
- JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
|
|
- JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
|
|
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
|
|
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
|
|
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
|
|
- JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
|
|
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
|
|
- JDK-8255003: Build failures on Solaris
|
|
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
|
|
- JDK-8255269: Unsigned overflow in g1Policy.cpp
|
|
- JDK-8255603: Memory/Performance regression after JDK-8210985
|
|
- JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
|
|
- JDK-8256618: Zero: Linux x86_32 build still fails
|
|
- JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
|
|
- JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
|
|
- JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
|
|
- JDK-8258630: Add expiry exception for QuoVadis root certificate
|
|
* AArch64 port
|
|
- Fix AArch64 build failure after JDK-8062808 backport
|
|
* Shenandoah
|
|
- Fix racy update of code roots
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
security-libs/javax.xml.crypto:
|
|
|
|
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
|
|
===========================================================================
|
|
The XML Signature implementation in the `java.xml.crypto` module has
|
|
been updated to version 2.1.3 of Apache Santuario. New features
|
|
include:
|
|
|
|
* Added support for embedding elliptic curve public keys in the
|
|
KeyValue element
|
|
|
|
New in release OpenJDK 8u275 (2020-11-05):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/openjdk8u275
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
|
|
|
|
* Regression fixes
|
|
- JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
|
|
- JDK-8223940: Private key not supported by chosen signature algorithm
|
|
- JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
|
|
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
|
|
|
|
New in release OpenJDK 8u272 (2020-10-20):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/openjdk8u272
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
|
|
|
|
* New features
|
|
- JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
|
|
* Security fixes
|
|
- JDK-8233624: Enhance JNI linkage
|
|
- JDK-8236196: Improve string pooling
|
|
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
|
|
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
|
|
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
|
|
- JDK-8240124: Better VM Interning
|
|
- JDK-8241114, CVE-2020-14792: Better range handling
|
|
- JDK-8242680, CVE-2020-14796: Improved URI Support
|
|
- JDK-8242685, CVE-2020-14797: Better Path Validation
|
|
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
|
|
- JDK-8243302: Advanced class supports
|
|
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
|
|
- JDK-8244479: Further constrain certificates
|
|
- JDK-8244955: Additional Fix for JDK-8240124
|
|
- JDK-8245407: Enhance zoning of times
|
|
- JDK-8245412: Better class definitions
|
|
- JDK-8245417: Improve certificate chain handling
|
|
- JDK-8248574: Improve jpeg processing
|
|
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
|
|
- JDK-8253019: Enhanced JPEG decoding
|
|
* Other changes
|
|
- JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
|
|
- JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
|
|
- JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
|
|
- JDK-8025886: replace [[ and == bash extensions in regtest
|
|
- JDK-8026236: Add PrimeTest for BigInteger
|
|
- JDK-8031625: javadoc problems referencing inner class constructors
|
|
- JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
|
|
- JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
|
|
- JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
|
|
- JDK-8046274: Removing dependency on jakarta-regexp
|
|
- JDK-8048933: -XX:+TraceExceptions output should include the message
|
|
- JDK-8057003: Large reference arrays cause extremely long synchronization times
|
|
- JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
|
|
- JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
|
|
- JDK-8062947: Fix exception message to correctly represent LDAP connection failure
|
|
- JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
|
|
- JDK-8075774: Small readability and performance improvements for zipfs
|
|
- JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
|
|
- JDK-8078334: Mark regression tests using randomness
|
|
- JDK-8078880: Mark a few more intermittently failuring security-libs
|
|
- JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
|
|
- JDK-8132206: move ScanTest.java into OpenJDK
|
|
- JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
|
|
- JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
|
|
- JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
|
|
- JDK-8144539: Update PKCS11 tests to run with security manager
|
|
- JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
|
|
- JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
|
|
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
|
|
- JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
|
|
- JDK-8151788: NullPointerException from ntlm.Client.type3
|
|
- JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
|
|
- JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
|
|
- JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
|
|
- JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
|
|
- JDK-8154313: Generated javadoc scattered all over the place
|
|
- JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
|
|
- JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
|
|
- JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
|
|
- JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
|
|
- JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
|
|
- JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
|
|
- JDK-8166148: Fix for JDK-8165936 broke solaris builds
|
|
- JDK-8167300: Scheduling failures during gcm should be fatal
|
|
- JDK-8167615: Opensource unit/regression tests for JavaSound
|
|
- JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
|
|
- JDK-8169925: PKCS #11 Cryptographic Token Interface license
|
|
- JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
|
|
- JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
|
|
- JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
|
|
- JDK-8177628: Opensource unit/regression tests for ImageIO
|
|
- JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
|
|
- JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
|
|
- JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
|
|
- JDK-8184762: ZapStackSegments should use optimized memset
|
|
- JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
|
|
- JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
|
|
- JDK-8193137: Nashorn crashes when given an empty script file
|
|
- JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
|
|
- JDK-8194298: Add support for per Socket configuration of TCP keepalive
|
|
- JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
|
|
- JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
|
|
- JDK-8201633: Problems with AES-GCM native acceleration
|
|
- JDK-8203357: Container Metrics
|
|
- JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
|
|
- JDK-8210147: adjust some WSAGetLastError usages in windows network coding
|
|
- JDK-8211049: Second parameter of "initialize" method is not used
|
|
- JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
|
|
- JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
|
|
- JDK-8214862: assert(proj != __null) at compile.cpp:3251
|
|
- JDK-8216283: Allow shorter method sampling interval than 10 ms
|
|
- JDK-8217606: LdapContext#reconnect always opens a new connection
|
|
- JDK-8217647: JFR: recordings on 32-bit systems unreadable
|
|
- JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
|
|
- JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
|
|
- JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
|
|
- JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
|
|
- JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
|
|
- JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
|
|
- JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
|
|
- JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
|
|
- JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
|
|
- JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
|
|
- JDK-8224217: RecordingInfo should use textual representation of path
|
|
- JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
|
|
- JDK-8226575: OperatingSystemMXBean should be made container aware
|
|
- JDK-8226697: Several tests which need the @key headful keyword are missing it.
|
|
- JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
|
|
- JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
|
|
- JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
|
|
- JDK-8230303: JDB hangs when running monitor command
|
|
- JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
|
|
- JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
|
|
- JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
|
|
- JDK-8233097: Fontmetrics for large Fonts has zero width
|
|
- JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
|
|
- JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
|
|
- JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
|
|
- JDK-8235325: build failure on Linux after 8235243
|
|
- JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
|
|
- JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
|
|
- JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
|
|
- JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
|
|
- JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
|
|
- JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
|
|
- JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
|
|
- JDK-8238898: Missing hash characters for header on license file
|
|
- JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
|
|
- JDK-8239819: XToolkit: Misread of screen information memory
|
|
- JDK-8240295: hs_err elapsed time in seconds is not accurate enough
|
|
- JDK-8240676: Meet not symmetric failure when running lucene on jdk8
|
|
- JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
|
|
- JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
|
|
- JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
|
|
- JDK-8243138: Enhance BaseLdapServer to support starttls extended request
|
|
- JDK-8243320: Add SSL root certificates to Oracle Root CA program
|
|
- JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
|
|
- JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
|
|
- JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
|
|
- JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
|
|
- JDK-8245467: Remove 8u TLSv1.2 implementation files
|
|
- JDK-8245469: Remove DTLS protocol implementation
|
|
- JDK-8245470: Fix JDK8 compatibility issues
|
|
- JDK-8245471: Revert JDK-8148188
|
|
- JDK-8245472: Backport JDK-8038893 to JDK8
|
|
- JDK-8245473: OCSP stapling support
|
|
- JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
|
|
- JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
|
|
- JDK-8245477: Adjust TLS tests location
|
|
- JDK-8245653: Remove 8u TLS tests
|
|
- JDK-8245681: Add TLSv1.3 regression test from 11.0.7
|
|
- JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
|
|
- JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
|
|
- JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
|
|
- JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
|
|
- JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
|
|
- JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
|
|
- JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
|
|
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
|
|
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
|
|
- JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
|
|
- JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
|
|
- JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
|
|
- JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
|
|
- JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
|
|
- JDK-8251341: Minimal Java specification change
|
|
- JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
|
|
- JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
|
|
- JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
|
|
- JDK-8252573: 8u: Windows build failed after 8222079 backport
|
|
- JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
|
|
- JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
|
|
- JDK-8254937: Revert JDK-8148854 for 8u272
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
core-svc/java.lang.management:
|
|
|
|
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
|
|
============================================================================================
|
|
When executing in a container, or other virtualized operating
|
|
environment, the following `OperatingSystemMXBean` methods in this
|
|
release return container specific information, if
|
|
available. Otherwise, they return host specific data:
|
|
|
|
* getFreePhysicalMemorySize()
|
|
* getTotalPhysicalMemorySize()
|
|
* getFreeSwapSpaceSize()
|
|
* getTotalSwapSpaceSize()
|
|
* getSystemCpuLoad()
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
|
|
========================================================================
|
|
The Entrust root certificate has been added to the cacerts truststore:
|
|
|
|
Alias Name: entrustrootcag4
|
|
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
|
|
|
|
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
|
|
=========================================================
|
|
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
|
|
|
|
Alias Name: sslrootrsaca
|
|
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
|
|
|
Alias Name: sslrootevrsaca
|
|
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
|
|
|
Alias Name: sslrooteccca
|
|
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
|
|
|
security-libs/javax.crypto:pkcs11:
|
|
|
|
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
|
|
=======================================================================
|
|
The SunPKCS11 provider has been updated with support for PKCS#11
|
|
v2.40. This version adds support for more algorithms such as the
|
|
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
|
|
digests, and RSASSA-PSS signatures when the corresponding PKCS11
|
|
mechanisms are supported by the underlying PKCS11 library.
|
|
|
|
security-libs/javax.security:
|
|
|
|
JDK-8242059: Support for canonicalize in krb5.conf
|
|
==================================================
|
|
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
|
|
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
|
|
canonicalization is requested by clients in TGT requests to KDC
|
|
services (AS protocol). Otherwise, and by default, it is not
|
|
requested.
|
|
|
|
The new default behavior is different from previous releases where
|
|
name canonicalization was always requested by clients in TGT requests
|
|
to KDC services (provided that support for RFC 6806[1] was not
|
|
explicitly disabled with the *sun.security.krb5.disableReferrals*
|
|
system or security properties).
|
|
|
|
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
|
|
[1]: https://tools.ietf.org/html/rfc6806
|
|
|
|
security-libs/javax.xml.crypto:
|
|
|
|
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
|
|
=====================================================================
|
|
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
|
|
|
|
New features include:
|
|
|
|
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
|
|
in RFC 6931.
|
|
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
|
|
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
|
|
|
|
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
|
|
============================================================================================================
|
|
The upgrade to the Apache Santuario libraries (see above) introduced
|
|
an issue where XML signature using Base64 encoding resulted in
|
|
appending `
` or `
` to the encoded output. This behavioural
|
|
change was made in the Apache Santuario codebase to comply with RFC
|
|
2045. The Santuario team has adopted a position of keeping their
|
|
libraries compliant with RFC 2045.
|
|
|
|
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
|
|
data in a format without `
` or `
`.
|
|
|
|
Therefore a new system property, specific to the 8 update stream,
|
|
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
|
|
available to fall back to the legacy Base64 encoded format.
|
|
|
|
Users can set this flag in one of two ways:
|
|
|
|
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
|
|
|
|
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
|
|
|
|
This new system property is disabled by default. It has no effect on
|
|
default behaviour nor when
|
|
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
|
|
is set.
|
|
|
|
Later JDK family versions will only support the recommended property:
|
|
|
|
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
|
|
|
|
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
|
|
====================================================================
|
|
Following JDK's update to tzdata2020b, the long-obsolete files
|
|
pacificnew and systemv have been removed. As a result, the
|
|
"US/Pacific-New" zone name declared in the pacificnew data file is no
|
|
longer available for use.
|
|
|
|
Information regarding the update can be viewed at
|
|
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
|
|
|
|
New in release OpenJDK 8u265 (2020-07-27):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/openjdk8u265
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
|
|
|
|
* Bug fixes
|
|
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
|
|
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
|
|
|
|
New in release OpenJDK 8u262 (2020-07-14):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/oj8u262
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
|
|
|
|
* New features
|
|
- JDK-8223147: JFR Backport
|
|
* Security fixes
|
|
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
|
|
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
|
|
- JDK-8230613: Better ASCII conversions
|
|
- JDK-8231800: Better listing of arrays
|
|
- JDK-8232014: Expand DTD support
|
|
- JDK-8233255: Better Swing Buttons
|
|
- JDK-8234032: Improve basic calendar services
|
|
- JDK-8234042: Better factory production of certificates
|
|
- JDK-8234418: Better parsing with CertificateFactory
|
|
- JDK-8234836: Improve serialization handling
|
|
- JDK-8236191: Enhance OID processing
|
|
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
|
|
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
|
|
- JDK-8238002, CVE-2020-14581: Better matrix operations
|
|
- JDK-8238804: Enhance key handling process
|
|
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
|
|
- JDK-8238843: Enhanced font handing
|
|
- JDK-8238920, CVE-2020-14583: Better Buffer support
|
|
- JDK-8238925: Enhance WAV file playback
|
|
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
|
|
- JDK-8240482: Improved WAV file playback
|
|
- JDK-8241379: Update JCEKS support
|
|
- JDK-8241522: Manifest improved jar headers redux
|
|
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
|
|
* Other changes
|
|
- JDK-4949105: Access Bridge lacks html tags parsing
|
|
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
|
|
- JDK-8003209: JFR events for network utilization
|
|
- JDK-8030680: 292 cleanup from default method code assessment
|
|
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
|
|
- JDK-8037866: Replace the Fun class in tests with lambdas
|
|
- JDK-8041626: Shutdown tracing event
|
|
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
|
|
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
|
|
- JDK-8076475: Misuses of strncpy/strncat
|
|
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
|
|
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
|
|
- JDK-8146612: C2: Precedence edges specification violated
|
|
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
|
|
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
|
|
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
|
|
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
|
|
- JDK-8165675: Trace event for thread park has incorrect unit for timeout
|
|
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
|
|
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
|
|
- JDK-8176182: 4 security tests are not run
|
|
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
|
|
- JDK-8178910: Problemlist sample tests
|
|
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
|
|
- JDK-8183925: Decouple crash protection from watcher thread
|
|
- JDK-8191393: Random crashes during cfree+0x1c
|
|
- JDK-8195817: JFR.stop should require name of recording
|
|
- JDK-8195818: JFR.start should increase autogenerated name by one
|
|
- JDK-8195819: Remove recording=x from jcmd JFR.check output
|
|
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
|
|
- JDK-8199712: Flight Recorder
|
|
- JDK-8202578: Revisit location for class unload events
|
|
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
|
|
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
|
|
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
|
|
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
|
|
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
|
|
- JDK-8203929: Limit amount of data for JFR.dump
|
|
- JDK-8205516: JFR tool
|
|
- JDK-8207392: [PPC64] Implement JFR profiling
|
|
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
|
|
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR
|
|
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
|
|
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
|
|
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
|
|
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
|
|
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
|
|
- JDK-8213421: Line number information for execution samples always 0
|
|
- JDK-8213617: JFR should record the PID of the recorded process
|
|
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
|
|
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
|
|
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
|
|
- JDK-8213966: The ZGC JFR events should be marked as experimental
|
|
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
|
|
- JDK-8214750: Unnecessary <p> tags in jfr classes
|
|
- JDK-8214896: JFR Tool left files behind
|
|
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
|
|
- JDK-8214925: JFR tool fails to execute
|
|
- JDK-8215175: Inconsistencies in JFR event metadata
|
|
- JDK-8215237: jdk.jfr.Recording javadoc does not compile
|
|
- JDK-8215284: Reduce noise induced by periodic task getFileSize()
|
|
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
|
|
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
|
|
- JDK-8215771: The jfr tool should pretty print reference chains
|
|
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
|
|
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
|
|
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
|
|
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
|
|
- JDK-8216578: Remove unused/obsolete method in JFR code
|
|
- JDK-8216995: Clean up JFR command line processing
|
|
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
|
|
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
|
|
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
|
|
- JDK-8220293: Deadlock in JFR string pool
|
|
- JDK-8223689: Add JFR Thread Sampling Support
|
|
- JDK-8223690: Add JFR BiasedLock Event Support
|
|
- JDK-8223691: Add JFR G1 Region Type Change Event Support
|
|
- JDK-8223692: Add JFR G1 Heap Summary Event Support
|
|
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
|
|
- JDK-8224475: JTextPane does not show images in HTML rendering
|
|
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
|
|
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
|
|
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
|
|
- JDK-8226779: [TESTBUG] Test JFR API from Java agent
|
|
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
|
|
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
|
|
- JDK-8227269: Slow class loading when running with JDWP
|
|
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
|
|
- JDK-8229366: JFR backport allows unchecked writing to memory
|
|
- JDK-8229401: Fix JFR code cache test failures
|
|
- JDK-8229708: JFR backport code does not initialize
|
|
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator
|
|
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
|
|
- JDK-8229899: Make java.io.File.isInvalid() less racy
|
|
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
|
|
- JDK-8230597: Update GIFlib library to the 5.2.1
|
|
- JDK-8230707: JFR related tests are failing
|
|
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
|
|
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
|
|
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
|
|
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
|
|
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
|
|
- JDK-8231995: two jtreg tests failed after 8229366 is fixed
|
|
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
|
|
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
|
|
- JDK-8233880: Support compilers with multi-digit major version numbers
|
|
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
|
|
- JDK-8236008: Some backup files were accidentally left in the hotspot tree
|
|
- JDK-8236074: Missed package-info
|
|
- JDK-8236174: Should update javadoc since tags
|
|
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
|
|
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
|
|
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
|
|
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
|
|
- JDK-8238589: Necessary code cleanup in JFR for JDK8u
|
|
- JDK-8238590: Enable JFR by default during compilation in 8u
|
|
- JDK-8239055: Wrong implementation of VMState.hasListener
|
|
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
|
|
- JDK-8239479: minimal1 and zero builds are failing
|
|
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
|
|
- JDK-8239867: correct over use of INCLUDE_JFR macro
|
|
- JDK-8240375: Disable JFR by default for July 2020 release
|
|
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
|
|
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
|
|
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
|
|
- JDK-8241750: x86_32 build failure after JDK-8227269
|
|
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
|
|
- JDK-8242788: Non-PCH build is broken after JDK-8191393
|
|
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part
|
|
- JDK-8243059: Build fails when --with-vendor-name contains a comma
|
|
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes
|
|
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
|
|
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
|
|
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
|
|
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32
|
|
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
|
|
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value
|
|
- JDK-8244843: JapanEraNameCompatTest fails
|
|
- JDK-8245167: Top package in method profiling shows null in JMC
|
|
- JDK-8246223: Windows build fails after JDK-8227269
|
|
- JDK-8246703: [TESTBUG] Add test for JDK-8233197
|
|
- JDK-8248399: Build installs jfr binary when JFR is disabled
|
|
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
hotspot/jfr:
|
|
|
|
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
|
|
=========================================================
|
|
|
|
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
|
|
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
|
|
|
|
JFR is a low-overhead framework to collect and provide data helpful to
|
|
troubleshoot the performance of the OpenJDK runtime and of Java
|
|
applications. It consists of a new API to define custom events under
|
|
the jdk.jfr namespace and a JMX interface to interact with the
|
|
framework. The recording can also be initiated with the application
|
|
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
|
|
the +XX:EnableTracing feature introduced in JEP 167, providing a more
|
|
efficient way to retrieve the same information. For compatibility
|
|
reasons, +XX:EnableTracing is still accepted, however no data will be
|
|
printed.
|
|
|
|
While JFR is not built by default upstream, it is included in Red Hat
|
|
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
|
|
|
|
hotspot/runtime:
|
|
|
|
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
|
|
=========================================================================================
|
|
|
|
JFR will be disabled with a warning message if it is enabled during
|
|
CDS dumping. The user will see the following warning message:
|
|
|
|
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
|
|
|
|
if JFR is enabled during CDS dumping such as in the following command
|
|
line:
|
|
|
|
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8244167: Removal of Comodo Root CA Certificate
|
|
==================================================
|
|
|
|
The following expired Comodo root CA certificate was removed from the
|
|
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
|
|
|
|
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
|
|
|
|
JDK-8244166: Removal of DocuSign Root CA Certificate
|
|
====================================================
|
|
|
|
The following expired DocuSign root CA certificate was removed from
|
|
the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
|
|
|
|
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
|
|
|
|
security-libs/javax.crypto:pkcs11:
|
|
|
|
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
|
|
============================================================================================================================
|
|
|
|
The SunPKCS11 security provider can now be initialized with NSS when
|
|
FIPS-enabled external modules are configured in the Security Modules
|
|
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
|
|
throw a RuntimeException with the message: "FIPS flag set for
|
|
non-internal module" when such a library was configured for NSS in
|
|
non-FIPS mode.
|
|
|
|
This change allows the JDK to work properly with recent NSS releases
|
|
on GNU/Linux operating systems when the system-wide FIPS policy is
|
|
turned on.
|
|
|
|
Further information can be found in JDK-8238555.
|
|
|
|
New in release OpenJDK 8u252 (2020-04-14):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/oj8u252
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
|
|
|
|
* Security fixes
|
|
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
|
|
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
|
|
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
|
|
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
|
|
- JDK-8225603: Enhancement for big integers
|
|
- JDK-8227542: Manifest improved jar headers
|
|
- JDK-8231415, CVE-2020-2773: Better signatures in XML
|
|
- JDK-8233250: Better X11 rendering
|
|
- JDK-8233410: Better Build Scripting
|
|
- JDK-8234027: Better JCEKS key support
|
|
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
|
|
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
|
|
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
|
|
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
|
|
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
|
|
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
|
|
* Other changes
|
|
- JDK-8005819: Support cross-realm MSSFU
|
|
- JDK-8022263: use same Clang warnings on BSD as on Linux
|
|
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
|
|
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
|
|
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
|
|
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
|
|
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
|
|
- JDK-8132130: some docs cleanup
|
|
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
|
|
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
|
|
- JDK-8144446: Automate the Marlin crash test
|
|
- JDK-8144526: Remove Marlin logging use of deleted internal API
|
|
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
|
|
- JDK-8144654: Improve Marlin logging
|
|
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
|
|
- JDK-8166976: TestCipherPBECons has wrong @run line
|
|
- JDK-8167409: Invalid value passed to critical JNI function
|
|
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
|
|
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
|
|
- JDK-8191227: issues with unsafe handle resolution
|
|
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
|
|
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
|
|
- JDK-8215756: Memory leaks in the AWT on macOS
|
|
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
|
|
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
|
|
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
|
|
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
|
|
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
|
|
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder
|
|
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
|
|
- JDK-8229872: (fs) Increase buffer size used with getmntent
|
|
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
|
|
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
|
|
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
|
|
- JDK-8235904: Infinite loop when rendering huge lines
|
|
- JDK-8236179: C1 register allocation error with T_ADDRESS
|
|
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
|
|
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
|
|
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
|
|
- JDK-8241307: Marlin renderer should not be the default in 8u252
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
hotspot/svc:
|
|
|
|
JDK-8174881: Binary format for HPROF updated
|
|
============================================
|
|
|
|
When dumping the heap in binary format, HPROF format 1.0.2 is always
|
|
used now. Previously, format 1.0.1 was used for heaps smaller than
|
|
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
|
|
serviceability agent.
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
|
|
====================================================================================
|
|
|
|
The SunRsaSign and SunJCE providers have been enhanced with support
|
|
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
|
|
signature and OAEP using FIPS 180-4 digest algorithms. New
|
|
constructors and methods have been added to relevant JCA/JCE classes
|
|
under the `java.security.spec` and `javax.crypto.spec` packages for
|
|
supporting additional RSASSA-PSS parameters.
|
|
|
|
security-libs/javax.crypto:
|
|
|
|
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
|
|
============================================================
|
|
|
|
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
|
|
|
|
security-libs/javax.security:
|
|
|
|
JDK-8227564: Allow SASL Mechanisms to Be Restricted
|
|
===================================================
|
|
|
|
A security property named `jdk.sasl.disabledMechanisms` has been added
|
|
that can be used to disable SASL mechanisms. Any disabled mechanism
|
|
will be ignored if it is specified in the `mechanisms` argument of
|
|
`Sasl.createSaslClient` or the `mechanism` argument of
|
|
`Sasl.createSaslServer`. The default value for this security property
|
|
is empty, which means that no mechanisms are disabled out-of-the-box.
|