39ec874dbe
Switch to GA mode for final release. Update release notes for 8u262 release. Split JDK-8042159 patch into per-repo patches as upstream. Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
368 lines
21 KiB
Plaintext
368 lines
21 KiB
Plaintext
Key:
|
|
|
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
|
|
|
New in release OpenJDK 8u262 (2020-07-14):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/oj8u262
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
|
|
|
|
* New features
|
|
- JDK-8223147: JFR Backport
|
|
* Security fixes
|
|
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
|
|
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
|
|
- JDK-8230613: Better ASCII conversions
|
|
- JDK-8231800: Better listing of arrays
|
|
- JDK-8232014: Expand DTD support
|
|
- JDK-8233255: Better Swing Buttons
|
|
- JDK-8234032: Improve basic calendar services
|
|
- JDK-8234042: Better factory production of certificates
|
|
- JDK-8234418: Better parsing with CertificateFactory
|
|
- JDK-8234836: Improve serialization handling
|
|
- JDK-8236191: Enhance OID processing
|
|
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
|
|
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
|
|
- JDK-8238002, CVE-2020-14581: Better matrix operations
|
|
- JDK-8238804: Enhance key handling process
|
|
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
|
|
- JDK-8238843: Enhanced font handing
|
|
- JDK-8238920, CVE-2020-14583: Better Buffer support
|
|
- JDK-8238925: Enhance WAV file playback
|
|
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
|
|
- JDK-8240482: Improved WAV file playback
|
|
- JDK-8241379: Update JCEKS support
|
|
- JDK-8241522: Manifest improved jar headers redux
|
|
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
|
|
* Other changes
|
|
- JDK-4949105: Access Bridge lacks html tags parsing
|
|
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
|
|
- JDK-8003209: JFR events for network utilization
|
|
- JDK-8030680: 292 cleanup from default method code assessment
|
|
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
|
|
- JDK-8037866: Replace the Fun class in tests with lambdas
|
|
- JDK-8041626: Shutdown tracing event
|
|
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
|
|
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
|
|
- JDK-8076475: Misuses of strncpy/strncat
|
|
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
|
|
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
|
|
- JDK-8146612: C2: Precedence edges specification violated
|
|
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
|
|
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
|
|
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
|
|
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
|
|
- JDK-8165675: Trace event for thread park has incorrect unit for timeout
|
|
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
|
|
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
|
|
- JDK-8176182: 4 security tests are not run
|
|
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
|
|
- JDK-8178910: Problemlist sample tests
|
|
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
|
|
- JDK-8183925: Decouple crash protection from watcher thread
|
|
- JDK-8191393: Random crashes during cfree+0x1c
|
|
- JDK-8195817: JFR.stop should require name of recording
|
|
- JDK-8195818: JFR.start should increase autogenerated name by one
|
|
- JDK-8195819: Remove recording=x from jcmd JFR.check output
|
|
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
|
|
- JDK-8199712: Flight Recorder
|
|
- JDK-8202578: Revisit location for class unload events
|
|
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
|
|
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
|
|
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
|
|
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
|
|
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
|
|
- JDK-8203929: Limit amount of data for JFR.dump
|
|
- JDK-8205516: JFR tool
|
|
- JDK-8207392: [PPC64] Implement JFR profiling
|
|
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
|
|
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR
|
|
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
|
|
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
|
|
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
|
|
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
|
|
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
|
|
- JDK-8213421: Line number information for execution samples always 0
|
|
- JDK-8213617: JFR should record the PID of the recorded process
|
|
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
|
|
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
|
|
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
|
|
- JDK-8213966: The ZGC JFR events should be marked as experimental
|
|
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
|
|
- JDK-8214750: Unnecessary <p> tags in jfr classes
|
|
- JDK-8214896: JFR Tool left files behind
|
|
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
|
|
- JDK-8214925: JFR tool fails to execute
|
|
- JDK-8215175: Inconsistencies in JFR event metadata
|
|
- JDK-8215237: jdk.jfr.Recording javadoc does not compile
|
|
- JDK-8215284: Reduce noise induced by periodic task getFileSize()
|
|
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
|
|
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
|
|
- JDK-8215771: The jfr tool should pretty print reference chains
|
|
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
|
|
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
|
|
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
|
|
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
|
|
- JDK-8216578: Remove unused/obsolete method in JFR code
|
|
- JDK-8216995: Clean up JFR command line processing
|
|
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
|
|
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
|
|
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
|
|
- JDK-8220293: Deadlock in JFR string pool
|
|
- JDK-8223689: Add JFR Thread Sampling Support
|
|
- JDK-8223690: Add JFR BiasedLock Event Support
|
|
- JDK-8223691: Add JFR G1 Region Type Change Event Support
|
|
- JDK-8223692: Add JFR G1 Heap Summary Event Support
|
|
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
|
|
- JDK-8224475: JTextPane does not show images in HTML rendering
|
|
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
|
|
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
|
|
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
|
|
- JDK-8226779: [TESTBUG] Test JFR API from Java agent
|
|
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
|
|
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
|
|
- JDK-8227269: Slow class loading when running with JDWP
|
|
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
|
|
- JDK-8229366: JFR backport allows unchecked writing to memory
|
|
- JDK-8229401: Fix JFR code cache test failures
|
|
- JDK-8229708: JFR backport code does not initialize
|
|
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator
|
|
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
|
|
- JDK-8229899: Make java.io.File.isInvalid() less racy
|
|
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
|
|
- JDK-8230597: Update GIFlib library to the 5.2.1
|
|
- JDK-8230707: JFR related tests are failing
|
|
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
|
|
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
|
|
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
|
|
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
|
|
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
|
|
- JDK-8231995: two jtreg tests failed after 8229366 is fixed
|
|
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
|
|
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
|
|
- JDK-8233880: Support compilers with multi-digit major version numbers
|
|
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
|
|
- JDK-8236008: Some backup files were accidentally left in the hotspot tree
|
|
- JDK-8236074: Missed package-info
|
|
- JDK-8236174: Should update javadoc since tags
|
|
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
|
|
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
|
|
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
|
|
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
|
|
- JDK-8238589: Necessary code cleanup in JFR for JDK8u
|
|
- JDK-8238590: Enable JFR by default during compilation in 8u
|
|
- JDK-8239055: Wrong implementation of VMState.hasListener
|
|
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
|
|
- JDK-8239479: minimal1 and zero builds are failing
|
|
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
|
|
- JDK-8239867: correct over use of INCLUDE_JFR macro
|
|
- JDK-8240375: Disable JFR by default for July 2020 release
|
|
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
|
|
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
|
|
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
|
|
- JDK-8241750: x86_32 build failure after JDK-8227269
|
|
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
|
|
- JDK-8242788: Non-PCH build is broken after JDK-8191393
|
|
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part
|
|
- JDK-8243059: Build fails when --with-vendor-name contains a comma
|
|
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes
|
|
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
|
|
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
|
|
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
|
|
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32
|
|
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
|
|
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value
|
|
- JDK-8244843: JapanEraNameCompatTest fails
|
|
- JDK-8245167: Top package in method profiling shows null in JMC
|
|
- JDK-8246223: Windows build fails after JDK-8227269
|
|
- JDK-8246703: [TESTBUG] Add test for JDK-8233197
|
|
- JDK-8248399: Build installs jfr binary when JFR is disabled
|
|
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
hotspot/jfr:
|
|
|
|
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
|
|
=========================================================
|
|
|
|
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
|
|
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
|
|
|
|
JFR is a low-overhead framework to collect and provide data helpful to
|
|
troubleshoot the performance of the OpenJDK runtime and of Java
|
|
applications. It consists of a new API to define custom events under
|
|
the jdk.jfr namespace and a JMX interface to interact with the
|
|
framework. The recording can also be initiated with the application
|
|
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
|
|
the +XX:EnableTracing feature introduced in JEP 167, providing a more
|
|
efficient way to retrieve the same information. For compatibility
|
|
reasons, +XX:EnableTracing is still accepted, however no data will be
|
|
printed.
|
|
|
|
While JFR is not built by default upstream, it is included in Red Hat
|
|
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
|
|
|
|
hotspot/runtime:
|
|
|
|
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
|
|
=========================================================================================
|
|
|
|
JFR will be disabled with a warning message if it is enabled during
|
|
CDS dumping. The user will see the following warning message:
|
|
|
|
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
|
|
|
|
if JFR is enabled during CDS dumping such as in the following command
|
|
line:
|
|
|
|
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8244167: Removal of Comodo Root CA Certificate
|
|
==================================================
|
|
|
|
The following expired Comodo root CA certificate was removed from the
|
|
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
|
|
|
|
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
|
|
|
|
JDK-8244166: Removal of DocuSign Root CA Certificate
|
|
====================================================
|
|
|
|
The following expired DocuSign root CA certificate was removed from
|
|
the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
|
|
|
|
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
|
|
|
|
security-libs/javax.crypto:pkcs11:
|
|
|
|
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
|
|
============================================================================================================================
|
|
|
|
The SunPKCS11 security provider can now be initialized with NSS when
|
|
FIPS-enabled external modules are configured in the Security Modules
|
|
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
|
|
throw a RuntimeException with the message: "FIPS flag set for
|
|
non-internal module" when such a library was configured for NSS in
|
|
non-FIPS mode.
|
|
|
|
This change allows the JDK to work properly with recent NSS releases
|
|
on GNU/Linux operating systems when the system-wide FIPS policy is
|
|
turned on.
|
|
|
|
Further information can be found in JDK-8238555.
|
|
|
|
New in release OpenJDK 8u252 (2020-04-14):
|
|
===========================================
|
|
Live versions of these release notes can be found at:
|
|
* https://bitly.com/oj8u252
|
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
|
|
|
|
* Security fixes
|
|
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
|
|
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
|
|
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
|
|
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
|
|
- JDK-8225603: Enhancement for big integers
|
|
- JDK-8227542: Manifest improved jar headers
|
|
- JDK-8231415, CVE-2020-2773: Better signatures in XML
|
|
- JDK-8233250: Better X11 rendering
|
|
- JDK-8233410: Better Build Scripting
|
|
- JDK-8234027: Better JCEKS key support
|
|
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
|
|
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
|
|
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
|
|
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
|
|
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
|
|
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
|
|
* Other changes
|
|
- JDK-8005819: Support cross-realm MSSFU
|
|
- JDK-8022263: use same Clang warnings on BSD as on Linux
|
|
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
|
|
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
|
|
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
|
|
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
|
|
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
|
|
- JDK-8132130: some docs cleanup
|
|
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
|
|
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
|
|
- JDK-8144446: Automate the Marlin crash test
|
|
- JDK-8144526: Remove Marlin logging use of deleted internal API
|
|
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
|
|
- JDK-8144654: Improve Marlin logging
|
|
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
|
|
- JDK-8166976: TestCipherPBECons has wrong @run line
|
|
- JDK-8167409: Invalid value passed to critical JNI function
|
|
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
|
|
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
|
|
- JDK-8191227: issues with unsafe handle resolution
|
|
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
|
|
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
|
|
- JDK-8215756: Memory leaks in the AWT on macOS
|
|
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
|
|
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
|
|
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
|
|
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
|
|
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
|
|
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder
|
|
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
|
|
- JDK-8229872: (fs) Increase buffer size used with getmntent
|
|
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
|
|
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
|
|
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
|
|
- JDK-8235904: Infinite loop when rendering huge lines
|
|
- JDK-8236179: C1 register allocation error with T_ADDRESS
|
|
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
|
|
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
|
|
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
|
|
- JDK-8241307: Marlin renderer should not be the default in 8u252
|
|
|
|
Notes on individual issues:
|
|
===========================
|
|
|
|
hotspot/svc:
|
|
|
|
JDK-8174881: Binary format for HPROF updated
|
|
============================================
|
|
|
|
When dumping the heap in binary format, HPROF format 1.0.2 is always
|
|
used now. Previously, format 1.0.1 was used for heaps smaller than
|
|
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
|
|
serviceability agent.
|
|
|
|
security-libs/java.security:
|
|
|
|
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
|
|
====================================================================================
|
|
|
|
The SunRsaSign and SunJCE providers have been enhanced with support
|
|
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
|
|
signature and OAEP using FIPS 180-4 digest algorithms. New
|
|
constructors and methods have been added to relevant JCA/JCE classes
|
|
under the `java.security.spec` and `javax.crypto.spec` packages for
|
|
supporting additional RSASSA-PSS parameters.
|
|
|
|
security-libs/javax.crypto:
|
|
|
|
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
|
|
============================================================
|
|
|
|
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
|
|
|
|
security-libs/javax.security:
|
|
|
|
JDK-8227564: Allow SASL Mechanisms to Be Restricted
|
|
===================================================
|
|
|
|
A security property named `jdk.sasl.disabledMechanisms` has been added
|
|
that can be used to disable SASL mechanisms. Any disabled mechanism
|
|
will be ignored if it is specified in the `mechanisms` argument of
|
|
`Sasl.createSaslClient` or the `mechanism` argument of
|
|
`Sasl.createSaslServer`. The default value for this security property
|
|
is empty, which means that no mechanisms are disabled out-of-the-box.
|