-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
5146 lines (4831 loc) · 344 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 11.0.21 (2023-10-17):
============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11021
* CVEs
- CVE-2023-22081
* Security fixes
- JDK-8286503, JDK-8312367: Enhance security classes
- JDK-8296581: Better system proxy support
- JDK-8297856: Improve handling of Bidi characters
- JDK-8305815, JDK-8307278: Update Libpng to 1.6.39
- JDK-8306881, JDK-8307286: Update FreeType to 2.13.0
- JDK-8309966: Enhanced TLS connections
* Other changes
- JDK-6176679: Application freezes when copying an animated gif image to the system clipboard
- JDK-8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1
- JDK-8155246: Throw error if default java.security file is missing
- JDK-8158880: test/java/time/tck/java/time/format/TCKDateTimeFormatterBuilder.java fail with zh_CN locale
- JDK-8168261: Use server cipher suites preference by default
- JDK-8181383: com/sun/jdi/OptionTest.java fails intermittently with bind failed: Address already in use
- JDK-8201516: DebugNonSafepoints generates incorrect information
- JDK-8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
- JDK-8211343: nsk_jvmti_parseoptions should handle multiple suboptions
- JDK-8212045: Add back the tests that were removed from HashesTest.java and AddExportsTest.java
- JDK-8216059: nsk_jvmti_parseoptions still has dependency on tilde separator
- JDK-8217237: HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers
- JDK-8217395: Update langtools shell tests to use ${EXE_SUFFIX}
- JDK-8217612: (CL)HSDB cannot show some JVM flags
- JDK-8217850: CompressedClassSpaceSizeInJmapHeap fails after JDK-8217612
- JDK-8218471: generate-unsafe-access-tests.sh does not correctly invoke build.tools.spp.Spp
- JDK-8219628: [TESTBUG] javadoc/doclet/InheritDocForUserTags fails with -othervm
- JDK-8220410: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed with missing expected output
- JDK-8221372: Test vmTestbase/nsk/jvmti/GetThreadState/thrstat001/TestDescription.java times out
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
- JDK-8223573: Replace wildcard address with loopback or local host in tests - part 4
- JDK-8223714: HTTPSetAuthenticatorTest could be made more resilient
- JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections
- JDK-8223856: Replace wildcard address with loopback or local host in tests - part 8
- JDK-8224617: (fs) java/nio/file/FileStore/Basic.java found filesystem twice
- JDK-8224729: Cleanups in sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
- JDK-8224768: Test ActalisCA.java fails
- JDK-8225012: sanity/client/SwingSet/src/ToolTipDemoTest.java fails on Windows
- JDK-8226221: Update PKCS11 tests to use NSS 3.46 libs
- JDK-8228341: SignTwice.java fails intermittently on Windows
- JDK-8228403: SignTwice.java failed with java.io.FileNotFoundException: File name too long
- JDK-8229147: Linux os::create_thread() overcounts guardpage size with newer glibc (>=2.27)
- JDK-8229333: java/io/File/SetLastModified.java timed out
- JDK-8229338: clean up test/jdk/java/util/RandomAccess/Basic.java
- JDK-8229348: java/net/DatagramSocket/UnreferencedDatagramSockets.java fails intermittently
- JDK-8229481: sun/net/www/protocol/https/ChunkedOutputStream.java failed with a SSLException
- JDK-8229912: [TESTBUG] java/net/Socks/SocksIPv6Test fails without IPv6
- JDK-8230132: java/net/NetworkInterface/NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling Pseudo-Interface
- JDK-8231037: java/net/InetAddress/ptr/Lookup.java fails intermittently due to reverse lookup failed
- JDK-8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14
- JDK-8231516: network QuickAckTest.java failed due to "SocketException: maximum number of DatagramSockets reached"
- JDK-8232101: (sctp) Add minimal sanity tests for SCTP
- JDK-8232195: Enable BigInteger tests: DivisionOverflow, SymmetricRangeTests and StringConstructorOverflow
- JDK-8232840: java/math/BigInteger/largeMemory/SymmetricRangeTests.java fails due to "OutOfMemoryError: Requested array size exceeds VM limit"
- JDK-8232922: Add java/math/BigInteger/largeMemory/SymmetricRangeTests.java to ProblemList-Xcomp
- JDK-8234808: jdb quoted option parsing broken
- JDK-8236045: [TESTBUG] MismatchedWhiteBox test fails with missing WhiteBox$WhiteBoxPermission.class
- JDK-8237183: Bug ID missing for test in patch which fixed JDK-8230665
- JDK-8238157: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java test failures because of revocation date
- JDK-8239007: java/math/BigInteger/largeMemory/ tests should be disabled on 32-bit platforms
- JDK-8239264: Clearup the legacy ObjectIdentifier constructor from int array
- JDK-8239333: Mark test AmazonCA.java with intermittent key
- JDK-8239537: cgroup MetricsTester testMemorySubsystem fails sometimes when testing memory.kmem.tcp.usage_in_bytes
- JDK-8240193: loadLibrary("osxsecurity") should not be removed
- JDK-8241097: java/math/BigInteger/largeMemory/SymmetricRangeTests.java requires -XX:+CompactStrings
- JDK-8242151: Improve OID mapping and reuse among JDK security providers for aliases registration
- JDK-8242330: Arrays should be cloned in several JAAS Callback classes
- JDK-8242897: KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException
- JDK-8243210: ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace
- JDK-8244078: ProcessTools executeTestJvm and createJavaProcessBuilder have inconsistent handling of test.*.opts
- JDK-8247895: SHA1PRNGReseed.java is calling setSeed(0)
- JDK-8247968: test/jdk/javax/crypto/SecretKeyFactory/security.properties has wrong header
- JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken
- JDK-8249699: java/io/ByteArrayOutputStream/MaxCapacity.java should use @requires instead of @ignore
- JDK-8251517: [TESTBUG] com/sun/net/httpserver/bugs/B6393710.java does not scale socket timeout
- JDK-8252530: Fix inconsistencies in hotspot whitebox
- JDK-8254350: CompletableFuture.get may swallow InterruptedException
- JDK-8255348: NPE in PKIXCertPathValidator event logging code
- JDK-8257993: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine/TestDescription.java crash intermittently
- JDK-8259796: timed CompletableFuture.get may swallow InterruptedException
- JDK-8260274: Cipher.init(int, key) does not use highest priority provider for random bytes
- JDK-8260878: com/sun/jdi/JdbOptions.java fails without jfr
- JDK-8260934: java/lang/StringBuilder/HugeCapacity.java fails without Compact Strings
- JDK-8263970: Manual test javax/swing/JTextField/JapaneseReadingAttributes/JapaneseReadingAttributes.java failed
- JDK-8265980: Fix systemDictionary and loaderConstraints printing
- JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML
- JDK-8268464: Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
- JDK-8269091: javax/sound/sampled/Clip/SetPositionHang.java failed with ArrayIndexOutOfBoundsException: Array index out of range: -4
- JDK-8270331: [TESTBUG] Error: Not a test or directory containing tests: java/awt/print/PrinterJob/InitToBlack.java
- JDK-8271838: AmazonCA.java interop test fails
- JDK-8273807: Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java
- JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
- JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test
- JDK-8275234: java/awt/GraphicsDevice/DisplayModes/CycleDMImage.java is entered twice in ProblemList
- JDK-8275303: sun/java2d/pipe/InterpolationQualityTest.java fails with D3D basic render driver
- JDK-8276651: java/lang/ProcessHandle tests fail with "RuntimeException: Input/output error" in java.lang.ProcessHandleImpl$Info.info0
- JDK-8277353: java/security/MessageDigest/ThreadSafetyTest.java test times out
- JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out
- JDK-8283756: (zipfs) ZipFSOutputStreamTest.testOutputStream should only check inflated bytes
- JDK-8284524: Create an automated test for JDK-4422362
- JDK-8284767: Create an automated test for JDK-4422535
- JDK-8284772: GHA: Use GCC Major Version Dependencies Only
- JDK-8284910: Buffer clean in PasswordCallback
- JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel
- JDK-8286172: Create an automated test for JDK-4516019
- JDK-8286481: Exception printed to stdout on Windows when storing transparent image in clipboard
- JDK-8286620: Create regression test for verifying setMargin() of JRadioButton
- JDK-8289508: Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling
- JDK-8289748: C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM
- JDK-8291444: GHA builds/tests won't run manually if disabled from automatic running
- JDK-8291830: jvmti/RedefineClasses/StressRedefine failed: assert(!is_null(v)) failed: narrow klass value can never be zero
- JDK-8292033: Move jdk.X509Certificate event logic to JCA layer
- JDK-8292297: Fix up loading of override java.security properties file
- JDK-8292443: Weak CAS VarHandle/Unsafe tests should test always-failing cases
- JDK-8293180: JQuery UI license file not updated
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
- JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake"
- JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG
- JDK-8295737: macOS: Print content cut off when width > height with portrait orientation
- JDK-8295894: Remove SECOM certificate that is expiring in September 2023
- JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM
- JDK-8297437: javadoc cannot link to old docs (with old style anchors)
- JDK-8297523: Various GetPrimitiveArrayCritical miss result - NULL check
- JDK-8297587: Upgrade JLine to 3.22.0
- JDK-8297681: Unnecessary color conversion during 4BYTE_ABGR_PRE to INT_ARGB_PRE blit
- JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception
- JDK-8297887: Update Siphash
- JDK-8297923: java.awt.ScrollPane broken after multiple scroll up/down
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
- JDK-8298921: Create a regression test for JDK-8139581
- JDK-8298974: Add ftcolor.c to imported freetype sources
- JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit
- JDK-8299658: C1 compilation crashes in LinearScan::resolve_exception_edge
- JDK-8299713: Test javax/swing/JTableHeader/6889007/bug6889007.java failed: Wrong type of cursor
- JDK-8300098: java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3
- JDK-8300659: Refactor TestMemoryAwareness to use WhiteBox api for host values
- JDK-8300751: [17u] Remove duplicate entry in javac.properties
- JDK-8301269: Update Commons BCEL to Version 6.7.0
- JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument
- JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit
- JDK-8301959: Compile command in compiler.loopopts.TestRemoveEmptyCountedLoop does not work
- JDK-8302161: Upgrade jQuery UI to version 1.13.2
- JDK-8302182: Update Public Suffix List to 88467c9
- JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling
- JDK-8303809: Dispose context in SPNEGO NegotiatorImpl
- JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed
- JDK-8304498: JShell does not switch to raw mode when there is no /bin/test
- JDK-8304867: Explicitly disable dtrace for ppc builds
- JDK-8305074: ProblemList javax/net/ssl/DTLS/RespondToRetransmit.java
- JDK-8305421: Work around JDK-8305420 in CDSJDITest.java
- JDK-8305763: Parsing a URI with an underscore goes through a silent exception, negatively impacting performance
- JDK-8305766: ProblemList runtime/CompressedOops/CompressedClassPointers.java
- JDK-8305950: Have -XshowSettings option display tzdata version
- JDK-8306133: Open source few AWT Drag & Drop related tests
- JDK-8306137: Open source several AWT ScrollPane related tests
- JDK-8306484: Open source several AWT Choice jtreg tests
- JDK-8306636: Disable compiler/c2/Test6905845.java with -XX:TieredStopAtLevel=3
- JDK-8306638: Open source some AWT tests related to datatransfer and Toolkit
- JDK-8306682: Open source a few more AWT Choice tests
- JDK-8306718: Optimize and opensource some old AWT tests
- JDK-8306954: Open source five Focus related tests
- JDK-8306955: Open source several JComboBox jtreg tests
- JDK-8307078: Opensource and clean up five more AWT Focus related tests
- JDK-8307080: Open source some more JComboBox jtreg tests
- JDK-8307128: Open source some drag and drop tests 4
- JDK-8307133: Open source some JTable jtreg tests
- JDK-8307135: java/awt/dnd/NotReallySerializableTest/NotReallySerializableTest.java failed
- JDK-8307301: Update HarfBuzz to 7.2.0
- JDK-8307569: Build with gcc8 is broken after JDK-8307301
- JDK-8307572: AArch64: Vector registers are clobbered by some macroassemblers
- JDK-8307603: [AIX] Broken build after JDK-8307301
- JDK-8307604: gcc12 based Alpine build broken build after JDK-8307301
- JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause
- JDK-8308156: VerifyCACerts.java misses blank in error output
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
- JDK-8309108: Bump update version for OpenJDK: jdk-11.0.21
- JDK-8309138: Fix container tests for jdks with symlinked conf dir
- JDK-8310054: ScrollPane insets are incorrect
- JDK-8310176: JDK 11 G1 crash during full GC with +UseStringDeduplication
- JDK-8310620: [11u] Problemlist failing aot tests on macos x64
- JDK-8311033: [macos] PrinterJob does not take into account Sides attribute
- JDK-8311689: Wrong visible amount in Adjustable of ScrollPane
- JDK-8312138: jcmd VM.metaspace vslist has no newline character before the Class: label.
- JDK-8312555: Ideographic characters aren't stretched by AffineTransform.scale(2, 1)
- JDK-8313159: [11u] Fix test SSLEngineKeyLimit.java after Merge error
- JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)
- JDK-8313796: AsyncGetCallTrace crash on unreadable interpreter method pointer
- JDK-8313803: [11u] Exclude jdk/jfr/event/sampling/TestStackFrameLineNumbers.java
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8314086: [11u] A typo in the fix for JDK-8312462 is causing test failure in ChildAlwaysOnTopTest.java
- JDK-8314950: CMS may miss NMT tag after mark stack expansion
- JDK-8314960: Add Certigna Root CA - 2
- JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack()
- JDK-8315529: [11u] Exclude some failing Z-GC tests
- JDK-8317040: Exclude cleaner test failing on older releases
- JDK-8317644: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.21
Notes on individual issues:
===========================
security-libs/javax.net.ssl:
JDK-8301700: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit
===================================================================================================
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman
keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and
either the client or server does not support FFDHE.
The JDK TLS implementation supports FFDHE, which can negotiate a
stronger keysize, and this is enabled by default.
As a workaround, users can revert to the previous key size by setting
the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own
risk).
This change does not affect TLS 1.3 as the minimum DH group size is
already 2048 bits.
JDK-8168261: Use Server Cipher Suites Preference by Default
===========================================================
The SunJSSE provider has been updated to use the local server-side
cipher suite preferences by default. Previously, the server would use
the preferences specified by the connecting client. To revert to the
previous behaviour, use `SSLParameters.setUseCipherSuitesOrder(false)`
on the server side.
security-libs/javax.crypto:
JDK-8023980: JDK Now Accepts RSA Keys in PKCS#1 Format
======================================================
RSA private and public keys in PKCS#1 format can now be accepted by
JDK providers, such as the RSA `KeyFactory.impl` from the SunRsaSign
provider. The RSA private or public key object should have the PKCS#1
format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA
private key and public key.
security-libs/javax.security:
JDK-8242330: Arrays should be cloned in several JAAS Callback classes
=====================================================================
In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays
were not cloned when passed into a constructor or returned. This
allowed an external program to get access to the internal fields of
these classes. The classes have been updated to return cloned arrays.
tools/launcher:
JDK-8305950: `-XshowSettings:locale` Output Now Includes Tzdata Version
=======================================================================
The `-XshowSettings` launcher option has been enhanced to print the
tzdata version used by the JDK. The tzdata version is displayed as
part of the `locale` showSettings option.
Example output using `-X:showSettings:locale`:
Locale settings:
default locale = English
default display locale = English
default format locale = English
tzdata version = 2023c
security-libs/java.security:
JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
==================================================================
The following root certificate from SECOM Trust System has been
removed from the `cacerts` keystore:
Alias Name: secomscrootca1 [jdk]
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
JDK-8314960: Added Certigna Root CA Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
JDK-8155246: Throw Error If Default java.security File Fails to Load
====================================================================
A hardcoded set of security properties was used in previous releases
when the `java.security` file could not be loaded. This set of
properties were poorly maintained and it was not obvious to the user
that they were being utilised. This release instead throws an
`InternalError` if the `java.security` file can not be loaded.
New in release OpenJDK 11.0.20.1 (2023-08-24):
==============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk110201
* Other changes
- JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)
- JDK-8314678: Bump update version for OpenJDK: jdk-11.0.20.1
New in release OpenJDK 11.0.20 (2023-07-18):
=============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11020
* CVEs
- CVE-2023-22006
- CVE-2023-22036
- CVE-2023-22041
- CVE-2023-22044
- CVE-2023-22045
- CVE-2023-22049
- CVE-2023-25193
* Security fixes
- JDK-8298676: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
* Other changes
- JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed
- JDK-8178806: Better exception logging in crypto code
- JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out
- JDK-8209167: Use CLDR's time zone mappings for Windows
- JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx
- JDK-8209880: tzdb.dat is not reproducibly built
- JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails
- JDK-8214459: NSS source should be removed
- JDK-8214807: Improve handling of very old class files
- JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests
- JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded
- JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError
- JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException
- JDK-8243936: NonWriteable system properties are actually writeable
- JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider
- JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters
- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates
- JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence
- JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation
- JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer
- JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer
- JDK-8265486: ProblemList javax/sound/midi/Sequencer/Recording.java on macosx-aarch64
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
- JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input?
- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
- JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression
- JDK-8275721: Name of UTC timezone in a locale changes depending on previous code
- JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit)
- JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary
- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905
- JDK-8278434: timeouts in test java/time/test/java/time/format/TestZoneTextPrinterParser.java
- JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption
- JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error
- JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test
- JDK-8282467: add extra diagnostics for JDK-8268184
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
- JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2
- JDK-8285497: Add system property for Java SE specification maintenance version
- JDK-8286398: Address possibly lossy conversions in jdk.internal.le
- JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code
- JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider
- JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable
- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected
- JDK-8293232: Fix race condition in pkcs11 SessionManager
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
- JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316
- JDK-8294906: Memory leak in PKCS11 NSS TLS server
- JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames
- JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not
- JDK-8297000: [jib] Add more friendly warning for proxy issues
- JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter
- JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
- JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE
- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument
- JDK-8300205: Swing test bug8078268 make latch timeout configurable
- JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550
- JDK-8301119: Support for GB18030-2022
- JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns
- JDK-8301401: Allow additional characters for GB18030-2022 support
- JDK-8302151: BMPImageReader throws an exception reading BMP images
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
- JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN
- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
- JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20
- JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id
- JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates
- JDK-8303476: Add the runtime version in the release file of a JDK image
- JDK-8303482: Update LCMS to 2.15
- JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi
- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
- JDK-8303822: gtestMain should give more helpful output
- JDK-8303861: Error handling step timeouts should never be blocked by OnError and others
- JDK-8303937: Corrupted heap dumps due to missing retries for os::write()
- JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype
- JDK-8304291: [AIX] Broken build after JDK-8301998
- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
- JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8305113: (tz) Update Timezone Data to 2023c
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM
- JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2
- JDK-8305711: Arm: C2 always enters slowpath for monitorexit
- JDK-8305721: add `make compile-commands` artifacts to .gitignore
- JDK-8305975: Add TWCA Global Root CA
- JDK-8306543: GHA: MSVC installation is failing
- JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed
- JDK-8306664: GHA: Update MSVC version to latest stepping
- JDK-8306768: CodeCache Analytics reports wrong threshold
- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
- JDK-8307134: Add GTS root CAs
- JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861
- JDK-8308006: Missing NMT memory tagging in CMS
- JDK-8308884: [17u/11u] Backout JDK-8297951
- JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently
Notes on individual issues:
===========================
hotspot/compiler:
JDK-8308884: GregorianCalender.computeTime() JVM Crash
======================================================
A virtual machine crash was observed in JDK 11.0.19 when executing the
`GregorianCalender.computeTime()` method (JDK-8307683). It was found
that although the root cause of the crash is an old issue, a recent
fix for a rare issue in the C2 compiler (JDK-8297951) made the crash
much more likely. To mitigate this, the fix has been reverted in JDK
11.0.20 and will be reapplied once JDK-8307683 is resolved.
core-libs/java.lang:
JDK-8301401: Allow additional characters for GB18030-2022 support
=================================================================
In order to support "Implementation Level 1" of the GB18030-2022
standard, the JDK must be able to use five additional characters
beyond Unicode 10, upon which JDK 11 is based. The addition of these
characters forms Maintenance Release 2 of the Java SE 11
specification, which is implemented in this release of OpenJDK.
The additional characters are as follows:
* 0x82359632 U+9FEB
* 0x82359633 U+9FEC
* 0x82359634 U+9FED
* 0x82359635 U+9FEE
* 0x82359636 U+9FEF
core-libs/java.nio.charsets:
JDK-8301119: Support for GB18030-2022
=====================================
The China National Standard body (CESI) recently published
GB18030-2022 as an update to the GB18030 standard, synchronising the
character set with Unicode 11.0. This updated version of GB18030 is
now the default GB18030 character set used in this release of
OpenJDK. However, this updated character set contains incompatible
changes compared with GB18030-2000, which was used in previous
releases of OpenJDK 11. To use the previous version of the character
set, the new system property `jdk.charset.GB18030` should be set to
`2000`.
core-libs/java.util.jar:
JDK-8300596: Enhance Jar Signature validation
=============================================
A System property "jdk.jar.maxSignatureFileSize" is introduced to
configure the maximum number of bytes allowed for the
signature-related files in a JAR file during verification. The default
value is 8000000 bytes (8 MB).
JDK-8302483: Enhance ZIP performance
====================================
This release of OpenJDK includes stronger checks on the Zip64 fields
of zip files. In the event that these checks cause failures on trusted
zip files, the checks can be disabled by setting the new system
property, `jdk.util.zip.disableZip64ExtraFieldValidation` to `true`.
tools/javadoc:
JDK-8259530: Legal Headers for Generated Files
==============================================
The javadoc tool has been enhanced to allow the inclusion of legal
files which pertain to the licensing of the files generated by the
Standard Doclet. The new command-line option, `--legal-notices`, can
be used to configure this behaviour as appropriate.
security-libs/java.security:
JDK-8307134: Added 4 GTS Root CA Certificates
=============================================
The following root certificates have been added to the cacerts
truststore:
Name: Google Trust Services LLC
Alias Name: gtsrootcar1
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar2
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar3
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar4
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
=====================================================================
The following root certificates has been added to the cacerts
truststore:
Name: Microsoft Corporation
Alias Name: microsoftecc2017
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
Name: Microsoft Corporation
Alias Name: microsoftrsa2017
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
JDK-8305975: Added TWCA Root CA Certificate
===========================================
The following root certificate has been added to the cacerts
truststore:
Name: TWCA
Alias Name: twcaglobalrootca
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
JDK-8303465: Enhance Contents (Trusted Certificate Entries) of macOS KeychainStore
==================================================================================
Recent changes to the MacOS KeychainStore implementation were
incomplete and only considered certificates within the user domain.
With this release, the implementation exposes certificates from both
the user and admin domain, and will exclude those certificates that
include a "deny" entry in their trust settings.
New in release OpenJDK 11.0.19 (2023-04-18):
=============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11019
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
* Other changes
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
- JDK-8035787: SourcePositions are wrong for Strings concatenated with '+' operator
- JDK-8065097: [macosx] javax/swing/Popup/TaskbarPositionTest.java fails because Popup is one pixel off
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
- JDK-8129315: java/net/Socket/LingerTest.java and java/net/Socket/ShutdownBoth.java timeout intermittently
- JDK-8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
- JDK-8170705: sun/net/www/protocol/http/StackTraceTest.java fails intermittently with Invalid Http response
- JDK-8171405: java/net/URLConnection/ResendPostBody.java failed with "Error while cleaning up threads after test"
- JDK-8179317: [TESTBUG] rewrite runtime shell tests in java
- JDK-8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
- JDK-8195057: java/util/concurrent/CountDownLatch/Basic.java failed w/ Xcomp
- JDK-8195716: BootstrapLoggerTest : Executor still alive
- JDK-8202621: bad test with broken links needs to be updated
- JDK-8207248: Reduce incidence of compiler.warn.source.no.bootclasspath in javac tests
- JDK-8208077: File.listRoots performance degradation
- JDK-8209023: fix 2 compiler tests to avoid JDK-8208690
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
- JDK-8209774: Refactor shell test javax/xml/jaxp/common/8035437/run.sh to java
- JDK-8209935: Test to cover CodeSource.getCodeSigners()
- JDK-8210373: Deadlock in libj2gss.so when loading "j2gss" and "net" libraries in parallel.
- JDK-8212165: JGSS: Fix cut/paste error in NativeUtil.c
- JDK-8212216: JGSS: Fix leak in exception cases in getJavaOID()
- JDK-8213130: Update ProblemList after verification of jtreg tests in Win 7
- JDK-8213265: fix missing newlines at end of files
- JDK-8213932: [TESTBUG] assertEquals is invoked with the arguments in the wrong order
- JDK-8214445: [test] java/net/URL/HandlerLoop has illegal reflective access
- JDK-8215372: test/jdk/java/nio/file/DirectoryStream/Basic.java not correct when using a glob
- JDK-8215759: [test] java/math/BigInteger/ModPow.java can throw an ArithmeticException
- JDK-8217353: java/util/logging/LogManager/Configuration/updateConfiguration/HandlersOnComplexResetUpdate.java fails with Unexpected reference: java.lang.ref.WeakReference
- JDK-8217730: Split up MakeBase.gmk
- JDK-8218133: sun/net/www/protocol/http/ProtocolRedirect.java failed with "java.net.ConnectException"
- JDK-8218431: Improved platform checking in makefiles
- JDK-8218460: Test generation scripts do not invoke stream preprocessor correctly
- JDK-8221098: Run java/net/URL/HandlerLoop.java in othervm mode
- JDK-8221168: java/util/concurrent/CountDownLatch/Basic.java fails
- JDK-8221351: Crash in KlassFactory::check_shared_class_file_load_hook
- JDK-8221621: FindTests.gmk cannot handle "=" in TEST.groups comments
- JDK-8222430: Add tests for ElementKind predicates
- JDK-8223463: Replace wildcard address with loopback or local host in tests - part 2
- JDK-8223716: sun/net/www/http/HttpClient/MultiThreadTest.java should be more resilient to unexpected traffic
- JDK-8223736: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails due to wrong number of MonitorContendedEntered events
- JDK-8224024: java/util/concurrent/BlockingQueue/DrainToFails.java testBounded fails intermittently
- JDK-8225648: [TESTBUG] java/lang/annotation/loaderLeak/Main.java fails with -Xcomp
- JDK-8226595: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java still fails due to wrong number of MonitorContendedEntered events
- JDK-8226917: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails on jvmti->InterruptThread (JVMTI_ERROR_THREAD_NOT_ALIVE)
- JDK-8227422: sun/net/www/protocol/file/DirPermissionDenied.java failed on Windows 2016 because DirPermissionDenied directory has no read permission
- JDK-8230374: maxOutputSize, instead of javatest.maxOutputSize, should be used in TEST.properties
- JDK-8230731: SA tests fail with "Windbg Error: ReadVirtual failed"
- JDK-8231595: [TEST] develop a test case for SuspendThreadList including current thread
- JDK-8233462: serviceability/tmtools/jstat tests times out with -Xcomp
- JDK-8235448: code cleanup in SSLContextImpl.java
- JDK-8238936: The crash in XRobotPeer when the custom GraphicsDevice is used
- JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out after 8 minutes
- JDK-8241806: The sun/awt/shell/FileSystemViewMemoryLeak.java is unstable
- JDK-8244592: Start supporting SOURCE_DATE_EPOCH
- JDK-8245245: WebSocket can lose the URL encoding of URI query parameters
- JDK-8245654: Add Certigna Root CA
- JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
- JDK-8248306: gc/stress/gclocker/TestExcessGCLockerCollections.java does not compile
- JDK-8249691: jdk/lambda/vm/StrictfpDefault.java file can be removed
- JDK-8252401: Introduce Utils.TEST_NATIVE_PATH
- JDK-8252532: use Utils.TEST_NATIVE_PATH instead of System.getProperty("test.nativepath")
- JDK-8252715: Problem list java/awt/event/KeyEvent/KeyTyped/CtrlASCII.java on Linux
- JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed with "RuntimeException: Unexpected log output:"
- JDK-8255710: Opensource unit/regression tests for CMM
- JDK-8256110: Create implementation for NSAccessibilityStepper protocol
- JDK-8256111: Create implementation for NSAccessibilityStaticText protocol
- JDK-8256126: Create implementation for NSAccessibilityImage protocol peer
- JDK-8256240: Reproducible builds should turn on the "deterministic" flag for Visual Studio
- JDK-8256934: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
- JDK-8257928: Test image build failure with clang-10 due to -Wmisleading-indentation
- JDK-8258005: JDK build fails with incorrect fixpath script
- JDK-8259265: Refactor UncaughtExceptions shell test as java test.
- JDK-8259267: Refactor LoaderLeak shell test as java test.
- JDK-8260576: Typo in compiler/runtime/safepoints/TestRegisterRestoring.java
- JDK-8261270: MakeMethodNotCompilableTest fails with -XX:TieredStopAtLevel={1,2,3}
- JDK-8261279: sun/util/resources/cldr/TimeZoneNamesTest.java timed out
- JDK-8261350: Create implementation for NSAccessibilityCheckBox protocol peer
- JDK-8261351: Create implementation for NSAccessibilityRadioButton protocol
- JDK-8261352: Create implementation for component peer for all the components who should be ignored in a11y interactions
- JDK-8262060: compiler/whitebox/BlockingCompilation.java timed out
- JDK-8264200: java/nio/channels/DatagramChannel/SRTest.java fails intermittently
- JDK-8264299: Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles
- JDK-8264512: jdk/test/jdk/java/util/prefs/ExportNode.java relies on default platform encoding
- JDK-8266974: duplicate property key in java.sql.rowset resource bundle
- JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02
- JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction
- JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -XX:TieredStopAtLevel=1
- JDK-8271506: Add ResourceHashtable support for deleting selected entries
- JDK-8272985: Reference discovery is confused about atomicity and degree of parallelism
- JDK-8273497: building.md should link to both md and html
- JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should test for CPU feature explicitly
- JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3
- JDK-8274939: Incorrect size of the pixel storage is used by the robot on macOS
- JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64
- JDK-8277351: ProblemList runtime/jni/checked/TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64
- JDK-8279614: The left line of the TitledBorder is not painted on 150 scale factor
- JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC
- JDK-8279941: sun/security/pkcs11/Signature/TestDSAKeyLength.java fails when NSS version detection fails
- JDK-8280048: Missing comma in copyright header
- JDK-8280391: NMT: Correct NMT tag on CollectedHeap
- JDK-8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
- JDK-8280896: java/nio/file/Files/probeContentType/Basic.java fails on Windows 11
- JDK-8281262: Windows builds in different directories are not fully reproducible
- JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java to stop HttpServer cleanly in case of exceptions
- JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
- JDK-8282958: Rendering Issues with Borders on Windows High-DPI systems
- JDK-8283606: Tests may fail with zh locale on MacOS
- JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/thread001 failed due to SocketTimeoutException
- JDK-8283719: java/util/logging/CheckZombieLockTest.java failing intermittently
- JDK-8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de
- JDK-8284023: java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
- JDK-8284165: Add pid to process reaper thread name
- JDK-8285093: Introduce UTIL_ARG_WITH
- JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432
- JDK-8285690: CloneableReference subtest should not throw CloneNotSupportedException
- JDK-8285755: JDK-8285093 changed the default for --with-output-sync
- JDK-8285835: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work
- JDK-8285919: Remove debug printout from JDK-8285093
- JDK-8286030: Avoid JVM crash when containers share the same /tmp dir
- JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too strong
- JDK-8286962: java/net/httpclient/ServerCloseTest.java failed once with ConnectException
- JDK-8287011: Improve container information
- JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08
- JDK-8287906: Rewrite of GitHub Actions (GHA) sanity tests
- JDK-8288332: Tier1 validate-source fails after 8279614
- JDK-8288499: Restore cancel-in-progress in GHA
- JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
- JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
- JDK-8290899: java/lang/String/StringRepeat.java test requests too much heap on windows x86
- JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false
- JDK-8290964: C2 compilation fails with assert "non-reduction loop contains reduction nodes"
- JDK-8292863: assert(_print_inlining_stream->size() > 0) failed: missing inlining msg
- JDK-8292877: java/util/concurrent/atomic/Serial.java uses {Double,Long}Accumulator incorrectly
- JDK-8293550: Optionally add get-task-allow entitlement to macos binaries
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
- JDK-8293996: C2: fix and simplify IdealLoopTree::do_remove_empty_loop
- JDK-8294378: URLPermission constructor exception when using tr locale
- JDK-8294580: frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame
- JDK-8294705: Disable an assertion in test/jdk/java/util/DoubleStreamSums/CompensatedSums.java
- JDK-8294947: Use 64bit atomics in patch_verified_entry on x86_64
- JDK-8295116: C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead
- JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals"
- JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests
- JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
- JDK-8295685: Update Libpng to 1.6.38
- JDK-8295774: Write a test to verify List sends ItemEvent/ActionEvent
- JDK-8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver
- JDK-8295788: C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node"
- JDK-8296239: ISO 4217 Amendment 174 Update
- JDK-8296611: Problemlist several sun/security tests until JDK-8295343 is resolved
- JDK-8296619: Upgrade jQuery to 3.6.1
- JDK-8296675: Exclude linux-aarch64 in NSS tests
- JDK-8296878: Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters
- JDK-8296904: Improve handling of macos xcode toolchain
- JDK-8296912: C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1
- JDK-8296924: C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address
- JDK-8297088: Update LCMS to 2.14
- JDK-8297257: Bump update version for OpenJDK: jdk-11.0.19
- JDK-8297264: C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top
- JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses result - NULL check
- JDK-8297489: Modify TextAreaTextEventTest.java as to verify the content change of TextComponent sends TextEvent
- JDK-8297569: URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
- JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication
- JDK-8297963: Partially fix string expansion issues in UTIL_DEFUN_NAMED and related macros
- JDK-8298027: Remove SCCS id's from awt jtreg tests
- JDK-8298073: gc/metaspace/CompressedClassSpaceSizeInJmapHeap.java causes test task timeout on macosx
- JDK-8298093: improve cleanup and error handling of awt_parseColorModel in awt_parseImage.c
- JDK-8298108: Add a regression test for JDK-8297684
- JDK-8298129: Let checkpoint event sizes grow beyond u4 limit
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
- JDK-8298459: Fix msys2 linking and handling out of tree build directory for source zip creation
- JDK-8298527: Cygwin's uname -m returns different string than before
- JDK-8298588: WebSockets: HandshakeUrlEncodingTest unnecessarily depends on a response body
- JDK-8299194: CustomTzIDCheckDST.java may fail at future date
- JDK-8299296: Write a test to verify the components selection sends ItemEvent
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8299520: TestPrintXML.java output error messages in case compare fails
- JDK-8299596: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.19
- JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
- JDK-8299789: Compilation of gtest causes build to fail if runtime libraries are in different dirs
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
- JDK-8300424: [11u] Chunk lost in backport of 8297569
- JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
- JDK-8300742: jstat's CGCT is 5 percent higher than the pause time in -Xlog:gc.
- JDK-8300773: Address the inconsistency between the constant array and pool size
- JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build JDK 11.0.18
- JDK-8301760: Fix possible leak in SpNegoContext dispose
- JDK-8301842: JFR: increase checkpoint event size for stacktrace and string pool
- JDK-8302000: [11u] A subtle race condition during jdk11u build
- JDK-8302657: [11u] Add missing '(' in makefile after backport of 8218431
- JDK-8302694: [11u] Update GHA Boot JDK to 11.0.18
- JDK-8302903: [11u] Add modified test snippet after backport of JDK-8221871
- JDK-8303075: [11u] Add CompileClassWithDebugTest to ProblemList for 8303074
- JDK-8304389: [11u] Crash on Windows in C2 compiled code after 8248238 and 8218431
Notes on individual issues:
===========================
client-libs/javax.swing:
JDK-8296832: Improve Swing platform support
===========================================
Earlier OpenJDK releases would always render HTML object tags embedded in
Swing HTML components. With this release, rendering only occurs when the
new system property "swing.html.object" is set to true. By default, it
is set to false.
security-libs/javax.net.ssl:
JDK-8190492: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols
============================================================================
SSLv2Hello and SSLv3 are versions of the SSL protocol that have not
been considered secure for some time and are already disabled by
default. They have been superseded by the more secure and modern TLS
protocol, and users are recommended to switch to TLS 1.2 or 1.3.
With this release, SSLv2Hello and SSLv3 are now also removed from the
list of default enabled protocols. This means that, even if SSLv3 is
removed from the `jdk.tls.disabledAlgorithms` security property, it
will still not be returned by the following methods:
* SSLServerSocket.getEnabledProtocols()
* SSLEngine.getEnabledProtocols()
* SSLParameters.getProtocols()
To enable SSLv3, it is now necessary to use the
`jdk.tls.client.protocols` or `jdk.tls.server.protocols` system
properties on the command line, or call one of the following methods
to enable them programatically:
* SSLSocket.setEnabledProtocols()
* SSLServerSocket.setEnabledProtocols()
* SSLEngine.setEnabledProtocols()
security-libs/java.security:
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
==========================================================
The following root certificate has been added to the cacerts truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
core-libs/java.io:
JDK-8208077: File::listRoots Changed To Return All Available Drives On Windows
==============================================================================
The `java.io.File.listRoots()` method on Windows systems filtered out disk
drives that could not be accessed or did not have media loaded. The
use of this filtering led to observable performance issues. This release
now returns all available disk drives, unfiltered.
New in release OpenJDK 11.0.18 (2023-01-17):
=============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11018
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html
* CVEs
- CVE-2023-21835
- CVE-2023-21843
* Security fixes
- JDK-8286070: Improve UTF8 representation
- JDK-8286496: Improve Thread labels
- JDK-8287411: Enhance DTLS performance
- JDK-8288516: Enhance font creation
- JDK-8289350: Better media supports
- JDK-8293554: Enhanced DH Key Exchanges
- JDK-8293598: Enhance InetAddress address handling
- JDK-8293717: Objective view of ObjectView
- JDK-8293734: Improve BMP image handling
- JDK-8293742: Better Banking of Sounds
- JDK-8295687: Better BMP bounds
* Other changes
- JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
- JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails
- JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
- JDK-8029633: Raw inner class constructor ref should not perform diamond inference
- JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails
- JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/RepaintTest.java fails
- JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
- JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
- JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java
- JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red.
- JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout
- JDK-8193942: Regression automated test '/open/test/jdk/javax/swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails
- JDK-8194126: Regression automated Test '/open/test/jdk/javax/swing/JColorChooser/Test7194184.java' fails
- JDK-8198343: Test java/awt/print/PrinterJob/TestPgfmtSetMPA.java may fail w/o printer
- JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied
- JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails
- JDK-8206125: [windows] cannot pass relative path to --with-boot-jdk
- JDK-8210047: some pages contain content outside of landmark region
- JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values
- JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch
- JDK-8213239: Configure cannot handle command overrides with arguments
- JDK-8215571: jdb does not include jdk.* in the default class filter
- JDK-8217032: Check pandoc capabilities in configure
- JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java
- JDK-8222251: preflow visitor is not visiting lambda expressions
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- JDK-8227179: Test for new gc+metaspace=info output format
- JDK-8227651: Tests fail with SSLProtocolException: Input record too big
- JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms
- JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs
- JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos
- JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS
- JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos
- JDK-8239708: Split basics.m4 into basic.m4 and util.m4
- JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
- JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts'
- JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts'
- JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests
- JDK-8244557: test/jdk/javax/swing/JTabbedPane/TestBackgroundScrollPolicy.java failed
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d
- JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message
- JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing
- JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode
- JDK-8255439: System Tray icons get corrupted when Windows scaling changes
- JDK-8256109: Create implementation for NSAccessibilityButton protocol
- JDK-8257679: Improved unix compatibility layer in Windows build (winenv)
- JDK-8257722: Improve "keytool -printcert -jarfile" output
- JDK-8258005: JDK build fails with incorrect fixpath script
- JDK-8259485: Document need for short paths when building on Windows
- JDK-8260272: bash configure --prefix does not work after JDK-8257679
- JDK-8261336: IGV: enhance default filters
- JDK-8261445: Use memory_order_relaxed for os::random().
- JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize
- JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java
- JDK-8263871: On sem_destroy() failing we should assert
- JDK-8264593: debug.cpp utilities should be available in product builds.
- JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class
- JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint
- JDK-8266967: debug.cpp utility find() should print Java Object fields.
- JDK-8268361: Fix the infinite loop in next_line
- JDK-8268860: Windows-Aarch64 build is failing in GitHub actions
- JDK-8268893: jcmd to trim the glibc heap
- JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs
- JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field
- JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64
- JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
- JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
- JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12
- JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction
- JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java
- JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI
- JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS
- JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java
- JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
- JDK-8274597: Some of the dnd tests time out and fail intermittently
- JDK-8275170: Some jtreg sound tests should be marked with sound keyword
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- JDK-8276841: Add support for Visual Studio 2022
- JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points
- JDK-8277497: Last column cell in the JTable row is read as empty cell
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
- JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore
- JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
- JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u
- JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound
- JDK-8280863: Update build README to reflect that MSYS2 is supported
- JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
- JDK-8280948: Write a regression test for JDK-4659800
- JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
- JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
- JDK-8281296: Create a regression test for JDK-4515999
- JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
- JDK-8282046: Create a regression test for JDK-8000326
- JDK-8282276: Problem list failing two Robot Screen Capture tests
- JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access
- JDK-8282345: handle latest VS2022 in abstract_vm_version
- JDK-8282402: Create a regression test for JDK-4666101
- JDK-8282640: Create a test for JDK-4740761
- JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1
- JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
- JDK-8282777: Create a Regression test for JDK-4515031
- JDK-8282778: Create a regression test for JDK-4699544
- JDK-8282857: Create a regression test for JDK-4702690
- JDK-8282936: Write a regression test for JDK-4615365
- JDK-8282937: Write a regression test for JDK-4820080
- JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup
- JDK-8283422: Create a new test for JDK-8254790
- JDK-8284294: Create an automated regression test for RFE 4138746
- JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph
- JDK-8284521: Write an automated regression test for RFE 4371575
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X
- JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- JDK-8285305: Create an automated test for JDK-4495286
- JDK-8285373: Create an automated test for JDK-4702233
- JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)"
- JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/PrintARGBImage.java manual test
- JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox
- JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment
- JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server"
- JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine