|
|
59c63c |
Key:
|
|
|
59c63c |
|
|
|
59c63c |
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
|
|
59c63c |
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
|
|
59c63c |
|
|
|
59c63c |
New in release OpenJDK 8u252 (2020-04-14):
|
|
|
59c63c |
===========================================
|
|
|
59c63c |
Live versions of these release notes can be found at:
|
|
|
59c63c |
* https://bitly.com/oj8u252
|
|
|
59c63c |
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
|
|
|
59c63c |
|
|
|
59c63c |
* Security fixes
|
|
|
59c63c |
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
|
|
|
59c63c |
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
|
|
|
59c63c |
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
|
|
|
59c63c |
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
|
|
|
59c63c |
- JDK-8225603: Enhancement for big integers
|
|
|
59c63c |
- JDK-8227542: Manifest improved jar headers
|
|
|
59c63c |
- JDK-8231415, CVE-2020-2773: Better signatures in XML
|
|
|
59c63c |
- JDK-8233250: Better X11 rendering
|
|
|
59c63c |
- JDK-8233410: Better Build Scripting
|
|
|
59c63c |
- JDK-8234027: Better JCEKS key support
|
|
|
59c63c |
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
|
|
|
59c63c |
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
|
|
|
59c63c |
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
|
|
|
59c63c |
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
|
|
|
59c63c |
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
|
|
|
59c63c |
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
|
|
|
59c63c |
* Other changes
|
|
|
59c63c |
- JDK-8005819: Support cross-realm MSSFU
|
|
|
59c63c |
- JDK-8022263: use same Clang warnings on BSD as on Linux
|
|
|
59c63c |
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
|
|
|
59c63c |
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
|
|
|
59c63c |
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
|
|
|
59c63c |
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
|
|
|
59c63c |
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
|
|
|
59c63c |
- JDK-8132130: some docs cleanup
|
|
|
59c63c |
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
|
|
|
59c63c |
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
|
|
|
59c63c |
- JDK-8144446: Automate the Marlin crash test
|
|
|
59c63c |
- JDK-8144526: Remove Marlin logging use of deleted internal API
|
|
|
59c63c |
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
|
|
|
59c63c |
- JDK-8144654: Improve Marlin logging
|
|
|
59c63c |
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
|
|
|
59c63c |
- JDK-8166976: TestCipherPBECons has wrong @run line
|
|
|
59c63c |
- JDK-8167409: Invalid value passed to critical JNI function
|
|
|
59c63c |
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
|
|
|
59c63c |
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
|
|
|
59c63c |
- JDK-8191227: issues with unsafe handle resolution
|
|
|
59c63c |
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
|
|
|
59c63c |
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
|
|
|
59c63c |
- JDK-8215756: Memory leaks in the AWT on macOS
|
|
|
59c63c |
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
|
|
|
59c63c |
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
|
|
|
59c63c |
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
|
|
|
59c63c |
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
|
|
|
59c63c |
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
|
|
|
59c63c |
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder
|
|
|
59c63c |
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
|
|
|
59c63c |
- JDK-8229872: (fs) Increase buffer size used with getmntent
|
|
|
59c63c |
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
|
|
|
59c63c |
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
|
|
|
59c63c |
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
|
|
|
59c63c |
- JDK-8235904: Infinite loop when rendering huge lines
|
|
|
59c63c |
- JDK-8236179: C1 register allocation error with T_ADDRESS
|
|
|
59c63c |
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
|
|
|
59c63c |
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
|
|
|
59c63c |
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
|
|
|
59c63c |
- JDK-8241307: Marlin renderer should not be the default in 8u252
|
|
|
59c63c |
|
|
|
59c63c |
Notes on individual issues:
|
|
|
59c63c |
===========================
|
|
|
59c63c |
|
|
|
59c63c |
hotspot/svc:
|
|
|
59c63c |
|
|
|
59c63c |
JDK-8174881: Binary format for HPROF updated
|
|
|
59c63c |
============================================
|
|
|
59c63c |
|
|
|
59c63c |
When dumping the heap in binary format, HPROF format 1.0.2 is always
|
|
|
59c63c |
used now. Previously, format 1.0.1 was used for heaps smaller than
|
|
|
59c63c |
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
|
|
|
59c63c |
serviceability agent.
|
|
|
59c63c |
|
|
|
59c63c |
security-libs/java.security:
|
|
|
59c63c |
|
|
|
59c63c |
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
|
|
|
59c63c |
====================================================================================
|
|
|
59c63c |
|
|
|
59c63c |
The SunRsaSign and SunJCE providers have been enhanced with support
|
|
|
59c63c |
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
|
|
|
59c63c |
signature and OAEP using FIPS 180-4 digest algorithms. New
|
|
|
59c63c |
constructors and methods have been added to relevant JCA/JCE classes
|
|
|
59c63c |
under the `java.security.spec` and `javax.crypto.spec` packages for
|
|
|
59c63c |
supporting additional RSASSA-PSS parameters.
|
|
|
59c63c |
|
|
|
59c63c |
security-libs/javax.crypto:
|
|
|
59c63c |
|
|
|
59c63c |
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
|
|
|
59c63c |
============================================================
|
|
|
59c63c |
|
|
|
59c63c |
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
|
|
|
59c63c |
|
|
|
59c63c |
security-libs/javax.security:
|
|
|
59c63c |
|
|
|
59c63c |
JDK-8227564: Allow SASL Mechanisms to Be Restricted
|
|
|
59c63c |
===================================================
|
|
|
59c63c |
|
|
|
59c63c |
A security property named `jdk.sasl.disabledMechanisms` has been added
|
|
|
59c63c |
that can be used to disable SASL mechanisms. Any disabled mechanism
|
|
|
59c63c |
will be ignored if it is specified in the `mechanisms` argument of
|
|
|
59c63c |
`Sasl.createSaslClient` or the `mechanism` argument of
|
|
|
59c63c |
`Sasl.createSaslServer`. The default value for this security property
|
|
|
59c63c |
is empty, which means that no mechanisms are disabled out-of-the-box.
|