d92b92
Key:
d92b92
d92b92
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
d92b92
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
d92b92
fad0a1
New in release OpenJDK 8u272 (2020-10-20):
fad0a1
===========================================
fad0a1
Live versions of these release notes can be found at:
fad0a1
  * https://bitly.com/openjdk8u272
fad0a1
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
fad0a1
fad0a1
* New features
fad0a1
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
fad0a1
* Security fixes
fad0a1
  - JDK-8233624: Enhance JNI linkage
fad0a1
  - JDK-8236196: Improve string pooling
fad0a1
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
fad0a1
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
fad0a1
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
fad0a1
  - JDK-8240124: Better VM Interning
fad0a1
  - JDK-8241114, CVE-2020-14792: Better range handling
fad0a1
  - JDK-8242680, CVE-2020-14796: Improved URI Support
fad0a1
  - JDK-8242685, CVE-2020-14797: Better Path Validation
fad0a1
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
fad0a1
  - JDK-8243302: Advanced class supports
fad0a1
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
fad0a1
  - JDK-8244479: Further constrain certificates
fad0a1
  - JDK-8244955: Additional Fix for JDK-8240124
fad0a1
  - JDK-8245407: Enhance zoning of times
fad0a1
  - JDK-8245412: Better class definitions
fad0a1
  - JDK-8245417: Improve certificate chain handling
fad0a1
  - JDK-8248574: Improve jpeg processing
fad0a1
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
fad0a1
  - JDK-8253019: Enhanced JPEG decoding
fad0a1
* Other changes
fad0a1
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
fad0a1
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
fad0a1
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
fad0a1
  - JDK-8025886: replace [[ and == bash extensions in regtest
fad0a1
  - JDK-8026236: Add PrimeTest for BigInteger
fad0a1
  - JDK-8031625: javadoc problems referencing inner class constructors
fad0a1
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
fad0a1
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
fad0a1
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
fad0a1
  - JDK-8046274: Removing dependency on jakarta-regexp
fad0a1
  - JDK-8048933: -XX:+TraceExceptions output should include the message
fad0a1
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
fad0a1
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
fad0a1
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
fad0a1
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
fad0a1
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
fad0a1
  - JDK-8075774: Small readability and performance improvements for zipfs
fad0a1
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
fad0a1
  - JDK-8078334: Mark regression tests using randomness
fad0a1
  - JDK-8078880: Mark a few more intermittently failuring security-libs
fad0a1
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
fad0a1
  - JDK-8132206: move ScanTest.java into OpenJDK
fad0a1
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
fad0a1
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
fad0a1
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
fad0a1
  - JDK-8144539: Update PKCS11 tests to run with security manager
fad0a1
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
fad0a1
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
fad0a1
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
fad0a1
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
fad0a1
  - JDK-8151788: NullPointerException from ntlm.Client.type3
fad0a1
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
fad0a1
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
fad0a1
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
fad0a1
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
fad0a1
  - JDK-8154313: Generated javadoc scattered all over the place
fad0a1
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
fad0a1
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
fad0a1
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
fad0a1
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
fad0a1
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
fad0a1
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
fad0a1
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
fad0a1
  - JDK-8167300: Scheduling failures during gcm should be fatal
fad0a1
  - JDK-8167615: Opensource unit/regression tests for JavaSound
fad0a1
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
fad0a1
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
fad0a1
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
fad0a1
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
fad0a1
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
fad0a1
  - JDK-8177628: Opensource unit/regression tests for ImageIO
fad0a1
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
fad0a1
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
fad0a1
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
fad0a1
  - JDK-8184762: ZapStackSegments should use optimized memset
fad0a1
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
fad0a1
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
fad0a1
  - JDK-8193137: Nashorn crashes when given an empty script file
fad0a1
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
fad0a1
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
fad0a1
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
fad0a1
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
fad0a1
  - JDK-8201633: Problems with AES-GCM native acceleration
fad0a1
  - JDK-8203357: Container Metrics
fad0a1
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
fad0a1
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
fad0a1
  - JDK-8211049: Second parameter of "initialize" method is not used
fad0a1
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
fad0a1
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
fad0a1
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
fad0a1
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
fad0a1
  - JDK-8217606: LdapContext#reconnect always opens a new connection
fad0a1
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
fad0a1
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
fad0a1
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
fad0a1
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
fad0a1
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
fad0a1
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
fad0a1
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
fad0a1
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
fad0a1
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
fad0a1
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
fad0a1
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
fad0a1
  - JDK-8224217: RecordingInfo should use textual representation of path
fad0a1
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
fad0a1
  - JDK-8226575: OperatingSystemMXBean should be made container aware
fad0a1
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
fad0a1
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
fad0a1
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
fad0a1
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
fad0a1
  - JDK-8230303: JDB hangs when running monitor command
fad0a1
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
fad0a1
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
fad0a1
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
fad0a1
  - JDK-8233097: Fontmetrics for large Fonts has zero width
fad0a1
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
fad0a1
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
fad0a1
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
fad0a1
  - JDK-8235325: build failure on Linux after 8235243
fad0a1
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
fad0a1
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
fad0a1
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
fad0a1
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
fad0a1
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
fad0a1
  - JDK-8238898: Missing hash characters for header on license file
fad0a1
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
fad0a1
  - JDK-8239819: XToolkit: Misread of screen information memory
fad0a1
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
fad0a1
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
fad0a1
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
fad0a1
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
fad0a1
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
fad0a1
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
fad0a1
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
fad0a1
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
fad0a1
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
fad0a1
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
fad0a1
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
fad0a1
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
fad0a1
  - JDK-8245469: Remove DTLS protocol implementation
fad0a1
  - JDK-8245470: Fix JDK8 compatibility issues
fad0a1
  - JDK-8245471: Revert JDK-8148188
fad0a1
  - JDK-8245472: Backport JDK-8038893 to JDK8
fad0a1
  - JDK-8245473: OCSP stapling support
fad0a1
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
fad0a1
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
fad0a1
  - JDK-8245477: Adjust TLS tests location
fad0a1
  - JDK-8245653: Remove 8u TLS tests
fad0a1
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
fad0a1
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
fad0a1
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
fad0a1
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
fad0a1
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
fad0a1
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
fad0a1
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
fad0a1
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
fad0a1
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
fad0a1
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
fad0a1
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
fad0a1
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
fad0a1
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
fad0a1
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
fad0a1
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
fad0a1
  - JDK-8251341: Minimal Java specification change
fad0a1
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
fad0a1
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
fad0a1
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
fad0a1
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
fad0a1
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
fad0a1
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
fad0a1
  - JDK-8254937: Revert JDK-8148854 for 8u272
fad0a1
fad0a1
Notes on individual issues:
fad0a1
===========================
fad0a1
fad0a1
core-svc/java.lang.management:
fad0a1
fad0a1
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
fad0a1
============================================================================================
fad0a1
When executing in a container, or other virtualized operating
fad0a1
environment, the following `OperatingSystemMXBean` methods in this
fad0a1
release return container specific information, if
fad0a1
available. Otherwise, they return host specific data:
fad0a1
fad0a1
* getFreePhysicalMemorySize()
fad0a1
* getTotalPhysicalMemorySize()
fad0a1
* getFreeSwapSpaceSize()
fad0a1
* getTotalSwapSpaceSize()
fad0a1
* getSystemCpuLoad()
fad0a1
fad0a1
security-libs/java.security:
fad0a1
fad0a1
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
fad0a1
========================================================================
fad0a1
The Entrust root certificate has been added to the cacerts truststore:
fad0a1
fad0a1
Alias Name: entrustrootcag4
fad0a1
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
fad0a1
fad0a1
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
fad0a1
=========================================================
fad0a1
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
fad0a1
fad0a1
Alias Name: sslrootrsaca
fad0a1
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
Alias Name: sslrootevrsaca
fad0a1
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
Alias Name: sslrooteccca
fad0a1
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
fad0a1
fad0a1
security-libs/javax.crypto:pkcs11:
fad0a1
fad0a1
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
fad0a1
=======================================================================
fad0a1
The SunPKCS11 provider has been updated with support for PKCS#11
fad0a1
v2.40. This version adds support for more algorithms such as the
fad0a1
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
fad0a1
digests, and RSASSA-PSS signatures when the corresponding PKCS11
fad0a1
mechanisms are supported by the underlying PKCS11 library.
fad0a1
fad0a1
security-libs/javax.security:
fad0a1
fad0a1
JDK-8242059: Support for canonicalize in krb5.conf
fad0a1
==================================================
fad0a1
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
fad0a1
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
fad0a1
canonicalization is requested by clients in TGT requests to KDC
fad0a1
services (AS protocol). Otherwise, and by default, it is not
fad0a1
requested.
fad0a1
fad0a1
The new default behavior is different from previous releases where
fad0a1
name canonicalization was always requested by clients in TGT requests
fad0a1
to KDC services (provided that support for RFC 6806[1] was not
fad0a1
explicitly disabled with the *sun.security.krb5.disableReferrals*
fad0a1
system or security properties).
fad0a1
fad0a1
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
fad0a1
[1]: https://tools.ietf.org/html/rfc6806
fad0a1
fad0a1
security-libs/javax.xml.crypto:
fad0a1
fad0a1
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
fad0a1
=====================================================================
fad0a1
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
fad0a1
fad0a1
New features include:
fad0a1
fad0a1
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
fad0a1
in RFC 6931.
fad0a1
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
fad0a1
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
fad0a1
fad0a1
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
fad0a1
============================================================================================================
fad0a1
The upgrade to the Apache Santuario libraries (see above) introduced
fad0a1
an issue where XML signature using Base64 encoding resulted in
fad0a1
appending `&#xd` or `&#13` to the encoded output. This behavioural
fad0a1
change was made in the Apache Santuario codebase to comply with RFC
fad0a1
2045. The Santuario team has adopted a position of keeping their
fad0a1
libraries compliant with RFC 2045.
fad0a1
fad0a1
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
fad0a1
data in a format without `&#xd` or `&#13`.
fad0a1
fad0a1
Therefore a new system property, specific to the 8 update stream,
fad0a1
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
fad0a1
available to fall back to the legacy Base64 encoded format.
fad0a1
fad0a1
Users can set this flag in one of two ways:
fad0a1
fad0a1
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
fad0a1
fad0a1
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
fad0a1
fad0a1
This new system property is disabled by default. It has no effect on
fad0a1
default behaviour nor when
fad0a1
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
fad0a1
is set.
fad0a1
fad0a1
Later JDK family versions will only support the recommended property:
fad0a1
fad0a1
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
fad0a1
fad0a1
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
fad0a1
====================================================================
fad0a1
Following JDK's update to tzdata2020b, the long-obsolete files
fad0a1
pacificnew and systemv have been removed. As a result, the
fad0a1
"US/Pacific-New" zone name declared in the pacificnew data file is no
fad0a1
longer available for use.
fad0a1
fad0a1
Information regarding the update can be viewed at
fad0a1
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
fad0a1
de9045
New in release OpenJDK 8u265 (2020-07-27):
de9045
===========================================
de9045
Live versions of these release notes can be found at:
de9045
  * https://bitly.com/openjdk8u265
de9045
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
de9045
de9045
* Bug fixes
de9045
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
de9045
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
de9045
0382ac
New in release OpenJDK 8u262 (2020-07-14):
0382ac
===========================================
0382ac
Live versions of these release notes can be found at:
0382ac
  * https://bitly.com/oj8u262
0382ac
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
0382ac
0382ac
* New features
0382ac
  - JDK-8223147: JFR Backport
0382ac
* Security fixes
0382ac
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
0382ac
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
0382ac
  - JDK-8230613: Better ASCII conversions
0382ac
  - JDK-8231800: Better listing of arrays
0382ac
  - JDK-8232014: Expand DTD support
0382ac
  - JDK-8233255: Better Swing Buttons
0382ac
  - JDK-8234032: Improve basic calendar services
0382ac
  - JDK-8234042: Better factory production of certificates
0382ac
  - JDK-8234418: Better parsing with CertificateFactory
0382ac
  - JDK-8234836: Improve serialization handling
0382ac
  - JDK-8236191: Enhance OID processing
0382ac
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
0382ac
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
0382ac
  - JDK-8238002, CVE-2020-14581: Better matrix operations
0382ac
  - JDK-8238804: Enhance key handling process
0382ac
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
0382ac
  - JDK-8238843: Enhanced font handing
0382ac
  - JDK-8238920, CVE-2020-14583: Better Buffer support
0382ac
  - JDK-8238925: Enhance WAV file playback
0382ac
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
0382ac
  - JDK-8240482: Improved WAV file playback
0382ac
  - JDK-8241379: Update JCEKS support
0382ac
  - JDK-8241522: Manifest improved jar headers redux
0382ac
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
0382ac
* Other changes
0382ac
  - JDK-4949105: Access Bridge lacks html tags parsing
0382ac
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
0382ac
  - JDK-8003209: JFR events for network utilization
0382ac
  - JDK-8030680: 292 cleanup from default method code assessment
0382ac
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
0382ac
  - JDK-8037866: Replace the Fun class in tests with lambdas
0382ac
  - JDK-8041626: Shutdown tracing event
0382ac
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
0382ac
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
0382ac
  - JDK-8076475: Misuses of strncpy/strncat
0382ac
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
0382ac
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
0382ac
  - JDK-8146612: C2: Precedence edges specification violated
0382ac
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
0382ac
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
0382ac
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
0382ac
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
0382ac
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
0382ac
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
0382ac
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
0382ac
  - JDK-8176182: 4 security tests are not run
0382ac
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
0382ac
  - JDK-8178910: Problemlist sample tests
0382ac
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
0382ac
  - JDK-8183925: Decouple crash protection from watcher thread
0382ac
  - JDK-8191393: Random crashes during cfree+0x1c
0382ac
  - JDK-8195817: JFR.stop should require name of recording
0382ac
  - JDK-8195818: JFR.start should increase autogenerated name by one
0382ac
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
0382ac
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
0382ac
  - JDK-8199712: Flight Recorder
0382ac
  - JDK-8202578: Revisit location for class unload events
0382ac
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
0382ac
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
0382ac
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
0382ac
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
0382ac
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
0382ac
  - JDK-8203929: Limit amount of data for JFR.dump
0382ac
  - JDK-8205516: JFR tool
0382ac
  - JDK-8207392: [PPC64] Implement JFR profiling
0382ac
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
0382ac
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
0382ac
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
0382ac
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
0382ac
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
0382ac
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
0382ac
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
0382ac
  - JDK-8213421: Line number information for execution samples always 0
0382ac
  - JDK-8213617: JFR should record the PID of the recorded process
0382ac
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
0382ac
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
0382ac
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
0382ac
  - JDK-8213966: The ZGC JFR events should be marked as experimental
0382ac
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
0382ac
  - JDK-8214750: Unnecessary 

tags in jfr classes

0382ac
  - JDK-8214896: JFR Tool left files behind
0382ac
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
0382ac
  - JDK-8214925: JFR tool fails to execute
0382ac
  - JDK-8215175: Inconsistencies in JFR event metadata
0382ac
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
0382ac
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
0382ac
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
0382ac
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
0382ac
  - JDK-8215771: The jfr tool should pretty print reference chains
0382ac
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
0382ac
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
0382ac
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
0382ac
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
0382ac
  - JDK-8216578: Remove unused/obsolete method in JFR code
0382ac
  - JDK-8216995: Clean up JFR command line processing
0382ac
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
0382ac
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
0382ac
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
0382ac
  - JDK-8220293: Deadlock in JFR string pool
0382ac
  - JDK-8223689: Add JFR Thread Sampling Support
0382ac
  - JDK-8223690: Add JFR BiasedLock Event Support
0382ac
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
0382ac
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
0382ac
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
0382ac
  - JDK-8224475: JTextPane does not show images in HTML rendering
0382ac
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
0382ac
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
0382ac
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
0382ac
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
0382ac
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
0382ac
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
0382ac
  - JDK-8227269: Slow class loading when running with JDWP
0382ac
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
0382ac
  - JDK-8229366: JFR backport allows unchecked writing to memory
0382ac
  - JDK-8229401: Fix JFR code cache test failures
0382ac
  - JDK-8229708: JFR backport code does not initialize
0382ac
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
0382ac
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
0382ac
  - JDK-8229899: Make java.io.File.isInvalid() less racy
0382ac
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
0382ac
  - JDK-8230597: Update GIFlib library to the 5.2.1
0382ac
  - JDK-8230707: JFR related tests are failing
0382ac
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
0382ac
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
0382ac
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
0382ac
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
0382ac
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
0382ac
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
0382ac
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
0382ac
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
0382ac
  - JDK-8233880: Support compilers with multi-digit major version numbers
0382ac
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
0382ac
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
0382ac
  - JDK-8236074: Missed package-info
0382ac
  - JDK-8236174: Should update javadoc since tags
0382ac
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
0382ac
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
0382ac
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
0382ac
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
0382ac
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
0382ac
  - JDK-8238590: Enable JFR by default during compilation in 8u
0382ac
  - JDK-8239055: Wrong implementation of VMState.hasListener
0382ac
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
0382ac
  - JDK-8239479: minimal1 and zero builds are failing
0382ac
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
0382ac
  - JDK-8239867: correct over use of INCLUDE_JFR macro
0382ac
  - JDK-8240375: Disable JFR by default for July 2020 release
0382ac
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
0382ac
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
0382ac
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
0382ac
  - JDK-8241750: x86_32 build failure after JDK-8227269
0382ac
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
0382ac
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
0382ac
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
0382ac
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
0382ac
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
0382ac
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
0382ac
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
0382ac
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
0382ac
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
0382ac
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
0382ac
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
0382ac
  - JDK-8244843: JapanEraNameCompatTest fails
0382ac
  - JDK-8245167: Top package in method profiling shows null in JMC
0382ac
  - JDK-8246223: Windows build fails after JDK-8227269
0382ac
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
0382ac
  - JDK-8248399: Build installs jfr binary when JFR is disabled
0382ac
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
0382ac
0382ac
Notes on individual issues:
0382ac
===========================
0382ac
0382ac
hotspot/jfr:
0382ac
0382ac
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
0382ac
=========================================================
0382ac
0382ac
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
0382ac
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
0382ac
0382ac
JFR is a low-overhead framework to collect and provide data helpful to
0382ac
troubleshoot the performance of the OpenJDK runtime and of Java
0382ac
applications. It consists of a new API to define custom events under
0382ac
the jdk.jfr namespace and a JMX interface to interact with the
0382ac
framework. The recording can also be initiated with the application
0382ac
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
0382ac
the +XX:EnableTracing feature introduced in JEP 167, providing a more
0382ac
efficient way to retrieve the same information. For compatibility
0382ac
reasons, +XX:EnableTracing is still accepted, however no data will be
0382ac
printed.
0382ac
0382ac
While JFR is not built by default upstream, it is included in Red Hat
0382ac
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
0382ac
0382ac
hotspot/runtime:
0382ac
0382ac
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
0382ac
=========================================================================================
0382ac
0382ac
JFR will be disabled with a warning message if it is enabled during
0382ac
CDS dumping. The user will see the following warning message:
0382ac
0382ac
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
0382ac
0382ac
if JFR is enabled during CDS dumping such as in the following command
0382ac
line:
0382ac
0382ac
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
0382ac
0382ac
security-libs/java.security:
0382ac
0382ac
JDK-8244167: Removal of Comodo Root CA Certificate
0382ac
==================================================
0382ac
0382ac
The following expired Comodo root CA certificate was removed from the
0382ac
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
0382ac
0382ac
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
0382ac
0382ac
JDK-8244166: Removal of DocuSign Root CA Certificate
0382ac
====================================================
0382ac
0382ac
The following expired DocuSign root CA certificate was removed from
0382ac
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
0382ac
0382ac
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
0382ac
0382ac
security-libs/javax.crypto:pkcs11:
0382ac
0382ac
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
0382ac
============================================================================================================================
0382ac
0382ac
The SunPKCS11 security provider can now be initialized with NSS when
0382ac
FIPS-enabled external modules are configured in the Security Modules
0382ac
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
0382ac
throw a RuntimeException with the message: "FIPS flag set for
0382ac
non-internal module" when such a library was configured for NSS in
0382ac
non-FIPS mode.
0382ac
0382ac
This change allows the JDK to work properly with recent NSS releases
0382ac
on GNU/Linux operating systems when the system-wide FIPS policy is
0382ac
turned on.
0382ac
0382ac
Further information can be found in JDK-8238555.
0382ac
d92b92
New in release OpenJDK 8u252 (2020-04-14):
d92b92
===========================================
d92b92
Live versions of these release notes can be found at:
d92b92
  * https://bitly.com/oj8u252
d92b92
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
d92b92
d92b92
* Security fixes
d92b92
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
d92b92
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
d92b92
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
d92b92
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
d92b92
  - JDK-8225603: Enhancement for big integers
d92b92
  - JDK-8227542: Manifest improved jar headers
d92b92
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
d92b92
  - JDK-8233250: Better X11 rendering
d92b92
  - JDK-8233410: Better Build Scripting
d92b92
  - JDK-8234027: Better JCEKS key support
d92b92
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
d92b92
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
d92b92
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
d92b92
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
d92b92
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
d92b92
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
d92b92
* Other changes
d92b92
  - JDK-8005819: Support cross-realm MSSFU
d92b92
  - JDK-8022263: use same Clang warnings on BSD as on Linux
d92b92
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
d92b92
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
d92b92
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
d92b92
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
d92b92
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
d92b92
  - JDK-8132130: some docs cleanup
d92b92
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
d92b92
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
d92b92
  - JDK-8144446: Automate the Marlin crash test
d92b92
  - JDK-8144526: Remove Marlin logging use of deleted internal API
d92b92
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
d92b92
  - JDK-8144654: Improve Marlin logging
d92b92
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
d92b92
  - JDK-8166976: TestCipherPBECons has wrong @run line
d92b92
  - JDK-8167409: Invalid value passed to critical JNI function
d92b92
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
d92b92
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
d92b92
  - JDK-8191227: issues with unsafe handle resolution
d92b92
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
d92b92
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
d92b92
  - JDK-8215756: Memory leaks in the AWT on macOS
d92b92
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
d92b92
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
d92b92
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
d92b92
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
d92b92
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
d92b92
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
d92b92
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
d92b92
  - JDK-8229872: (fs) Increase buffer size used with getmntent
d92b92
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
d92b92
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
d92b92
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
d92b92
  - JDK-8235904: Infinite loop when rendering huge lines
d92b92
  - JDK-8236179: C1 register allocation error with T_ADDRESS
d92b92
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
d92b92
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
d92b92
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
d92b92
  - JDK-8241307: Marlin renderer should not be the default in 8u252
d92b92
d92b92
Notes on individual issues:
d92b92
===========================
d92b92
d92b92
hotspot/svc:
d92b92
d92b92
JDK-8174881: Binary format for HPROF updated 
d92b92
============================================
d92b92
d92b92
When dumping the heap in binary format, HPROF format 1.0.2 is always
d92b92
used now. Previously, format 1.0.1 was used for heaps smaller than
d92b92
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
d92b92
serviceability agent.
d92b92
d92b92
security-libs/java.security:
d92b92
d92b92
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
d92b92
====================================================================================
d92b92
d92b92
The SunRsaSign and SunJCE providers have been enhanced with support
d92b92
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
d92b92
signature and OAEP using FIPS 180-4 digest algorithms. New
d92b92
constructors and methods have been added to relevant JCA/JCE classes
d92b92
under the `java.security.spec` and `javax.crypto.spec` packages for
d92b92
supporting additional RSASSA-PSS parameters.
d92b92
d92b92
security-libs/javax.crypto:
d92b92
d92b92
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
d92b92
============================================================
d92b92
d92b92
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
d92b92
d92b92
security-libs/javax.security:
d92b92
d92b92
JDK-8227564: Allow SASL Mechanisms to Be Restricted
d92b92
===================================================
d92b92
d92b92
A security property named `jdk.sasl.disabledMechanisms` has been added
d92b92
that can be used to disable SASL mechanisms. Any disabled mechanism
d92b92
will be ignored if it is specified in the `mechanisms` argument of
d92b92
`Sasl.createSaslClient` or the `mechanism` argument of
d92b92
`Sasl.createSaslServer`. The default value for this security property
d92b92
is empty, which means that no mechanisms are disabled out-of-the-box.