RELEASE NOTES: JDK 11.0.17

Notes generated: Fri Jul 01 01:50:27 CEST 2022

JEPs

None.

RELEASE NOTES

core-libs/java.io:serialization

Issue Description

Issue	Description
JDK-8261160	JDK Flight Recorder Event for Deserialization It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the ObjectInputFilter specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article Monitoring Deserialization to Improve Application Security. For reference information about using and configuring JFR, see the JFR Runtime Guide and JFR Command Reference sections of the JDK Mission Control documentation.
JDK Flight Recorder Event for Deserialization It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the ObjectInputFilter specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article Monitoring Deserialization to Improve Application Security. For reference information about using and configuring JFR, see the JFR Runtime Guide and JFR Command Reference sections of the JDK Mission Control documentation.

JDK Flight Recorder Event for Deserialization

It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named jdk.Deserialization, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the ObjectInputFilter specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article Monitoring Deserialization to Improve Application Security. For reference information about using and configuring JFR, see the JFR Runtime Guide and JFR Command Reference sections of the JDK Mission Control documentation.

JDK Flight Recorder Event for Deserialization

security-libs/org.ietf.jgss:krb5

Issue Description

Issue	Description
JDK-8139348	Deprecate 3DES and RC4 in Kerberos The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings.

JDK-8139348

Deprecate 3DES and RC4 in Kerberos

The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P4	JDK-8284680	sun.font.FontConfigManager.getFontConfig() leaks charset

client-libs/java.awt

Priority	Bug	Summary
P4	JDK-8281569	Create tests for Frame.setMinimumSize() method
P4	JDK-8159694	HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
P4	JDK-8284956	Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
P4	JDK-8225122	Test AncestorResized.java fails when Windows desktop is scaled.

client-libs/javax.swing

Priority	Bug	Summary
P3	JDK-8239902	[macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
P3	JDK-8212904	JTextArea line wrapping incorrect when using UI scale
P4	JDK-8172065	javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"

core-libs/java.io:serialization

Priority	Bug	Summary
P3	JDK-8261160	Add a deserialization JFR event

core-libs/java.lang

Priority	Bug	Summary
P4	JDK-8183372	Refactor java/lang/Class shell tests to java

core-libs/java.nio

Priority	Bug	Summary
P4	JDK-8264400	(fs) WindowsFileStore equality depends on how the FileStore was constructed
P4	JDK-8265100	(fs) WindowsFileStore.hashCode() should read cached hash code once

core-libs/java.rmi

Priority	Bug	Summary
P4	JDK-8286114	[test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java

core-libs/java.util

Priority	Bug	Summary
P4	JDK-8274517	java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]

core-libs/java.util.concurrent

Priority	Bug	Summary
P4	JDK-8214427	probable bug in logic of ConcurrentHashMap.addCount()

core-libs/java.util.jar

Priority	Bug	Summary
P4	JDK-8286582	Build fails on macos aarch64 when using --with-zlib=bundled

docs

Priority	Bug	Summary
P4	JDK-8251551	Use .md filename extension for README

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8282555	Missing memory edge when spilling MoveF2I, MoveD2L etc
P3	JDK-8283441	C2: segmentation fault in ciMethodBlocks::make_block_at(int)
P3	JDK-8269517	compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
P3	JDK-8288467	remove memory_operand assert for spilled instructions
P3	JDK-8284882	SIGSEGV in Node::verify_edges due to compilation bailout

hotspot/gc

Priority	Bug	Summary
P3	JDK-8267271	Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
P3	JDK-8217170	gc/arguments/TestUseCompressedOopsErgo.java timed out
P3	JDK-8213695	gc/TestAllocateHeapAtMultiple.java is slow in some configs
P3	JDK-8288754	GCC 12 fails to build zReferenceProcessor.cpp
P4	JDK-8223575	add subspace transitions to gc+metaspace=info log lines
P4	JDK-8069343	Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
P4	JDK-8217332	JTREG: Clean up, use generics instead of raw types

hotspot/jvmti

Priority	Bug	Summary
P4	JDK-8278519	serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"

hotspot/runtime

Priority	Bug	Summary
P3	JDK-8273526	Extend the OSContainer API pids controller with pids.current
P3	JDK-8266490	Extend the OSContainer API to support the pids controller of cgroups
P3	JDK-8284754	print more interesting env variables in hs_err and VM.info
P3	JDK-8209736	runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
P3	JDK-8272398	Update DockerTestUtils.buildJdkDockerImage()

hotspot/svc

Priority	Bug	Summary
P3	JDK-8283849	AsyncGetCallTrace may crash JVM on guarantee

hotspot/test

Priority	Bug	Summary
P4	JDK-8219149	ProcessTools.ProcessBuilder should print timing info for subprocesses
P4	JDK-8274506	TestPids.java and TestPidsLimit.java fail with podman run as root
P4	JDK-8210107	vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)

infrastructure

Priority	Bug	Summary
P4	JDK-8287017	Bump update version for OpenJDK: jdk-11.0.17

infrastructure/build

Priority	Bug	Summary
P3	JDK-8287366	Improve test failure reporting in GHA
P4	JDK-8287202	GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
P4	JDK-8287336	GHA: Workflows break on patch versions
P4	JDK-8283017	GHA: Workflows break with update release versions

security-libs

Priority	Bug	Summary
P3	JDK-8282538	PKCS11 tests fail on CentOS Stream 9

security-libs/java.security

Priority	Bug	Summary
P2	JDK-8285696	AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null

security-libs/javax.crypto

Priority	Bug	Summary
P3	JDK-8281628	KeyAgreement : generateSecret intermittently not resetting

security-libs/javax.net.ssl

Priority	Bug	Summary
P4	JDK-8284694	Avoid evaluating SSLAlgorithmConstraints twice
P4	JDK-8266881	Enable debug log for SSLEngineExplorerMatchedSNI.java
P4	JDK-8226976	SessionTimeOutTests uses == operator for String value check
P4	JDK-8164804	sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption

security-libs/jdk.security

Priority	Bug	Summary
P4	JDK-8285398	Cache the results of constraint checks

security-libs/org.ietf.jgss

Priority	Bug	Summary
P4	JDK-8253829	Wrong length compared in SSPI bridge

security-libs/org.ietf.jgss:krb5

Priority	Bug	Summary
P3	JDK-8139348	Deprecate 3DES and RC4 in Kerberos

tools/javadoc(tool)

Priority	Bug	Summary
P3	JDK-8282214	Upgrade JQuery to version 3.6.0
P4	JDK-8236823	Ensure that API documentation uses minified libraries

tools/jlink

Priority	Bug	Summary
P3	JDK-8240903	Add test to check that jmod hashes are reproducible

xml/jaxp

Priority	Bug	Summary
P4	JDK-8210722	JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure