RELEASE NOTES: JDK 11.0.17

Notes generated: Mon Dec 02 18:23:46 CET 2024

JEPs

None.

RELEASE NOTES

core-libs/java.net

Issue Description
JDK-8278067

Make HttpURLConnection Default Keep Alive Timeout Configurable


Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server and http.keepAlive.time.proxy respectively. More information about them can be found in Networking Properties.


hotspot/runtime

Issue Description
JDK-8281181

CPU Shares Ignored When Computing Active Processor Count


Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.

Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.


security-libs/java.security

Issue Description
JDK-8269039

Disabled SHA-1 Signed JARs


JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.

To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:

  • Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.

This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.

For example:

``` - Signed by "CN="Signer"" Digest algorithm: SHA-1 (disabled) Signature algorithm: SHA1withRSA (disabled), 2048-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01

```

JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.

Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.


JDK-8267880

Upgrade the Default PKCS12 MAC Algorithm


The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.

The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.

For compatibility, use the keystore.pkcs12.legacy system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.


core-libs/java.time

Issue Description
JDK-8292579

Update Timezone Data to 2022c


This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.

As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are `Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap`.

For more details, refer to the announcement of 2022b


core-libs/java.io:serialization

Issue Description
JDK-8261160

JDK Flight Recorder Event for Deserialization


A new JDK Flight Recorder (JFR) event has been added to monitor deserialization of objects. When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named java/deserialization, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object.

The new Deserialization Event captures:

  • Whether a serialization filter is configured or not.
  • The serialization filter status, if one is configured.
  • The class of the object being deserialized.
  • The number of array elements when deserializing an array.
  • The current graph depth.
  • The current number of object references.
  • The current number of bytes in the stream that have been consumed.
  • The exception type and message, if thrown by the serialization filter.

Refer to Context-Specific Deserialization Filter and Serialization Filtering Guide for details.


JDK Flight Recorder Event for Deserialization


It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named jdk.Deserialization, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the ObjectInputFilter specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article Monitoring Deserialization to Improve Application Security. For reference information about using and configuring JFR, see the JFR Runtime Guide and JFR Command Reference sections of the JDK Mission Control documentation.


JDK Flight Recorder Event for Deserialization


It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named jdk.Deserialization, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the ObjectInputFilter specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article Monitoring Deserialization to Improve Application Security. For reference information about using and configuring JFR, see the JFR Runtime Guide and JFR Command Reference sections of the JDK Mission Control documentation.


security-libs/org.ietf.jgss:krb5

Issue Description
JDK-8139348

Deprecate 3DES and RC4 in Kerberos


The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.


FIXED ISSUES

client-libs

Priority Bug Summary
P4 JDK-8283712 Create a manual test framework class
P4 JDK-8284898 Enhance PassFailJFrame
P4 JDK-8270312 Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java
P4 JDK-8284535 Fix PrintLatinCJKTest.java test that is failing with Parse Exception
P4 JDK-8283803 Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintGlyphVectorTest.java and fix test

client-libs/2d

Priority Bug Summary
P3 JDK-8290334 Update FreeType to 2.12.1
P3 JDK-8289853 Update HarfBuzz to 4.4.1
P4 JDK-8255724 [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline
P4 JDK-8284680 sun.font.FontConfigManager.getFontConfig() leaks charset

client-libs/java.awt

Priority Bug Summary
P4 JDK-6854300 [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7
P4 JDK-8281569 Create tests for Frame.setMinimumSize() method
P4 JDK-8159694 HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
P4 JDK-8288928 Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)
P4 JDK-8169468 NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes!
P4 JDK-8284956 Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
P4 JDK-8225122 Test AncestorResized.java fails when Windows desktop is scaled.

client-libs/javax.accessibility

Priority Bug Summary
P4 JDK-8282933 Create a test for JDK-4529616
P4 JDK-8283245 Create a test for JDK-4670319
P4 JDK-8283015 Create a test for JDK-4715496
P4 JDK-8283087 Create a test or JDK-4715503
P4 JDK-8284077 Create an automated test for JDK-4170173
P4 JDK-8285693 Create an automated test for JDK-4702199

client-libs/javax.imageio

Priority Bug Summary
P4 JDK-7131823 bug in GIFImageReader

client-libs/javax.swing

Priority Bug Summary
P3 JDK-8239902 [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
P3 JDK-8212904 JTextArea line wrapping incorrect when using UI scale
P4 JDK-8281738 Create a regression test for checking the 'Space' key activation of focused Button
P4 JDK-8282548 Create a regression test for JDK-4330998
P4 JDK-8281745 Create a regression test for JDK-4514331
P4 JDK-8282343 Create a regression test for JDK-4518432
P4 JDK-8282234 Create a regression test for JDK-4532513
P4 JDK-8281988 Create a regression test for JDK-4618767
P4 JDK-8281535 Create a regression test for JDK-4670051
P4 JDK-8280913 Create a regression test for JRootPane.setDefaultButton() method
P4 JDK-8283507 Create a regression test for RFE 4287690
P4 JDK-8282789 Create a regression test for the JTree usecase of JDK-4618767
P4 JDK-8283623 Create an automated regression test for JDK-4525475
P4 JDK-8283493 Create an automated regression test for RFE 4231298
P4 JDK-8283624 Create an automated regression test for RFE-4390885
P4 JDK-8262085 Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
P4 JDK-8172065 javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"
P4 JDK-8283621 Write a regression test for CCC4400728
P4 JDK-8282860 Write a regression test for JDK-4164779

core-libs

Priority Bug Summary
P3 JDK-8287663 Add a regression test for JDK-8287073
P4 JDK-8287073 NPE from CgroupV2Subsystem.getInstance()
P4 JDK-8267180 Typo in copyright header for HashesTest

core-libs/java.io

Priority Bug Summary
P3 JDK-8266460 java.io tests fail on null stream with upgraded jtreg/TestNG

core-libs/java.io:serialization

Priority Bug Summary
P3 JDK-8261160 Add a deserialization JFR event

core-libs/java.lang

Priority Bug Summary
P3 JDK-8265020 tests must be updated for new TestNG module name
P4 JDK-8289569 [test] java/lang/ProcessBuilder/Basic.java fails on Alpine/musl
P4 JDK-8183372 Refactor java/lang/Class shell tests to java
P4 JDK-8266774 System property values for stdout/err on Windows UTF-8

core-libs/java.net

Priority Bug Summary
P3 JDK-8266250 WebSocketTest and WebSocketProxyTest call assertEquals(List, List)
P4 JDK-8290886 [11u]: Backport of JDK-8266250 introduced test failures
P4 JDK-8278067 Make HttpURLConnection default keep alive timeout configurable

core-libs/java.nio

Priority Bug Summary
P4 JDK-8214078 (fs) SecureDirectoryStream not supported on arm32
P4 JDK-8264400 (fs) WindowsFileStore equality depends on how the FileStore was constructed
P4 JDK-8265100 (fs) WindowsFileStore.hashCode() should read cached hash code once

core-libs/java.rmi

Priority Bug Summary
P4 JDK-8286114 [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java

core-libs/java.text

Priority Bug Summary
P4 JDK-8264792 The NumberFormat for locale sq_XK formats price incorrectly.

core-libs/java.time

Priority Bug Summary
P3 JDK-8292579 (tz) Update Timezone Data to 2022c

core-libs/java.util

Priority Bug Summary
P4 JDK-8274517 java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]

core-libs/java.util.concurrent

Priority Bug Summary
P4 JDK-8214427 probable bug in logic of ConcurrentHashMap.addCount()

core-libs/java.util.jar

Priority Bug Summary
P4 JDK-8286582 Build fails on macos aarch64 when using --with-zlib=bundled
P4 JDK-8288763 Pack200 extraction failure with invalid size

core-libs/java.util.regex

Priority Bug Summary
P4 JDK-8247546 Pattern matching does not skip correctly over supplementary characters

core-libs/java.util:i18n

Priority Bug Summary
P3 JDK-8283277 ISO 4217 Amendment 171 Update
P3 JDK-8289549 ISO 4217 Amendment 172 Update
P3 JDK-8272352 Java launcher can not parse Chinese character when system locale is set to UTF-8
P4 JDK-8028265 Add legacy tz tests to OpenJDK
P4 JDK-8238203 Return value of GetUserDefaultUILanguage() should be handled as LANGID

core-libs/javax.naming

Priority Bug Summary
P4 JDK-8287672 jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run

core-libs/jdk.nashorn

Priority Bug Summary
P4 JDK-8290813 jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous

core-svc/debugger

Priority Bug Summary
P3 JDK-8208471 nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds"
P4 JDK-8274687 JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend

core-svc/java.lang.management

Priority Bug Summary
P4 JDK-8283903 GetContainerCpuLoad does not return the correct result in share mode

docs

Priority Bug Summary
P4 JDK-8251551 Use .md filename extension for README

hotspot/compiler

Priority Bug Summary
P1 JDK-8289856 [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060
P2 JDK-8288865 [aarch64] LDR instructions must use legitimized addresses
P2 JDK-8235870 C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
P2 JDK-8287432 C2: assert(tn->in(0) != __null) failed: must have live top node
P2 JDK-8288360 CI: ciInstanceKlass::implementor() is not consistent for well-known classes
P2 JDK-8282555 Missing memory edge when spilling MoveF2I, MoveD2L etc
P3 JDK-8251152 ARM32: jtreg c2 Test8202414 test crash
P3 JDK-8291713 assert(!phase->exceeding_node_budget()) failed: sanity after JDK-8223389
P3 JDK-8284944 assert(cnt++ < 40) failed: infinite cycle in loop optimization
P3 JDK-8287223 C1: Inlining attempt through MH::invokeBasic() with null receiver
P3 JDK-8288781 C1: LIR_OpVisitState::maxNumberOfOperands too small
P3 JDK-8286177 C2: "failed: non-reduction loop contains reduction nodes" assert failure
P3 JDK-8270090 C2: LCM may prioritize CheckCastPP nodes over projections
P3 JDK-8285820 C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090
P3 JDK-8279622 C2: miscompilation of map pattern as a vector reduction
P3 JDK-8283441 C2: segmentation fault in ciMethodBlocks::make_block_at(int)
P3 JDK-8269517 compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
P3 JDK-8258946 Fix optimization-unstable code involving signed integer overflow
P3 JDK-8288467 remove memory_operand assert for spilled instructions
P3 JDK-8284882 SIGSEGV in Node::verify_edges due to compilation bailout
P3 JDK-8290246 test fails "assert(init != __null) failed: initialization not found"
P3 JDK-8286314 Trampoline not created for far runtime targets outside small CodeCache
P3 JDK-8271010 vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently
P4 JDK-8277893 Arraycopy stress tests
P4 JDK-8279032 compiler/loopopts/TestSkeletonPredicateNegation.java times out with -XX:TieredStopAtLevel < 4
P4 JDK-8271078 jdk/incubator/vector/Float128VectorTests.java failed a subtest

hotspot/gc

Priority Bug Summary
P3 JDK-8267271 Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
P3 JDK-8217170 gc/arguments/TestUseCompressedOopsErgo.java timed out
P3 JDK-8213695 gc/TestAllocateHeapAtMultiple.java is slow in some configs
P3 JDK-8288754 GCC 12 fails to build zReferenceProcessor.cpp
P3 JDK-8290198 Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport
P4 JDK-8223575 add subspace transitions to gc+metaspace=info log lines
P4 JDK-8069343 Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
P4 JDK-8217332 JTREG: Clean up, use generics instead of raw types

hotspot/jfr

Priority Bug Summary
P3 JDK-8290004 [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
P3 JDK-8287463 JFR: Disable TestDevNull.java on Windows
P3 JDK-8282947 JFR: Dump on shutdown live-locks in some conditions
P3 JDK-8239265 JFR: Test cleanup of jdk.jfr.api.consumer package
P4 JDK-8242188 error in jtreg test jdk/jfr/api/consumer/TestRecordedFrame.java on linux-aarch64
P4 JDK-8239423 jdk/jfr/jvm/TestJFRIntrinsic.java failed with -XX:-TieredCompilation

hotspot/jvmti

Priority Bug Summary
P4 JDK-6606767 resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM")
P4 JDK-8278519 serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
P4 JDK-8249623 test @ignore-d due to 7013634 should be returned back to execution
P4 JDK-8218128 vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes

hotspot/runtime

Priority Bug Summary
P3 JDK-8289799 Build warning in methodData.cpp memset zero-length parameter
P3 JDK-8287107 CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
P3 JDK-8281181 Do not use CPU Shares to compute active processor count
P3 JDK-8273526 Extend the OSContainer API pids controller with pids.current
P3 JDK-8266490 Extend the OSContainer API to support the pids controller of cgroups
P3 JDK-8287741 Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
P3 JDK-8289477 Memory corruption with CPU_ALLOC, CPU_FREE on muslc
P3 JDK-8284754 print more interesting env variables in hs_err and VM.info
P3 JDK-8209736 runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
P3 JDK-8272398 Update DockerTestUtils.buildJdkDockerImage()
P4 JDK-8292852 [11u] TestMemoryWithCgroupV1 fails after JDK-8292768
P4 JDK-8284758 [linux] improve print_container_info
P4 JDK-8284950 CgroupV1 detection code should consider memory.swappiness
P4 JDK-8230708 Hotspot fails to build on linux-sparc with gcc-9
P4 JDK-8253916 ResourceExhausted/resexhausted001 crashes on Linux-x64
P4 JDK-8257623 vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout

hotspot/svc

Priority Bug Summary
P3 JDK-8283849 AsyncGetCallTrace may crash JVM on guarantee

hotspot/svc-agent

Priority Bug Summary
P3 JDK-8238268 Many SA tests are not running on OSX because they do not attempt to use sudo when available
P3 JDK-8238196 tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later

hotspot/test

Priority Bug Summary
P4 JDK-8219149 ProcessTools.ProcessBuilder should print timing info for subprocesses
P4 JDK-8274506 TestPids.java and TestPidsLimit.java fail with podman run as root
P4 JDK-8210107 vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)

infrastructure

Priority Bug Summary
P3 JDK-8268185 Update GitHub Actions for jtreg 6
P3 JDK-8266254 Update to use jtreg 6
P4 JDK-8287017 Bump update version for OpenJDK: jdk-11.0.17

infrastructure/build

Priority Bug Summary
P3 JDK-8287366 Improve test failure reporting in GHA
P3 JDK-8218413 make reconfigure ignores configure-time AUTOCONF environment variable
P3 JDK-8252145 Unify Info.plist files with correct version strings
P4 JDK-8291794 [11u] Corrections after backport of JDK-8212028
P4 JDK-8210960 Allow --with-boot-jdk-jvmargs to work during configure
P4 JDK-8285728 Alpine Linux build fails with busybox tar
P4 JDK-8290000 Bump macOS GitHub actions to macOS 11
P4 JDK-8265531 doc/building.md should mention homebrew install freetype
P4 JDK-8287202 GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
P4 JDK-8287336 GHA: Workflows break on patch versions
P4 JDK-8283017 GHA: Workflows break with update release versions
P4 JDK-8275008 gtest build failure due to stringop-overflow warning with gcc11
P4 JDK-8233712 Limit default tests jobs based on ulimit -u setting
P4 JDK-8221907 make reconfigure breaks when configured with relative paths
P4 JDK-8254178 Remove .hgignore
P4 JDK-8254318 Remove .hgtags

infrastructure/release_eng

Priority Bug Summary
P4 JDK-8295057 [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17

security-libs

Priority Bug Summary
P3 JDK-8285380 Fix typos in security
P3 JDK-8282538 PKCS11 tests fail on CentOS Stream 9
P4 JDK-8279385 [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
P4 JDK-8278344 sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output

security-libs/java.security

Priority Bug Summary
P2 JDK-8285696 AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
P2 JDK-8186143 keytool -ext option doesn't accept wildcards for DNS subject alternative names
P3 JDK-8269039 Disable SHA-1 Signed JARs
P3 JDK-8275887 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
P3 JDK-8267880 Upgrade the default PKCS12 MAC algorithm

security-libs/javax.crypto

Priority Bug Summary
P3 JDK-8281628 KeyAgreement : generateSecret intermittently not resetting

security-libs/javax.net.ssl

Priority Bug Summary
P4 JDK-8284694 Avoid evaluating SSLAlgorithmConstraints twice
P4 JDK-8266881 Enable debug log for SSLEngineExplorerMatchedSNI.java
P4 JDK-8226976 SessionTimeOutTests uses == operator for String value check
P4 JDK-8164804 sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption

security-libs/javax.smartcardio

Priority Bug Summary
P3 JDK-8286211 Update PCSC-Lite for SUSE Linux to 1.9.5

security-libs/javax.xml.crypto

Priority Bug Summary
P3 JDK-8247964 All log0() in com/sun/org/slf4j/internal/Logger.java should be private
P3 JDK-8247907 XMLDsig logging does not work

security-libs/jdk.security

Priority Bug Summary
P4 JDK-8293429 [11u] minor update in attribute style
P4 JDK-8285398 Cache the results of constraint checks

security-libs/org.ietf.jgss

Priority Bug Summary
P4 JDK-8253829 Wrong length compared in SSPI bridge

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8139348 Deprecate 3DES and RC4 in Kerberos

tools/javac

Priority Bug Summary
P2 JDK-8203277 preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body
P3 JDK-8236490 Compiler bug relating to @NonNull annotation
P3 JDK-8193462 Fix Filer handling of package-info initial elements
P4 JDK-8255729 com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient
P4 JDK-8266675 Optimize IntHashTable for encapsulation and ease of use

tools/javadoc(tool)

Priority Bug Summary
P3 JDK-8215291 Broken links when generating from project without modules
P3 JDK-8221871 javadoc should not set role=region on
elements
P3 JDK-8282214 Upgrade JQuery to version 3.6.0
P3 JDK-8284367 Upgrade JQuery UI to 1.13.1 from 1.12.1
P4 JDK-8236823 Ensure that API documentation uses minified libraries
P4 JDK-8209052 Low contrast in docs/api/constant-values.html

tools/jlink

Priority Bug Summary
P3 JDK-8240903 Add test to check that jmod hashes are reproducible
P3 JDK-8266461 tools/jmod/hashes/HashesTest.java fails: static @Test methods

xml

Priority Bug Summary
P5 JDK-8285097 Duplicate XML keys in XPATHErrorResources.java and XSLTErrorResources.java

xml/javax.xml.xpath

Priority Bug Summary
P5 JDK-8289471 Issue in Initialization of keys in ErrorMsg.java and XPATHErrorResources.java

xml/jaxp

Priority Bug Summary
P3 JDK-8289486 Improve XSLT XPath operators count efficiency
P4 JDK-8285081 Improve XPath operators count accuracy
P4 JDK-8210722 JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure
P4 JDK-8282280 Update Xerces2 Java to Version 2.12.2