RELEASE NOTES FOR: 11.0.17
====================================================================================================

Notes generated: Fri Jul 01 01:50:27 CEST 2022

Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP):

  None.

RELEASE NOTES, BY COMPONENT:

core-libs/java.io:serialization:

  JDK-8273215: JDK Flight Recorder Event for Deserialization

      It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When
      JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an
      event whenever the running program attempts to deserialize an object. The deserialization
      event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event
      contains information that is used by the serialization filter mechanism; see the
      [ObjectInputFilter](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/io/ObjectInputFilter.html)
      specification. Additionally, if a filter is enabled, the JFR event indicates whether the
      filter accepted or rejected deserialization of the object. For further information about how
      to use the JFR deserialization event, see the article [Monitoring Deserialization to Improve
      Application Security](https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/).
      For reference information about using and configuring JFR, see the [JFR Runtime
      Guide](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165)
      and [JFR Command
      Reference](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0)
      sections of the JDK Mission Control documentation. 

  JDK-8288007: JDK Flight Recorder Event for Deserialization

      It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When
      JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an
      event whenever the running program attempts to deserialize an object. The deserialization
      event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event
      contains information that is used by the serialization filter mechanism; see the
      [ObjectInputFilter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/ObjectInputFilter.html)
      specification. Additionally, if a filter is enabled, the JFR event indicates whether the
      filter accepted or rejected deserialization of the object. For further information about how
      to use the JFR deserialization event, see the article [Monitoring Deserialization to Improve
      Application Security](https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/).
      For reference information about using and configuring JFR, see the [JFR Runtime
      Guide](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165)
      and [JFR Command
      Reference](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0)
      sections of the JDK Mission Control documentation.

security-libs/org.ietf.jgss:krb5:

  JDK-8262335: Deprecate 3DES and RC4 in Kerberos

      The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and
      disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration
      file to re-enable them (along with other weak etypes including `des-cbc-crc` and
      `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list
      preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or
      `permitted_enctypes` settings.


ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:

client-libs/2d:
  (P4) JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset

client-libs/java.awt:
  (P4) JDK-8281569: Create tests for Frame.setMinimumSize() method
  (P4) JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
  (P4) JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
  (P4) JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled.

client-libs/javax.swing:
  (P3) JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
  (P3) JDK-8212904: JTextArea line wrapping incorrect when using UI scale
  (P4) JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"

core-libs/java.io:serialization:
  (P3) JDK-8261160: Add a deserialization JFR event

core-libs/java.lang:
  (P4) JDK-8183372: Refactor java/lang/Class shell tests to java

core-libs/java.nio:
  (P4) JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed
  (P4) JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once

core-libs/java.rmi:
  (P4) JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java

core-libs/java.util:
  (P4) JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]

core-libs/java.util.concurrent:
  (P4) JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()

core-libs/java.util.jar:
  (P4) JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled

docs:
  (P4) JDK-8251551: Use .md filename extension for README

hotspot/compiler:
  (P2) JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc
  (P3) JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
  (P3) JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
  (P3) JDK-8288467: remove memory_operand assert for spilled instructions
  (P3) JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout

hotspot/gc:
  (P3) JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
  (P3) JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out
  (P3) JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs
  (P3) JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp
  (P4) JDK-8223575: add subspace transitions to gc+metaspace=info log lines
  (P4) JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
  (P4) JDK-8217332: JTREG: Clean up, use generics instead of raw types

hotspot/jvmti:
  (P4) JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"

hotspot/runtime:
  (P3) JDK-8273526: Extend the OSContainer API  pids controller with pids.current
  (P3) JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
  (P3) JDK-8284754: print more interesting env variables in hs_err and VM.info
  (P3) JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
  (P3) JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()

hotspot/svc:
  (P3) JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee

hotspot/test:
  (P4) JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses
  (P4) JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
  (P4) JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)

infrastructure:
  (P4) JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17

infrastructure/build:
  (P3) JDK-8287366: Improve test failure reporting in GHA
  (P4) JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
  (P4) JDK-8287336: GHA: Workflows break on patch versions
  (P4) JDK-8283017: GHA: Workflows break with update release versions

security-libs:
  (P3) JDK-8282538: PKCS11 tests fail on CentOS Stream 9

security-libs/java.security:
  (P2) JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg'  is null

security-libs/javax.crypto:
  (P3) JDK-8281628: KeyAgreement : generateSecret intermittently not resetting

security-libs/javax.net.ssl:
  (P4) JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice
  (P4) JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java
  (P4) JDK-8226976: SessionTimeOutTests uses == operator for String value check
  (P4) JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption

security-libs/jdk.security:
  (P4) JDK-8285398: Cache the results of constraint checks

security-libs/org.ietf.jgss:
  (P4) JDK-8253829: Wrong length compared in SSPI bridge

security-libs/org.ietf.jgss:krb5:
  (P3) JDK-8139348: Deprecate 3DES and RC4 in Kerberos

tools/javadoc(tool):
  (P3) JDK-8282214: Upgrade JQuery to version 3.6.0
  (P4) JDK-8236823: Ensure that API documentation uses minified libraries

tools/jlink:
  (P3) JDK-8240903: Add test to check that jmod hashes are reproducible 

xml/jaxp:
  (P4) JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure