RELEASE NOTES FOR: 11.0.17 ==================================================================================================== Notes generated: Fri Jul 01 01:50:27 CEST 2022 Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES, BY COMPONENT: core-libs/java.io:serialization: JDK-8273215: JDK Flight Recorder Event for Deserialization It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the [ObjectInputFilter](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/io/ObjectInputFilter.html) specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article [Monitoring Deserialization to Improve Application Security](https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/). For reference information about using and configuring JFR, see the [JFR Runtime Guide](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165) and [JFR Command Reference](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0) sections of the JDK Mission Control documentation. JDK-8288007: JDK Flight Recorder Event for Deserialization It is now possible to monitor deserialization of objects using JDK Flight Recorder (JFR). When JFR is enabled and the JFR configuration includes deserialization events, JFR will emit an event whenever the running program attempts to deserialize an object. The deserialization event is named `jdk.Deserialization`, and it is disabled by default. The deserialization event contains information that is used by the serialization filter mechanism; see the [ObjectInputFilter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/ObjectInputFilter.html) specification. Additionally, if a filter is enabled, the JFR event indicates whether the filter accepted or rejected deserialization of the object. For further information about how to use the JFR deserialization event, see the article [Monitoring Deserialization to Improve Application Security](https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/). For reference information about using and configuring JFR, see the [JFR Runtime Guide](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165) and [JFR Command Reference](https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0) sections of the JDK Mission Control documentation. security-libs/org.ietf.jgss:krb5: JDK-8262335: Deprecate 3DES and RC4 in Kerberos The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P4) JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset client-libs/java.awt: (P4) JDK-8281569: Create tests for Frame.setMinimumSize() method (P4) JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java (P4) JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment (P4) JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled. client-libs/javax.swing: (P3) JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class (P3) JDK-8212904: JTextArea line wrapping incorrect when using UI scale (P4) JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad" core-libs/java.io:serialization: (P3) JDK-8261160: Add a deserialization JFR event core-libs/java.lang: (P4) JDK-8183372: Refactor java/lang/Class shell tests to java core-libs/java.nio: (P4) JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed (P4) JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once core-libs/java.rmi: (P4) JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java core-libs/java.util: (P4) JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false] core-libs/java.util.concurrent: (P4) JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount() core-libs/java.util.jar: (P4) JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled docs: (P4) JDK-8251551: Use .md filename extension for README hotspot/compiler: (P2) JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc (P3) JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) (P3) JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges (P3) JDK-8288467: remove memory_operand assert for spilled instructions (P3) JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout hotspot/gc: (P3) JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation (P3) JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out (P3) JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs (P3) JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp (P4) JDK-8223575: add subspace transitions to gc+metaspace=info log lines (P4) JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires (P4) JDK-8217332: JTREG: Clean up, use generics instead of raw types hotspot/jvmti: (P4) JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null" hotspot/runtime: (P3) JDK-8273526: Extend the OSContainer API pids controller with pids.current (P3) JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups (P3) JDK-8284754: print more interesting env variables in hs_err and VM.info (P3) JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode (P3) JDK-8272398: Update DockerTestUtils.buildJdkDockerImage() hotspot/svc: (P3) JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee hotspot/test: (P4) JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses (P4) JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root (P4) JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed) infrastructure: (P4) JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17 infrastructure/build: (P3) JDK-8287366: Improve test failure reporting in GHA (P4) JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event (P4) JDK-8287336: GHA: Workflows break on patch versions (P4) JDK-8283017: GHA: Workflows break with update release versions security-libs: (P3) JDK-8282538: PKCS11 tests fail on CentOS Stream 9 security-libs/java.security: (P2) JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null security-libs/javax.crypto: (P3) JDK-8281628: KeyAgreement : generateSecret intermittently not resetting security-libs/javax.net.ssl: (P4) JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice (P4) JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java (P4) JDK-8226976: SessionTimeOutTests uses == operator for String value check (P4) JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption security-libs/jdk.security: (P4) JDK-8285398: Cache the results of constraint checks security-libs/org.ietf.jgss: (P4) JDK-8253829: Wrong length compared in SSPI bridge security-libs/org.ietf.jgss:krb5: (P3) JDK-8139348: Deprecate 3DES and RC4 in Kerberos tools/javadoc(tool): (P3) JDK-8282214: Upgrade JQuery to version 3.6.0 (P4) JDK-8236823: Ensure that API documentation uses minified libraries tools/jlink: (P3) JDK-8240903: Add test to check that jmod hashes are reproducible xml/jaxp: (P4) JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure