RELEASE NOTES: JDK 11.0.25

Notes generated: Mon Dec 09 05:27:30 CET 2024

JEPs

None.

RELEASE NOTES

core-libs/javax.naming

Issue Description
JDK-8290367

Update Default Value and Extend the Scope of com.sun.jndi.ldap.object.trustSerialData System Property


In this release, the JDK implementation of the LDAP provider no longer supports deserialization of Java objects by default:

  • The default value of the com.sun.jndi.ldap.object.trustSerialData system property has been updated to false.

  • The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to cover the reconstruction of RMI remote objects from the javaRemoteLocation LDAP attribute.

The transparent deserialization of Java objects from an LDAP context will now require an explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from the LDAP attributes would need to set the com.sun.jndi.ldap.object.trustSerialData system property to true.


security-libs/javax.net.ssl

Issue Description
JDK-8279164

Disabled TLS_ECDH Cipher Suites


The TLSECDH cipher suites have been disabled by default, by adding "ECDH" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. The TLSECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note that some TLSECDH cipher suites were already disabled because they use algorithms that are disabled, such as 3DES and RC4. This action disables the rest. Any attempts to use cipher suites starting with "TLSECDH_" will fail with an SSLHandshakeException. Users can, at their own risk, re-enable these cipher suites by removing "ECDH" from the jdk.tls.disabledAlgorithms security property.

Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.


JDK-8337664

Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024


The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust.

TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected.

The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024.

An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:

` TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust root CA: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net `

If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the jdk.security.caDistrustPolicies security property in the java.security configuration file.

The restrictions are imposed on the following Entrust Root certificates included in the JDK:

Root Certificates distrusted after 2024-11-11
Distinguished Name SHA-256 Fingerprint
CN=Entrust Root Certification Authority, OU=(c) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, O=Entrust, Inc., C=US

73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C

CN=Entrust Root Certification Authority - EC1, OU=(c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5

CN=Entrust Root Certification Authority - G2, OU=(c) 2009 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39

CN=Entrust Root Certification Authority - G4, OU=(c) 2015 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88

CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77

CN=AffirmTrust Commercial, O=AffirmTrust, C=US

03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7

CN=AffirmTrust Networking, O=AffirmTrust, C=US

0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B

CN=AffirmTrust Premium, O=AffirmTrust, C=US

70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A

CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US

BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23

You can also use the keytool utility from the JDK to print out details of the certificate chain, as follows:

keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>

If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server.


JDK-8341059

Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024


The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust.

TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected.

The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024.

An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:

` TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust root CA: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net `

If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the jdk.security.caDistrustPolicies security property in the java.security configuration file.

The restrictions are imposed on the following Entrust Root certificates included in the JDK:

Root Certificates distrusted after 2024-11-11
Distinguished Name SHA-256 Fingerprint
CN=Entrust Root Certification Authority, OU=(c) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, O=Entrust, Inc., C=US

73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C

CN=Entrust Root Certification Authority - EC1, OU=(c) 2012 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5

CN=Entrust Root Certification Authority - G2, OU=(c) 2009 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39

CN=Entrust Root Certification Authority - G4, OU=(c) 2015 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US

DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88

CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77

CN=AffirmTrust Commercial, O=AffirmTrust, C=US

03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7

CN=AffirmTrust Networking, O=AffirmTrust, C=US

0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B

CN=AffirmTrust Premium, O=AffirmTrust, C=US

70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A

CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US

BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23

You can also use the keytool utility from the JDK to print out details of the certificate chain, as follows:

keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>

If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server.


tools/launcher

Issue Description
JDK-8310201

Available Locales Information Now Listed with -XshowSettings:locale Option


The showSettings launcher option no longer prints available locales information by default, when -XshowSettings is used. The -XshowSettings:locale option will continue to print all settings related to available locales.


security-libs/java.security

Issue Description
JDK-8341057

Added SSL.com TLS Root CA Certificates Issued in 2022


The following root certificates have been added to the cacerts truststore: ``` + SSL.com + ssltlsrootecc2022 DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US

  • SSL.com
  • ssltlsrootrsa2022 DN: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US ```

core-svc/java.lang.management

Issue Description
JDK-8338139

The ClassLoadingMXBean and MemoryMXBean isVerbose Methods Are Now Consistent with Their setVerbose Methods


The ClassLoadingMXBean::setVerbose(boolean enabled) method will set class+load* logging on log output stdout to level info if enabled is true, and to level off otherwise. In contrast, the isVerbose method would check if exactly class+load logging was enabled at the info level on any log output. This could result in counter-intuitive behavior when logging class+load=info to a file via the command-line, as it caused isVerbose to return true, even after a call to setVerbose(false) had been made. A similar problem existed for the MemoryMXBean::isVerbose method. Starting with this release, the behavior is as follows:

  • ClassLoadingMXBean::isVerbose will return true only if class+load* logging (note the wildcard use) has been enabled at the info level (or above) on the stdout log output.
  • MemoryMXBean::isVerbose will return true only if gc logging has been enabled at the info level (or above) on the stdout log output.

FIXED ISSUES

client-libs

Priority Bug Summary
P4 JDK-8328110 Allow simultaneous use of PassFailJFrame with split UI and additional windows
P4 JDK-8275851 Deproblemlist open/test/jdk/javax/swing/JComponent/6683775/bug6683775.java
P4 JDK-8276819 javax/print/PrintServiceLookup/FlushCustomClassLoader.java fails to free
P4 JDK-8294148 Support JSplitPane for instructions and test UI

client-libs/2d

Priority Bug Summary
P3 JDK-8311666 Disabled tests in test/jdk/sun/java2d/marlin
P4 JDK-8331746 Create a test to verify that the cmm id is not ignored
P4 JDK-8273135 java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in liblcms.dylib with NULLSeek+0x7
P4 JDK-8320079 The ArabicBox.java test has no control buttons

client-libs/java.awt

Priority Bug Summary
P3 JDK-8317288 [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab
P3 JDK-8305825 getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04
P3 JDK-8328999 Update GIFlib to 5.2.2
P3 JDK-8329004 Update Libpng to 1.6.43
P4 JDK-8260633 [macos] java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
P4 JDK-8328158 Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test
P4 JDK-8328115 Convert java/awt/font/TextLayout/TestJustification.html applet test to main
P4 JDK-8328011 Convert java/awt/Frame/GetBoundsResizeTest/GetBoundsResizeTest.java applet test to main
P4 JDK-8328218 Delete test java/awt/Window/FindOwner/FindOwner.html
P4 JDK-8328560 java/awt/event/MouseEvent/ClickDuringKeypress/ClickDuringKeypress.java imports Applet
P4 JDK-8280392 java/awt/Focus/NonFocusableWindowTest/NonfocusableOwnerTest.java failed with "RuntimeException: Test failed."
P4 JDK-8328269 NonFocusablePopupMenuTest.java should be marked as headful
P4 JDK-8306489 Open source AWT List related tests
P4 JDK-8306850 Open source AWT Modal related tests
P4 JDK-8306060 Open source few AWT Insets related tests
P4 JDK-8306466 Open source more AWT Drag & Drop related tests
P4 JDK-8316240 Open source several add/remove MenuBar manual tests
P4 JDK-8306432 Open source several AWT Text Component related tests
P4 JDK-8306566 Open source several clipboard AWT tests
P4 JDK-8316211 Open source several manual applet tests
P4 JDK-8315965 Open source various AWT applet tests
P4 JDK-8255898 Test java/awt/FileDialog/FilenameFilterTest/FilenameFilterTest.java fails on Mac OS
P4 JDK-8328561 test java/awt/Robot/ManualInstructions/ManualInstructions.java isn't used
P5 JDK-8279337 The MToolkit is still referenced in a few places

client-libs/javax.accessibility

Priority Bug Summary
P4 JDK-8326140 src/jdk.accessibility/windows/native/libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp ReleaseStringChars might be missing in early returns

client-libs/javax.swing

Priority Bug Summary
P2 JDK-8307091 A few client tests intermittently throw ConcurrentModificationException
P3 JDK-8327007 javax/swing/JSpinner/8008657/bug8008657.java fails
P3 JDK-8328953 JEditorPane.read throws ChangedCharSetException
P3 JDK-8325179 Race in BasicDirectoryModel.validateFileCache
P4 JDK-7124313 [macosx] Swing Popups should overlap taskbar
P4 JDK-8327137 Add test for ConcurrentModificationException in BasicDirectoryModel
P4 JDK-8327840 Automate javax/swing/border/Test4129681.java
P4 JDK-8238169 BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock
P4 JDK-8328238 Convert few closed manual applet tests to main
P4 JDK-8327787 Convert javax/swing/border/Test4129681.java applet test to main
P4 JDK-7156347 javax/swing/JList/6462008/bug6462008.java fails
P4 JDK-8316306 Open source and convert manual Swing test
P4 JDK-8315804 Open source several Swing JTabbedPane JTextArea JTextField tests
P4 JDK-8316104 Open source several Swing SplitPane and RadioButton related tests
P4 JDK-8315898 Open source swing JMenu tests
P4 JDK-8316285 Opensource JButton manual tests
P4 JDK-8329559 Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected
P4 JDK-8305072 Win32ShellFolder2.compareTo is inconsistent

core-libs

Priority Bug Summary
P4 JDK-8206440 Remove javac -source/-target 6 from jdk regression tests

core-libs/java.io

Priority Bug Summary
P4 JDK-8255969 Improve java/io/BufferedInputStream/LargeCopyWithMark.java using jtreg tags

core-libs/java.io:serialization

Priority Bug Summary
P4 JDK-8222884 ConcurrentClassDescLookup.java times out intermittently
P4 JDK-8231427 Warning cleanup in tests of java.io.Serializable

core-libs/java.lang

Priority Bug Summary
P3 JDK-8320570 NegativeArraySizeException decoding >1G UTF8 bytes with non-ascii characters

core-libs/java.net

Priority Bug Summary
P3 JDK-8299058 AssertionError in sun.net.httpserver.ServerImpl when connection is idle
P3 JDK-8242999 HTTP/2 client may not handle CONTINUATION frames correctly
P3 JDK-8292044 HttpClient doesn't handle 102 or 103 properly
P3 JDK-8333804 java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures
P3 JDK-8284585 PushPromiseContinuation test fails intermittently in timeout
P4 JDK-8205076 [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean
P4 JDK-8305906 HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address
P4 JDK-8263031 HttpClient throws Exception if it receives a Push Promise that is too large
P4 JDK-8296410 HttpClient throws java.io.IOException: no statuscode in response for HTTP2
P4 JDK-8303965 java.net.http.HttpClient should reset the stream if response headers contain malformed header fields
P4 JDK-8308184 Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError
P4 JDK-8330523 Reduce runtime and improve efficiency of KeepAliveTest
P4 JDK-8224081 SOCKS v4 tests require IPv4
P4 JDK-8331063 Some HttpClient tests don't report leaks
P4 JDK-8299487 Test java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out
P4 JDK-8229822 ThrowingPushPromises tests sometimes fail due to EOF
P5 JDK-8303216 Prefer ArrayList to LinkedList in sun.net.httpserver.ServerImpl

core-libs/java.nio

Priority Bug Summary
P4 JDK-8249772 (ch) Improve sun/nio/ch/TestMaxCachedBufferSize.java
P4 JDK-8255913 Decrease number of iterations in TestMaxCachedBufferSize
P4 JDK-8259274 Increase timeout duration in sun/nio/ch/TestMaxCachedBufferSize.java
P4 JDK-8336301 test/jdk/java/nio/channels/AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion

core-libs/java.util.concurrent

Priority Bug Summary
P4 JDK-8269428 java/util/concurrent/ConcurrentHashMap/ToArray.java timed out

core-libs/java.util.jar

Priority Bug Summary
P4 JDK-8240226 DeflateIn_InflateOut.java test incorrectly assumes size of compressed file
P4 JDK-8249097 test/lib/jdk/test/lib/util/JarBuilder.java has a bad copyright

core-libs/java.util.logging

Priority Bug Summary
P4 JDK-8329013 StackOverflowError when starting Apache Tomcat with signed jar

core-libs/java.util:i18n

Priority Bug Summary
P3 JDK-8334653 ISO 4217 Amendment 177 Update
P4 JDK-8327631 Update IANA Language Subtag Registry to Version 2024-03-07
P4 JDK-8332424 Update IANA Language Subtag Registry to Version 2024-05-16
P4 JDK-8334418 Update IANA Language Subtag Registry to Version 2024-06-14

core-libs/javax.naming

Priority Bug Summary
P3 JDK-8290367 Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
P4 JDK-8211920 Close server socket and cleanups in test/jdk/javax/naming/module/RunBasic.java
P4 JDK-8251188 Update LDAP tests not to use wildcard addresses

core-svc/java.lang.management

Priority Bug Summary
P1 JDK-8338139 {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods

core-svc/javax.management

Priority Bug Summary
P4 JDK-8328273 sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use

core-svc/tools

Priority Bug Summary
P3 JDK-8236917 TestInstanceKlassSize.java fails with "The size computed by SA for java.lang.Object does not match"
P4 JDK-8269616 serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error

hotspot/compiler

Priority Bug Summary
P4 JDK-8266150 mark hotspot compiler/arguments tests which ignore VM flags
P4 JDK-8266153 mark hotspot compiler/onSpinWait tests which ignore VM flags
P4 JDK-8266154 mark hotspot compiler/oracle tests which ignore VM flags
P4 JDK-8266149 mark hotspot compiler/startup tests which ignore VM flags
P5 JDK-8276036 The value of full_count in the message of insufficient codecache is wrong

hotspot/gc

Priority Bug Summary
P3 JDK-8316328 Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
P3 JDK-8332936 Test vmTestbase/metaspace/gc/watermark_70_80/TestDescription.java fails with no GC's recorded
P4 JDK-8324755 Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests
P4 JDK-8317316 G1: Make TestG1PercentageOptions use createTestJvm
P4 JDK-8317358 G1: Make TestMaxNewSize use createTestJvm
P4 JDK-8268906 gc/g1/mixedgc/TestOldGenCollectionUsage.java assumes that GCs take 1ms minimum
P4 JDK-8316973 GC: Make TestDisableDefaultGC use createTestJvm
P4 JDK-8317343 GC: Make TestHeapFreeRatio use createTestJvm
P4 JDK-8317228 GC: Make TestXXXHeapSizeFlags use createTestJvm
P4 JDK-8322330 JavadocHelperTest.java OOMEs with Parallel GC and ZGC
P4 JDK-8331798 Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java

hotspot/jfr

Priority Bug Summary
P4 JDK-8329995 Restricted access to `/proc` can cause JFR initialization to crash

hotspot/jvmti

Priority Bug Summary
P3 JDK-8222005 ClassRedefinition crashes with: guarantee(false) failed: OLD and/or OBSOLETE method(s) found
P3 JDK-8078725 method adjustments can be done just once for all classes involved into redefinition

hotspot/runtime

Priority Bug Summary
P4 JDK-8305079 Remove finalize() from compiler/c2/Test719030
P4 JDK-8305081 Remove finalize() from test/hotspot/jtreg/compiler/runtime/Test8168712
P4 JDK-8286781 Replace the deprecated/obsolete gethostbyname and inet_addr calls
P4 JDK-8325862 set -XX:+ErrorFileToStderr when executing java in containers for some container related jtreg tests

hotspot/svc

Priority Bug Summary
P4 JDK-8329103 assert(!thread->in_asgct()) failed during multi-mode profiling
P4 JDK-8315437 Enable parallelism in vmTestbase/nsk/monitoring/stress/classload tests
P4 JDK-8315442 Enable parallelism in vmTestbase/nsk/monitoring/stress/thread tests
P4 JDK-8316462 sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.java ignores VM flags

hotspot/test

Priority Bug Summary
P4 JDK-8325876 crashes in docker container tests on Linuxppc64le Power8 machines
P4 JDK-8332898 failure_handler: log directory of commands
P4 JDK-8332113 Update nsk.share.Log to be always verbose
P5 JDK-8328234 Remove unused nativeUtils files

infrastructure

Priority Bug Summary
P4 JDK-8334166 Enable binary check
P4 JDK-8332008 Enable issuestitle check

infrastructure/build

Priority Bug Summary
P2 JDK-8294310 compare.sh fails on macos after JDK-8293550
P3 JDK-8317807 JAVA_FLAGS removed from jtreg running in JDK-8317039
P4 JDK-8317039 Enable specifying the JDK used to run jtreg
P4 JDK-8318039 GHA: Bump macOS and Xcode versions
P4 JDK-8336928 GHA: Bundle artifacts removal broken
P4 JDK-8286601 Mac Aarch: Excessive warnings to be ignored for build jdk
P4 JDK-8309934 Update GitHub Actions to use JDK 17 for building jtreg
P5 JDK-8244966 Add .vscode to .hgignore and .gitignore

infrastructure/release_eng

Priority Bug Summary
P4 JDK-8341675 [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25
P4 JDK-8331263 Bump update version for OpenJDK: jdk-11.0.25

other-libs/other

Priority Bug Summary
P3 JDK-8333837 [11u] HexPrinterTest.java javac compile fails illegal start of expression
P3 JDK-8333839 [11u] LingeredAppTest.java fails Can't find source file: LingeredApp.java

security-libs/java.security

Priority Bug Summary
P2 JDK-8341057 Add 2 SSL.com TLS roots
P3 JDK-8335803 SunJCE cipher throws NPE for un-extractable RSA keys

security-libs/javax.crypto:pkcs11

Priority Bug Summary
P3 JDK-8261433 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

security-libs/javax.net.ssl

Priority Bug Summary
P1 JDK-8301189 validate-source fails after JDK-8298873
P2 JDK-8341059 Change Entrust TLS distrust date to November 12, 2024
P3 JDK-8249826 5 javax/net/ssl/SSLEngine tests use @ignore w/o bug-id
P3 JDK-8279164 Disable TLS_ECDH_* cipher suites
P3 JDK-8337664 Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
P4 JDK-8315422 getSoTimeout() would be in try block in SSLSocketImpl
P4 JDK-8325022 Incorrect error message on client authentication
P4 JDK-8332524 Instead of printing "TLSv1.3," it is showing "TLS13"
P4 JDK-8298873 Update IllegalRecordVersion.java for changes to TLS implementation

security-libs/javax.xml.crypto

Priority Bug Summary
P4 JDK-8210338 Better output for GenerationTests.java

tools/javadoc(tool)

Priority Bug Summary
P3 JDK-8330063 Upgrade jQuery to 3.7.1

tools/jshell

Priority Bug Summary
P2 JDK-8314614 jdk/jshell/ImportTest.java failed with "InternalError: Failed remote listen"
P4 JDK-8312140 jdk/jshell tests failed with JDI socket timeouts
P4 JDK-8276306 jdk/jshell/CustomInputToolBuilder.java fails intermittently on storage acquisition

tools/launcher

Priority Bug Summary
P3 JDK-8310201 Reduce verbose locale output in -XshowSettings launcher option

xml/javax.xml.validation

Priority Bug Summary
P4 JDK-8320602 Lock contention in SchemaDVFactory.getInstance()