RELEASE NOTES FOR: 11.0.3 ==================================================================================================== Notes generated: Tue Apr 02 07:27:40 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: core-libs/java.util:i18n: JDK-8205432: New Japanese Era Name: Reiwa An instance representing the new Reiwa era has been added to this update. Unlike other eras, there is no public field for this era. It can be obtained by calling `JapaneseEra.of(3)` or `JapaneseEra.valueOf("Reiwa")`. JDK 13 and later will have a new public field to represent this era. The placeholder name, "`NewEra`", for the Japanese era that started from May 1st, 2019 has been replaced with the new official name. Applications that relied on the placeholder name (see JDK-8202088) to obtain the new era singleton (`JapaneseEra.valueOf("NewEra")`) will no longer work. JDK-8211398: Square Character Support for Japanese New Era The code point, U+32FF, is reserved by the Unicode Consortium to represent the Japanese square character for the new era that begins from May, 2019. Relevant methods in the `Character` class return the same properties as the existing Japanese era characters (e.g., U+337E for "Meizi"). For details about the code point, see [http://blog.unicode.org/2018/09/new-japanese-era.html](http://blog.unicode.org/2018/09/new-japanese-era.html). security-libs/javax.net.ssl: JDK-8207258: Distrust TLS Server Certificates Anchored by Symantec Root CAs The JDK will stop trusting TLS Server certificates issued by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec. TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected. See the [DigiCert support page](https://www.digicert.com/replace-your-symantec-ssl-tls-certificates/) for information on how to replace your Symantec certificates with a DigiCert certificate (DigiCert took over validation and issuance for all Symantec Website Security SSL/TLS certificates on December 1, 2017). An exception to this policy is that TLS Server certificates issued through two subordinate Certificate Authorities managed by Apple, and identified below, will continue to be trusted as long as they are issued on or before December 31, 2019. The restrictions are enforced in the JDK implementation (the `SunJSSE` Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below. An application will receive an Exception with a message indicating the trust anchor is not trusted, ex: "TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US" If necessary, and at your own risk, you can work around the restrictions by removing "SYMANTEC_TLS" from the `jdk.security.caDistrustPolicies` security property in the `java.security` configuration file. The restrictions are imposed on the following Symantec Root certificates included in the JDK:

Root Certificates distrusted after 2019-04-16
Distinguished Name	SHA-256 Fingerprint
CN=GeoTrust Global CA, O=GeoTrust Inc., C=US	FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A
CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US	37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C
CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US	5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66
CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US	B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4
CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US	A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12
CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US	8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F
CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US	A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57
CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US	4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C
EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA	3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9
OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US	3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US	A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05
OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US	83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B
CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44
CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79
CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF
CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C

Subordinate Certificates distrusted after 2019-12-31
Distinguished Name	SHA-256 Fingerprint
CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	AC:2B:92:2E:CF:D5:E0:17:11:77:2F:EA:8E:D3:72:DE:9D:1E:22:45:FC:E3:F5:7A:9C:DB:EC:77:29:6A:42:4B
CN=Apple IST CA 8 - G1, OU=Certification Authority, O=Apple Inc., C=US	A4:FE:7C:7F:15:15:5F:3F:0A:EF:7A:AA:83:CF:6E:06:DE:B9:7C:A3:F9:09:DF:92:0A:C1:49:08:82:D4:88:ED

If you have a TLS Server certificate issued by one of the CAs above, you should have received a message from DigiCert with information about replacing that certificate, free of charge. You can also use the `keytool` utility from the JDK to print out details of the certificate chain, as follows: keytool -v -list -alias -keystore If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server if not yours. hotspot/runtime: JDK-8211845: Command-Line Flag -XX:+ExtensiveErrorReports The command-line flag `-XX:+ExtensiveErrorReports` has been added to allow more extensive reporting of information related to a crash as reported in the `hs_err.log` file. Disabled by default in product builds, the flag can be turned on in environments where maximal information is desired - even if the resulting logs may be quite large and/or contain information that might be considered sensitive. JDK-8211106: HotSpot Windows OS Detection Correctly Identifies Windows Server 2019 Prior to this fix, Windows Server 2019 was recognized as "Windows Server 2016", which produced incorrect values in the `os.name` system property and the `hs_err_pid` file. hotspot/gc: JDK-8217014: Epsilon GC Caused Excess Metaspace Resizing Safepoints In this release, Epsilon has been changed to accept GC requests and resize the metaspace to reduce the number of safepoints that are taken. Before this release, the Epsilon GC was intended to provide minimal runtime overhead by not doing GC and by ignoring all incoming GC requests. However, when a metadata-heavy workload (for example, a workload having lots of classes) needed to resize the metaspace, it relied on the GC to resize the metadata at a GC safepoint. Shared GC code would enter the safepoint to call into GC for it. However, because Epsilon ignored the GC request, the safepoint would be generated, but it would not resize the metaspace. This would cause another safepoint to be generated soon afterwards without ever resizing the metaspace. JDK-8215724: Epsilon GC handled checked array stores incorrectly Epsilon GC may have violated the specification requirements by accepting the type-incompatible store into the array, instead of throwing the ArrayStoreException. This is now handled correctly, both in this release, and associated backports. Users are advised to upgrade as soon as possible. core-libs/java.time: JDK-8212941: Support New Japanese Era in java.time.chrono.JapaneseEra The JapaneseEra class and its `of(int)`, `valueOf(String)`, and `values()` methods are clarified to accommodate future Japanese era additions, such as how the singleton instances are defined, what the associated integer era values are, etc. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P2) JDK-8216965: crash in freetypeScaler.c CopyBW2Grey8 (P3) JDK-8201818: [macosx] Printing attributes break page size set via "java.awt.print.Book" object client-libs/java.awt: (P2) JDK-8213583: Error while opening the JFileChooser when desktop contains shortcuts pointing to deleted files (P3) JDK-8213983: [macosx] Keyboard shortcut “cmd +`” stops working properly if popup window is displayed (P3) JDK-8207070: Webstart app popup on wrong screen in a one-screen setup changing to multi-monitor (P4) JDK-8211218: remove double semicolon in src/java.desktop/macosx/classes/sun/font/CFont.java (P4) JDK-8211267: StackOverflowError happened by TextField.setFont(...) client-libs/java.awt:i18n: (P4) JDK-8213183: InputMethod cannot be used after its restarting client-libs/javax.swing: (P2) JDK-8187364: Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component core-libs: (P2) JDK-8213151: [AIX] Some class library files are missing the Classpath exception (P3) JDK-8214063: [AIX] Disable symbol visibility flags core-libs/java.io: (P4) JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean core-libs/java.lang: (P3) JDK-8216546: Support new Japanese era in java.lang.Character for Java SE 11 (P4) JDK-8218915: Change isJavaIdentifierStart and isJavaIdentifierPart to handle new code points core-libs/java.nio: (P3) JDK-8197398: (zipfs) Files.walkFileTree walk indefinitelly while processing JAR file with "/" as a directory inside. (P3) JDK-8210394: (zipfs) jdk/nio/zipfs/ZFSTests.java rootdir.zip: The process cannot access the file because it is being used by another process (P4) JDK-8217427: (dc) nio/channels/DatagramChannel/UseDGWithIPv6.java fails without IPv6 (P4) JDK-8034802: (zipfs) newFileSystem throws UOE when the zip file is located in a custom file system core-libs/java.nio.charsets: (P3) JDK-8211382: ISO2022JP and GB18030 NIO converter issues core-libs/java.sql: (P3) JDK-8211295: DriverManager::getConnection fails to find driver if it's called from JDBC RowSet core-libs/java.time: (P2) JDK-8212941: Support new Japanese era in java.time.chrono.JapaneseEra (P4) JDK-8210633: Cannot parse JapaneseDate string with DateTimeFormatterBuilder Mapped-values core-libs/java.util: (P3) JDK-8172695: (scanner) java/util/Scanner/ScanTest.java fails core-libs/java.util:i18n: (P3) JDK-8206120: Add test cases for lenient Japanese era parsing (P3) JDK-8219890: Calendar.getDisplayName() returns empty string for new Japanese Era on some locales (P3) JDK-8217609: New era placeholder not recognized by java.text.SimpleDateFormat (P3) JDK-8205432: Replace the placeholder Japanese era name (P3) JDK-8211398: Square character support for the Japanese new era (P4) JDK-8208656: Move java/util/Calendar/CalendarTestScripts tests into OpenJDK core-svc/debugger: (P3) JDK-8214122: JDWP is broken on 32 bit Windows: transport library missing onLoad entry (P4) JDK-8214061: Buffer written into itself (P4) JDK-8214892: Delayed starting of debugging via jcmd hotspot/compiler: (P1) JDK-8214206: Fix for JDK-8213419 is broken on 32-bit (P2) JDK-8215317: [GRAAL] unit test CheckGraalIntrinsics failed after 8213754 (P2) JDK-8215100: AArch64: fix compareTo intrinsic with four-character Latin/Unicode (P2) JDK-8215202: AArch64: jtreg test test/jdk/sun/nio/cs/FindEncoderBugs.java fails (P2) JDK-8209511: C2 asserts with UseSSE < 4 and AVX enabled: "Label was never bound to a location, but it was used as a jmp target' (P2) JDK-8208275: C2 crash in Node::add_req(Node*) (P2) JDK-8211100: HotSpot C1 issue with comparing long numbers on x86 32-bit (P2) JDK-8215888: Register to register spill may use AVX 512 move instruction on unsupported platform. (P2) JDK-8211451: ~2.5% regression on compression benchmark starting with 12-b11 (P3) JDK-8216350: AArch64: monitor unlock fast path not called (P3) JDK-8211320: AArch64: unsafe.compareAndSetByte() and unsafe.compareAndSetShort() c2 intrinsics broken with negative expected value (P3) JDK-8209544: AES encrypt performance regression in jdk11b11 (P3) JDK-8213419: C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1 (P3) JDK-8214189: test/hotspot/jtreg/compiler/intrinsics/mathexact/MulExactLConstantTest.java fails on Windows x64 when run with -XX:-TieredCompilation (P4) JDK-8217459: [PPC64] Cleanup non-vector version of CRC32 (P4) JDK-8216060: [PPC64] Vector CRC implementation should be used by interpreter and be faster for short arrays (P4) JDK-8214352: C1: Unnecessary "compilation bailout: block join failed" with JVMTI (P4) JDK-8213086: Compiler thread creation should be bounded by available space in memory and Code Cache (P4) JDK-8219651: compiler/ciReplay/TestServerVM.java is failing on windows (P4) JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation (P4) JDK-8214451: PPC64/s390: Clean up unused CRC32 prototype and function (P4) JDK-8214205: PPC64: Add instructions for counting trailing zeros (P4) JDK-8213754: PPC64: Add Intrinsics for isDigit/isLowerCase/isUpperCase/isWhitespace (P4) JDK-8214059: Undefined behaviour in ADLC hotspot/gc: (P1) JDK-8215724: Epsilon: ArrayStoreExceptionTest.java fails; missing arraycopy check (P2) JDK-8214118: HeapRegions marked as archive even if CDS mapping fails (P3) JDK-8209357: [PPC64] Fix build which was broken by 8208672 (Enable -Wreorder) (P3) JDK-8209433: [s390] Fix build which was broken by 8208672 (Enable -Wreorder) (P4) JDK-8209758: 2 classes with same name G1PrintCollectionSetClosure cause crash when logging is enabled (P4) JDK-8217342: Build failed with excluding JFR (P4) JDK-8211926: Catastrophic size_t underflow in BitMap::*_large methods (P4) JDK-8217014: Epsilon should not ignore Metadata GC causes (P4) JDK-8210192: Hsperf counter ParNew::CMS should be ParNew:CMS (P4) JDK-8217432: MetaspaceGC::_capacity_until_GC exceeds MaxMetaspaceSize (P4) JDK-8213829: Remove circular dependency between g1CollectedHeap and g1ConcurrentMark (P4) JDK-8218192: Remove copy constructor for MemRegion (P4) JDK-8220294: ZGC fails to build on GCC 4.4.7: Type parameter issue (P4) JDK-8214476: ZGC: Build ZGC by default hotspot/jfr: (P2) JDK-8213421: Line number information for execution samples always 0 (P3) JDK-8209960: -Xlog:jfr* doesn't work with the JFR parser (P3) JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it (P3) JDK-8215175: Inconsistencies in JFR event metadata (P3) JDK-8215727: Restore JFR thread sampler loop to old / previous behavior (P3) JDK-8165675: Trace event for thread park has incorrect unit for timeout (P3) JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events (P4) JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() (P4) JDK-8216578: Remove unused/obsolete method in JFR code (P4) JDK-8213966: The ZGC JFR events should be marked as experimental hotspot/jvmti: (P2) JDK-8215951: AArch64: jtreg test vmTestbase/nsk/jvmti/PopFrame/popframe005 segfaults (P4) JDK-8213834: JVMTI ResourceExhausted should not be posted in CompilerThread hotspot/runtime: (P2) JDK-8211064: [AArch64] Interpreter and c1 don't correctly handle jboolean results in native calls (P2) JDK-8215397: jsig.c missing classpath exception (P2) JDK-8207924: serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded (P3) JDK-8211844: [aix] ProcessBuilder: Piping between created processes does not work. (P3) JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps (P3) JDK-8216376: [PPC64] Possibly unreliable stack frame resizing in template interpreter (P3) JDK-8211106: [windows] Update OS detection code to recognize Windows Server 2019 (P3) JDK-8206107: [x86_32] jck tests for ldc2_w bytecode fail (P3) JDK-8211326: add OS user related information to hs_err file (P3) JDK-8214827: Incorrect call ClassLoaders.toFileURL("jrt:/java.compiler") (P3) JDK-8210043: Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap (P3) JDK-8215947: JVM crash with -XX:+DumpSharedSpaces (P3) JDK-8214162: Need to add new flag ExtensiveErrorReports to the command-line flags section in the java command reference (P3) JDK-8200109: NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type") (P3) JDK-8211821: PrintStringTableStatistics crashes JVM (P3) JDK-8216049: stringTable::intern creates redundant String when looking up existing one (P3) JDK-8215962: Support ThreadPriorityPolicy mode 1 for non-root users on linux/bsd (P3) JDK-8205633: TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently (P3) JDK-8212173: Thread._stack_base/_stack_size initialized too late for new threads (P4) JDK-8218156: "jcmd VM.metaspace basic" misreports free chunk space (P4) JDK-8211845: A new switch to control verbosity of hs-err files (P4) JDK-8216982: Assertion poison page established too early (P4) JDK-8206075: On x86, assert on unbound assembler Labels used as branch targets (P4) JDK-8217994: os::print_hex_dump should be more resilient against unreadable memory (P4) JDK-8212937: Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader (P4) JDK-8212481: PPC64: Enable POWER9 CPU detection (P4) JDK-8217315: Proper units should print more significant digits (P4) JDK-8213992: Rename and make DieOnSafepointTimeout the diagnostic option (P4) JDK-8216302: StackTraceElement::fill_in can use cached Class.name (P4) JDK-8216308: StackTraceElement::fill_in can use injected Class source-file (P4) JDK-8208480: Test failure: assert(is_bound() || is_unused()) after JDK-8206075 in C1 (P4) JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system (P4) JDK-8217378: UseCriticalCMSThreadPriority is broken (P4) JDK-8217628: Verbose ArrayIndexOutOfBoundsException message also in JNI calls. (P4) JDK-8220283: ZGC fails to build on GCC 4.4.7: ATTRIBUTE_ALIGNED compatibility issue hotspot/svc: (P5) JDK-8021335: Missing synchronization when reading counters for live threads and peak thread count hotspot/test: (P3) JDK-8208647: switch jtreg to 4.2b13 (P4) JDK-8217520: Remove vm.opt.MaxGCPauseMillis == "null" from TestOldGenCollectionUsage.java infrastructure/build: (P2) JDK-8219251: Langtools tests default memory size needs to be 768m (P3) JDK-8219260: Default number of test jobs needs to be consistently calculated (P4) JDK-8211268: Disable unsupported GCs for Zero infrastructure/licensing: (P2) JDK-8213154: Update copyright headers of files in src tree that are missing Classpath exception other-libs/other: (P4) JDK-8215128: Test library OSInfo.getSolarisVersion cannot determine Solaris version security-libs/java.security: (P2) JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 (P2) JDK-8216280: Allow later Symantec Policy distrust date for two Apple SubCAs (P3) JDK-8211049: Second parameter of "initialize" method is not used (P3) JDK-8214100: use of keystore probing results in unnecessary exception thrown (P4) JDK-8213952: Relax DNSName restriction as per RFC 1123 security-libs/javax.crypto: (P1) JDK-8210912: Build error in src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c after JDK-8029661 security-libs/javax.net.ssl: (P2) JDK-8214129: SSL session resumption/SNI with TLS1.2 causes StackOverflowError (P2) JDK-8217579: TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883 (P3) JDK-8207258: Distrust TLS server certificates anchored by Symantec Root CAs (P3) JDK-8210974: No extensions debug log for ClientHello (P3) JDK-8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers (P3) JDK-8213202: Possible race condition in TLS 1.3 session resumption (P3) JDK-8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 (P3) JDK-8214339: SSLSocketImpl erroneously wraps SocketException (P3) JDK-8029661: Support TLS v1.2 algorithm in SunPKCS11 provider (P3) JDK-8212885: TLS 1.3 resumed session does not retain peer certificate chain (P3) JDK-8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" (P4) JDK-8211787: javax/net/ssl/TLSCommon/TLSTest.java throws java.net.SocketTimeoutException: Read timed out security-libs/jdk.security: (P4) JDK-8217657: Move the test for default value of jdk.includeInExceptions into own test tools/jar: (P3) JDK-8207395: jar should support UNC-path arguments for the jar -C parameter tools/javadoc(tool): (P3) JDK-8212233: javadoc fails on jdk12 with "The code being documented uses modules but the packages defined in $URL are in the unnamed module." xml/javax.xml.stream: (P3) JDK-8209615: ParseError in XMLEventReader on a valid input (P4) JDK-8210874: Test for JDK-8209615 xml/javax.xml.transform: (P4) JDK-8221769: Revert JDK-8221767 mistakenly pushed to jdk11u 11.0.3 xml/jaxp: (P3) JDK-8215330: javax.xml.catalog.CatalogResolverImpl: GroupEntry.matchURI fails to match