Notes generated: Tue Dec 03 01:30:48 CET 2024
None.
Issue | Description |
---|---|
JDK-8279842 |
HTTPS Channel Binding Support for Java GSS/Kerberos Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection. Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security, as represented by a TLS server cert, and higher level authentication credentials, such as a username and password. The server can then detect if the client has been fooled by a MITM and shutdown the session or connection. The feature is controlled through a new system property |
Issue | Description |
---|---|
JDK-8269039 |
Disabled SHA-1 Signed JARs JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers. To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run For example: ``` - Signed by "CN="Signer"" Digest algorithm: SHA-1 (disabled) Signature algorithm: SHA1withRSA (disabled), 2048-bit key WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 ``` JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms. Users can, at their own risk, remove these restrictions by modifying the |
Issue | Description |
---|---|
JDK-8292579 |
Update Timezone Data to 2022c This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database. As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are For more details, refer to the announcement of 2022b |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8256372 | [macos] Unexpected symbol was displayed on JTextField with Monospaced font |
P3 | JDK-8290334 | Update FreeType to 2.12.1 |
P3 | JDK-8289853 | Update HarfBuzz to 4.4.1 |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8272806 | [macOS] "Apple AWT Internal Exception" when input method is changed |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-7131823 | bug in GIFImageReader |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8279842 | HTTPS Channel Binding support for Java GSS/Kerberos |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8286594 | (zipfs) Mention paths with dot elements in ZipException and cleanups |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8264792 | The NumberFormat for locale sq_XK formats price incorrectly. |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8292579 | (tz) Update Timezone Data to 2022c |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8283277 | ISO 4217 Amendment 171 Update |
P3 | JDK-8289549 | ISO 4217 Amendment 172 Update |
P4 | JDK-8028265 | Add legacy tz tests to OpenJDK |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8277795 | LDAP connection timeout not honoured under contention |
P4 | JDK-8287672 | jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8268361 | Fix the infinite loop in next_line |
Priority | Bug | Summary |
---|---|---|
P2 | JDK-8269285 | Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998 |
P3 | JDK-8283441 | C2: segmentation fault in ciMethodBlocks::make_block_at(int) |
P3 | JDK-8262134 | compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt" |
P3 | JDK-8278758 | runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134 |
P4 | JDK-8252051 | Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly |
P5 | JDK-8272720 | Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8257569 | Failure observed with JfrVirtualMemory::initialize |
P3 | JDK-8287463 | JFR: Disable TestDevNull.java on Windows |
P3 | JDK-8282947 | JFR: Dump on shutdown live-locks in some conditions |
P3 | JDK-8284549 | JFR: FieldTable leaks FieldInfoTable member |
P3 | JDK-8261354 | SIGSEGV at MethodIteratorHost |
P4 | JDK-8249875 | GCC 10 warnings -Wtype-limits with JFR code |
P4 | JDK-8280684 | JfrRecorderService failes with guarantee(num_written > 0) when no space left on device. |
Priority | Bug | Summary |
---|---|---|
P2 | JDK-8272472 | StackGuardPages test doesn't build with glibc 2.34 |
P4 | JDK-8266170 | -Wnonnull happens in classLoaderData.inline.hpp |
P4 | JDK-8266172 | -Wstringop-overflow happens in vmError.cpp |
P4 | JDK-8286277 | CDS VerifyError when calling clone() on object array |
P4 | JDK-8247818 | GCC 10 warning stringop-overflow with symbol code |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8288649 | Bump update version for OpenJDK: jdk-13.0.13 |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8277488 | Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 |
P3 | JDK-8269039 | Disable SHA-1 Signed JARs |
P3 | JDK-8242565 | Policy initialization issues when the denyAfter constraint is enabled |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8281628 | KeyAgreement : generateSecret intermittently not resetting |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8279520 | SPNEGO has not passed channel binding info into the underlying mechanism |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8277422 | tools/jar/JarEntryTime.java fails with modified time mismatch |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8266082 | AssertionError in Annotate.fromAnnotations with -Xdoclint |
P3 | JDK-8286855 | javac error on invalid jar should only print filename |
P3 | JDK-8286444 | javac errors after JDK-8251329 are not helpful enough to find root cause |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8289486 | Improve XSLT XPath operators count efficiency |
P4 | JDK-8285081 | Improve XPath operators count accuracy |
P4 | JDK-8282071 | Update java.xml module-info |
P4 | JDK-8282280 | Update Xerces2 Java to Version 2.12.2 |