RELEASE NOTES FOR: 13.0.7

Notes generated: Wed Aug 18 14:08:52 CEST 2021 Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP)

None.

RELEASE NOTES, BY COMPONENT:

security-libs/java.security: JDK-8256902: Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US + alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ``` JDK-8250860: Added 3 SSL Corporation Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + SSL Corporation + sslrootrsaca DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrootevrsaca DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrooteccca DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US ``` JDK-8250756: Added Entrust Root Certification Authority - G4 certificate The following root certificate has been added to the cacerts truststore: ``` + Entrust + entrustrootcag4 DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ``` JDK-8256902: Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US + alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ``` JDK-8250860: Added 3 SSL Corporation Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + SSL Corporation + sslrootrsaca DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrootevrsaca DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrooteccca DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US ``` JDK-8250756: Added Entrust Root Certification Authority - G4 certificate The following root certificate has been added to the cacerts truststore: ``` + Entrust + entrustrootcag4 DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ``` JDK-8256902: Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US + alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ``` JDK-8250860: Added 3 SSL Corporation Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + SSL Corporation + sslrootrsaca DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrootevrsaca DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + sslrooteccca DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US ``` JDK-8250756: Added Entrust Root Certification Authority - G4 certificate The following root certificate has been added to the cacerts truststore: ``` + Entrust + entrustrootcag4 DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ```

ALL FIXED ISSUES, BY COMPONENT AND PRIORITY

client-libs/java.awt: (P3) JDK-7185258: [macOS] Deadlock in SunToolKit.realSync() (P3) JDK-8221823: Requested JDialog width is ignored (P3) JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) (P4) JDK-8257414: Drag n Drop target area is wrong on high DPI systems client-libs/javax.swing: (P2) JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel core-libs/java.lang: (P4) JDK-8253409: Double-rounding possibility in float fma core-libs/java.nio: (P4) JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel core-libs/java.time: (P3) JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a (P4) JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f core-libs/java.util:i18n: (P3) JDK-8242283: Can't start JVM when java home path includes non-ASCII character core-libs/javax.naming: (P4) JDK-8259707: LDAP channel binding does not work with StartTLS extension core-libs/jdk.nashorn: (P3) JDK-8198540: Dynalink leaks memory when generating type converters (P3) JDK-8261483: jdk/dynalink/TypeConverterFactoryMemoryLeakTest.java failed with "AssertionError: Should have GCd a method handle by now" core-svc/tools: (P3) JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code (P4) JDK-8240711: TestJstatdPort.java failed due to "ExportException: Port already in use:" hotspot: (P1) JDK-8263996: Fix build on 13u after JDK-8234779 backport hotspot/compiler: (P2) JDK-8261022: Fix incorrect result of Math.abs() with char type (P2) JDK-8246027: Minimal fastdebug build broken after JDK-8245801 (P3) JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack (P3) JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address() (P3) JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect (P3) JDK-8237950: C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization (P4) JDK-8241458: [JVMCI] add mark value to expose CodeOffsets::Frame_Complete (P4) JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic (P4) JDK-8234541: C1 emits an empty message when it inlines successfully (P4) JDK-8245801: StressRecompilation triggers assert "redundunt OSR recompilation detected. memory leak in CodeCache!" (P4) JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark (P5) JDK-8260308: Update LogCompilation junit to 4.13.1 hotspot/gc: (P2) JDK-8234662: Sweeper should keep current nmethod alive before yielding for ICStub refills (P3) JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME hotspot/jfr: (P2) JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant (P2) JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent (P3) JDK-8239497: SEGV in EdgeUtils::field_name_symbol(Edge const&) hotspot/jvmti: (P2) JDK-8235829: graal crashes with Zombie.java test (P3) JDK-8216324: GetClassMethods is confused by the presence of default methods in super interfaces hotspot/runtime: (P3) JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines (P3) JDK-8234058: runtime/CompressedOops/CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr (P3) JDK-8227275: Within native OOM error handling, assertions may hang the process (P4) JDK-8250911: [windows] os::pd_map_memory error detection broken (P4) JDK-8240295: hs_err elapsed time in seconds is not accurate enough (P4) JDK-8234779: Provide idiom for declaring classes noncopyable (P4) JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities hotspot/svc-agent: (P3) JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE infrastructure/build: (P3) JDK-8233880: Support compilers with multi-digit major version numbers (P4) JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags security-libs/java.security: (P3) JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program (P3) JDK-8243320: Add SSL root certificates to Oracle Root CA program (P3) JDK-8243559: Remove root certificates with 1024-bit keys (P4) JDK-8249176: jdk jtreg test security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java fails security-libs/javax.net.ssl: (P3) JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java tools/javap: (P4) JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file tools/jshell: (P3) JDK-8241598: Upgrade JLine to 3.14.0 (P3) JDK-8242030: Wrong package declarations in jline classes after JDK-8241598 (P4) JDK-8229815: Upgrade Jline to 3.12.1