RELEASE NOTES FOR: 13.0.9
====================================================================================================

Notes generated: Tue Apr 02 19:31:25 CEST 2024

Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP):

  None.

RELEASE NOTES:

security-libs/javax.net.ssl:

    JDK-8254631: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values

      Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is
      due to the choice of Strings as the API interface and the undocumented internal use of the
      UTF-8 Character Set which converts characters larger than U+00007F (7-bit ASCII) into
      multi-byte arrays that may not be expected by a peer.
      
      ALPN values are now represented using the network byte representation expected by the peer,
      which should require no modification for standard 7-bit ASCII-based character Strings. 
      However, SunJSSE now encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 characters.
      This means applications that used characters above U+000007F that were previously encoded
      using UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java
      security property *`jdk.tls.alpnCharset`* to "UTF-8" revert the behavior.

    JDK-8254631: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values

      Certain TLS ALPN values couldn't be properly read or written by the SunJSSE provider. This is
      due to the choice of Strings as the API interface and the undocumented internal use of the
      UTF-8 character set which converts characters larger than U+00007F (7-bit ASCII) into
      multi-byte arrays that may not be expected by a peer.
      
      SunJSSE now encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 characters. This
      means applications that used characters above U+000007F that were previously encoded using
      UTF-8 may need to either be modified to perform the UTF-8 conversion, or set the Java security
      property *`jdk.tls.alpnCharset`* to "UTF-8" revert the behavior.
      
      See the updated guide at
      https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html for more
      information.  

    JDK-8206925: Support for certificate_authorities Extension

      The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is
      used to indicate the certificate authorities (CAs) that an endpoint supports and should be
      used by the receiving endpoint to guide certificate selection.
      
      With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in
      both the client and the server sides.  This extension is always present for client certificate
      selection, while it is optional for server certificate selection.
      
      Applications can enable this extension for server certificate selection by setting the
      `jdk.tls.client.enableCAExtension` system property to `true`.  The default value of the
      property is `false`.
      
      Note that if the client trusts more CAs than the size limit of the extension (less than 2^16
      bytes), the extension is not enabled.  Also, some server implementations do not allow
      handshake messages to exceed 2^14 bytes.  Consequently, there may be interoperability issues
      when `jdk.tls.client.enableCAExtension` is set to `true` and the client trusts more CAs than
      the server implementation limit.

security-libs/java.security:

    JDK-8172404: Tools Warn If Weak Algorithms Are Used

      The `keytool` and `jarsigner` tools have been updated to warn users when weak cryptographic
      algorithms are used in keys, certificates, and signed JARs before they are disabled. The weak
      algorithms are set in the `jdk.security.legacyAlgorithms` security property in the
      `java.security` configuration file. In this release, the tools issue warnings for the SHA-1
      hash algorithm and 1024-bit RSA/DSA keys.


ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:

client-libs:
  (P4) JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal

client-libs/2d:
  (P3) JDK-8262392: Update Mesa 3-D Headers to version 21.0.3

client-libs/java.awt:
  (P2) JDK-8272602: [macOS] not all KEY_PRESSED events sent when control modifier is used
  (P3) JDK-8270216: [macOS] Update named used for Java run loop mode

client-libs/javax.accessibility:
  (P3) JDK-8268775: Password is being converted to String in AccessibleJPasswordField

client-libs/javax.sound:
  (P4) JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5

client-libs/javax.swing:
  (P3) JDK-8258373: Update the text handling in the JPasswordField

core-libs:
  (P4) JDK-8257620: Do not use objc_msgSend_stret to get macOS version

core-libs/java.net:
  (P4) JDK-8254967: com.sun.net.HttpsServer spins on TLS session close

hotspot/compiler:
  (P2) JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors
  (P2) JDK-8226871: invalid use of incomplete type class MacroAssembler when building minimal after JDK-8191278
  (P2) JDK-8191278: MappedByteBuffer bulk access memory failures are not handled gracefully
  (P2) JDK-8226878: zero crashes after JDK-8191278
  (P4) JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
  (P4) JDK-8229254: solaris_x64 build fails after JDK-8191278

hotspot/gc:
  (P2) JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
  (P2) JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
  (P2) JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end

hotspot/jvmti:
  (P4) JDK-8253899: Make IsClassUnloadingEnabled signature match specification

hotspot/runtime:
  (P3) JDK-8268635: Corrupt oop in ClassLoaderData
  (P3) JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status

hotspot/svc-agent:
  (P4) JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled

infrastructure:
  (P4) JDK-8269390: Bump update version for OpenJDK: jdk-13.0.9

infrastructure/build:
  (P4) JDK-8261109: [macOS] Remove disabled warning for JNF in make/autoconf/flags-cflags.m4

security-libs/java.security:
  (P3) JDK-8172404: Tools should warn if weak algorithms are used before restricting them

security-libs/javax.net.ssl:
  (P3) JDK-8254631: Better support ALPN byte wire values in SunJSSE
  (P3) JDK-8206925: Support the certificate_authorities extension 
  (P3) JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
  (P4) JDK-8270317: Large Allocation in CipherSuite
  (P4) JDK-8215712: Parsing extension failure may alert decode_error

security-libs/jdk.security:
  (P4) JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one