RELEASE NOTES: JDK 15.0.10

Notes generated: Tue Dec 03 04:38:28 CET 2024

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description

Issue	Description
JDK-8253368	Behavior changes for SSLSocket input stream shut down The SunJSSE close notification checks for `SSLSocket` have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. If an application tries to close the input stream of an `SSLSocket` (via `shutdownInput()` method) without having received a close notification message from its peer, the `SSLSocket` will no longer: trigger the transmission of a TLS fatal-level alert to the peer, and invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. A fatal-level alert will no longer be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLSocket` will also now be closed. Previously, this step didn't occur if a fatal message was generated.
JDK-8273553	Change in SSLEngine.closeInbound() Behavior The SunJSSE close notification checks for `SSLEngine` to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also JDK-8253368. Specifically, if an application tries to close its `SSLEngine` inbound side using `SSLEngine.closeInbound()` without having received a close notification message from its peer, the `SSLEngine` will no longer: trigger the transmission of a TLS fatal-level alert to the peer, and invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLEngine` will also now be closed. This may result in a different `SSLEngineResult.HandshakeStatus` value on the `SSLEngine`. Any outstanding outbound data must still be obtained (`SSLEngine.wrap()`) and sent in order to gracefully close the connection.

Behavior changes for SSLSocket input stream shut down

The SunJSSE close notification checks for SSLSocket have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs.

If an application tries to close the input stream of an SSLSocket (via shutdownInput() method) without having received a close notification message from its peer, the SSLSocket will no longer:

trigger the transmission of a TLS fatal-level alert to the peer, and
invalidate the current TLS session.

The new behavior will still consider this condition an error and will throw a local javax.net.ssl.SSLException. A fatal-level alert will no longer be sent to the peer, and the underlying session will remain valid.

In addition, the internal transport context for the SSLSocket will also now be closed. Previously, this step didn't occur if a fatal message was generated.

JDK-8273553

Change in SSLEngine.closeInbound() Behavior

The SunJSSE close notification checks for SSLEngine to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also JDK-8253368.

Specifically, if an application tries to close its SSLEngine inbound side using SSLEngine.closeInbound() without having received a close notification message from its peer, the SSLEngine will no longer:

trigger the transmission of a TLS fatal-level alert to the peer, and
invalidate the current TLS session.

The new behavior will still consider this condition an error and will throw a local javax.net.ssl.SSLException. But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid.

In addition, the internal transport context for the SSLEngine will also now be closed. This may result in a different SSLEngineResult.HandshakeStatus value on the SSLEngine. Any outstanding outbound data must still be obtained (SSLEngine.wrap()) and sent in order to gracefully close the connection.

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P3	JDK-8293672	Update freetype md file

client-libs/java.awt

Priority	Bug	Summary
P3	JDK-8296957	One more cast in SAFE_SIZE_NEW_ARRAY2
P3	JDK-8296496	Overzealous check in sizecalc.h prevents large memory allocation
P4	JDK-8295554	Move the "sizecalc.h" to the correct location

client-libs/javax.accessibility

Priority	Bug	Summary
P3	JDK-8284690	[macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox

client-libs/javax.imageio

Priority	Bug	Summary
P4	JDK-8266171	-Warray-bounds happens in imageioJPEG.c
P4	JDK-8266174	-Wmisleading-indentation happens in libmlib_image sources

core-libs

Priority	Bug	Summary
P4	JDK-8283059	Uninitialized warning in check_code.c with GCC 11.2

core-libs/java.lang

Priority	Bug	Summary
P4	JDK-8297530	java.lang.IllegalArgumentException: Negative length on strings concatenation

core-libs/java.text

Priority	Bug	Summary
P3	JDK-8299439	java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR

core-libs/java.time

Priority	Bug	Summary
P3	JDK-8294357	(tz) Update Timezone Data to 2022d
P3	JDK-8295173	(tz) Update Timezone Data to 2022e
P3	JDK-8296108	(tz) Update Timezone Data to 2022f
P3	JDK-8297804	(tz) Update Timezone Data to 2022g

core-libs/java.util.jar

Priority	Bug	Summary
P4	JDK-8295530	Update Zlib Data Compression Library to Version 1.2.13

core-libs/java.util:i18n

Priority	Bug	Summary
P3	JDK-8296715	CLDR v42 update for tzdata 2022f
P3	JDK-8294307	ISO 4217 Amendment 173 Update
P3	JDK-8296239	ISO 4217 Amendment 174 Update
P4	JDK-8261279	sun/util/resources/cldr/TimeZoneNamesTest.java timed out
P4	JDK-8267038	Update IANA Language Subtag Registry to Version 2022-03-02
P4	JDK-8287180	Update IANA Language Subtag Registry to Version 2022-08-08

hotspot/compiler

Priority	Bug	Summary
P1	JDK-8297027	Fix broken aarch64 build of 13u/15u after bad backport of 8293044
P2	JDK-8292158	AES-CTR cipher state corruption with AVX-512
P2	JDK-8293044	C1: Missing access check on non-accessible class
P3	JDK-8293816	CI: ciBytecodeStream::get_klass() is not consistent
P3	JDK-8290451	Incorrect result when switching to C2 OSR compilation from C1

infrastructure

Priority	Bug	Summary
P4	JDK-8293987	Bump update version for OpenJDK: jdk-15.0.10

infrastructure/build

Priority	Bug	Summary
P3	JDK-8295211	Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals"
P4	JDK-8283323	libharfbuzz optimization level results in extreme build times

security-libs/java.security

Priority	Bug	Summary
P3	JDK-8296480	java/security/cert/pkix/policyChanges/TestPolicy.java is failing

security-libs/javax.net.ssl

Priority	Bug	Summary
P3	JDK-8270344	Session resumption errors
P3	JDK-8273553	sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
P3	JDK-8253368	TLS connection always receives close_notify exception
P4	JDK-8277881	Missing SessionID in TLS1.3 resumption in compatibility mode

security-libs/org.ietf.jgss:krb5

Priority	Bug	Summary
P4	JDK-8273894	ConcurrentModificationException raised every time ReferralsCache drops referral

tools

Priority	Bug	Summary
P3	JDK-8293701	jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present

xml/org.w3c.dom

Priority	Bug	Summary
P3	JDK-8287076	Document.normalizeDocument() produces different results