RELEASE NOTES FOR: 21.0.10 ==================================================================================================== Notes generated: Thu Sep 18 08:07:50 CEST 2025 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8245545: Disabled TLS_RSA Cipher Suites The TLS_RSA cipher suites have been disabled by default, by adding "TLS_RSA_*" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLS_RSA cipher suites do not preserve forward-secrecy and are not commonly used. Some TLS_RSA cipher suites are already disabled because they use DES, 3DES, RC4, or NULL, which are disabled. This action disables all remaining TLS_RSA cipher suites. Any attempts to use cipher suites starting with "TLS_RSA_" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "TLS_RSA_*" from the `jdk.tls.disabledAlgorithms` security property. The following previously enabled cipher suites are now disabled: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA JDK-8340321: Disabled SHA-1 in TLS 1.2 and DTLS 1.2 Handshake Signatures The SHA-1 algorithm has been disabled by default in TLS 1.2 and DTLS 1.2 handshake signatures, by adding `"rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature"` to the `jdk.tls.disabledAlgorithms` security property in the `java.security` config file. RFC 9155 deprecates the use of SHA-1 in TLS 1.2 and DTLS 1.2 digital signatures. Users can, at their own risk, re-enable the SHA-1 algorithm in TLS 1.2 and DTLS 1.2 handshake signatures by removing `"rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature"` from the `jdk.tls.disabledAlgorithms` security property. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P3) JDK-8347377: Add validation checks for ICC_Profile header fields (P3) JDK-8361748: Enforce limits on the size of an XBM image (P5) JDK-8318850: Duplicate code in the LCMSImageLayout client-libs/java.awt: (P3) JDK-8324491: Keyboard layout didn't keep its state if it was changed when dialog was active (P4) JDK-8354106: Clean up and open source KeyEvent related tests (Part 2) (P4) JDK-8354472: Clean up and open source KeyEvent related tests (Part 3) (P4) JDK-8354653: Clean up and open source KeyEvent related tests (Part 4) (P4) JDK-8328124: Convert java/awt/Frame/ShownOnPack/ShownOnPack.html applet test to main (P4) JDK-8328562: Convert java/awt/InputMethods/DiacriticsTest/DiacriticsTest.java applet test to main (P4) JDK-8354495: Open source several AWT DataTransfer tests (P4) JDK-8340015: Open source several AWT focus tests - series 7 (P4) JDK-8359687: Use PassFailJFrame for java/awt/print/Dialog/DialogType.java client-libs/javax.sound: (P3) JDK-8350813: Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError client-libs/javax.swing: (P3) JDK-8140527: JInternalFrame has incorrect title button width (P3) JDK-8210807: Printing a JTable with a JScrollPane prints table without rows populated (P3) JDK-8322135: Printing JTable in Windows L&F throws InternalError: HTHEME is null (P4) JDK-8322140: javax/swing/JTable/JTableScrollPrintTest.java does not print the rows and columns of the table in Nimbus and Aqua LookAndFeel (P4) JDK-8354873: javax/swing/plaf/metal/MetalIconFactory/bug4952462.java failing on CI (P4) JDK-8139392: JInternalFrame has incorrect padding (P4) JDK-8353589: Open source a few Swing menu-related tests (P4) JDK-8354552: Open source a few Swing tests (P4) JDK-8354532: Open source JFileChooser Tests - Set 7 (P4) JDK-8353309: Open source several Swing text tests (P4) JDK-8353011: Open source Swing JButton tests - Set 1 (P4) JDK-8353319: Open source Swing tests - Set 3 (P4) JDK-8353486: Open source Swing Tests - Set 4 (P4) JDK-8354340: Open source Swing Tests - Set 6 (P4) JDK-8354214: Open source Swing tests Batch 2 (P4) JDK-8354418: Open source Swing tests Batch 4 (P4) JDK-8353201: Open source Swing Tooltip tests - Set 2 (P4) JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again (P5) JDK-8359418: Test "javax/swing/text/GlyphView/bug4188841.java" failed because the phrase of text pane does not match the instructions core-libs/java.io: (P4) JDK-8355444: [java.io] Use @requires tag instead of exiting based on "os.name" property value (P4) JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test (P4) JDK-8355558: SJIS.java test is always ignored (P4) JDK-8359182: Use @requires instead of SkippedException for MaxPath.java core-libs/java.lang: (P4) JDK-8352533: Report useful IOExceptions when jspawnhelper fails core-libs/java.lang.invoke: (P3) JDK-8199149: Improve the exception message thrown by VarHandle of unsupported operation core-libs/java.net: (P4) JDK-8353013: java.net.URI.create(String) may have low performance to scan the host/domain name from URI string when the hostname starts with number (P4) JDK-8349705: java.net.URI.scanIPv4Address throws unnecessary URISyntaxException (P4) JDK-8338740: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes (P4) JDK-8364786: Test java/net/vthread/HttpALot.java intermittently fails - 24999 handled, expected 25000 core-libs/java.nio: (P3) JDK-8358764: (sc) SocketChannel.close when thread blocked in read causes connection to be reset (win) core-libs/java.text: (P4) JDK-8353585: Provide ChoiceFormat#parse(String, ParsePosition) tests core-libs/java.util: (P4) JDK-8351567: Jar Manifest test ValueUtf8Coding produces misleading diagnostic output core-libs/java.util.jar: (P4) JDK-8204868: java/util/zip/ZipFile/TestCleaner.java still fails with "cleaner failed to clean zipfile." core-libs/java.util:i18n: (P4) JDK-8356040: java/util/PluggableLocale/LocaleNameProviderTest.java timed out core-svc/debugger: (P4) JDK-8355773: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee core-svc/tools: (P4) JDK-8318730: MonitorVmStartTerminate.java still times out after JDK-8209595 docs/hotspot: (P5) JDK-8325731: Installation instructions for Debian/Ubuntu don't mention autoconf hotspot/compiler: (P4) JDK-8325647: [IR framework] Only prints stdout if exitCode is 134 (P4) JDK-8216437: PPC64: Add intrinsic for GHASH algorithm hotspot/gc: (P4) JDK-8367372: Test `test/hotspot/jtreg/gc/TestObjectAlignmentCardSize.java` fails on 32 bit systems hotspot/jvmti: (P4) JDK-8311076: RedefineClasses doesn't check for ConstantPool overflow hotspot/runtime: (P2) JDK-8361754: New test runtime/jni/checked/TestCharArrayReleasing.java can cause disk full errors (P3) JDK-8361447: [REDO] Checked version of JNI ReleaseArrayElements needs to filter out known wrapped arrays (P3) JDK-8331231: containers/docker/TestContainerInfo.java fails (P3) JDK-8364235: Fix for JDK-8361447 breaks the alignment requirements for GuardedMemory (P3) JDK-8290043: serviceability/attach/ConcAttachTest.java failed "guarantee(!CheckJNICalls) failed: Attached JNI thread exited without being detached" (P4) JDK-8347143: [aix] Fix strdup use in os::dll_load (P4) JDK-8334217: [AIX] Misleading error messages after JDK-8320005 (P4) JDK-8320836: jtreg gtest runs should limit heap size (P4) JDK-8364198: NMT should have a better corruption message (P4) JDK-8348402: PerfDataManager stalls shutdown for 1ms (P4) JDK-8359207: Remove runtime/signal/TestSigusr2.java since it is always skipped (P4) JDK-8348240: Remove SystemDictionaryShared::lookup_super_for_unregistered_class() (P4) JDK-8341138: Rename jtreg property docker.support as container.support (P4) JDK-8347434: Richer VM operations events logging hotspot/test: (P4) JDK-8338428: Add logging of final VM flags while setting properties (P4) JDK-8366558: Gtests leave /tmp/cgroups-test* files (P4) JDK-8360478: libjsig related tier3 jtreg tests fail when asan is configured (P4) JDK-8356187: TestJcmd.java may incorrectly parse podman version infrastructure: (P4) JDK-8366231: Bump update version for OpenJDK: jdk-21.0.10 infrastructure/build: (P4) JDK-8201183: sjavac build failures: "Connection attempt failed: Connection refused" other-libs: (P4) JDK-8364597: Replace THL A29 Limited with Tencent performance/libraries: (P4) JDK-8346142: [perf] scalability issue for the specjvm2008::xml.validation workload security-libs/java.security: (P4) JDK-8219408: Tests should handle ${} in the view of jtreg "smart action" security-libs/javax.crypto:pkcs11: (P4) JDK-8230016: re-visit test sun/security/pkcs11/Serialize/SerializeProvider.java security-libs/javax.net.ssl: (P2) JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (P3) JDK-8245545: Disable TLS_RSA cipher suites (P4) JDK-8277424: javax/net/ssl/TLSCommon/TLSTest.java fails with connection refused security-libs/jdk.security: (P5) JDK-8337723: Remove redundant tests from com/sun/security/sasl/gsskerb