RELEASE NOTES: JDK 8u121

Notes generated: Fri Nov 01 19:45:59 CET 2024

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description
JDK-8173783

Correction of IllegalArgumentException from TLS handshake


A recent issue from the JDK-8148516 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code.

`java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves`

The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.

core-libs/java.io:serialization

Issue Description
JDK-8155760

Serialization Filter Configuration


Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled.

security-libs/javax.xml.crypto

Issue Description
JDK-8151893

Add security property to configure XML Signature secure validation mode


A new security property named jdk.xml.dsig.secureValidationPolicy has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the java.security configuration file is: ` jdk.xml.dsig.secureValidationPolicy=\ disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\ disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\ maxTransforms 5,\ maxReferences 30,\ disallowReferenceUriSchemes file http https,\ noDuplicateIds,\ noRetrievalMethodLoops Please refer to the definition of the property in thejava.security` file for more information.

security-libs/java.security

Issue Description
JDK-8163304

jarsigner -verbose -verify should print the algorithms used to sign the jar


The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example: ` - Signed by "CN=weak_signer" Digest algorithm: MD2 (weak) Signature algorithm: MD2withRSA (weak), 512-bit key (weak) Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key `

FIXED ISSUES

client-libs/2d

Priority Bug Summary
P3 JDK-8058316 lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command
P3 JDK-8170950 Text is displayed in bold when fonts are installed into symlinked folder

client-libs/java.awt

Priority Bug Summary
P3 JDK-8163979 [macosx] Chinese text shows as Latin w/ openVanilla input method
P3 JDK-8075516 Deleting a file from either the open or save java.awt.FileDialog hangs.
P4 JDK-8037099 [macosx] Remove all references to GC from native OBJ-C code

client-libs/javax.accessibility

Priority Bug Summary
P2 JDK-8076249 NPE in AccessBridge while editing JList model
P3 JDK-8076554 [macosx] Custom Swing text components need to allow standard accessibility
P3 JDK-8145207 [macosx] JList, VO can't access non-visible list items
P3 JDK-8165829 Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent
P3 JDK-8171808 Performance problems in dialogs with large tables when JAB activated
P3 JDK-8163733 Uninitialised memory in WinAccessBridge.cpp:1128

client-libs/javax.swing

Priority Bug Summary
P3 JDK-8173145 Menu is activated after using mnemonic Alt/Key combination
P3 JDK-7172652 With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin
P4 JDK-8152981 Double icons with JMenuItem setHorizontalTextPosition on Win 10

core-libs/java.io:serialization

Priority Bug Summary
P2 JDK-8155760 Implement Serialization Filtering
P2 JDK-8166739 Improve extensibility of ObjectInputFilter information passed to the filter

core-libs/java.net

Priority Bug Summary
P3 JDK-8182672 Java 8u121 on Linux intermittently returns null for MAC address

core-libs/java.time

Priority Bug Summary
P2 JDK-8170316 (tz) Support tzdata2016j
P3 JDK-8176044 (tz) Support tzdata2017a

core-libs/javax.naming

Priority Bug Summary
P3 JDK-8169465 Deadlock in com.sun.jndi.ldap.pool.Connections

deploy/deployment_toolkit

Priority Bug Summary
P2 JDK-8158099 Revise java.com image and link paths dtjava.js and deployJava.js

deploy/webstart

Priority Bug Summary
P3 JDK-8141054 WebStart does not clean up jnlp file after closing

hotspot/compiler

Priority Bug Summary
P2 JDK-8038348 Instance field load is replaced by wrong data Phi

hotspot/gc

Priority Bug Summary
P4 JDK-8161993 G1 crashes if active_processor_count changes during startup

hotspot/jvmti

Priority Bug Summary
P3 JDK-8162795 [REDO] MemberNameTable doesn't purge stale entries

hotspot/runtime

Priority Bug Summary
P2 JDK-8165153 Crash in rebuild_cpu_to_node_map
P3 JDK-8170888 [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
P3 JDK-6515172 Runtime.availableProcessors() ignores Linux taskset command
P4 JDK-8147910 Cache initial active_processor_count

install/install

Priority Bug Summary
P2 JDK-8161687 [MSI] [Wrappers] JRE is installed successfully if INSTALLDIR option is set to existing directory and files
P3 JDK-8163171 Java installer leaves cached files on host after update

javafx/build

Priority Bug Summary
P2 JDK-8164177 Update copyright header for files modified in 2016
P3 JDK-8166759 jfxwebkit.dll is missing file detail for 8u112 and 9

javafx/other

Priority Bug Summary
P3 JDK-8164497 Update .hgignore files to ingore .jcheck dir until we actually enable jcheck

other-libs/corba

Priority Bug Summary
P2 JDK-8164908 ReflectionFactory support for IIOP and custom serialization

security-libs/java.security

Priority Bug Summary
P2 JDK-8167591 Add MD5 to signed JAR restrictions
P2 JDK-8163304 jarsigner -verbose -verify should print the algorithms used to sign the jar
P3 JDK-8161571 Verifying ECDSA signatures permits trailing bytes

security-libs/javax.net.ssl

Priority Bug Summary
P1 JDK-8173783 IllegalArgumentException: jdk.tls.namedGroups
P2 JDK-8167459 Add debug output for indicating if a chosen ciphersuite was legacy
P2 JDK-8167472 Chrome interop regression with JDK-8148516
P3 JDK-8170131 Certificates not being blocked by jdk.tls.disabledAlgorithms property

security-libs/javax.smartcardio

Priority Bug Summary
P4 JDK-8059212 Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found

security-libs/javax.xml.crypto

Priority Bug Summary
P2 JDK-8151893 Add security property to configure XML Signature secure validation mode

xml/jax-ws

Priority Bug Summary
P3 JDK-8159058 SAXParseException when sending soap message

xml/jaxp

Priority Bug Summary
P3 JDK-8167179 Make XSL generated namespace prefixes local to transformation process