Notes generated: Wed May 01 13:23:30 CEST 2024





Issue Description

Correction of IllegalArgumentException from TLS handshake

A recent issue from the JDK-8148516 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code.

`java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves`

The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.


Issue Description

Serialization Filter Configuration

Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/ Filter actions are logged to the '' logger, if enabled.


Issue Description

Add security property to configure XML Signature secure validation mode

A new security property named jdk.xml.dsig.secureValidationPolicy has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the configuration file is: ` jdk.xml.dsig.secureValidationPolicy=\ disallowAlg,\ disallowAlg,\ disallowAlg,\ disallowAlg,\ maxTransforms 5,\ maxReferences 30,\ disallowReferenceUriSchemes file http https,\ noDuplicateIds,\ noRetrievalMethodLoops Please refer to the definition of the property in` file for more information.


Issue Description

jarsigner -verbose -verify should print the algorithms used to sign the jar

The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example: ` - Signed by "CN=weak_signer" Digest algorithm: MD2 (weak) Signature algorithm: MD2withRSA (weak), 512-bit key (weak) Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key `



Priority Bug Summary
P3 JDK-8058316 lookupDefaultPrintService returns null on Solaris 11 when default printer is set using lpoptions command
P3 JDK-8170950 Text is displayed in bold when fonts are installed into symlinked folder


Priority Bug Summary
P3 JDK-8163979 [macosx] Chinese text shows as Latin w/ openVanilla input method
P3 JDK-8075516 Deleting a file from either the open or save java.awt.FileDialog hangs.
P4 JDK-8037099 [macosx] Remove all references to GC from native OBJ-C code


Priority Bug Summary
P2 JDK-8076249 NPE in AccessBridge while editing JList model
P3 JDK-8076554 [macosx] Custom Swing text components need to allow standard accessibility
P3 JDK-8145207 [macosx] JList, VO can't access non-visible list items
P3 JDK-8165829 Android Studio 2.x crashes with NPE at sun.lwawt.macosx.CAccessibility.getAccessibleIndexInParent
P3 JDK-8171808 Performance problems in dialogs with large tables when JAB activated
P3 JDK-8163733 Uninitialised memory in WinAccessBridge.cpp:1128


Priority Bug Summary
P3 JDK-8173145 Menu is activated after using mnemonic Alt/Key combination
P3 JDK-7172652 With JDK 1.7 text field does not obtain focus when using mnemonic Alt/Key combin
P4 JDK-8152981 Double icons with JMenuItem setHorizontalTextPosition on Win 10


Priority Bug Summary
P2 JDK-8155760 Implement Serialization Filtering
P2 JDK-8166739 Improve extensibility of ObjectInputFilter information passed to the filter


Priority Bug Summary
P3 JDK-8182672 Java 8u121 on Linux intermittently returns null for MAC address


Priority Bug Summary
P2 JDK-8170316 (tz) Support tzdata2016j
P3 JDK-8176044 (tz) Support tzdata2017a


Priority Bug Summary
P3 JDK-8169465 Deadlock in com.sun.jndi.ldap.pool.Connections


Priority Bug Summary
P2 JDK-8158099 Revise image and link paths dtjava.js and deployJava.js


Priority Bug Summary
P3 JDK-8141054 WebStart does not clean up jnlp file after closing


Priority Bug Summary
P2 JDK-8038348 Instance field load is replaced by wrong data Phi


Priority Bug Summary
P4 JDK-8161993 G1 crashes if active_processor_count changes during startup


Priority Bug Summary
P3 JDK-8162795 [REDO] MemberNameTable doesn't purge stale entries


Priority Bug Summary
P2 JDK-8165153 Crash in rebuild_cpu_to_node_map
P3 JDK-8170888 [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
P3 JDK-6515172 Runtime.availableProcessors() ignores Linux taskset command
P4 JDK-8147910 Cache initial active_processor_count


Priority Bug Summary
P2 JDK-8161687 [MSI] [Wrappers] JRE is installed successfully if INSTALLDIR option is set to existing directory and files
P3 JDK-8163171 Java installer leaves cached files on host after update


Priority Bug Summary
P2 JDK-8164177 Update copyright header for files modified in 2016
P3 JDK-8166759 jfxwebkit.dll is missing file detail for 8u112 and 9


Priority Bug Summary
P3 JDK-8164497 Update .hgignore files to ingore .jcheck dir until we actually enable jcheck


Priority Bug Summary
P2 JDK-8164908 ReflectionFactory support for IIOP and custom serialization


Priority Bug Summary
P2 JDK-8167591 Add MD5 to signed JAR restrictions
P2 JDK-8163304 jarsigner -verbose -verify should print the algorithms used to sign the jar
P3 JDK-8161571 Verifying ECDSA signatures permits trailing bytes


Priority Bug Summary
P1 JDK-8173783 IllegalArgumentException: jdk.tls.namedGroups
P2 JDK-8167459 Add debug output for indicating if a chosen ciphersuite was legacy
P2 JDK-8167472 Chrome interop regression with JDK-8148516
P3 JDK-8170131 Certificates not being blocked by jdk.tls.disabledAlgorithms property


Priority Bug Summary
P4 JDK-8059212 Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found


Priority Bug Summary
P2 JDK-8151893 Add security property to configure XML Signature secure validation mode


Priority Bug Summary
P3 JDK-8159058 SAXParseException when sending soap message


Priority Bug Summary
P3 JDK-8167179 Make XSL generated namespace prefixes local to transformation process