RELEASE NOTES FOR: 8u161
====================================================================================================

Notes generated: Mon Apr 01 16:47:50 CEST 2024

Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP):

  None.

RELEASE NOTES:

security-libs/javax.net.ssl:

    JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS

      The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a
      server cannot process the `supported_groups` TLS extension or the named groups in the
      extension, applications can either customize the supported group names with
      `jdk.tls.namedGroups`, or turn off the FFDHE mechanisms by setting the System Property
      `jsse.enableFFDHE` to `false`.

    JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS

      The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919.  If
      a server cannot process the `supported_groups` TLS extension or the named groups in the
      extension, applications can either customize the supported group names with
      `jdk.tls.namedGroups`, or turn off the FFDHE mechanisms by setting the System Property
      `jsse.enableFFDHE` to `false`.

security-libs/javax.crypto:

    JDK-8170157: Unlimited cryptography enabled by default

      The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure
      cryptographic algorithm restrictions.  Previously, the Policy files in the JDK placed limits
      on various algorithms. This release ships with both the limited and unlimited jurisdiction
      policy files, with unlimited being the default. The behavior can be controlled via the new
      `crypto.policy` Security property found in the `<java-home>/lib/java.security` file. Refer to
      that file for more information on this property.

    JDK-8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits

      Enhance the JDK security providers to support 3072-bit DiffieHellman and DSA parameters
      generation, pre-computed DiffieHellman parameters up to 8192 bits and pre-computed DSA
      parameters up to 3072 bits.


ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:

client-libs/javax.swing:
  (P3) JDK-8184016: Text in native popup is not always updated with Sogou IME

core-libs/java.net:
  (P4) JDK-8168405: Pending exceptions in java.base/windows/native/libnet
  (P4) JDK-8177144: sun/net/www/http/HttpClient/B8025710.java should run in ovm mode

core-libs/java.rmi:
  (P3) JDK-8186539: [testlibrary] TestSocketFactory should allow triggers before match/replace
  (P4) JDK-8185719: [testlibrary] rmi TestSocketFactory does not flush

core-libs/java.util:i18n:
  (P2) JDK-8183841: [JCP] [Mac]Cannot launch JCP on Mac os with language set to "Chinese, Simplified" while region is not China

core-libs/javax.naming:
  (P4) JDK-8035105: DNS provider cleanups

deploy/webstart:
  (P3) JDK-8189085: 64 bit java install not setting jnlp associate if lower 32bit versions exist

docs:
  (P2) JDK-8191601: Update copyright date to 2018 for developer guides

docs/guides:
  (P3) JDK-8190932: Sun Provider's PKCS12 KeyStore should document that KeyBag type is not supported 
  (P4) JDK-8133774: typo "Collectdions" in page title of collections framework documentation

infrastructure:
  (P2) JDK-8187993: [CPU17_04] Need to update securitypack.jar with baseline.versions file having jdk9 entry

javafx/build:
  (P3) JDK-8185138: Build hangs and fills up disk on Windows with VS 2013 or 2010

security-libs:
  (P3) JDK-8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java failed with timeout

security-libs/java.security:
  (P2) JDK-8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers
  (P3) JDK-8178728: Check the AlgorithmParameters in algorithm constraints
  (P3) JDK-8191137: keytool fails to format resource strings for keys for some languages after JDK-8171319
  (P3) JDK-8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java timeouts intermittently

security-libs/javax.crypto:
  (P2) JDK-8170157: Enable unlimited cryptographic policy by default in Oracle JDK builds
  (P2) JDK-8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
  (P3) JDK-8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
  (P4) JDK-8190449: [TEST_BUG] sun/security/pkcs11/KeyPairGenerator/TestDH2048.java fails on Solaris x64 5.10

security-libs/javax.net.ssl:
  (P3) JDK-8193683: Increase the number of clones in the CloneableDigest
  (P3) JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
  (P4) JDK-8181439: Test the jdk.tls.namedGroups System Property
  (P4) JDK-8156502: Use short name of SupportedEllipticCurvesExtension.java

security-libs/jdk.security:
  (P3) JDK-8185628: Backport jdk/test/lib/testlibrary/CompilerUtils.java to jdk8u which is helpful in test development

xml/jaxb:
  (P3) JDK-8159240: XSOM parser incorrectly processes type names with whitespaces