RELEASE NOTES FOR: 8u161 ==================================================================================================== Notes generated: Tue Oct 01 18:39:45 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the `supported_groups` TLS extension or the named groups in the extension, applications can either customize the supported group names with `jdk.tls.namedGroups`, or turn off the FFDHE mechanisms by setting the System Property `jsse.enableFFDHE` to `false`. JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS The JDK SunJSSE implementation now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the `supported_groups` TLS extension or the named groups in the extension, applications can either customize the supported group names with `jdk.tls.namedGroups`, or turn off the FFDHE mechanisms by setting the System Property `jsse.enableFFDHE` to `false`. security-libs/javax.crypto: JDK-8170157: Unlimited cryptography enabled by default The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure cryptographic algorithm restrictions. Previously, the Policy files in the JDK placed limits on various algorithms. This release ships with both the limited and unlimited jurisdiction policy files, with unlimited being the default. The behavior can be controlled via the new `crypto.policy` Security property found in the `/lib/java.security` file. Refer to that file for more information on this property. JDK-8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits Enhance the JDK security providers to support 3072-bit DiffieHellman and DSA parameters generation, pre-computed DiffieHellman parameters up to 8192 bits and pre-computed DSA parameters up to 3072 bits. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/javax.swing: (P3) JDK-8184016: Text in native popup is not always updated with Sogou IME core-libs/java.net: (P4) JDK-8168405: Pending exceptions in java.base/windows/native/libnet (P4) JDK-8177144: sun/net/www/http/HttpClient/B8025710.java should run in ovm mode core-libs/java.rmi: (P3) JDK-8186539: [testlibrary] TestSocketFactory should allow triggers before match/replace (P4) JDK-8185719: [testlibrary] rmi TestSocketFactory does not flush core-libs/java.util:i18n: (P2) JDK-8183841: [JCP] [Mac]Cannot launch JCP on Mac os with language set to "Chinese, Simplified" while region is not China core-libs/javax.naming: (P4) JDK-8035105: DNS provider cleanups deploy/webstart: (P3) JDK-8189085: 64 bit java install not setting jnlp associate if lower 32bit versions exist docs: (P2) JDK-8191601: Update copyright date to 2018 for developer guides docs/guides: (P3) JDK-8190932: Sun Provider's PKCS12 KeyStore should document that KeyBag type is not supported (P4) JDK-8133774: typo "Collectdions" in page title of collections framework documentation infrastructure: (P2) JDK-8187993: [CPU17_04] Need to update securitypack.jar with baseline.versions file having jdk9 entry javafx/build: (P3) JDK-8185138: Build hangs and fills up disk on Windows with VS 2013 or 2010 security-libs: (P3) JDK-8158116: com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java failed with timeout security-libs/java.security: (P2) JDK-8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers (P3) JDK-8178728: Check the AlgorithmParameters in algorithm constraints (P3) JDK-8191137: keytool fails to format resource strings for keys for some languages after JDK-8171319 (P3) JDK-8137255: sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java timeouts intermittently security-libs/javax.crypto: (P2) JDK-8170157: Enable unlimited cryptographic policy by default in Oracle JDK builds (P2) JDK-8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits (P3) JDK-8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy (P4) JDK-8190449: [TEST_BUG] sun/security/pkcs11/KeyPairGenerator/TestDH2048.java fails on Solaris x64 5.10 security-libs/javax.net.ssl: (P3) JDK-8193683: Increase the number of clones in the CloneableDigest (P3) JDK-8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS (P4) JDK-8181439: Test the jdk.tls.namedGroups System Property (P4) JDK-8156502: Use short name of SupportedEllipticCurvesExtension.java security-libs/jdk.security: (P3) JDK-8185628: Backport jdk/test/lib/testlibrary/CompilerUtils.java to jdk8u which is helpful in test development xml/jaxb: (P3) JDK-8159240: XSOM parser incorrectly processes type names with whitespaces