RELEASE NOTES: JDK 8u162

Notes generated: Sun Dec 01 18:04:34 CET 2024

JEPs

None.

RELEASE NOTES

core-libs/java.util.jar

Issue	Description
JDK-8189789	Decode error with Tomcat version 7.x The zlib version shipped in the 8u151, 7u161 JDK releases was updated to zlib v1.2.11. The deflate functionality in this version causes a compatibility issue with Tomcat v7.x. Server responses can appear as corrupt or can fail to be decoded. The issue is seen if Tomcat is using compression (e.g. compression="on" in server.xml). This issue is being fixed via JDK-8189789 [https://bugs.openjdk.java.net/browse/JDK-8189789]. Users could disable the compression mode on their Tomcat servers as a workaround. Tomcat versions 8.x and later don't appear to be affected.

Issue

Description

JDK-8189789

Decode error with Tomcat version 7.x

The zlib version shipped in the 8u151, 7u161 JDK releases was updated to zlib v1.2.11. The deflate functionality in this version causes a compatibility issue with Tomcat v7.x. Server responses can appear as corrupt or can fail to be decoded. The issue is seen if Tomcat is using compression (e.g. compression="on" in server.xml). This issue is being fixed via JDK-8189789 [https://bugs.openjdk.java.net/browse/JDK-8189789].

Users could disable the compression mode on their Tomcat servers as a workaround. Tomcat versions 8.x and later don't appear to be affected.

security-libs/javax.net.ssl

Issue Description

Issue	Description
JDK-8148421	TLS Session Hash and Extended Master Secret Extension Support Support has been added for the TLS session hash and extended master secret extension (RFC 7627) in JDK JSSE provider. Note that in general, a server certificate change is restricted if endpoint identification is not enabled and the previous handshake is a session-resumption abbreviated initial handshake, unless the identities represented by both certificates can be regarded as the same. However, if the extension is enabled or negotiated, the server certificate changing restriction is not necessary and will be discarded accordingly. In case of compatibility issues, an application may disable negotiation of this extension by setting the System Property `jdk.tls.useExtendedMasterSecret` to `false` in the JDK. By setting the System Property `jdk.tls.allowLegacyResumption` to `false`, an application can reject abbreviated handshaking when the session hash and extended master secret extension are not negotiated. By setting the System Property `jdk.tls.allowLegacyMasterSecret` to `false`, an application can reject connections that do not support the session hash and extended master secret extension.
JDK-8163237	Disable exportable cipher suites To improve the strength of SSL/TLS connections, exportable cipher suites have been disabled in SSL/TLS connections in the JDK by the `jdk.tls.disabledAlgorithms` Security Property.

JDK-8148421

TLS Session Hash and Extended Master Secret Extension Support

Support has been added for the TLS session hash and extended master secret extension (RFC 7627) in JDK JSSE provider. Note that in general, a server certificate change is restricted if endpoint identification is not enabled and the previous handshake is a session-resumption abbreviated initial handshake, unless the identities represented by both certificates can be regarded as the same. However, if the extension is enabled or negotiated, the server certificate changing restriction is not necessary and will be discarded accordingly. In case of compatibility issues, an application may disable negotiation of this extension by setting the System Property jdk.tls.useExtendedMasterSecret to false in the JDK. By setting the System Property jdk.tls.allowLegacyResumption to false, an application can reject abbreviated handshaking when the session hash and extended master secret extension are not negotiated. By setting the System Property jdk.tls.allowLegacyMasterSecret to false, an application can reject connections that do not support the session hash and extended master secret extension.

JDK-8163237

Disable exportable cipher suites

To improve the strength of SSL/TLS connections, exportable cipher suites have been disabled in SSL/TLS connections in the JDK by the jdk.tls.disabledAlgorithms Security Property.

hotspot/gc

Issue Description

Issue	Description
JDK-8187577	JVM Crash during G1 GC A klass that has been considered unreachable by the concurrent marking of G1, can be looked up in the `ClassLoaderData/SystemDictionary`, and its `_java_mirror` or `_class_loader` fields can be stored in a root or any other reachable object making it alive again. Whenever a klass is resurrected in this manner, the SATB part of G1 needs to be notified about this, otherwise, the concurrent marking remark phase will erroneously unload that klass. In this particular crash, while G1 was doing concurrent marking and had prepared its list of unreachable classes, JVMTI on a Java thread could traverse classes in the CLD and store thread-local JNIHandles for the java_mirror of the loaded classes. G1 did not have knowledge of these thread-local JNIHandles, and in the remark phase, it unloaded classes per its prior knowledge of unreachable classes. When these JNIHandles were later scanned, it lead to a crash. This fix for JDK-8187577 informs G1's SATB that a klass has been resurrected and should not be unloaded.

JDK-8187577

JVM Crash during G1 GC

A klass that has been considered unreachable by the concurrent marking of G1, can be looked up in the ClassLoaderData/SystemDictionary, and its _java_mirror or _class_loader fields can be stored in a root or any other reachable object making it alive again. Whenever a klass is resurrected in this manner, the SATB part of G1 needs to be notified about this, otherwise, the concurrent marking remark phase will erroneously unload that klass.

In this particular crash, while G1 was doing concurrent marking and had prepared its list of unreachable classes, JVMTI on a Java thread could traverse classes in the CLD and store thread-local JNIHandles for the java_mirror of the loaded classes. G1 did not have knowledge of these thread-local JNIHandles, and in the remark phase, it unloaded classes per its prior knowledge of unreachable classes. When these JNIHandles were later scanned, it lead to a crash.

This fix for JDK-8187577 informs G1's SATB that a klass has been resurrected and should not be unloaded.

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P2	JDK-8190280	[macos] Font2DTest demo started failing for Arabic range from JDK 8 u162 b01 on Mac
P2	JDK-7162125	[macosx] A font has different behaviour for ligatures depending on its creation mode
P2	JDK-8147002	[macosx] Arabic character cannot be rendered on MacOS X
P3	JDK-8180370	Characters are skipped on input of Korean text on OS X
P3	JDK-8181659	Create an alternative fix for JDK-8167102, whose fix was backed out

client-libs/java.awt

Priority	Bug	Summary
P3	JDK-8139218	Dialog that opens and closes quickly changes focus in original focusowner
P3	JDK-8155197	Focus transition issue
P3	JDK-8187635	On Windows Swing changes keyboard layout on a window activation
P3	JDK-8176072	READING attributes are not available on TSF
P4	JDK-7124271	[macosx] RealSync test failure
P4	JDK-8080504	[macosx] SunToolkit.realSync() may hang

client-libs/javax.swing

Priority	Bug	Summary
P3	JDK-8183504	8u131 Win 10, issue with wrong position of Sogou IME popup
P3	JDK-8187803	JDK part of JavaFX-Swing dialogs appearing behind main stage
P3	JDK-8078269	JTabbedPane UI Property TabbedPane.tabAreaBackground no longer works

core-libs

Priority	Bug	Summary
P4	JDK-8132374	AIX: fix value of os.version property

core-libs/java.lang

Priority	Bug	Summary
P4	JDK-4354680	Runtime.runFinalization() silently clears interrupted flag in the calling thread

core-libs/java.lang:reflect

Priority	Bug	Summary
P4	JDK-8054213	Class name repeated in output of Type.toString()

core-libs/java.net

Priority	Bug	Summary
P4	JDK-8031661	java/net/Authenticator/B4769350.java failed intermittently

core-libs/java.nio

Priority	Bug	Summary
P3	JDK-8171452	(ch) linux io_util_md: Operation not supported exception after 8168628
P3	JDK-8168628	(fc) SIGBUS when extending file size to map it

core-libs/java.time

Priority	Bug	Summary
P4	JDK-8179086	java.time.temporal.ValueRange has poor hashCode()

core-libs/java.util.jar

Priority	Bug	Summary
P2	JDK-8189789	tomcat gzip-compressed response bodies appear to be broken in update 151

core-libs/jdk.nashorn

Priority	Bug	Summary
P3	JDK-8184893	jdk8u152 b06 : issues with nashorn when running kraken benchmarks

core-svc/debugger

Priority	Bug	Summary
P3	JDK-8181419	Race in jdwp invoker handling may lead to crashes or invalid results
P4	JDK-6618335	ThreadReference.stop(null) throws NPE instead of InvalidTypeException

core-svc/java.lang.management

Priority	Bug	Summary
P3	JDK-8162530	src/jdk.management/share/native/libmanagement_ext/GcInfoBuilder.c doesn't handle JNI exceptions properly

core-svc/javax.management

Priority	Bug	Summary
P4	JDK-8046778	Better error messages when starting JMX agent via attach or jcmd

core-svc/tools

Priority	Bug	Summary
P4	JDK-8074812	More specific error message when the .java_pid well-known file is not secure
P4	JDK-6656031	SA: jmap -permstat number of classes is off by 1
P4	JDK-6977426	sun/tools tests can intermittently fail to find app's Java pid

deploy/packager

Priority	Bug	Summary
P2	JDK-8191176	JavaFX Self-Contained Application fails with error "Failed to find library: jvm.dll"
P3	JDK-8190758	javapackager fails to consider filesystem type

hotspot/compiler

Priority	Bug	Summary
P1	JDK-8073670	TypeF::eq and TypeD::eq do not handle NaNs correctly
P2	JDK-8178047	Aliasing problem with raw memory accesses
P2	JDK-8180855	Null pointer dereference in OopMapSet::all_do of oopMap.cpp:394
P2	JDK-8172751	OSR compilation at unreachable bci causes C1 crash
P2	JDK-8156137	SIGSEGV in ReceiverTypeData::clean_weak_klass_links
P2	JDK-8164954	split_if creates empty phi and region nodes
P3	JDK-8184009	Missing null pointer check in InterpreterRuntime::update_mdp_for_ret()
P3	JDK-8166742	SIGFPE in C2 Loop IV elimination
P3	JDK-8038636	speculative traps break when classes are redefined
P3	JDK-8148786	xml.transform fails on x86-64
P4	JDK-8177958	Possible uninitialized char* in vm_version_solaris_sparc.cpp
P4	JDK-8145913	PPC64: add Montgomery multiply intrinsic
P4	JDK-8181810	PPC64: Leverage extrdi for bitfield extract
P4	JDK-8170328	PPC64: Use andis instead of lis/and
P4	JDK-8168318	PPC64: Use cmpldi instead of li/cmpld
P5	JDK-8072428	Enable UseLoopCounter ergonomically if on-stack-replacement is enabled

hotspot/gc

Priority	Bug	Summary
P2	JDK-8199406	Performance drop with Java JDK 1.8.0_162-b32
P3	JDK-8187577	JVM crash during gc doing concurrent marking
P4	JDK-8181055	PPC64: "mbind: Invalid argument" still seen after 8175813

hotspot/jvmti

Priority	Bug	Summary
P2	JDK-8057570	RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid
P4	JDK-8055008	Clean up code that saves the previous versions of redefined classes
P4	JDK-8185164	GetOwnedMonitorInfo() returns incorrect owned monitor

hotspot/runtime

Priority	Bug	Summary
P3	JDK-8087291	InitialBootClassLoaderMetaspaceSize and CompressedClassSpaceSize should be checked consistent from MaxMetaspaceSize
P4	JDK-6651256	jstack: DeleteGlobalRef method call doesn't lead to descreasing of global refs count shown by jstack

hotspot/svc

Priority	Bug	Summary
P3	JDK-8023667	SA: ExceptionBlob and other C2 classes not available in client VM

infrastructure/build

Priority	Bug	Summary
P2	JDK-8177026	jvm.dll file version not updated since 8u72
P4	JDK-8187045	[linux] Not all libraries in the VM are linked with -z noexecstack

javafx/graphics

Priority	Bug	Summary
P3	JDK-8130721	[macos] problem with editing thai in TextArea

javafx/media

Priority	Bug	Summary
P1	JDK-8191335	Linux 32-bit build fails after fix for JDK-8187594
P2	JDK-8188029	[macos] MediaView Crashes on OS X 10.13 High Sierra
P3	JDK-8187594	Media crashes with libavcodec 57 on Ubuntu 17.04 32-bit
P3	JDK-8185691	MediaPlayer reports error with HTTP Live Streams instead of EOS
P3	JDK-8181922	Provide media support for libav version 57

javafx/other

Priority	Bug	Summary
P2	JDK-8190249	Missing content from cssref.html due to missed closing comment

javafx/swing

Priority	Bug	Summary
P3	JDK-8187781	"InvalidDnDOperationException: Drag and drop in progress" while running javafx application with option -Djavafx.embed.singleThread=true
P3	JDK-8181786	Extra runLater causes impossible states to be possible using javafx.embed.singleThread=true
P3	JDK-8185634	Java Fx-Swing dialogs appearing behind main stage
P3	JDK-8189280	Memory leak in SwingNode if Stage is not shown

javafx/web

Priority	Bug	Summary
P3	JDK-8182977	NullPointerException with HTMLEditor when changing the scene graph
P3	JDK-8185970	Possible crash due to use-after-free
P3	JDK-8185804	rpath is not set properly in OSX build
P4	JDK-8185314	Remove unused third-party python scripts from WebKit sources

security-libs/java.security

Priority	Bug	Summary
P2	JDK-8157896	TestDSAGenParameterSpec.java test fails with timeout
P3	JDK-8192987	keytool should remember real storetype if it is not provided
P4	JDK-8076117	EndEntityChecker should not process custom extensions after PKIX validation

security-libs/javax.crypto

Priority	Bug	Summary
P3	JDK-8158633	BASE64 encoded cert not correctly parsed with UTF-16

security-libs/javax.crypto:pkcs11

Priority	Bug	Summary
P4	JDK-8187023	Cannot read pkcs11 config file in UTF-16 environment

security-libs/javax.net.ssl

Priority	Bug	Summary
P2	JDK-8148421	Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
P3	JDK-8163237	Restrict the use of EXPORT cipher suites

tools/launcher

Priority	Bug	Summary
P3	JDK-8074373	NMT is not enabled if NMT option is specified after class path specifiers
P4	JDK-8066185	VM crashed with SIGSEGV VirtualMemoryTracker::add_reserved_region