RELEASE NOTES FOR: 8u192 ==================================================================================================== Notes generated: Mon Apr 01 19:13:40 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8162362: Support for Customization of Default Enabled Cipher Suites via System Properties The system property `jdk.tls.client.cipherSuites` can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property `jdk.tls.server.cipherSuites` can be used for customization on the server side. The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicitly setting enabled cipher suites will override the system properties. Refer to the [Java Cryptography Architecture Standard Algorithm Name Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) for the standard JSSE cipher suite names, and the [Java Cryptography Architecture Oracle Providers Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html) for the cipher suite names supported by the SunJSSE provider. Note that the actual use of enabled cipher suites is restricted by algorithm constraints. Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations. Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk. JDK-8208350: Disabled All DES TLS Cipher Suites DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "DES" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods. Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the `jdk.tls.disabledAlgorithms` security property. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P3) JDK-8201240: Improve releasing native resources of BufImgSurfaceData.ICMColorData (P4) JDK-8075942: ArrayIndexOutOfBoundsException at sun.java2d.pisces.Dasher.goTo(Dasher.java:151) (P4) JDK-8201621: FreeNullICM test should be removed client-libs/java.awt: (P2) JDK-8195738: scroll position in ScrollPane is reset after calling validate() (P3) JDK-8188083: NullPointerExcpn-java.awt.image.FilteredImageSource.startProduction JDK-8079607 (P3) JDK-8200353: Shift or Capslock not working in Textfield after accented keystrokes (P3) JDK-8170937: Swing apps are slow if displaying from a remote source to many local displays (P4) JDK-8188030: AWT java apps fail to start when some minimal fonts are present (P4) JDK-8196516: libfontmanager must be built with LDFLAGS allowing unresolved symbols (P4) JDK-8150954: Taking screenshots on x11 composite desktop produce wrong result client-libs/javax.swing: (P2) JDK-8187364: Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component (P3) JDK-6260348: GTK+ L&F JTextComponent not respecting desktop caret blink rate (P3) JDK-8208638: Instead of circle rendered in appl window, but ellipse is produced JEditor Pane core-libs/java.net: (P4) JDK-8201369: Inet4AddressImpl_getLocalHostName reverse lookup on Solaris only core-libs/java.nio: (P2) JDK-8141491: Unaligned memory access in Bits.c core-libs/java.time: (P4) JDK-8194412: Adding 256 units of IsoFields.QUARTER_YEARS broken core-libs/java.util: (P3) JDK-8139507: WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs core-libs/java.util:collections: (P2) JDK-8186171: HashMap: Entry.setValue may not work after Iterator.remove() called for previous entries core-libs/javax.naming: (P2) JDK-8156824: com.sun.jndi.ldap.pool.PoolCleaner should clear its context class loader (P3) JDK-8176192: Incorrect usage of Iterator in Java 8 In com.sun.jndi.ldap.EventSupport.removeNamingListener core-libs/jdk.nashorn: (P3) JDK-8186646: Nashorn: "duplicate code" assertion when binding a vararg function that just passes arguments along deploy/plugin: (P2) JDK-8213011: Running application under 1.8u172 via a DRS rules with the 1.8u192 plugin fail with java.lang.NoSuchMethodError (P3) JDK-8159886: Window of a newly launched Oracle Forms applet loses focus (P4) JDK-8201651: Better error handling during JNLP2Manager initialisation deploy/webstart: (P2) JDK-8195609: DRS - cert based run rule not working when running offline (P3) JDK-8205343: bug in backport of JDK-8185002 (P3) JDK-8212457: JWS: Application does not launch on when jnlp.delete.jnlp.file is enabled (P3) JDK-8193711: Launching JWS applet the default download progress dialog only shows if the java console is enabled (P3) JDK-8204508: Robot ScreenCapture fails on HiDPI system (P3) JDK-8168415: ShowDocument fails with URL using jnlp or jnlps protocol hotspot/compiler: (P2) JDK-8148175: C1: G1 barriers don't preserve FP registers (P2) JDK-8162540: Crash in C2 escape analysis with assert: "node should be registered" (P3) JDK-8153194: [TEST_BUG] PreserveFPRegistersTest.java runs out of memory in the nightlies (P3) JDK-8158012: Use SW prefetch instructions instead of BIS for allocation prefetches on SPARC Core C4 (P4) JDK-8194642: Improve OOM error reporting for JDK8 (P4) JDK-8160748: Inconsistent types for ideal_reg (P5) JDK-8008321: compile.cpp verify_graph_edges uses "bool" as "int" hotspot/gc: (P1) JDK-8077420: Build failure with SS12u4 (P2) JDK-8114823: G1 doesn't honor request to disable class unloading (P3) JDK-8173013: JVMTI tagged object access needs G1 pre-barrier (P3) JDK-8165489: Missing G1 barrier in Unsafe_GetObjectVolatile hotspot/jvmti: (P4) JDK-8081323: ConstantPool::_resolved_references is missing in heap dump hotspot/runtime: (P1) JDK-8069124: runtime/NMT/MallocSiteHashOverflow.java failing in nightlies (P2) JDK-8206406: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list (P2) JDK-8197868: VS2017 (C2065) 'timezone': Undeclared Identifier in share/runtime/os.cpp (P2) JDK-8197864: VS2017 (C4334) Result of 32-bit Shift Implicitly Converted to 64 bits (P2) JDK-8198304: VS2017 (C4838, C4312) Various conversion issues with gtest tests (P2) JDK-8196880: VS2017 Addition of Global Delete Operator with Size Parameter Conflicts with Arena's Chunk Provided One (P2) JDK-8196884: VS2017 Multiple Type Cast Conversion Compilation Errors (P2) JDK-8185723: Zero: segfaults on Power PC 32-bit (P3) JDK-8205677: [8u] casts and type change for 8u to enable later Windows compilers (P3) JDK-8205440: [8u] DWORD64 required for later Windows compilers (P3) JDK-8206454: [8u] os::current_stack_pointer() fails to compile on later Windows compilers (warning C4172: returning address of local variable) (P4) JDK-8204872: [8u] VS2017: more instances of "error C3680: cannot concatenate user-defined string literals with mismatched literal suffix identifiers" (P4) JDK-8202600: [Zero] Undefined behaviour in src/os_cpu/linux_zero/vm/os_linux_zero.cpp (P4) JDK-8189170: Add option to disable stack overflow checking in primordial thread for use with JNI_CreateJavaJVM (P4) JDK-8048128: Fix for Solaris Studio C++ 5.13, CHECK_UNHANDLED_OOPS breaks PPC build (P4) JDK-8150688: Fix os_windows siglabel (P4) JDK-8081202: Hotspot compile warning: "Invalid suffix on literal; C++11 requires a space between literal and identifier" (P4) JDK-8035074: hs_err improvement: Add time zone information in the hs_err file (P4) JDK-8026335: hs_err improvement: Print exact compressed oops mode and the heap base value. (P4) JDK-8026331: hs_err improvement: Print if we have seen any OutOfMemoryErrors or StackOverflowErrors (P4) JDK-8144201: openjdk aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto (P4) JDK-8041623: Solaris Studio 12.4 C++ 5.13, CHECK_UNHANDLED_OOPS use of class oop's copy constructor definitions causing error level diagnostic (P4) JDK-8150426: Wrong cast in metadata_at_put (P4) JDK-8186461: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe (P4) JDK-8201509: Zero: S390 31bit atomic_copy64 inline assembler is wrong hotspot/svc: (P3) JDK-6730115: Fastdebug VM crashes with "ExceptionMark destructor expects no pending exceptions" error hotspot/svc-agent: (P3) JDK-8204053: libsaproc.so not linked with -z,noexecstack infrastructure: (P2) JDK-8193758: Update copyright headers of files in src tree that are missing Classpath exception infrastructure/build: (P1) JDK-8035725: Must keep microsoft VS_PATH on PATH after toolchain detection (P1) JDK-8207853: Need to regenerate configure in jdk8u-dev (P2) JDK-8210423: [8u] Backport of 8034788 breaks GCC version detection (P2) JDK-8134157: adlc fails to compile with SS12u4 (P2) JDK-8027584: disable ccache by default (P2) JDK-8079788: Fix broken CL version detection in configure for some Visual Studio configurations (P2) JDK-8138692: libjsig compilation is missing EXTRA_CFLAGS on macosx (P2) JDK-8203790: MSVCP dependency introduced in awt.dll (P2) JDK-8176033: New cygwin grep does not match \r as newline (P2) JDK-8042707: Source changes needed to build JDK 9 with Visual Studio 2013 (VS2013) (P2) JDK-8035825: Warn instead of fail when calling the configure wrapper directly (P3) JDK-8036003: Add --with-debug-symbols=[none|internal|external|zipped] (P3) JDK-8179675: Build with error on windows with new Cygwin grep (P3) JDK-8035751: Clean up Visual Studio detection logic (P3) JDK-8179079: Incremental HotSpot builds broken on Windows (P3) JDK-8034788: Rewrite toolchain.m4 to support multiple toolchains per platform (P4) JDK-8206425: .gnu_debuglink sections added unconditionally when no debuginfo is stripped (P4) JDK-8203349: 8u hotspot should recognise later Windows compilers (P4) JDK-8201495: [Zero] Reduce limits of max heap size for boot JDK on s390 (P4) JDK-8034199: Add "reconfigure" target for re-creating a configuration (P4) JDK-8196108: Add build support for VS 2015/2017 (P4) JDK-8057538: Build the freetype library during configure on Windows (P4) JDK-8038340: Cleanup and fix sysroot and devkit handling on Linux and Solaris (P4) JDK-8035730: Configure fails in cygwin if current dir is in /home/user (P4) JDK-8031759: Configure should handle overrides of tools better (P4) JDK-8078437: Enable use of devkits for Windows. (P4) JDK-8205104: EXTRA_LDFLAGS not consistently being used (P4) JDK-8035495: Improvements in autoconf integration (P4) JDK-8148351: Only display resolved symlink for compiler, do not change path (P4) JDK-8207402: Stray *.debuginfo files when not stripping debug info (P4) JDK-8031668: TOOLCHAIN_FIND_COMPILER unexpectedly resolves symbolic links (P4) JDK-8022177: Windows/MSYS builds broken install: (P4) JDK-8202977: upgradeJDK.sh script should validate provided source jdk repository javafx/controls: (P3) JDK-8189677: RadioMenuItem fires extra NULL value in property performance: (P2) JDK-8203845: backport of JDK-8034788 inadvertently rolled back JDK-8187045 changes to toolchain.m4 security-libs: (P4) JDK-8165463: Native implementation of sunmscapi should use operator new (nothrow) for allocations security-libs/java.security: (P3) JDK-8178370: [TEST_BUG] java/security/Signature/SignatureLength.java fails (P3) JDK-8185855: Debug exception stacks should be clearer (P4) JDK-8193171: keytool -list displays "JKS" for a PKCS12 keystore. (P4) JDK-8189760: sun/security/ssl/CertPathRestrictions/TLSRestrictions.java failed with unexpected Exception intermittently (P4) JDK-8134124: sun/security/tools/jarsigner/warnings.sh fails when using Hindi locale security-libs/javax.crypto: (P2) JDK-8081792: buffer size calculation issue in NativeGCMCipher (P2) JDK-8198898: Compilation errors in jdk.crypto.mscapi with VS 2017 security-libs/javax.crypto:pkcs11: (P3) JDK-8140470: javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java test failed with AccessControlException (P5) JDK-8203182: Release session if initialization of SunPKCS11 Signature fails security-libs/javax.net.ssl: (P2) JDK-8129988: JSSE should create a single instance of the cacerts KeyStore (P3) JDK-8208350: Disable all DES cipher suites (P3) JDK-8162362: Introduce system property to control enabled ciphersuites (P3) JDK-8203190: SessionId.hashCode generates too many collisions (P3) JDK-8029661: Support TLS v1.2 algorithm in SunPKCS11 provider tools/javadoc(tool): (P4) JDK-8061305: Javadoc crashes when method name ends with "Property"