RELEASE NOTES: JDK openjdk8u212

Notes generated: Sun Dec 01 20:56:41 CET 2024

JEPs

None.

RELEASE NOTES

core-libs/java.util:i18n

Issue Description
JDK-8205432

New Japanese Era Name: Reiwa


An instance representing the new Reiwa era has been added to this update. Unlike other eras, there is no public field for this era. It can be obtained by calling JapaneseEra.of(3) or JapaneseEra.valueOf("Reiwa"). JDK 13 and later will have a new public field to represent this era.

The placeholder name, "NewEra", for the Japanese era that started from May 1st, 2019 has been replaced with the new official name. Applications that relied on the placeholder name (see JDK-8202088) to obtain the new era singleton (JapaneseEra.valueOf("NewEra")) will no longer work.


JDK-8211398

Square Character Support for Japanese New Era


The code point, U+32FF, is reserved by the Unicode Consortium to represent the Japanese square character for the new era that begins from May, 2019. Relevant methods in the Character class return the same properties as the existing Japanese era characters (e.g., U+337E for "Meizi"). For details about the code point, see http://blog.unicode.org/2018/09/new-japanese-era.html.


core-libs/java.lang

Issue Description
JDK-8217710

New Currency Code Points Added


The Java SE 8 Platform spec for java.lang.Character now supports Unicode 6.2 plus an extension to allow new currency code points from Unicode 10.0.

The following currency code points have been added: ` 0BB NORDIC MARK SIGN 20BC MANAT SIGN 20BD RUBLE SIGN 20BE LARI SIGN 20BF BITCOIN SIGN `


hotspot/compiler

Issue Description
JDK-8221355

Possible Performance Regression in JDK 8 Updates 202, 211, and 212


Due to a known issue with the fix for JDK-8155635, introduced in JDK 8 update 202, some applications may experience a performance regression (lower throughput and/or higher CPU consumption) when migrating from earlier releases. Examples of code that might trigger this regression include heavy use of sun.misc.Unsafe and the Reflection API. This performance regression is addressed in JDK-8221355.


security-libs/javax.net.ssl

Issue Description
JDK-8207258

Distrust TLS Server Certificates Anchored by Symantec Root CAs


The JDK will stop trusting TLS Server certificates issued by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec.

TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected. See the DigiCert support page for information on how to replace your Symantec certificates with a DigiCert certificate (DigiCert took over validation and issuance for all Symantec Website Security SSL/TLS certificates on December 1, 2017).

An exception to this policy is that TLS Server certificates issued through two subordinate Certificate Authorities managed by Apple, and identified below, will continue to be trusted as long as they are issued on or before December 31, 2019.

The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below.

An application will receive an Exception with a message indicating the trust anchor is not trusted, ex:

"TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US"

If necessary, and at your own risk, you can work around the restrictions by removing "SYMANTEC_TLS" from the jdk.security.caDistrustPolicies security property in the java.security configuration file.

The restrictions are imposed on the following Symantec Root certificates included in the JDK:

Root Certificates distrusted after 2019-04-16
Distinguished Name SHA-256 Fingerprint
CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A

CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C

CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66

CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4

CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12

CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F

CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57

CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C

EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9

OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1

OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05

OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B

CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44

CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79

CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF

CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C

Subordinate Certificates distrusted after 2019-12-31
Distinguished Name SHA-256 Fingerprint
CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US

AC:2B:92:2E:CF:D5:E0:17:11:77:2F:EA:8E:D3:72:DE:9D:1E:22:45:FC:E3:F5:7A:9C:DB:EC:77:29:6A:42:4B

CN=Apple IST CA 8 - G1, OU=Certification Authority, O=Apple Inc., C=US

A4:FE:7C:7F:15:15:5F:3F:0A:EF:7A:AA:83:CF:6E:06:DE:B9:7C:A3:F9:09:DF:92:0A:C1:49:08:82:D4:88:ED

If you have a TLS Server certificate issued by one of the CAs above, you should have received a message from DigiCert with information about replacing that certificate, free of charge.

You can also use the keytool utility from the JDK to print out details of the certificate chain, as follows:

keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>

If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server if not yours.


hotspot/runtime

Issue Description
JDK-8211106

HotSpot Windows OS Detection Correctly Identifies Windows Server 2019


Prior to this fix, Windows Server 2019 was recognized as "Windows Server 2016", which produced incorrect values in the os.name system property and the hs_err_pid file.


core-libs/java.time

Issue Description
JDK-8212941

Support New Japanese Era in java.time.chrono.JapaneseEra


The JapaneseEra class and its of(int), valueOf(String), and values() methods are clarified to accommodate future Japanese era additions, such as how the singleton instances are defined, what the associated integer era values are, etc.


FIXED ISSUES

client-libs

Priority Bug Summary
P3 JDK-8215364 JavaFX crashes on Ubuntu 18.04 with Wayland while using Swing-FX interop
P4 JDK-8129822 Define "headful" jtreg keyword

client-libs/2d

Priority Bug Summary
P3 JDK-8132985 Crash in freetypescaler.c due to double free
P3 JDK-8139803 Fix for 8132985 breaks OpenJDK build on windows.
P3 JDK-8170681 Remove fontconfig header files from JDK source tree
P4 JDK-8080932 [TEST_BUG] Test java/awt/BasicStroke/DashStrokeTest.java fails with Bad script error due to improper @run notation

client-libs/java.awt

Priority Bug Summary
P1 JDK-8219636 Windows build failure after JDK-8207070 8u backport
P3 JDK-8213983 [macosx] Keyboard shortcut “cmd +`” stops working properly if popup window is displayed
P3 JDK-8211435 Exception in thread "AWT-EventQueue-1" java.lang.IllegalArgumentException: null source

client-libs/javax.imageio

Priority Bug Summary
P3 JDK-8212914 Test javax/imageio/plugins/bmp/BMP8BPPLoadTest.java fails

client-libs/javax.swing

Priority Bug Summary
P3 JDK-8076164 [JTextField] When input too long Thai character, cursor's behavior is odd
P3 JDK-8133108 [PIT] Container size is wrong in JEditorPane
P3 JDK-8132136 [PIT] RTL orientation in JEditorPane is broken
P4 JDK-8133731 [TEST_BUG] Unmappable in ASCII character such as Thai should be escaped in the regtests targeted for a regular non-I18n runs

core-libs

Priority Bug Summary
P2 JDK-8213151 [AIX] Some class library files are missing the Classpath exception

core-libs/java.lang

Priority Bug Summary
P3 JDK-8216396 Support new Japanese era and new currency code points in java.lang.Character for Java SE 8
P4 JDK-8217710 Add 5 currency code points to Java SE 8uX
P4 JDK-8218915 Change isJavaIdentifierStart and isJavaIdentifierPart to handle new code points

core-libs/java.nio.charsets

Priority Bug Summary
P3 JDK-8211382 ISO2022JP and GB18030 NIO converter issues

core-libs/java.time

Priority Bug Summary
P2 JDK-8212941 Support new Japanese era in java.time.chrono.JapaneseEra
P3 JDK-8042131 DateTimeFormatterBuilder Mapped-values do not work for JapaneseDate
P3 JDK-8180469 Wrong short form text for supplemental Japanese era
P4 JDK-8210633 Cannot parse JapaneseDate string with DateTimeFormatterBuilder Mapped-values
P4 JDK-8043387 java/time/test/java/util/TestFormatter.java failed.

core-libs/java.util.stream

Priority Bug Summary
P2 JDK-8148928 java/util/stream/test/**/SequentialOpTest.java timed out intermittently
P2 JDK-8076458 java/util/stream/test/org/openjdk/tests/java/util/stream/FlatMapOpTest.java timeout
P4 JDK-8044047 Missing null pointer checks for streams

core-libs/java.util:i18n

Priority Bug Summary
P2 JDK-8202088 Japanese new era implementation
P2 JDK-8207152 Placeholder for Japanese new era should be two characters
P3 JDK-8206120 Add test cases for lenient Japanese era parsing
P3 JDK-8219890 Calendar.getDisplayName() returns empty string for new Japanese Era on some locales
P3 JDK-8217609 New era placeholder not recognized by java.text.SimpleDateFormat
P3 JDK-8205432 Replace the placeholder Japanese era name
P3 JDK-8211398 Square character support for the Japanese new era
P4 JDK-8208656 Move java/util/Calendar/CalendarTestScripts tests into OpenJDK

core-svc/debugger

Priority Bug Summary
P4 JDK-8214061 Buffer written into itself

core-svc/tools

Priority Bug Summary
P2 JDK-8059038 Create new launcher for SA tools

hotspot/compiler

Priority Bug Summary
P1 JDK-8214206 Fix for JDK-8213419 is broken on 32-bit
P2 JDK-8219961 [ppc64] Increase code size for interpreter generation.
P2 JDK-8221355 Performance regression after JDK-8155635 backport into 8u
P3 JDK-8211231 BarrierSetC1::generate_referent_check() confuses register allocator
P3 JDK-8213419 C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1
P3 JDK-8068269 RTM tests that assert on non-zero lock statistics are too strict in RTMTotalCountIncrRate > 1 cases
P3 JDK-8214189 test/hotspot/jtreg/compiler/intrinsics/mathexact/MulExactLConstantTest.java fails on Windows x64 when run with -XX:-TieredCompilation
P4 JDK-8214059 Undefined behaviour in ADLC
P4 JDK-8145096 Undefined behaviour in HotSpot

hotspot/gc

Priority Bug Summary
P3 JDK-8028254 gc/arguments/TestMinInitialErgonomics.java failed with unexpected initial heap size
P4 JDK-8211926 Catastrophic size_t underflow in BitMap::*_large methods
P4 JDK-8195115 G1 Old Gen MemoryPool CollectionUsage.used values don't reflect mixed GC results
P4 JDK-8217432 MetaspaceGC::_capacity_until_GC exceeds MaxMetaspaceSize

hotspot/runtime

Priority Bug Summary
P3 JDK-8211106 [windows] Update OS detection code to recognize Windows Server 2019
P3 JDK-8200109 NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type")
P3 JDK-8133984 print_compressed_class_space() is only defined in 64-bit VM
P4 JDK-8195153 [test] runtime/6981737/Test6981737.java shouldn't check 'java.vendor' and 'java.vm.vendor' properties
P4 JDK-8216037 Avoid calling vm_update with a NULL name
P4 JDK-8184309 Buld warnings from GCC 7.1 on Fedora 26
P4 JDK-8197429 Increased stack guard causes segfaults on x86-32
P4 JDK-8206075 On x86, assert on unbound assembler Labels used as branch targets
P4 JDK-8185975 PPC64: Fix vsldoi interface according to the ISA
P4 JDK-8213992 Rename and make DieOnSafepointTimeout the diagnostic option
P4 JDK-8208480 Test failure: assert(is_bound() || is_unused()) after JDK-8206075 in C1

hotspot/svc

Priority Bug Summary
P3 JDK-7127191 SA JSDB does not display native symbols correctly for transported Linux cores

hotspot/test

Priority Bug Summary
P3 JDK-8180904 Hotspot tests running with -agentvm failing due to classpath
P4 JDK-8217520 Remove vm.opt.MaxGCPauseMillis == "null" from TestOldGenCollectionUsage.java

infrastructure/build

Priority Bug Summary
P3 JDK-8193764 Cannot set COMPANY_NAME when configuring a build
P3 JDK-8189761 COMPANY_NAME, IMPLEMENTOR, BUNDLE_VENDOR, VENDOR, but no configure flag
P3 JDK-8200115 System property java.vm.vendor value includes quotation marks
P4 JDK-8212110 Build of saproc.dll broken on Windows 32 bit after JDK-8210647
P4 JDK-8210647 libsaproc is being compiled without optimization
P4 JDK-8220397 REGRESSION: JDK-8036003 backport regresses no_strip builds
P4 JDK-8217753 Remove Linux version check from HotSpot builds

infrastructure/licensing

Priority Bug Summary
P2 JDK-8213154 Update copyright headers of files in src tree that are missing Classpath exception

javafx/build

Priority Bug Summary
P4 JDK-8151747 remove a cygwin dependency

security-libs

Priority Bug Summary
P4 JDK-8133802 replace some tags (obsolete in html5) in security-libs docs

security-libs/java.security

Priority Bug Summary
P2 JDK-8216280 Allow later Symantec Policy distrust date for two Apple SubCAs
P4 JDK-8213952 Relax DNSName restriction as per RFC 1123

security-libs/javax.net.ssl

Priority Bug Summary
P2 JDK-8217579 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883
P3 JDK-8207258 Distrust TLS server certificates anchored by Symantec Root CAs

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8164656 krb5 does not retry if TCP connection timeouts
P4 JDK-8175120 Remove old tests on kdc timeout policy

tools

Priority Bug Summary
P4 JDK-8215976 OpenJDK fails to build with GCC 8.2 when the #include inside zip.cpp comes from a non-sysroot path

xml/javax.xml.stream

Priority Bug Summary
P4 JDK-8212178 Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator