RELEASE NOTES FOR: openjdk8u222 ==================================================================================================== Notes generated: Mon Jun 03 15:06:05 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8210985: Default SSL Session Cache Size Updated to 20480 The default SSL session cache size has been updated to 20480 in this JDK release hotspot/runtime: JDK-7102541: os::set_native_thread_name() cleanups On platforms that support the concept of a thread name on their native threads, the `java.lang.Thread.setName()` method will also set that native thread name. However, this will only occur when called by the current thread, and only for threads started through the `java.lang.Thread` class (not for native threads that have attached via JNI). The presence of a native thread name can be useful for debugging and monitoring purposes. Some platforms may limit the native thread name to a length much shorter than that used by the `java.lang.Thread`, which may result in some threads having the same native name. client-libs/javax.swing: JDK-8218472: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property `-Djdk.gtk.version=2.2` to request GTK2+ based rendering instead. JDK-8218469: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. JDK-8218469: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property `-Djdk.gtk.version=2.2` to request GTK2+ based rendering instead. JDK-8218469: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property -Djdk.gtk.version=2.2 to request GTK2+ based rendering instead. JDK-8218479: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property `-Djdk.gtk.version=2.2` to request GTK2+ based rendering instead. JDK-8218470: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property `-Djdk.gtk.version=2.2` to request GTK2+ based rendering instead. JDK-8218473: GTK+ 3.20 and Later Unsupported by Swing Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release. Affected applications on such configurations should specify the system property `-Djdk.gtk.version=2.2` to request GTK2+ based rendering instead. security-libs/java.security: JDK-8209506: Added Google Trust Services GlobalSign Root Certificates The following root certificates have been added to the OpenJDK cacerts truststore: + Google + globalsigneccrootcar4 DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 + globalsignr2ca DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 JDK-8199779: Added T-Systems, GlobalSign and Starfield Services Root Certificates The following root certificates have been added to the OpenJDK cacerts truststore: + T-Systems + deutschetelekomrootca2 DN: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE + ttelesecglobalrootclass3ca DN: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE + ttelesecglobalrootclass2ca DN: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE + Amazon + starfieldservicesrootg2ca DN: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US + GlobalSign + globalsignca DN: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE + globalsignr3ca DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 + globalsigneccrootcar5 DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 JDK-8196141: Added GoDaddy Root Certificates The following root certificates have been added to the OpenJDK cacerts truststore: + GoDaddy + godaddyrootg2ca DN: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 + godaddyclass2ca DN: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority + starfieldclass2ca DN: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority + starfieldrootg2ca DN: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 JDK-8210432: Added Additional TeliaSonera Root Certificate The following root certificate have been added to the OpenJDK cacerts truststore: + TeliaSonera + teliasonerarootcav1 DN: CN=TeliaSonera Root CA v1, O=TeliaSonera JDK-8222136: Removal of Two Comodo Root CA Certificates Two Comodo root CA certificates have expired and were removed from the `cacerts` keystore: + alias name "utnuserfirstclientauthemailca [jdk]" Distinguished Name: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US + alias name "utnuserfirsthardwareca [jdk]" Distinguished Name: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US JDK-8223499: Removal of Two DocuSign Root CA Certificates Two DocuSign root CA certificates have expired and were removed from the `cacerts` keystore: + alias name "certplusclass2primaryca [jdk]" Distinguished Name: CN=Class 2 Primary CA, O=Certplus, C=FR + alias name "certplusclass3pprimaryca [jdk]" Distinguished Name: CN=Class 3P Primary CA, O=Certplus, C=FR JDK-8195793: Removal of GTE CyberTrust Global Root The GTE CyberTrust Global Root certificate is expired and has been removed from the `cacerts` keystore: + alias name "gtecybertrustglobalca [jdk]" Distinguished Name: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US JDK-8189131: JEP 319 Root Certificates Provides a default set of root Certification Authority (CA) certificates in the JDK. The `cacerts` keystore of the OpenJDK 9 binary for Linux x64 has been populated by [JEP 319: Root Certificates](http://openjdk.java.net/jeps/319) [1] with a set of root certificates issued by the CAs of Oracle's Java SE Root CA Program. This addresses the problem of the empty `cacerts` keystore in the OpenJDK 9 binary for Linux x64. The empty `cacerts` keystore had prevented TLS connections from being established because Trusted Root Certificate Authorities were not installed. As a workaround for OpenJDK 9 binaries, users had to set the `javax.net.ssl.trustStore` System Property to use a different keystore. [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8191486 JDK-8189131: TLS does not work by default on OpenJDK 9 The OpenJDK 9 binary for Linux x64 contains an empty `cacerts` keystore. This prevents TLS connections from being established because there are no Trusted Root Certificate Authorities installed. You may see an exception like the following: `javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty` As a workaround, users can set the `javax.net.ssl.trustStore` System Property to use a different keystore. For example, the `ca-certificates` package on Oracle Linux 7 contains the set of Root CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. This package installs a trust store at `/etc/pki/java/cacerts`, which can be used by OpenJDK 9. Only the OpenJDK 64 bit Linux download is impacted. This issue does not apply to any Oracle JRE/JDK download. Progress on open-sourcing the Oracle JDK Root CAs can be tracked through the issue JDK-8189131. JDK-8216577: Added GlobalSign R6 Root Certificate The following root certificate has been added to the cacerts truststore: ``` + GlobalSign + globalsignrootcar6 DN: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 ``` JDK-8222137: Removal of T-Systems Deutsche Telekom Root CA 2 Certificate The T-Systems Deutsche Telekom Root CA 2 certificate has expired and was removed from the `cacerts` keystore: + alias name "deutschetelekomrootca2 [jdk]" Distinguished Name: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE JDK-8195774: Added Entrust Root Certificates The following root certificates have been added to the OpenJDK cacerts truststore: + Entrust + entrustrootcaec1 DN: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 + entrust2048ca DN: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) + entrustrootcag2 DN: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 + entrustevca DN: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority + affirmtrustnetworkingca DN: C=US, O=AffirmTrust, CN=AffirmTrust Networking + affirmtrustpremiumca DN: C=US, O=AffirmTrust, CN=AffirmTrust Premium + affirmtrustcommercialca DN: C=US, O=AffirmTrust, CN=AffirmTrust Commercial + affirmtrustpremiumeccca DN: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P3) JDK-8214252: Expanded & Collapsed nodes of a JTree look the same on GTK3 (P3) JDK-8055705: Rename UnixPrintServiceLookup and Win32PrintServiceLookup as a platform neutral class name client-libs/2d: (P2) JDK-8218020: Fix version number in mesa.md 3rd party legal file (P3) JDK-8221263: [TEST_BUG] RemotePrinterStatusRefresh test is hard to use (P3) JDK-8212202: [Windows] Exception if no printers are installed. (P3) JDK-8217263: Automate DashOffset test (P3) JDK-8204929: Fonts with embedded bitmaps are not always rotated (P3) JDK-8221412: lookupPrintServices() does not always update the list of Windows remote printers (P3) JDK-8225065: Revert 8221166 (8u backport of 8048782) (P3) JDK-8153732: Windows remote printer changes do not reflect in lookupPrintServices() (P4) JDK-8048782: OpenJDK: PiscesCache : xmax/ymax rounding up can cause RasterFormatException client-libs/java.awt: (P1) JDK-8197546: Fix for 8171000 breaks Solaris + Linux builds (P2) JDK-8220495: Update GIFlib library to the 5.1.8 (P3) JDK-8214765: All TrayIcon MessageType icons does not show up with gtk3 option set (P3) JDK-8210886: Remove references in xwindows.md to non-existent files. (P3) JDK-8214109: XToolkit is not correctly displayed color on 16-bit high color setting (P4) JDK-8019816: [TEST_BUG][macosx] closed/java/awt/BasicStroke/DashZeroWidth.java not on EDT (P4) JDK-8213213: Remove src/java.desktop/unix/classes/sun/awt/X11/keysym2ucs.h (P4) JDK-8171000: Robot.createScreenCapture() crashes in wayland mode client-libs/java.awt:i18n: (P4) JDK-8213183: InputMethod cannot be used after its restarting client-libs/javax.accessibility: (P3) JDK-8202768: [macos] Appkit thread slows when any Window Manager active client-libs/javax.imageio: (P2) JDK-8191073: JpegImageReader throws IndexOutOfBoundsException when trying to read image data from tables-only image (P3) JDK-8044289: In ImageIO.write() and ImageIO.read() null stream is not handled properly. client-libs/javax.swing: (P2) JDK-8218473: JOptionPane display issue with GTKLookAndFeel (P2) JDK-8218472: JProgressBar display issue with GTKLookAndFeel (P2) JDK-8218470: JScrollBar display issue with GTKLookAndFeel (P2) JDK-8218469: JSlider display issue with slider for GTKLookAndFeel (P2) JDK-8218479: JTextPane display issue with GTKLookAndFeel (P2) JDK-8203627: Swing applications with JRadioButton and JCheckbox fail to render correctly when using GTK3 and the GTK L&F (P3) JDK-8218674: HTML Tooltip with "img src=" on component doesn't show (P3) JDK-8220349: The fix done for JDK-8214253 have caused issues in JTree behaviour (P3) JDK-8214112: The whole text in target JPasswordField image are not selected. (P3) JDK-8214111: There is no icon in all JOptionPane target image (P3) JDK-8214253: Tooltip is transparent rather than having a black background core-libs: (P3) JDK-8135248: Add utility methods to check indexes and ranges core-libs/java.lang.invoke: (P4) JDK-8206955: MethodHandleProxies.asInterfaceInstance does not support default methods core-libs/java.net: (P3) JDK-8196775: java/net/Socket/asyncClose/Race.java failed intermittently on Windows with ConnectException: Connection refused (P4) JDK-8025209: Intermittent test failure java/net/Socket/asyncClose/AsyncClose.java (P4) JDK-8143097: java/net/ipv6tests/UdpTest.java fails intermittently with "checkTime failed: got 1998 expected 4000" (P4) JDK-8151226: Mark UdpTest.java as intermittently failing (P4) JDK-7100957: SOCKS proxying does not work with IPv6 connections (P4) JDK-8031666: TEST_BUG: java/net/ipv6tests/UdpTest.java failed because of SocketTimeoutException core-libs/java.nio: (P3) JDK-8157287: java/nio/file/FileStore/Basic.java failed with "java.nio.file.AccessDeniedException : /zones/zoneone/root " (P4) JDK-8176237: (fs) java/nio/file/FileStore/Basic.java should conditionally check FileStores (P4) JDK-8173910: (fs) java/nio/file/FileSystem/Basic.java should conditionally check FileStores (P4) JDK-8073078: java/nio/file/FileStore/Basic.java sensitive to NFS configuration (P4) JDK-8030690: TEST_BUG java/nio/Buffer/Chars.java fails intermittently (P4) JDK-8031113: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently (P4) JDK-8031563: TEST_BUG: java/nio/channels/Selector/ChangingInterests.java failed once core-libs/java.nio.charsets: (P4) JDK-8022879: TEST_BUG: sun/nio/cs/MalformedSurrogates.java fails intermittently core-libs/java.time: (P3) JDK-8224560: (tz) Upgrade Timezone Data to tzdata2019a (P3) JDK-8225580: tzdata2018i integration causes test failures on jdk-13 (P4) JDK-8215982: (tz) Upgrade Timezone Data to tzdata2018i (P4) JDK-8214770: java/time/test/java/time/format/TestNonIsoFormatter.java failed in non-english locales. core-libs/java.util: (P3) JDK-8146458: Improve exception reporting for Objects.checkIndex/checkFromToIndex/checkFromIndexSize (P3) JDK-8155794: Move Objects.checkIndex BiFunction accepting methods to an internal package (P3) JDK-8142493: Utility methods to check indexes and ranges doesn't specify behavior when function produces null core-libs/java.util.stream: (P3) JDK-8075939: Stream.flatMap() causes breaking of short-circuiting of terminal operations (P4) JDK-8190974: Parallel stream execution within a custom ForkJoinPool should obey the parallelism (P4) JDK-8154387: Parallel unordered Stream.limit() tries to collect 128 elements even if limit is less core-libs/java.util:i18n: (P2) JDK-8210153: localized currency symbol of VES (P2) JDK-8195478: sun/text/resources/LocaleDataTest.java fails with java.lang.Exception (P2) JDK-8214935: Upgrade IANA LSR data (P3) JDK-8157792: After Integrating tzdata2016d the test/sun/util/calendar/zi/TestZoneInfo310.java fails for "Asia/Oral" and "Asia/Qyzylorda" Timezones (P3) JDK-8193552: ISO 4217 Amendment #165 Update (P3) JDK-8202026: ISO 4217 Amendment #166 Update (P3) JDK-8204269: ISO 4217 Amendment #167 Update (P3) JDK-8208746: ISO 4217 Amendment #168 Update (P3) JDK-8209775: ISO 4217 Amendment #169 Update (P3) JDK-8218781: Localized names for Japanese Era Reiwa in COMPAT provider (P3) JDK-8177472: Remove hard-coded IANA Subtag Registry map in LocaleEquivalentMap.java (P3) JDK-8187946: Support ISO 4217 Amendments 163 and 164 (P3) JDK-8213294: Update IANA Language Subtag Registry to Version 2018-10-31 (P3) JDK-8040211: Update LSR datafile for BCP 47 (P4) JDK-8191404: Upgrading JDK with latest available LSR data from IANA. hotspot/compiler: (P2) JDK-8213825: assert(false) failed: Non-balanced monitor enter/exit! Likely JNI locking (P2) JDK-8223537: testlibrary_tests/ctw/ClassesListTest.java fails with Agent timeout frequently (P3) JDK-8059575: JEP-JDK-8043304: Test task: Tiered Compilation level transition tests (P3) JDK-8222670: pathological case of JIT recompilation and code cache bloat (P3) JDK-8209951: Problematic sparc intrinsic: com.sun.crypto.provider.CipherBlockChaining (P3) JDK-8202414: Unsafe write after primitive array creation may result in array length change (P4) JDK-8166684: PPC64: implement intrinsic code with vector instructions for Unsafe.copyMemory() (P4) JDK-8158232: PPC64: improve byte, int and long array copy stubs by using VSX instructions hotspot/gc: (P2) JDK-8176100: [REDO][REDO] G1 Needs pre barrier on dereference of weak JNI handles (P2) JDK-8225716: G1 GC: Undefined behaviour in G1BlockOffsetTablePart::block_at_or_preceding (P3) JDK-8150013: ParNew: Prune nmethods scavengable list (P4) JDK-8223664: Add jtreg tests for 8223528, backport to jdk8u of 8176100 (P4) JDK-8064786: Fix debug build after 8062808: Turn on the -Wreturn-type warning (P4) JDK-8151539: Remove duplicate AlwaysTrueClosures hotspot/runtime: (P3) JDK-8151322: Implement os::set_native_thread_name() on Solaris (P3) JDK-8220718: Missing ResourceMark in nmethod::metadata_do (P3) JDK-7102541: RFE: os::set_native_thread_name() cleanups (P4) JDK-8154156: PPC64: improve array copy stubs by using vector instructions (P4) JDK-8185969: PPC64: Improve VSR support to use up to 64 registers (P4) JDK-8217315: Proper units should print more significant digits (P5) JDK-8223883: Fix jni.cpp copyright date after 8223528 hotspot/svc: (P2) JDK-8134030: test/serviceability/dcmd/gc/HeapDumpTest fails to verify the dump (P4) JDK-8144332: HSDB could not terminate when close button is pushed. hotspot/svc-agent: (P3) JDK-8202884: SA: Attach/detach might fail on Linux if debugee application create/destroy threads during attaching infrastructure/build: (P3) JDK-8192854: FONTCONFIG_CFLAGS missing from spec.gmk.in (P3) JDK-8221789: make reconfigure broken (jdk8u only) (P4) JDK-8210416: [linux] Poor StrictMath performance due to non-optimized compilation (P4) JDK-8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization (P4) JDK-8222965: Backport of JDK-8129988 broke the build (P4) JDK-8223219: Backport of JDK-8199552 to OpenJDK 8 leads to duplicate -fstack-protector flags, overriding --with-extra-cflags (P4) JDK-8222975: Fix 'release' file to reflect actual repo checkin used to compile JDK security-libs/java.security: (P2) JDK-8210432: Add additional TeliaSonera root certificate (P2) JDK-8216577: Add GlobalSign's R6 Root certificate (P2) JDK-8209506: Add Google Trust Services GlobalSign root certificates (P2) JDK-8189131: Open-source the Oracle JDK Root Certificates (P3) JDK-8195774: Add Entrust root certificates (P3) JDK-8196141: Add GoDaddy root certificates (P3) JDK-8199779: Add T-Systems, GlobalSign and Starfield services root certificates (P3) JDK-8222133: Add temporary exceptions for root certs that are due to expire soon (P3) JDK-8195793: Remove GTE CyberTrust Global Root (P3) JDK-8222137: Remove T-Systems root CA certificate (P3) JDK-8222136: Remove two Comodo root CA certificates that are expiring (P3) JDK-8223499: Remove two DocuSign root certificates that are expiring (P3) JDK-8204923: Restore Symantec root verisignclass2g2ca (P3) JDK-8137231: sun/security/rsa/SpecTest.java timeout with Agent error: java.lang.Exception (P3) JDK-8202651: Test ComodoCA.java fails (P4) JDK-8223555: Cleanups in cacerts tests (P4) JDK-8151225: Mark SpecTest.java as intermittently failing (P4) JDK-8156035: Remove intermittent key from sun/security/rsa/SpecTest.java security-libs/javax.crypto: (P3) JDK-8203228: Branch-free output conversion for X25519 and X448 (P3) JDK-8179098: Crypto AES/ECB encryption/decryption performance regression (introduced in jdk9b73) (P3) JDK-8181594: Efficient and constant-time modular arithmetic (P3) JDK-8182999: SunEC throws ProviderException on invalid curves (P4) JDK-8208648: ECC Field Arithmetic Enhancements (P4) JDK-8208698: Improved ECC Implementation (P4) JDK-8201317: X25519/X448 code improvements security-libs/javax.net.ssl: (P3) JDK-8210985: Update the default SSL session cache size to 20480 tools/javac: (P3) JDK-8218152: [javac] fails and exits with no error if a bad annotation processor provided tools/launcher: (P3) JDK-8205916: [test] Fix jdk/tools/launcher/RunpathTest to handle both, RPATH and RUNPATH xml/javax.xml.transform: (P4) JDK-8207760: SAXException: Invalid UTF-16 surrogate detected: d83c ? xml/jaxp: (P3) JDK-8193830: Update Xalan Java to 2.7.2