RELEASE NOTES: JDK openjdk8u242

Notes generated: Mon Jun 03 16:07:07 CEST 2024





Issue Description

Kerberos Sequence Number Issues

Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property is set to initiator, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to zero or 0, 0 is used. The default value is initiator. All other values are illegal and will throw an Error when the system property is read.


Support for Kerberos Cross-Realm Referrals (RFC 6806)

The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.

As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).

Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the security or system property to false. To configure a custom maximum number of referral hops, set the security or system property to any positive value.

See further information in JDK-8223172.


Issue Description

[client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix

Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.

The old behavior can be restored by using the system property: -Djdk.gtk.version=2.2


Issue Description

GTK3 Is Now the Default on Linux/Unix

Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2.

Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel.

If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: -Djdk.gtk.version=2.2


Issue Description

Added LuxTrust Global Root 2 Certificate

The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca

DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU



Added 4 Amazon Root CA Certificates

The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US

  • amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US

  • amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US

  • amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ```



Priority Bug Summary
P2 JDK-8222496 [8u] Switch on GTK3 as a default GTK L&F in client-libs


Priority Bug Summary
P3 JDK-8215210 [macos] Hangul text does not shape to the precomposed form on JDK8u
P3 JDK-8232381 add result NULL-checking to freetypeScaler.c
P3 JDK-8212071 Need to set the FreeType LCD Filter to reduce fringing.


Priority Bug Summary
P2 JDK-8213119 [macos] java/awt/GraphicsDevice/ fails
P2 JDK-8198649 Switch AWT/Swing's default GTK version to 3
P3 JDK-8221246 NullPointerException within Win32ShellFolder2


Priority Bug Summary
P4 JDK-8132249 Clean up JAB debugging code


Priority Bug Summary
P2 JDK-8138978 Examine usages of sun.misc.IOUtils
P3 JDK-8216401 Allow "file:" URLs in Class-Path of local JARs
P3 JDK-8039438 Some tests depend on internal API sun.misc.IOUtils


Priority Bug Summary
P3 JDK-8080835 Add blocking bulk read operations to
P4 JDK-8139206 Add InputStream readNBytes(int len)
P4 JDK-8235909 File.exists throws AccessControlException for invalid paths when a SecurityManager is installed
P4 JDK-8193832 Performance of InputStream.readAllBytes() could be improved
P4 JDK-8236984 Reserved for 2020-01 CPU


Priority Bug Summary
P3 JDK-8134424 BlockDataInputStream.readUTFBody: size local StringBuffer with the given length


Priority Bug Summary
P3 JDK-8194653 Deadlock involving FileSystems.getDefault and System.loadLibrary call
P3 JDK-8231584 Deadlock with ClassLoader.findLibrary and System.loadLibrary call
P4 JDK-8029629 (process) Improvements to test/java/lang/ProcessBuilder/
P4 JDK-8208715 Conversion of milliseconds to nanoseconds in UNIXProcess contains bug.


Priority Bug Summary
P3 JDK-8185898 setRequestProperty(key, null) results in HTTP header without colon in request
P3 JDK-8233886 TEST_BUG jdk/java/net/CookieHandler/ hit hardcoded expiration date
P4 JDK-8170641 sun/net/www/protocol/https/HttpsURLConnection/ fails with timeout


Priority Bug Summary
P4 JDK-8196956 (ch) More channels cleanup


Priority Bug Summary
P3 JDK-8223490 Optimize search algorithm for determining default time zone
P4 JDK-8234591 [11u] Build with old C compiler broken by 8223490
P4 JDK-8231124 Missing closedir call with JDK-8223490


Priority Bug Summary
P4 JDK-8232984 Upgrading Joni to 2.1.16


Priority Bug Summary
P3 JDK-8195088 [TEST_BUG] StartManagementAgent got unexpected exception


Priority Bug Summary
P2 JDK-8134739 compiler/loopopts/superword/TestVectorizationWithInvariant crashes in loop opts
P2 JDK-8236178 Debug build failed after 8236058
P2 JDK-8231988 Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop
P3 JDK-8225141 Better handling of classes in error state by fast class initialization checks
P3 JDK-8133951 Zero interpreter asserts in stubRoutines.cpp
P4 JDK-8230238 Add another regression test for JDK-8134739
P4 JDK-8230813 Add JDK-8010500 to compiler/loopopts/superword/ bug list
P4 JDK-8073154 NULL-pointer dereferencing in LIR_OpProfileType::print_instr
P5 JDK-8131778 java disables UseAES flag when using VIS=2 on sparc


Priority Bug Summary
P3 JDK-8229420 [Redo] jstat reports incorrect values for OU for CMS GC
P4 JDK-8156028 G1YoungGenSizer _adaptive_size not correct when setting NewSize and MaxNewSize to the same value


Priority Bug Summary
P3 JDK-8231398 Add time tracing for gc log rotation at safepoint cleanup


Priority Bug Summary
P4 JDK-8227715 GPLv2 files missing Classpath Exception


Priority Bug Summary
P3 JDK-8233223 Add Amazon Root CA certificates
P3 JDK-8232019 Add LuxTrust certificate updates to the existing root program
P3 JDK-8173956 KeyStore regression due to default keystore being changed to PKCS12
P3 JDK-8037550 Update RFC references in javadoc to RFC 5280
P4 JDK-8055351 sun/security/provider/DSA/ failed with interrupted! (timed out?)


Priority Bug Summary
P4 JDK-8183591 Incorrect behavior when reading DER value with Integer.MAX_VALUE length
P4 JDK-8221172 SunEC specific test is not limited to SunEC


Priority Bug Summary
P4 JDK-8133489 Better messaging for PKIX path validation matching


Priority Bug Summary
P3 JDK-8044500 Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes
P3 JDK-8058290 JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace


Priority Bug Summary
P2 JDK-8226719 Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"
P3 JDK-8227381 GSS login fails with PREAUTH_FAILED


Priority Bug Summary
P2 JDK-8227437 S4U2proxy cannot continue because server's TGT cannot be found
P3 JDK-8132111 Do not request for addresses for forwarded TGT
P3 JDK-8031111 fix krb5 caddr
P3 JDK-8227061 test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC
P3 JDK-8186831 Kerberos ignores PA-DATA with a non-null s2kparams
P3 JDK-8201627 Kerberos sequence number issues
P4 JDK-8186576 KerberosTicket does not properly handle renewable tickets at the end of their lifetime
P4 JDK-8233944 Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
P4 JDK-8215032 Support Kerberos cross-realm referrals (RFC 6806)
P4 JDK-8186884 Test native KDC, Java krb5 lib, and native krb5 lib in one test


Priority Bug Summary
P3 JDK-8067429 java.lang.VerifyError: Inconsistent stackmap frames at branch target