RELEASE NOTES FOR: openjdk8u242 ==================================================================================================== Notes generated: Mon Apr 01 21:57:14 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/org.ietf.jgss:krb5: JDK-8201627: Kerberos Sequence Number Issues Previously, when mutual authentication was not requested by the Kerberos 5 initiator, there was no mechanism to negotiate the acceptor's initial sequence number. With this release, if the system property `sun.security.krb5.acceptor.sequence.number.nonmutual` is set to `initiator`, the SunJGSS provider will use the initiator's initial sequence number as the acceptor's initial sequence number. If set to `zero` or `0`, 0 is used. The default value is `initiator`. All other values are illegal and will throw an Error when the system property is read. JDK-8215032: Support for Kerberos Cross-Realm Referrals (RFC 6806) The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension. As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service). Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the `sun.security.krb5.disableReferrals` security or system property to false. To configure a custom maximum number of referral hops, set the `sun.security.krb5.maxReferrals` security or system property to any positive value. See further information in JDK-8223172. client-libs: JDK-8222496: [client-libs and javaFX] GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. The old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2` client-libs/java.awt: JDK-8198649: GTK3 Is Now the Default on Linux/Unix Newer versions of Linux, Solaris, and other Unix flavor desktop environments use GTK3, while still supporting GTK2. Previously, the JDK would default to loading the older GTK2 libraries. However, in this release, it defaults to loading GTK3 libraries. Loading is typically triggered by using the Swing GTK Look And Feel. If, for any reason, this causes issues for an application, the old behavior can be restored by using the system property: `-Djdk.gtk.version=2.2` security-libs/java.security: JDK-8232019: Added LuxTrust Global Root 2 Certificate The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU ``` JDK-8233223: Added 4 Amazon Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US + amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US + amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US + amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ``` ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P2) JDK-8222496: [8u] Switch on GTK3 as a default GTK L&F in client-libs client-libs/2d: (P3) JDK-8215210: [macos] Hangul text does not shape to the precomposed form on JDK8u (P3) JDK-8232381: add result NULL-checking to freetypeScaler.c (P3) JDK-8212071: Need to set the FreeType LCD Filter to reduce fringing. client-libs/java.awt: (P2) JDK-8213119: [macos] java/awt/GraphicsDevice/CheckDisplayModes.java fails (P2) JDK-8198649: Switch AWT/Swing's default GTK version to 3 (P3) JDK-8221246: NullPointerException within Win32ShellFolder2 client-libs/javax.accessibility: (P4) JDK-8132249: Clean up JAB debugging code core-libs: (P2) JDK-8138978: Examine usages of sun.misc.IOUtils (P3) JDK-8216401: Allow "file:" URLs in Class-Path of local JARs (P3) JDK-8039438: Some tests depend on internal API sun.misc.IOUtils core-libs/java.io: (P3) JDK-8080835: Add blocking bulk read operations to java.io.InputStream (P4) JDK-8139206: Add InputStream readNBytes(int len) (P4) JDK-8235909: File.exists throws AccessControlException for invalid paths when a SecurityManager is installed (P4) JDK-8193832: Performance of InputStream.readAllBytes() could be improved (P4) JDK-8236984: Reserved for 2020-01 CPU core-libs/java.io:serialization: (P3) JDK-8134424: BlockDataInputStream.readUTFBody: size local StringBuffer with the given length core-libs/java.lang: (P3) JDK-8194653: Deadlock involving FileSystems.getDefault and System.loadLibrary call (P3) JDK-8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call (P4) JDK-8029629: (process) Improvements to test/java/lang/ProcessBuilder/Basic.java (P4) JDK-8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug. core-libs/java.net: (P3) JDK-8185898: setRequestProperty(key, null) results in HTTP header without colon in request (P3) JDK-8233886: TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date (P4) JDK-8170641: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout core-libs/java.nio: (P4) JDK-8196956: (ch) More channels cleanup core-libs/java.util: (P3) JDK-8223490: Optimize search algorithm for determining default time zone (P4) JDK-8234591: [11u] Build with old C compiler broken by 8223490 (P4) JDK-8231124: Missing closedir call with JDK-8223490 core-libs/jdk.nashorn: (P4) JDK-8232984: Upgrading Joni to 2.1.16 core-svc/javax.management: (P3) JDK-8195088: [TEST_BUG] StartManagementAgent got unexpected exception hotspot/compiler: (P2) JDK-8134739: compiler/loopopts/superword/TestVectorizationWithInvariant crashes in loop opts (P2) JDK-8236178: Debug build failed after 8236058 (P2) JDK-8231988: Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop (P3) JDK-8225141: Better handling of classes in error state by fast class initialization checks (P3) JDK-8133951: Zero interpreter asserts in stubRoutines.cpp (P4) JDK-8230238: Add another regression test for JDK-8134739 (P4) JDK-8230813: Add JDK-8010500 to compiler/loopopts/superword/TestFuzzPreLoop.java bug list (P4) JDK-8073154: NULL-pointer dereferencing in LIR_OpProfileType::print_instr (P5) JDK-8131778: java disables UseAES flag when using VIS=2 on sparc hotspot/gc: (P3) JDK-8229420: [Redo] jstat reports incorrect values for OU for CMS GC (P4) JDK-8156028: G1YoungGenSizer _adaptive_size not correct when setting NewSize and MaxNewSize to the same value hotspot/runtime: (P3) JDK-8231398: Add time tracing for gc log rotation at safepoint cleanup other-libs: (P4) JDK-8227715: GPLv2 files missing Classpath Exception security-libs/java.security: (P3) JDK-8233223: Add Amazon Root CA certificates (P3) JDK-8232019: Add LuxTrust certificate updates to the existing root program (P3) JDK-8173956: KeyStore regression due to default keystore being changed to PKCS12 (P3) JDK-8037550: Update RFC references in javadoc to RFC 5280 (P4) JDK-8055351: sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?) security-libs/javax.crypto: (P4) JDK-8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length (P4) JDK-8221172: SunEC specific test is not limited to SunEC security-libs/javax.net.ssl: (P4) JDK-8133489: Better messaging for PKIX path validation matching security-libs/javax.security: (P3) JDK-8044500: Add kinit options and krb5.conf flags that allow users to obtain renewable tickets and specify ticket lifetimes (P3) JDK-8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, relies on clockskew grace security-libs/org.ietf.jgss: (P2) JDK-8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message" (P3) JDK-8227381: GSS login fails with PREAUTH_FAILED security-libs/org.ietf.jgss:krb5: (P2) JDK-8227437: S4U2proxy cannot continue because server's TGT cannot be found (P3) JDK-8132111: Do not request for addresses for forwarded TGT (P3) JDK-8031111: fix krb5 caddr (P3) JDK-8227061: KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC (P3) JDK-8186831: Kerberos ignores PA-DATA with a non-null s2kparams (P3) JDK-8201627: Kerberos sequence number issues (P4) JDK-8186576: KerberosTicket does not properly handle renewable tickets at the end of their lifetime (P4) JDK-8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private (P4) JDK-8215032: Support Kerberos cross-realm referrals (RFC 6806) (P4) JDK-8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test tools/javac: (P3) JDK-8067429: java.lang.VerifyError: Inconsistent stackmap frames at branch target