RELEASE NOTES: JDK openjdk8u252

Notes generated: Mon Jun 03 16:39:21 CEST 2024





Issue Description

Support cross-realm MSSFU

The support for the Kerberos MSSFU extensions [1] is now extended to cross-realm environments.

By leveraging the Kerberos cross-realm referrals enhancement introduced in the context of JDK-8215032, the 'S4U2Self' and 'S4U2Proxy' extensions may be used to impersonate user and service principals located on different realms.

[1] -


Issue Description

Allow SASL Mechanisms to Be Restricted

A security property named jdk.sasl.disabledMechanisms has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the mechanisms argument of Sasl.createSaslClient or the mechanism argument of Sasl.createSaslServer. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box.


Issue Description

Marlin Renderer in JDK 8u

Starting from version 8u311, the Marlin graphics rasterizer and its artifacts will be built and distributed as a part of the JDK/JRE bundles. It is not the default rendering engine, however there is an option to enable it by setting the following system property:



Issue Description

Binary format for HPROF updated

When dumping the heap in binary format, HPROF format 1.0.2 is always used now. Previously, format 1.0.1 was used for heaps smaller than 2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the serviceability agent.


Issue Description

RSASSA-PSS Signature Support Added to SunMSCAPI

The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.


Issue Description

Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature

The SunRsaSign and SunJCE providers have been enhanced with support for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS signature and OAEP using FIPS 180-4 digest algorithms. New constructors and methods have been added to relevant JCA/JCE classes under the and javax.crypto.spec packages for supporting additional RSASSA-PSS parameters.



Priority Bug Summary
P4 JDK-8231991 Mouse wheel change focus on awt/swing windows


Priority Bug Summary
P2 JDK-8227662 freetype seeks to index at the end of the font data
P2 JDK-8145055 Marlin renderer causes unaligned write accesses
P2 JDK-8144526 Remove Marlin logging use of deleted internal API
P2 JDK-8232154 Update Mesa 3-D Headers to version 19.2.1
P3 JDK-8241307 Marlin renderer should not be the default in 8u252
P4 JDK-8144446 Automate the Marlin crash test
P4 JDK-8144654 Improve Marlin logging
P4 JDK-8235904 Infinite loop when rendering huge lines
P4 JDK-8143849 Integrate Marlin renderer per JEP 265
P4 JDK-8144445 Maximum size checking in Marlin ArrayCache utility methods is not optimal
P4 JDK-8144718 Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
P4 JDK-8144630 Use PrivilegedAction to create Thread in Marlin RendererStats


Priority Bug Summary
P3 JDK-8038631 Create wrapper for awt.Robot with additional functionality
P3 JDK-8215756 Memory leaks in the AWT on macOS
P3 JDK-8234107 Several AWT modal dialog tests failing on Linux after JDK-8231991


Priority Bug Summary
P2 JDK-8230235 Rendering HTML with empty img attribute and documentBaseKey cause Exception
P3 JDK-8223158 Docked MacBook cannot start any Java Swing applications
P4 JDK-8235744 PIT: test/jdk/javax/swing/text/html/ times out in linux-x64


Priority Bug Summary
P4 JDK-8229022 BufferedReader performance can be improved by using StringBuilder


Priority Bug Summary
P2 JDK-8240521 Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call


Priority Bug Summary
P2 JDK-8068184 Fix for JDK-8032832 caused a deadlock
P4 JDK-8150460 (linux|bsd|aix)_close.c: file descriptor table may become large or may not work at all


Priority Bug Summary
P3 JDK-8216472 (se) Stack overflow during selection operation leads to crash (win)
P3 JDK-8034773 (zipfs) newOutputstream uses CREATE_NEW when no options specified
P3 JDK-8028480 (zipfs) NoSuchFileException on creating a file in ZipFileSystem with CREATE and WRITE
P4 JDK-8219597 (bf) Heap buffer state changes could provoke unexpected exceptions
P4 JDK-8232003 (fs) Files.write can leak file descriptor in the exception case
P4 JDK-8229872 (fs) Increase buffer size used with getmntent
P4 JDK-7143743 (zipfs) Potential memory leak with zip provider


Priority Bug Summary
P2 JDK-8237368 Problem with NullPointerException in RMI


Priority Bug Summary
P3 JDK-8056313 TEST_BUG: java/util/Timer/ fails intermittently


Priority Bug Summary
P4 JDK-8150432 java/util/Locale/ failed on Win10.
P4 JDK-8234288 Turkey Time Zone returns incorrect time zone name


Priority Bug Summary
P2 JDK-8181872 C1: possible overflow when strength reducing integer multiply by constant
P3 JDK-8233023 assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory
P3 JDK-8236179 C1 register allocation failure with T_ADDRESS
P3 JDK-8231430 C2: Memory stomp in max_array_length() for T_ILLEGAL type
P3 JDK-8146792 Predicate moved after partial peel may lead to broken graph
P3 JDK-8191227 Unsafe handle resolution in ConstantOopWriteValue::write_on() / print_on() and LIR_Assembler::jobject2reg()
P4 JDK-8187078 -XX:+VerifyOops finds numerous problems when running JPRT
P4 JDK-8033215 clang: node.cpp:284 IDX_INIT macro use uninitialized field _out
P4 JDK-8167409 Invalid value passed to critical JNI function


Priority Bug Summary
P4 JDK-8135318 CMS: wrong max_eden_size for check_gc_overhead_limit
P4 JDK-8055283 Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests


Priority Bug Summary
P2 JDK-8229345 Memory leak due to vtable stubs not being shared on SPARC
P2 JDK-8047212 runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
P2 JDK-8241296 Segfault in JNIHandleBlock::oops_do()
P4 JDK-8231201 hs_err should print coalesced safepoint operations in Events section
P4 JDK-8234264 Incorrect 8047434 JDK 8 backport in 8219677
P4 JDK-8219244 NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
P4 JDK-8041620 Solaris Studio 12.4 C++ 5.13 change in behavior for placing friend declarations within surrounding scope
P4 JDK-8232355 Two obsolete flags have the wrong obsolete version in 8u


Priority Bug Summary
P2 JDK-8144732 VM_HeapDumper hits assert with bad dump_len


Priority Bug Summary
P3 JDK-8235637 jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled


Priority Bug Summary
P2 JDK-8233995 java.vm.vendor (and potentially other properties/fields) not correctly set in Windows/Hotspot build of OpenJDK8
P3 JDK-8237523 8u backport of JDK-8216354 didn't include changes
P3 JDK-8225392 Comparison builds are failing due to cacerts file
P3 JDK-8216354 Syntax error in toolchain_windows.m4
P4 JDK-8227397 Add --with-extra-asflags configure option
P4 JDK-8235142 JDK-8193255 backport broke bootstrap with JDK 10
P4 JDK-8193255 Root Certificates should be stored in text format and assembled at build time
P4 JDK-8022263 use same Clang warnings on BSD as on Linux


Priority Bug Summary
P1 JDK-8241823 SignedObject throws NullPointerException for null keys with an initialized Signature object
P4 JDK-8132130 Some docs cleanup
P4 JDK-8233404 System property to set the number of PBE iterations in JCEKS keystores


Priority Bug Summary
P2 JDK-8146293 Add support for RSASSA-PSS Signature algorithm
P2 JDK-8230978 Add support for RSASSA-PSS Signature algorithm (Java SE 8)
P2 JDK-8205720 KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key
P2 JDK-8197441 Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
P2 JDK-8225180 SignedObject with invalid Key not throwing the InvalidKeyException in Windows
P2 JDK-8175029 StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
P2 JDK-8234245 sun/security/lib/cacerts/ fails due to wrong checksum
P3 JDK-8236470 Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
P3 JDK-8215694 keytool cannot generate RSASSA-PSS certificates
P3 JDK-8225745 NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
P3 JDK-8206171 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized
P3 JDK-8214096 passes null parameter, so JCE validation fails
P3 JDK-8166976 TestCipherPBECons has wrong @run line
P4 JDK-8225130 Add exception for expiring Comodo roots to VerifyCACerts test
P4 JDK-8225128 Add exception for expiring DocuSign root to VerifyCACerts test
P4 JDK-8218553 Enhance keystore load debug output


Priority Bug Summary
P2 JDK-8205445 Add RSASSA-PSS Signature support to SunMSCAPI
P3 JDK-8223003 SunMSCAPI keys are not cleaned up
P3 JDK-8238502 sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
P4 JDK-8193262 JNI array not released in libsunmscapi convertToLittleEndian
P4 JDK-8213009 Refactoring existing SunMSCAPI classes
P4 JDK-8223063 Support CNG RSA keys
P4 JDK-8213010 Supporting keys created with certmgr.exe
P4 JDK-8221407 Windows 32bit build error in libsunmscapi/security.cpp


Priority Bug Summary
P1 JDK-8144093 JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension
P2 JDK-8158978 ALPN not working when values are set directly on a SSLServerSocket
P2 JDK-8170282 Enable ALPN parameters to be supplied during the TLS handshake
P2 JDK-8230977 JEP 244: TLS Application-Layer Protocol Negotiation Extension (Java SE 8)
P2 JDK-8216039 TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
P3 JDK-8171443 (spec) An ALPN callback function may also ignore ALPN
P3 JDK-8145849 ALPN: getHandshakeApplicationProtocol() always return null
P3 JDK-8218580 endpoint identification algorithm should be case-insensitive


Priority Bug Summary
P3 JDK-8200400 Allow Sasl mechanisms to be restricted
P4 JDK-8229767 Typo in Sasl.createClient and Sasl.createServer


Priority Bug Summary
P3 JDK-8079693 Add support for ECDSA P-384 and P-521 curves to XML Signature
P3 JDK-8162723 Array index overflow in Base64 utility class
P3 JDK-8079140 IgnoreAllErrorHandler should use doPrivileged when it reads system properties
P3 JDK-8046724 XML Signature ECKeyValue elements cannot be marshalled or unmarshalled
P4 JDK-8038431 Close InputStream when finished retrieving XML Signature HTTP References
P4 JDK-8046044 Fix raw and unchecked lint warnings in XML Signature Impl
P4 JDK-8031191 Warning exception when XMLSignature logging is enabled


Priority Bug Summary
P4 JDK-8005819 Support cross-realm MSSFU


Priority Bug Summary
P3 JDK-8236873 Worker has a deadlock bug