RELEASE NOTES FOR: openjdk8u252 ==================================================================================================== Notes generated: Mon Feb 17 01:25:44 CET 2020 JIRA Query: project = JDK AND (status in (Closed, Resolved)) AND (resolution not in ("Won't Fix", Duplicate, "Cannot Reproduce", "Not an Issue", Withdrawn, Other)) AND (labels not in (release-note, testbug, openjdk-na, testbug) OR labels is EMPTY) AND (summary !~ 'testbug') AND (summary !~ 'problemlist') AND (summary !~ 'problem list') AND (summary !~ 'release note') AND (issuetype != CSR) AND fixVersion = openjdk8u252 Acquiring pages (75 total): .. done Loading issues (75 total): .. done Resolving issues (75 total): . done Resolving parents (75 total): . done JIRA Query: project = JDK AND issuetype = JEP AND fixVersion = openjdk8u252 ORDER BY summary ASC Acquiring pages (0 total): done Loading issues (0 total): done Resolving issues (0 total): done Resolving parents (0 total): done Filtered 0 issues carried over, 73 pushes left. Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES, BY COMPONENT: hotspot/svc: JDK-8174881: Binary format for HPROF updated When dumping the heap in binary format, HPROF format 1.0.2 is always used now. Previously, format 1.0.1 was used for heaps smaller than 2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the serviceability agent. security-libs/java.security: JDK-8234774: Added 4 Amazon Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Amazon + amazonrootca1 DN: CN=Amazon Root CA 1, O=Amazon, C=US + amazonrootca2 DN: CN=Amazon Root CA 2, O=Amazon, C=US + amazonrootca3 DN: CN=Amazon Root CA 3, O=Amazon, C=US + amazonrootca4 DN: CN=Amazon Root CA 4, O=Amazon, C=US ``` JDK-8234215: Added LuxTrust Global Root 2 Certificate The following root certificate has been added to the cacerts truststore: ``` + LuxTrust + luxtrustglobalroot2ca DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU ``` JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature The SunRsaSign and SunJCE providers have been enhanced with support for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS signature and OAEP using FIPS 180-4 digest algorithms. New constructors and methods have been added to relevant JCA/JCE classes under the `java.security.spec` and `javax.crypto.spec` packages for supporting additional RSASSA-PSS parameters. security-libs/javax.crypto: JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. security-libs/javax.security: JDK-8227564: Allow SASL Mechanisms to Be Restricted A security property named `jdk.sasl.disabledMechanisms` has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the `mechanisms` argument of `Sasl.createSaslClient` or the `mechanism` argument of `Sasl.createSaslServer`. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box. ALL FIXED ISSUES, BY COMPONENT: client-libs: JDK-8231991: Mouse wheel change focus on awt/swing windows client-libs/2d: JDK-8227662: freetype seeks to index at the end of the font data JDK-8143849: Integrate Marlin renderer per JEP 265 JDK-8145055: Marlin renderer causes unaligned write accesses JDK-8232154: Update Mesa 3-D Headers to version 19.2.1 client-libs/java.awt: JDK-8234107: Several AWT modal dialog tests failing on Linux after JDK-8231991 core-libs/java.net: JDK-8150460: (linux|bsd|aix)_close.c: file descriptor table may become large or may not work at all JDK-8170641: sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh fails with timeout JDK-8233886: TEST_BUG jdk/java/net/CookieHandler/B6791927.java hit hardcoded expiration date core-libs/java.nio: JDK-8232003: (fs) Files.write can leak file descriptor in the exception case JDK-8034773: (zipfs) newOutputstream uses CREATE_NEW when no options specified JDK-8028480: (zipfs) NoSuchFileException on creating a file in ZipFileSystem with CREATE and WRITE JDK-7143743: (zipfs) Potential memory leak with zip provider core-libs/java.util: JDK-8056313: TEST_BUG: java/util/Timer/NameConstructors.java fails intermittently core-libs/java.util:i18n: JDK-8150432: java/util/Locale/LocaleProviders.sh failed on Win10. JDK-8234288: Turkey Time Zone returns incorrect time zone name hotspot/compiler: JDK-8233023: assert(Opcode() == mem->Opcode() || phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw) failed: no mismatched stores, except on raw memory JDK-8033215: clang: node.cpp:284 IDX_INIT macro use uninitialized field _out JDK-8146792: Predicate moved after partial peel may lead to broken graph hotspot/runtime: JDK-8231201: hs_err should print coalesced safepoint operations in Events section JDK-8234264: Incorrect 8047434 JDK 8 backport in 8219677 JDK-8041620: Solaris Studio 12.4 C++ 5.13 change in behavior for placing friend declarations within surrounding scope JDK-8232355: Two obsolete flags have the wrong obsolete version in 8u hotspot/svc: JDK-8144732: VM_HeapDumper hits assert with bad dump_len hotspot/svc-agent: JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled infrastructure/build: JDK-8237523: 8u backport of JDK-8216354 didn't include generated-configure.sh changes JDK-8227397: Add --with-extra-asflags configure option JDK-8225392: Comparison builds are failing due to cacerts file JDK-8233995: java.vm.vendor (and potentially other properties/fields) not correctly set in Windows/Hotspot build of OpenJDK8 JDK-8235142: JDK-8193255 backport broke bootstrap with JDK 10 JDK-8193255: Root Certificates should be stored in text format and assembled at build time JDK-8216354: Syntax error in toolchain_windows.m4 other-libs: JDK-8227715: GPLv2 files missing Classpath Exception security-libs: JDK-8233404: System property to set the number of PBE iterations in JCEKS keystores security-libs/java.security: JDK-8233223: Add Amazon Root CA certificates JDK-8232019: Add LuxTrust certificate updates to the existing root program JDK-8146293: Add support for RSASSA-PSS Signature algorithm JDK-8230978: Add support for RSASSA-PSS Signature algorithm (Java SE 8) JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId JDK-8218553: Enhance keystore load debug output JDK-8205720: KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key JDK-8173956: KeyStore regression due to default keystore being changed to PKCS12 JDK-8215694: keytool cannot generate RSASSA-PSS certificates JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows JDK-8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider) JDK-8214096: sun.security.util.SignatureUtil passes null parameter, so JCE validation fails JDK-8234245: sun/security/lib/cacerts/VerifyCACerts.java fails due to wrong checksum JDK-8055351: sun/security/provider/DSA/TestAlgParameterGenerator.java failed with interrupted! (timed out?) security-libs/javax.crypto: JDK-8205445: Add RSASSA-PSS Signature support to SunMSCAPI JDK-8213009: Refactoring existing SunMSCAPI classes JDK-8223003: SunMSCAPI keys are not cleaned up JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION JDK-8223063: Support CNG RSA keys JDK-8213010: Supporting keys created with certmgr.exe JDK-8221407: Windows 32bit build error in libsunmscapi/security.cpp security-libs/javax.net.ssl: JDK-8171443: (spec) An ALPN callback function may also ignore ALPN JDK-8158978: ALPN not working when values are set directly on a SSLServerSocket JDK-8145849: ALPN: getHandshakeApplicationProtocol() always return null JDK-8133489: Better messaging for PKIX path validation matching JDK-8170282: Enable ALPN parameters to be supplied during the TLS handshake JDK-8218580: endpoint identification algorithm should be case-insensitive JDK-8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension JDK-8230977: JEP 244: TLS Application-Layer Protocol Negotiation Extension (Java SE 8) JDK-8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange security-libs/javax.security: JDK-8200400: Allow Sasl mechanisms to be restricted JDK-8229767: Typo in java.security: Sasl.createClient and Sasl.createServer security-libs/javax.xml.crypto: JDK-8038431: Close InputStream when finished retrieving XML Signature HTTP References JDK-8046044: Fix raw and unchecked lint warnings in XML Signature Impl JDK-8031191: Warning exception when XMLSignature logging is enabled JDK-8046724: XML Signature ECKeyValue elements cannot be marshalled or unmarshalled tools/jconsole: JDK-8236873: Worker has a deadlock bug CARRIED OVER FROM PREVIOUS RELEASES: None.