RELEASE NOTES: JDK openjdk8u272

Notes generated: Thu Oct 02 02:00:21 CEST 2025

JEPs

None.

RELEASE NOTES

security-libs/javax.xml.crypto

Issue Description
JDK-8236645

Oracle Specific JDK Update of System Property to Fall Back to Legacy Base64 Encoding Format


Oracle JDK 8u231 has upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue in which XML signatures using Base64 encoding appended &#xd or &#13 to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.

Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without &#xd or &#13.

Therefore an Oracle specific JDK 8 Update of a new system property com.sun.org.apache.xml.internal.security.lineFeedOnly has been made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

  1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
  2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")

This new system property is disabled by default. It has no effect on default behavior or when the com.sun.org.apache.xml.internal.security.ignoreLineBreaks property is set.

Later JDK family versions will only support the recommended property: com.sun.org.apache.xml.internal.security.ignoreLineBreaks
JDK-8217878

com.sun.org.apache.xml.internal.security.ignoreLineBreaks System Property


An Apache Santuario library version upgrade, used by the javax.xml.crypto.* packages, introduces a behavioral change where a new Base64 encoder uses "\r\n" as end-of-line terminator. By default, XML signatures signed using API calls form the javax.xml.crypto.dsig package includes the escaped '\r' character, encoded as " " or " ".

A new com.sun.org.apache.xml.internal.security.ignoreLineBreaks system property may be set to a value of "true" if an application is unable to handle the encoded output data changes where " " or " " get appended to new lines in encoding operations. The effect of this property is to not include the carriage return character in base64-encoded fields in XML signature generated by calls to the javax.xml.crypto.* packages.

Additional information can be found at https://issues.apache.org/jira/browse/SANTUARIO-482.
JDK-8177334

Updated xmldsig Implementation to Apache Santuario 2.1.1


The XMLDSig provider implementation in the java.xml.crypto module has been updated to version 2.1.1 of Apache Santuario. New features include: 1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified in RFC 6931. 2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.

security-libs/javax.security

Issue Description
JDK-8239385

Support for canonicalize in krb5.conf


The 'canonicalize' flag in the krb5.conf file is now supported by the JDK Kerberos implementation. When set to true, RFC 6806 name canonicalization is requested by clients in TGT requests to KDC services (AS protocol). Otherwise, and by default, it is not requested.

The new default behavior is different from JDK 14 and previous releases where name canonicalization was always requested by clients in TGT requests to KDC services (provided that support for RFC 6806 was not explicitly disabled with the sun.security.krb5.disableReferrals system or security properties).

security-libs/javax.net.ssl

Issue Description
JDK-8209965

supported_groups Extension Should Not be Present in ServerHello Handshake Message


While the supported_groups extension should not be present in ServerHello handshake messages, previous releases have ignored its presence, so that misconfigured servers could continue to function. JDK 11 currently throws an exception if this extension is sent in the ServerHello handshake message.
JDK-8028518

Increase the priorities of GCM cipher suites


In TLS, a ciphersuite defines a specific set of cryptography algorithms used in a TLS connection. JSSE maintains a prioritized list of ciphersuites. In this update, GCM-based cipher suites are configured as the most preferable default cipher suites in the SunJSSE provider.

In the SunJSSE provider, the following ciphersuites are now the most preferred by default: ``` TLSECDHEECDSAWITHAES256GCMSHA384 TLSECDHEECDSAWITHAES128GCMSHA256

TLSECDHERSAWITHAES256GCMSHA384 TLSRSAWITHAES256GCMSHA384 TLSECDHECDSAWITHAES256GCMSHA384 TLSECDHRSAWITHAES256GCMSHA384 TLSDHERSAWITHAES256GCMSHA384 TLSDHEDSSWITHAES256GCM_SHA384

TLSECDHERSAWITHAES128GCMSHA256 TLSRSAWITHAES128GCMSHA256 TLSECDHECDSAWITHAES128GCMSHA256 TLSECDHRSAWITHAES128GCMSHA256 TLSDHERSAWITHAES128GCMSHA256 TLSDHEDSSWITHAES128GCM_SHA256 ``` Note that this is a behavior change of the SunJSSE provider in the JDK, it is not guaranteed to be examined and used by other JSSE providers. There is no guarantee the cipher suites priorities will remain the same in future updates or releases.

security-libs/javax.crypto:pkcs11

Issue Description
JDK-8080462

SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40


The SunPKCS11 provider has been updated with support for PKCS#11 v2.40. This version adds support for more algorithms such as the AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message digests, and RSASSA-PSS signatures when the corresponding PKCS11 mechanisms are supported by the underlying PKCS11 library.

security-libs/java.security

Issue Description
JDK-8243320

Added 3 SSL Corporation Root CA Certificates


The following root certificates have been added to the cacerts truststore: ``` + SSL Corporation + sslrootrsaca DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US

  • sslrootevrsaca DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US

  • sslrooteccca DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US ```
JDK-8243321

Added Entrust Root Certification Authority - G4 certificate


The following root certificate has been added to the cacerts truststore: ` + Entrust + entrustrootcag4 DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US `

core-svc/java.lang.management

Issue Description
JDK-8226575

OperatingSystemMXBean Methods Inside a Container Return Container Specific Data


When executing in a container, or other virtualized operating environment, the following OperatingSystemMXBean methods in this release return container specific information, if available. Otherwise, they return host specific data:

  • getFreePhysicalMemorySize()
  • getTotalPhysicalMemorySize()
  • getFreeSwapSpaceSize()
  • getTotalSwapSpaceSize()
  • getSystemCpuLoad()

FIXED ISSUES

client-libs/2d

Priority Bug Summary
P2 JDK-8244818 [macos] Java2D Queue Flusher crash while moving application window to external monitor
P2 JDK-8233097 Fontmetrics for large Fonts has zero width
P3 JDK-8145808 [PIT] test java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
P3 JDK-8209113 Use WeakReference for lastFontStrike for created Fonts
P4 JDK-8177628 Opensource unit/regression tests for ImageIO

client-libs/java.awt

Priority Bug Summary
P2 JDK-8242498 Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
P3 JDK-8200313 java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
P4 JDK-8137087 [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
P4 JDK-8039082 [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
P4 JDK-8132376 Add @requires os.family to the client tests with access to internal OS-specific API
P4 JDK-8239819 XToolkit: Misread of screen information memory

client-libs/javax.imageio

Priority Bug Summary
P4 JDK-8183341 Better cleanup for javax/imageio/AllowSearch.java
P4 JDK-8250755 Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
P4 JDK-8183349 Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
P4 JDK-8183351 Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh

client-libs/javax.sound

Priority Bug Summary
P3 JDK-8156169 Some sound tests rarely hangs because of incorrect synchronization
P4 JDK-8167615 Opensource unit/regression tests for JavaSound
P4 JDK-6574989 TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes

client-libs/javax.swing

Priority Bug Summary
P4 JDK-8172012 [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
P4 JDK-8198004 javax/swing/JFileChooser/6868611/bug6868611.java throws error
P4 JDK-8226697 Several tests which need the @key headful keyword are missing it.

core-libs

Priority Bug Summary
P3 JDK-8078334 Mark regression tests using randomness
P4 JDK-8238380 java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
P4 JDK-8250627 Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics

core-libs/java.io

Priority Bug Summary
P4 JDK-8211163 UNIX version of Java_java_io_Console_echo does not return a clean boolean

core-libs/java.lang

Priority Bug Summary
P4 JDK-8226809 Circular reference in printed stack trace is not correctly indented & ambiguous
P4 JDK-8168517 java/lang/ProcessBuilder/Basic.java failed with "java.lang.AssertionError: Some tests failed"

core-libs/java.math

Priority Bug Summary
P5 JDK-8026236 Add PrimeTest for BigInteger

core-libs/java.net

Priority Bug Summary
P3 JDK-8251546 8u backport of JDK-8194298 breaks AIX and Solaris builds
P3 JDK-8194298 Add support for per Socket configuration of TCP keepalive
P3 JDK-8210147 adjust some WSAGetLastError usages in windows network coding
P3 JDK-8151788 NullPointerException from ntlm.Client.type3
P4 JDK-8238386 (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
P5 JDK-8036088 Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c

core-libs/java.nio

Priority Bug Summary
P4 JDK-8075774 Small readability and performance improvements for zipfs

core-libs/java.text

Priority Bug Summary
P4 JDK-8231213 Migrate SimpleDateFormatConstTest to JDK Repo

core-libs/java.util

Priority Bug Summary
P1 JDK-8166148 Fix for JDK-8165936 broke Solaris builds
P4 JDK-8132745 TEST_BUG: minor cleanup of java/util/Scanner/ScanTest.java

core-libs/java.util.regex

Priority Bug Summary
P4 JDK-8132206 move ScanTest.java into OpenJDK

core-libs/java.util:i18n

Priority Bug Summary
P3 JDK-8152077 (cal) Calendar.roll does not always roll the hours during daylight savings changes
P3 JDK-8165936 Potential Heap buffer overflow when seaching timezone info files

core-libs/javax.naming

Priority Bug Summary
P2 JDK-8151678 com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
P2 JDK-8217606 LdapContext#reconnect always opens a new connection
P4 JDK-8160768 Add capability to custom resolve host/domain names within the default JNDI LDAP provider
P4 JDK-8243138 Enhance BaseLdapServer to support starttls extended request
P4 JDK-8062947 Fix exception message to correctly represent LDAP connection failure

core-libs/jdk.nashorn

Priority Bug Summary
P3 JDK-8193137 Nashorn crashes when given an empty script file.

core-svc

Priority Bug Summary
P3 JDK-8203357 Container Metrics

core-svc/debugger

Priority Bug Summary
P3 JDK-8230303 JDB hangs when running monitor command
P4 JDK-8229378 jdwp library loader in linker_md.c quietly truncates on buffer overflow

core-svc/java.lang.management

Priority Bug Summary
P2 JDK-8192953 sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
P3 JDK-8061616 HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
P3 JDK-8226575 OperatingSystemMXBean should be made container aware
P5 JDK-8025886 replace [[ and == bash extensions in regtest

hotspot/compiler

Priority Bug Summary
P1 JDK-8148754 C2 loop unrolling fails due to unexpected graph shape
P2 JDK-8252573 8u: Windows build failed after 8222079 backport
P3 JDK-8214862 assert(proj != __null) at compile.cpp:3251
P3 JDK-8234617 C1: Incorrect result of field load due to missing narrowing conversion
P3 JDK-8230711 ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
P3 JDK-8240676 Meet not symmetric failure when running lucene on jdk8
P4 JDK-8237951 CTW: C2 compilation fails with "malformed control flow"
P4 JDK-8222079 Don't use memset to initialize fields decode_env constructor in disassembler.cpp
P4 JDK-8219919 RuntimeStub's name lost with PrintFrameConverterAssembly
P4 JDK-8167300 Scheduling failures during gcm should be fatal

hotspot/gc

Priority Bug Summary
P2 JDK-8248851 CMS: Missing memory fences between free chunk check and klass read
P3 JDK-8231779 crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
P3 JDK-8057003 Large reference arrays cause extremely long synchronization times
P4 JDK-8153583 Make OutputAnalyzer.reportDiagnosticSummary public

hotspot/jfr

Priority Bug Summary
P3 JDK-8216283 Allow shorter method sampling interval than 10 ms
P3 JDK-8221569 JFR tool produces incorrect output when both --categories and --events are specified
P3 JDK-8217647 JFR: recordings on 32-bit systems unreadable
P3 JDK-8224217 RecordingInfo should use textual representation of path
P4 JDK-8246310 Clean commented-out code about ModuleEntry andPackageEntry in JFR
P4 JDK-8246384 Enable JFR by default on supported architectures for October 2020 release
P4 JDK-8219566 JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
P4 JDK-8220555 JFR tool shows potentially misleading message when it cannot access a file
P4 JDK-8252084 Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
P4 JDK-8243489 Thread CPU Load event may contain wrong data for CPU time under certain conditions

hotspot/jvmti

Priority Bug Summary
P3 JDK-8254673 call for JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
P3 JDK-8035493 JVMTI PopFrame capability must instruct compilers not to prune locals
P4 JDK-8249158 THREAD_START and THREAD_END event posted in primordial phase

hotspot/runtime

Priority Bug Summary
P2 JDK-8235325 build failure on Linux after 8235243
P2 JDK-8060721 Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
P3 JDK-8148854 Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
P3 JDK-8064319 Need to enable -XX:+TraceExceptions in release builds
P4 JDK-8048933 -XX:+TraceExceptions output should include the message
P4 JDK-8023697 failed class resolution reports different class name in detail message for the first and subsequent times
P4 JDK-8235243 handle VS2017 15.9 and VS2019 in abstract_vm_version
P4 JDK-8240295 hs_err elapsed time in seconds is not accurate enough
P4 JDK-8250875 Incorrect parameter type for update_number in JDK_Version::jdk_update
P4 JDK-8211714 Need to update vm_version.cpp to recognise VS2017 minor versions
P4 JDK-8248643 Remove extra leading space in JDK-8240295 8u backport
P4 JDK-8254937 Revert JDK-8148854 for 8u272
P4 JDK-8193234 When using -Xcheck:jni an internally allocated buffer can leak
P4 JDK-8184762 ZapStackSegments should use optimized memset

infrastructure/build

Priority Bug Summary
P2 JDK-8235687 Contents/MacOS/libjli.dylib cannot be a symlink
P3 JDK-8238225 Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
P4 JDK-8251120 [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
P4 JDK-8154313 Generated javadoc scattered all over the place

security-libs

Priority Bug Summary
P4 JDK-8245474 Add TLS_KRB5 cipher suites support according to RFC-2712
P4 JDK-8245468 Add TLSv1.3 implementation classes from 11.0.7
P4 JDK-8245477 Adjust TLS tests location
P4 JDK-8245472 Backport JDK-8038893 to JDK8
P4 JDK-8251478 Backport TLSv1.3 regression tests to JDK8u
P4 JDK-8245476 Disable TLSv1.3 protocol in the ClientHello message by default
P4 JDK-8245470 Fix JDK8 compatibility issues
P4 JDK-8245473 OCSP stapling support
P4 JDK-8245467 Remove 8u TLSv1.2 implementation files
P4 JDK-8245469 Remove DTLS protocol implementation
P4 JDK-8245471 Revert JDK-8148188

security-libs/java.security

Priority Bug Summary
P3 JDK-8243321 Add Entrust root CA - G4 to Oracle Root CA program
P3 JDK-8243320 Add SSL root certificates to Oracle Root CA program
P3 JDK-8242556 Cannot load RSASSA-PSS public key with non-null params from byte array
P3 JDK-8211049 Second parameter of "initialize" method is not used
P4 JDK-8238388 libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
P4 JDK-8165996 PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
P4 JDK-8161973 PKIXRevocationChecker.getSoftFailExceptions() not working
P4 JDK-8151834 Test SmallPrimeExponentP.java times out intermittently

security-libs/javax.crypto

Priority Bug Summary
P2 JDK-8220165 Encryption using GCM results in RuntimeException: input length out of bound
P2 JDK-8233954 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll
P3 JDK-8078880 Mark a few more intermittently failing security-libs tests
P3 JDK-8201633 Problems with AES-GCM native acceleration

security-libs/javax.crypto:pkcs11

Priority Bug Summary
P1 JDK-8225695 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
P2 JDK-8238898 Missing hash characters for header on license file
P3 JDK-8228835 Memory leak in PKCS11 provider when using AES GCM
P3 JDK-8165275 Replace the reflective call to the implUpdate method in HandshakeMessage::digestKey
P3 JDK-8144539 Update PKCS11 tests to run with security manager
P3 JDK-8080462 Update SunPKCS11 provider with PKCS11 v2.40 support
P4 JDK-8251117 Cannot check P11Key size in P11Cipher and P11AEADCipher

security-libs/javax.net.ssl

Priority Bug Summary
P1 JDK-8207317 SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy
P2 JDK-8206929 Check session context for TLS 1.3 session resumption
P2 JDK-8236039 JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
P2 JDK-8209916 NPE in SupportedGroupsExtension
P2 JDK-8206176 Remove the temporary tls13VN field
P2 JDK-8214129 SSL session resumption/SNI with TLS1.2 causes StackOverflowError
P2 JDK-8145854 SSLContextImpl.statusResponseManager should be generated if required
P2 JDK-8206355 SSLSessionImpl.getLocalPrincipal() throws NPE
P2 JDK-8216326 SSLSocket stream close() does not close the associated socket
P2 JDK-8207237 SSLSocket#setEnabledCipherSuites is accepting empty string
P2 JDK-8208166 Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029
P2 JDK-8214098 sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
P2 JDK-8216045 The size of key_exchange may be wrong on FFDHE
P2 JDK-8207009 TLS 1.3 half-close and synchronization issues
P2 JDK-8211806 TLS 1.3 handshake server name indication is missing on a session resume
P2 JDK-8196584 TLS 1.3 Implementation
P2 JDK-8210334 TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes
P2 JDK-8210846 TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth
P2 JDK-8207029 Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21
P3 JDK-8245681 Add TLSv1.3 regression test from 11.0.7
P3 JDK-8207058 Backport System Property jdk.tls.server.protocols
P3 JDK-8225766 Curve in certificate should not affect signature scheme when using TLSv1.3
P3 JDK-8219389 Delegated task created by SSLEngine throws BufferUnderflowException
P3 JDK-8215790 Delegated task created by SSLEngine throws java.nio.BufferUnderflowException
P3 JDK-8221270 Duplicated synchronized keywords in SSLSocketImpl
P3 JDK-8215524 Finished message validation failure should be decrypt_error alert
P3 JDK-8218889 Improperly use of the Optional API
P3 JDK-8212738 Incorrectly named signature scheme ecdsa_secp512r1_sha512
P3 JDK-8028518 Increase the priorities of GCM cipher suites
P3 JDK-8203687 javax/net/ssl/compatibility/Compatibility.java supports TLS 1.3
P3 JDK-8231810 javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java fails intermittently with "java.lang.Exception: Unexpected EOF"
P3 JDK-8233621 Mismatch in jsse.enableMFLNExtension property name
P3 JDK-8210974 No extensions debug log for ClientHello
P3 JDK-8213782 NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers
P3 JDK-8213202 Possible race condition in TLS 1.3 session resumption
P3 JDK-8210989 RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2
P3 JDK-8207223 SSL Handshake failures are reported with more generic SSLException
P3 JDK-8214339 SSLSocketImpl erroneously wraps SocketException
P3 JDK-8209965 The "supported_groups" extension in ServerHellos
P3 JDK-8211866 TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms
P3 JDK-8212885 TLS 1.3 resumed session does not retain peer certificate chain
P3 JDK-8214688 TLS 1.3 session resumption with hello retry request failed with "illegal_parameter"
P3 JDK-8217610 TLSv1.3 fail with ClassException when EC keys are stored in PKCS11
P3 JDK-8221253 TLSv1.3 may generate TLSInnerPlainText longer than 2^14+1 bytes
P4 JDK-4919790 Errors in alert ssl message does not reflect the actual certificate status
P4 JDK-8234724 javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java supports TLSv1.3
P4 JDK-8234723 javax/net/ssl/TLS tests support TLSv1.3
P4 JDK-8251341 Minimal Java specification change
P4 JDK-8214321 Misleading code in SSLCipher
P4 JDK-8245653 Remove 8u TLS tests
P4 JDK-8223482 Unsupported ciphersuites may be offered by a TLS client

security-libs/javax.security

Priority Bug Summary
P3 JDK-8239385 Support the 'canonicalize' setting (krb5.conf) in the Kerberos client
P4 JDK-8249610 Make sun.security.krb5.Config.getBooleanObject(String... keys) method public

security-libs/javax.smartcardio

Priority Bug Summary
P3 JDK-8163251 Hard coded loop limit prevents reading of smart card data greater than 8k
P4 JDK-8244151 Update MUSCLE PC/SC-Lite headers to1.8.26

security-libs/javax.xml.crypto

Priority Bug Summary
P2 JDK-8217878 ENVELOPING XML signature no longer works
P3 JDK-8236645 JDK 8u231 introduces a regression with incompatible handling of XML messages
P3 JDK-8177334 Update xmldsig implementation to Apache Santuario 2.1.1
P3 JDK-8218629 XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10

security-libs/jdk.security

Priority Bug Summary
P4 JDK-8241888 Mirror jdk.security.allowNonCaAnchor system property with a security one

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8246193 Possible NPE in ENC-PA-REP search in AS-REQ

tools/javadoc(tool)

Priority Bug Summary
P2 JDK-8031625 javadoc problems referencing inner class constructors

tools/jlink

Priority Bug Summary
P3 JDK-8169925 Organize licenses by module in source, JMOD file, and run-time image

xml/jaxp

Priority Bug Summary
P3 JDK-8046274 Removing dependency on jakarta-regexp