RELEASE NOTES FOR: openjdk8u292 ==================================================================================================== Notes generated: Tue Apr 02 00:20:44 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: tools/javac: JDK-8078024: Several incorporation steps are silently failing when an error should be reported Reporting previously silent errors found during incorporation, JLS 8 §18.3, was supposed to be a clean-up with performance only implications. But consider the test case: ``` import java.util.Arrays; import java.util.List; class Klass { public static List> foo(List... lists) { return foo(Arrays.asList(lists)); } public static List> foo(List> lists) { return null; } } ``` This code was not accepted before the patch for [1], but after this patch the compiler is accepting it. Accepting this code is the right behavior as not reporting incorporation errors was a bug in the compiler. While determining the applicability of method: ``` List> foo(List> lists) ``` For which we have the constraints: ``` b <: Object t <: List t<: Object List <: t ``` First, inference variable b is selected for instantiation: ``` b = CAP1 of ? extends A ``` so this implies that: ``` t <: List t<: Object List <: t ``` Now all the bounds are checked for consistency. While checking if List is a subtype of List a bound error is reported. Before the compiler was just swallowing it. As now the error is reported while inference variable b is being instantiated, the bound set is rolled back to it's initial state, 'b' is instantiated to Object, and with this instantiation the constraint set is solvable, the method is applicable, it's the only applicable one and the code is accepted as correct. The compiler behavior in this case is defined at JLS 8 §18.4 This fix has source compatibility impact, right now code that wasn't being accepted is now being accepted by the javac compiler. Currently there are no reports of any other kind of incompatibility. [1] [https://bugs.openjdk.java.net/browse/JDK-8078024](https://bugs.openjdk.java.net/browse/JDK-8078024) security-libs/javax.net.ssl: JDK-8202343: Disable TLS 1.0 and 1.1 TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3). These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. JDK-8253368: Behavior changes for SSLSocket input stream shut down The SunJSSE close notification checks for `SSLSocket` have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. If an application tries to close the input stream of an `SSLSocket` (via `shutdownInput()` method) without having received a close notification message from its peer, the `SSLSocket` will no longer: 1. trigger the transmission of a TLS fatal-level alert to the peer, and 2. invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. A fatal-level alert will no longer be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLSocket` will also now be closed. Previously, this step didn't occur if a fatal message was generated. JDK-8242141: New System Properties to Configure the TLS Signature Schemes Two new system properties have been added to customize the TLS signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been added for the TLS client side, and `jdk.tls.server.SignatureSchemes` has been added for the server side. Each system property contains a comma-separated list of supported signature scheme names specifying the signature schemes that could be used for the TLS connections. The names are described in the "Signature Schemes" section of the *Java Security Standard Algorithm Names Specification*. client-libs/java.awt: JDK-8211301: Deprecated NSWindowStyleMaskTexturedBackground After an upgrade of the macOS SDK used to build the JDK, the behavior of the `apple.awt.brushMetalLook` and `textured` Swing properties has changed. When these properties are set, the title of the frame is still visible. It is recommended that the `apple.awt.transparentTitleBar` property be set to `true` to make the title of the frame invisible again. The `apple.awt.fullWindowContent` property can also be used. Please note that `Textured window` support was implemented by using the `NSTexturedBackgroundWindowMask` value of `NSWindowStyleMask`. However, this was deprecated in macOS 10.12 along with `NSWindowStyleMaskTexturedBackground`, which was deprecated in macOS 10.14. For additional information, refer to the following documentation: - `apple.awt.brushMetalLook`: https://developer.apple.com/documentation/appkit/nstexturedbackgroundwindowmask?language=objc - `apple.awt.transparentTitleBar`: https://developer.apple.com/documentation/appkit/nswindow/1419167-titlebarappearstransparent?language=objc - `apple.awt.fullWindowContent`: https://developer.apple.com/documentation/appkit/nsfullsizecontentviewwindowmask security-libs/java.security: JDK-8233228: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default Weak named curves are disabled by default by adding them to the following `disabledAlgorithms` security properties: `jdk.tls.disabledAlgorithms`, `jdk.certpath.disabledAlgorithms`, and `jdk.jar.disabledAlgorithms`. The named curves are listed below. With 47 weak named curves to be disabled, adding individual named curves to each `disabledAlgorithms` property would be overwhelming. To relieve this, a new security property, `jdk.disabled.namedCurves`, is implemented that can list the named curves common to all of the `disabledAlgorithms` properties. To use the new property in the `disabledAlgorithms` properties, precede the full property name with the keyword `include`. Users can still add individual named curves to `disabledAlgorithms` properties separate from this new property. No other properties can be included in the `disabledAlgorithms` properties. To restore the named curves, remove the `include jdk.disabled.namedCurves` either from specific or from all `disabledAlgorithms` security properties. To restore one or more curves, remove the specific named curve(s) from the `jdk.disabled.namedCurves` property. Curves that are disabled through `jdk.disabled.namedCurves` include the following: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1 Curves that remain enabled are: secp256r1, secp384r1, secp521r1, X25519, X448 JDK-8256421: Added 2 HARICA Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + HARICA + haricarootca2015 DN: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR + haricaeccrootca2015 DN: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR ``` JDK-8172404: Tools Warn If Weak Algorithms Are Used The `keytool` and `jarsigner` tools have been updated to warn users when weak cryptographic algorithms are used in keys, certificates, and signed JARs before they are disabled. The weak algorithms are set in the `jdk.security.legacyAlgorithms` security property in the `java.security` configuration file. In this release, the tools issue warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P4) JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment client-libs/2d: (P3) JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 (P4) JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found (P4) JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop (P4) JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7 (P4) JDK-8038723: Open up some PrinterJob tests (P4) JDK-6345095: regression test EmptyClipRenderingTest fails (P4) JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. client-libs/java.awt: (P2) JDK-8261231: Windows IME was disabled after DnD operation (P3) JDK-8211301: [macos] support full window content options (P3) JDK-8249183: JVM crash in "AwtFrame::WmSize" method (P4) JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X (P4) JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid (P4) JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows (P4) JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode (P4) JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed client-libs/javax.accessibility: (P3) JDK-8249588: libwindowsaccessbridge issues on 64bit Windows (P4) JDK-8225805: Java Access Bridge does not close the logger client-libs/javax.imageio: (P4) JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java (P4) JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods client-libs/javax.sound: (P3) JDK-8160217: JavaSound should clean up resources better (P4) JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed client-libs/javax.swing: (P2) JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel (P3) JDK-8255880: UI of Swing components is not redrawn after their internal state changed (P3) JDK-8078614: WindowsClassicLookAndFeel : MetalComboBoxUI.getbaseLine fails with IllegalArgumentException (P4) JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes (P4) JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton core-libs: (P3) JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem core-libs/java.lang: (P2) JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println (P3) JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray core-libs/java.lang.invoke: (P3) JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error core-libs/java.net: (P3) JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642 (P4) JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read (P4) JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address core-libs/java.nio: (P4) JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output (P4) JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS (P4) JDK-8186090: java.nio.Bits.unaligned() doesn't handle aarch64 core-libs/java.time: (P3) JDK-8260356: (tz) Upgrade Timezone Data to tzdata2021a (P4) JDK-8259048: (tz) Upgrade Timezone Data to tzdata2020f core-libs/java.util:i18n: (P3) JDK-8225435: Update IANA Language Subtag Registry to Version 2019-09-16 core-svc: (P3) JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 core-svc/java.lang.management: (P3) JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently core-svc/tools: (P3) JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations hotspot/compiler: (P1) JDK-8195685: AArch64 cannot build with JDK-8174962 (P1) JDK-8207838: AArch64: Float registers incorrectly restored in JNI call (P1) JDK-8206163: AArch64: incorrect code generation for StoreCM (P1) JDK-8155653: TestVectorUnalignedOffset.java not pushed with 8155612 (P2) JDK-8172881: AArch64: assertion failure: the int pressure is incorrect (P2) JDK-8179954: AArch64: C1 and C2 volatile accesses are not sequentially consistent (P2) JDK-8173472: AArch64: C1 comparisons with null only use 32-bit instructions (P2) JDK-8177661: AArch64: Incorrect C2 patterns cause system register corruption (P2) JDK-8207345: AArch64: Trampoline generation code reads from uninitialized memory (P2) JDK-8191915: JCK tests produce incorrect results with C2 (P3) JDK-8214857: "bad trailing membar" assert failure at memnode.cpp:3220 (P3) JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit (P3) JDK-8171537: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 (P3) JDK-8161190: AArch64: Fix overflow in immediate cmp instruction (P3) JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63 (P3) JDK-8216350: AArch64: monitor unlock fast path not called (P3) JDK-8257192: Integrate AArch64 JIT port into 8u (P3) JDK-8211233: MemBarNode::trailing_membar() and MemBarNode::leading_membar() need to handle dying subgraphs better (P3) JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS) (P4) JDK-8168888: AArch64 port of JDK-8160591 (P4) JDK-8153797: aarch64: Add Arrays.fill stub code (P4) JDK-8131779: AARCH64: add Montgomery multiply intrinsic (P4) JDK-8221658: aarch64: add necessary predicate for ubfx patterns (P4) JDK-8151775: aarch64: add support for 8.1 LSE atomic operations (P4) JDK-8150394: aarch64: add support for 8.1 LSE CAS instructions (P4) JDK-8150045: AArch64: arraycopy causes segfaults in SATB during garbage collection (P4) JDK-8155015: Aarch64: bad assert in spill generation code (P4) JDK-8217368: AArch64: C2 recursive stack locking optimisation not triggered (P4) JDK-8155617: aarch64: ClearArray does not use DC ZVA (P4) JDK-8209835: Aarch64: elide barriers on all volatile operations (P4) JDK-8132875: AArch64: Fix error introduced into AArch64 CodeCache by commit for 8130309 (P4) JDK-8165673: AArch64: Fix JNI floating point argument handling (P4) JDK-8164113: AArch64: follow-up the fix for 8161598 (P4) JDK-8148948: aarch64: generate_copy_longs calls align() incorrectly (P4) JDK-8153172: aarch64: hotspot crashes after the 8.1 LSE patch is merged (P4) JDK-8152840: aarch64: improve _unsafe_arraycopy stub routine (P4) JDK-8153713: aarch64: improve short array clearing using store pair (P4) JDK-8167421: AArch64: in one core system, fatal error: Illegal threadstate encountered (P4) JDK-8191129: AARCH64: Invalid value passed to critical JNI function (P4) JDK-8224880: AArch64: java/javac error with AllocatePrefetchDistance (P4) JDK-8161072: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure (P4) JDK-8150038: aarch64: Make use of CBZ and CBNZ when comparing narrow pointer with zero (P4) JDK-8152537: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero (P4) JDK-8149365: aarch64: memory copy does not prefetch on backwards copy (P4) JDK-8135018: AARCH64: Missing memory barriers for CMS collector (P4) JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg (P4) JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 (P4) JDK-8150313: aarch64: optimise array copy using SIMD instructions (P4) JDK-8150082: aarch64: optimise small array copy (P4) JDK-8159063: aarch64: optimise unaligned array copy long (P4) JDK-8151502: aarch64: optimize pd_disjoint_words and pd_conjoint_words (P4) JDK-8150229: aarch64: pipeline class for several instructions is not set correctly (P4) JDK-8157841: aarch64: prefetch ignores cache line size (P4) JDK-8151340: aarch64: prefetch the destination word for write prior to ldxr/stxr loops (P4) JDK-8149080: AArch64: Recognize disjoint array copy in stub code (P4) JDK-8155100: AArch64: Relax alignment requirement for byte_map_base (P4) JDK-8167595: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt (P4) JDK-8158913: aarch64: SEGV running Spark terasort (P4) JDK-8148783: aarch64: SEGV running SpecJBB2013 (P4) JDK-8154537: AArch64: some integer rotate instructions are never emitted (P4) JDK-8157906: aarch64: some more integer rotate instructions are never emitted (P4) JDK-8205421: AARCH64: StubCodeMark should be placed after alignment (P4) JDK-8154739: AArch64: TemplateTable::fast_xaccess loads in wrong mode (P4) JDK-8149907: aarch64: use load/store pair instructions in call_stub (P4) JDK-8155612: Aarch64: vector nodes need to support misaligned offset (P4) JDK-8213134: AArch64: vector shift failed with MaxVectorSize=8 (P4) JDK-8193133: Assertion failure because 0xDEADDEAD can be in-heap (P4) JDK-8216989: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 (P4) JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy (P4) JDK-8219011: Implement MacroAssembler::warn method on AArch64 (P4) JDK-8150652: Remove unused code in AArch64 back end (P4) JDK-8209420: Track membars for volatile accesses so they can be properly optimized hotspot/gc: (P2) JDK-8166229: Eliminate ParNew's use of klass_or_null() (P2) JDK-8166607: G1 needs klass_or_null_acquire (P2) JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms hotspot/jfr: (P2) JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() hotspot/jvmti: (P2) JDK-8215951: AArch64: jtreg test vmTestbase/nsk/jvmti/PopFrame/popframe005 segfaults (P4) JDK-8209415: Fix JVMTI test failure HS202 hotspot/other: (P5) JDK-8224851: AArch64: fix warnings and errors with Clang and GCC 8.3 hotspot/runtime: (P1) JDK-8196136: AArch64: Correct register use in patch for JDK-8195685 (P1) JDK-8196221: AArch64: Mistake in committed patch for JDK-8195859 (P1) JDK-8195859: AArch64: vtableStubs gtest fails after 8174962 (P2) JDK-8211064: [AArch64] Interpreter and c1 don't correctly handle jboolean results in native calls (P2) JDK-8221725: AArch64 build failures after JDK-8221408 (Windows 32bit build build errors/warnings in hotspot) (P3) JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield (P3) JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory (P3) JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS (P3) JDK-8203481: Incorrect constraint for unextended_sp in frame:safe_for_sender (P3) JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines (P4) JDK-8217338: [Containers] Improve systemd slice memory limit support (P4) JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob (P4) JDK-8221220: AArch64: Add StoreStore membar explicitly for Volatile Writes in TemplateTable (P4) JDK-8154413: AArch64: Better byte behaviour (P4) JDK-8167200: AArch64: Broken stack pointer adjustment in interpreter (P4) JDK-8170100: AArch64: Crash in C1-compiled code accessing References (P4) JDK-8182581: aarch64: fix for crash caused by earlyret of compiled method (P4) JDK-8156731: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine (P4) JDK-8186325: AArch64: jtreg test hotspot/test/gc/g1/TestJNIWeakG1/TestJNIWeakG1.java SEGV (P4) JDK-8219635: aarch64: missing LoadStore barrier in TemplateTable::fast_storefield (P4) JDK-8218185: aarch64: missing LoadStore barrier in TemplateTable::putfield_or_static (P4) JDK-8233839: aarch64: missing memory barrier in NewObjectArrayStub and NewTypeArrayStub (P4) JDK-8228725: AArch64: Purge method call format support (P4) JDK-8148328: aarch64: redundant lsr instructions in stub code (P4) JDK-8224828: aarch64: rflags is not correct after safepoint poll (P4) JDK-8145320: Create unsafe_arraycopy and generic_arraycopy for AArch64 (P4) JDK-8223186: HotSpot compile warnings from GCC 9 (P4) JDK-8203699: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 (P4) JDK-8215961: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 (P4) JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities (P4) JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport (P4) JDK-8228400: Remove built-in AArch64 simulator (P4) JDK-8228716: Revert InstanceKlass::print_on debug additions (P4) JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities (P4) JDK-8221408: Windows 32bit build build errors/warnings in hotspot hotspot/svc: (P3) JDK-8209414: AArch64: method handle invocation does not respect JVMTI interp_only mode hotspot/svc-agent: (P3) JDK-7107012: sun.jvm.hostspot.code.CompressedReadStream readDouble() conversion to long mishandled (P4) JDK-8209413: AArch64: NPE in clhsdb jstack command (P4) JDK-8155627: Enable SA on AArch64 hotspot/test: (P4) JDK-8078450: Implement consistent process for quarantine of tests infrastructure: (P3) JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017 infrastructure/build: (P4) JDK-8263008: AARCH64: Add debug info for libsaproc.so (P4) JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory security-libs/java.security: (P2) JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR (P2) JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days (P3) JDK-8256421: Add 2 HARICA roots to cacerts truststore (P3) JDK-8172404: Tools should warn if weak algorithms are used before restricting them (P4) JDK-8185934: keytool and jarsigner shows "Signature algorithm: SHA1withECDSA, -1-bit key" (P4) JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 (P4) JDK-8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently security-libs/javax.crypto: (P3) JDK-8035166: Remove dependency on EC classes from pkcs11 provider security-libs/javax.crypto:pkcs11: (P4) JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures security-libs/javax.net.ssl: (P2) JDK-8202343: Disable TLS 1.0 and 1.1 (P2) JDK-8256682: JDK-8202343 is incomplete (P2) JDK-8209333: Socket reset issue for TLS 1.3 socket close (P3) JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl (P3) JDK-8242141: New System Properties to configure the TLS signature schemes (P3) JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions (P3) JDK-8235874: The ordering of Cipher Suites is not maintained provided through “jdk.tls.client.cipherSuites” and “jdk.tls.server.cipherSuites” system property. (P3) JDK-8253368: TLS connection always receives close_notify exception (P4) JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" (P4) JDK-8211339: NPE during SSL handshake caused by HostnameChecker (P4) JDK-8234728: Some security tests should support TLSv1.3 (P4) JDK-8253932: SSL debug log prints incorrect caller info (P4) JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 (P4) JDK-8235311: Tag mismatch may alert bad_record_mac security-libs/org.ietf.jgss:krb5: (P2) JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets tools/javac: (P3) JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error (P4) JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported tools/launcher: (P4) JDK-8163363: AArch64: Stack size in tools/launcher/Settings.java needs to be adjusted xml/jaxp: (P4) JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548