RELEASE NOTES: JDK openjdk8u362

Notes generated: Sun Dec 01 23:57:09 CET 2024

JEPs

None.

RELEASE NOTES

hotspot/runtime

Issue Description

Issue	Description
JDK-8274840	Release Doesn't Correctly Recognize Windows 11 This release doesn't correctly identify Windows 11. The property `os.name` is set to `Windows 10` on Windows 11. In HotSpot error logs, the OS is identified as `Windows 10`; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

Release Doesn't Correctly Recognize Windows 11

This release doesn't correctly identify Windows 11. The property os.name is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

security-libs/java.security

Issue Description

Issue	Description
JDK-8269039	Disabled SHA-1 Signed JARs JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers. To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy: Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted. This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run `jarsigner -verify -verbose -certs` on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output. For example: ``` - Signed by "CN="Signer"" Digest algorithm: SHA-1 (disabled) Signature algorithm: SHA1withRSA (disabled), 2048-bit key WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 ``` JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms. Users can, at their own risk, remove these restrictions by modifying the `java.security` configuration file (or override it by using the `java.security.properties` system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the `jdk.certpath.disabledAlgorithms` security property and "SHA1 denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security property.

JDK-8269039

Disabled SHA-1 Signed JARs

JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.

To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:

Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.

This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.

For example:

``` - Signed by "CN="Signer"" Digest algorithm: SHA-1 (disabled) Signature algorithm: SHA1withRSA (disabled), 2048-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01

```

JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.

Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.

FIXED ISSUES

client-libs

Priority	Bug	Summary
P4	JDK-8295164	JDK 8 jdi tests should not use tasklist command on Windows

client-libs/java.awt

Priority	Bug	Summary
P4	JDK-8079255	[TEST_BUG] [macosx] Test closed/java/awt/Robot/RobotWheelTest/RobotWheelTest fails for Mac only
P4	JDK-8159599	[TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
P4	JDK-8129827	[TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
P4	JDK-8288928	Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)

client-libs/javax.swing

Priority	Bug	Summary
P4	JDK-7124218	[TEST_BUG] [macosx] Space should select cell in the JTable

core-libs

Priority	Bug	Summary
P3	JDK-8269850	Most JDK releases report macOS version 12 as 10.16 instead of 12.0

core-libs/java.io

Priority	Bug	Summary
P4	JDK-8293461	Add a test for JDK-8290832

core-libs/java.lang

Priority	Bug	Summary
P4	JDK-8253702	BigSur version number reported as 10.16, should be 11.nn

core-libs/java.text

Priority	Bug	Summary
P3	JDK-8299439	java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR

core-libs/java.util.jar

Priority	Bug	Summary
P4	JDK-8286582	Build fails on macos aarch64 when using --with-zlib=bundled

core-libs/java.util:i18n

Priority	Bug	Summary
P3	JDK-8283277	ISO 4217 Amendment 171 Update
P3	JDK-8289549	ISO 4217 Amendment 172 Update

core-svc/java.lang.management

Priority	Bug	Summary
P4	JDK-8283903	GetContainerCpuLoad does not return the correct result in share mode

core-svc/tools

Priority	Bug	Summary
P4	JDK-8054066	com/sun/jdi/DoubleAgentTest.java fails with timeout

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8271459	C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
P4	JDK-8159720	Failure of C2 compilation with tiered prevents some C1 compilations

hotspot/gc

Priority	Bug	Summary
P4	JDK-8073464	GC workers do not have thread names

hotspot/jfr

Priority	Bug	Summary
P4	JDK-8274563	jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
P4	JDK-8293828	JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening

hotspot/runtime

Priority	Bug	Summary
P2	JDK-8197859	VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp
P3	JDK-8148005	One byte may be corrupted by get_datetime_string()
P3	JDK-8274840	Update OS detection code to recognize Windows 11
P3	JDK-8071530	Update OS detection code to reflect Windows 10 version change
P4	JDK-8273176	handle latest VS2019 in abstract_vm_version
P4	JDK-8241086	Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows
P5	JDK-6885993	Named Thread: introduce print() and print_on(outputStream* st) methods

hotspot/test

Priority	Bug	Summary
P4	JDK-8296959	Fix hotspot shell tests of 8u on multilib systems
P4	JDK-8297141	Fix hotspot/test/runtime/SharedArchiveFile/DefaultUseWithClient.java for 8u
P4	JDK-8295288	Some vm_flags tests associate with a wrong BugID

infrastructure

Priority	Bug	Summary
P4	JDK-8296555	Enable hotspot/tier1 for 64-bit builds in GHA for 8u
P4	JDK-8295950	Enable langtools/tier1 in GHA for 8u

infrastructure/build

Priority	Bug	Summary
P3	JDK-8295714	GHA ::set-output is deprecated and will be removed
P4	JDK-8294863	Enable partial tier1 testing in GHA for JDK8
P4	JDK-8284389	Improve stability of GHA Pre-submit testing by caching cygwin installer
P4	JDK-8300178	JDK-8286496 causes build failure on older GCC
P4	JDK-8300225	JDK-8288516 causes build failure on Windows + VS2010
P4	JDK-8292762	Remove .jcheck directories from jdk8u subcomponents
P4	JDK-8284622	Update versions of some Github Actions used in JDK workflow

infrastructure/release_eng

Priority	Bug	Summary
P4	JDK-8293181	Bump update version of OpenJDK: 8u362

security-libs/java.security

Priority	Bug	Summary
P3	JDK-8269039	Disable SHA-1 Signed JARs
P3	JDK-8275887	jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

security-libs/javax.crypto:pkcs11

Priority	Bug	Summary
P4	JDK-8195607	sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1

security-libs/javax.net.ssl

Priority	Bug	Summary
P3	JDK-8270344	Session resumption errors

security-libs/javax.xml.crypto

Priority	Bug	Summary
P3	JDK-8255559	Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()

tools/javac

Priority	Bug	Summary
P3	JDK-8265527	tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport