RELEASE NOTES: JDK openjdk8u392

Notes generated: Mon Dec 02 00:20:32 CET 2024

JEPs

None.

RELEASE NOTES

security-libs/org.ietf.jgss

Issue Description
JDK-6722928

Added a Default Native GSS-API Library on Windows


A native GSS-API library named sspi_bridge.dll has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib system property to the appropriate path.

Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly system property should be set to false.

com.sun.security.auth.module.Krb5LoginModule does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule from JAAS config.


security-libs/org.ietf.jgss:krb5

Issue Description
JDK-8139348

Deprecate 3DES and RC4 in Kerberos


The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.


security-libs/java.security

Issue Description
JDK-8295894

Removed SECOM Trust System's RootCA1 Root Certificate


The following root certificate from SECOM Trust System has been removed from the cacerts keystore: ``` + alias name "secomscrootca1 [jdk]" Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

```


JDK-8314960

Added Certigna Root CA Certificate


The following root certificate has been added to the cacerts truststore: ` + Certigna (Dhimyotis) + certignarootca DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR `


FIXED ISSUES

client-libs

Priority Bug Summary
P4 JDK-8232225 Rework the fix for JDK-8071483

client-libs/java.awt

Priority Bug Summary
P2 JDK-8214046 [macosx] Undecorated Frame does not Iconify when set to
P2 JDK-8295685 Update Libpng to 1.6.38
P4 JDK-8209115 adjust libsplashscreen linux ppc64le builds for easier libpng update
P4 JDK-8253269 The CheckCommonColors test should provide more info on failure

core-libs

Priority Bug Summary
P3 JDK-8287663 Add a regression test for JDK-8287073
P4 JDK-8287073 NPE from CgroupV2Subsystem.getInstance()

core-libs/java.net

Priority Bug Summary
P4 JDK-8219804 java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException

core-libs/java.util.jar

Priority Bug Summary
P3 JDK-8315135 Memory leak in the native implementation of Pack200.Unpacker.unpack()
P3 JDK-8173072 zipfs fails to handle incorrect info-zip "extended timestamp extra field"

core-libs/java.util:collections

Priority Bug Summary
P4 JDK-8205399 Set node color on pinned HashMap.TreeNode deletion

hotspot/compiler

Priority Bug Summary
P2 JDK-8202952 C2: Unexpected dead nodes after matching
P3 JDK-8283441 C2: segmentation fault in ciMethodBlocks::make_block_at(int)

hotspot/runtime

Priority Bug Summary
P4 JDK-8310026 [8u] make java_lang_String::hash_code consistent across platforms

infrastructure/build

Priority Bug Summary
P4 JDK-8309143 [8u] fix archiving inconsistencies in GHA

infrastructure/release_eng

Priority Bug Summary
P4 JDK-8309122 Bump update version of OpenJDK: 8u392

security-libs/java.security

Priority Bug Summary
P2 JDK-8314960 Add Certigna Root CA - 2
P3 JDK-8295894 Remove SECOM certificate that is expiring in September 2023
P4 JDK-8317040 Exclude cleaner test failing on older releases

security-libs/javax.security

Priority Bug Summary
P3 JDK-8242330 Arrays should be cloned in several JAAS Callback classes
P3 JDK-8284910 Buffer clean in PasswordCallback

security-libs/org.ietf.jgss

Priority Bug Summary
P3 JDK-8225687 Newly added sspi.cpp in JDK-6722928 still contains some small errors
P3 JDK-6722928 Provide a default native GSS-API library on Windows
P4 JDK-8200468 Port the native GSS-API bridge to Windows

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8139348 Deprecate 3DES and RC4 in Kerberos