RELEASE NOTES FOR: openjdk8u392 ==================================================================================================== Notes generated: Tue Apr 02 04:05:24 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/org.ietf.jgss: JDK-6722928: Added a Default Native GSS-API Library on Windows A native GSS-API library named `sspi_bridge.dll` has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the `sun.security.jgss.native` system property is set to "true". A user can still load a third-party native GSS-API library by setting the `sun.security.jgss.lib` system property to the appropriate path. Native GSS automatically uses cached credentials from operating systems, thus the `javax.security.auth.useSubjectCredsOnly` system property should be set to false. `com.sun.security.auth.module.Krb5LoginModule` does not call native JGSS. Avoid using `com.sun.security.auth.module.Krb5LoginModule` from JAAS config. security-libs/org.ietf.jgss:krb5: JDK-8139348: Deprecate 3DES and RC4 in Kerberos The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings. security-libs/java.security: JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate The following root certificate from SECOM Trust System has been removed from the `cacerts` keystore: ``` + alias name "secomscrootca1 [jdk]" Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP ``` JDK-8314960: Added Certigna Root CA Certificate The following root certificate has been added to the cacerts truststore: ``` + Certigna (Dhimyotis) + certignarootca DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR ``` ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P4) JDK-8232225: Rework the fix for JDK-8071483 client-libs/java.awt: (P2) JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to (P2) JDK-8295685: Update Libpng to 1.6.38 (P4) JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update (P4) JDK-8253269: The CheckCommonColors test should provide more info on failure core-libs: (P3) JDK-8287663: Add a regression test for JDK-8287073 (P4) JDK-8287073: NPE from CgroupV2Subsystem.getInstance() core-libs/java.net: (P4) JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException core-libs/java.util.jar: (P3) JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() (P3) JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" core-libs/java.util:collections: (P4) JDK-8205399: Set node color on pinned HashMap.TreeNode deletion hotspot/compiler: (P2) JDK-8202952: C2: Unexpected dead nodes after matching (P3) JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) hotspot/runtime: (P4) JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms infrastructure/build: (P4) JDK-8309143: [8u] fix archiving inconsistencies in GHA infrastructure/release_eng: (P4) JDK-8309122: Bump update version of OpenJDK: 8u392 security-libs/java.security: (P2) JDK-8314960: Add Certigna Root CA - 2 (P3) JDK-8295894: Remove SECOM certificate that is expiring in September 2023 (P4) JDK-8317040: Exclude cleaner test failing on older releases security-libs/javax.security: (P3) JDK-8242330: Arrays should be cloned in several JAAS Callback classes (P3) JDK-8284910: Buffer clean in PasswordCallback security-libs/org.ietf.jgss: (P3) JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors (P3) JDK-6722928: Provide a default native GSS-API library on Windows (P4) JDK-8200468: Port the native GSS-API bridge to Windows security-libs/org.ietf.jgss:krb5: (P3) JDK-8139348: Deprecate 3DES and RC4 in Kerberos