RELEASE NOTES: JDK openjdk8u412

Notes generated: Thu Apr 25 05:11:03 CEST 2024

JEPs

None.

RELEASE NOTES

security-libs/org.ietf.jgss:krb5

Issue	Description
JDK-8168518	rcache interop with krb5-1.15 The hash algorithm used in the Kerberos 5 replay cache file (rcache) is updated from MD5 to SHA256 with this change. This is also the algorithm used by MIT krb5-1.15. This change is interoperable with earlier releases of MIT krb5, which means Kerberos 5 acceptors from JDK 9 and MIT krb5-1.14 can share the same rcache file. A new system property named jdk.krb5.rcache.useMD5 is introduced. If the system property is set to "true", JDK 9 will still use the MD5 hash algorithm in rcache. This is useful when both of the following conditions are true: 1) the system has a very coarse clock and has to depend on hash values in replay attack detection, and 2) interoperability with earlier versions of JDK for rcache files is required. The default value of this system property is "false".

Issue

Description

JDK-8168518

rcache interop with krb5-1.15

The hash algorithm used in the Kerberos 5 replay cache file (rcache) is updated from MD5 to SHA256 with this change. This is also the algorithm used by MIT krb5-1.15. This change is interoperable with earlier releases of MIT krb5, which means Kerberos 5 acceptors from JDK 9 and MIT krb5-1.14 can share the same rcache file.

A new system property named jdk.krb5.rcache.useMD5 is introduced. If the system property is set to "true", JDK 9 will still use the MD5 hash algorithm in rcache. This is useful when both of the following conditions are true: 1) the system has a very coarse clock and has to depend on hash values in replay attack detection, and 2) interoperability with earlier versions of JDK for rcache files is required. The default value of this system property is "false".

client-libs/java.awt

Issue Description

Issue	Description
JDK-8322750	AWT SystemTray API Is Not Supported on Most Linux Desktops The `java.awt.SystemTray` API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that. Therefore, in accordance with the existing Java SE specification, `java.awt.SystemTray.isSupported()` will return false where ever the JDK determines the platform bug is likely to be present. The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.

JDK-8322750

AWT SystemTray API Is Not Supported on Most Linux Desktops

The java.awt.SystemTray API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that.

Therefore, in accordance with the existing Java SE specification, java.awt.SystemTray.isSupported() will return false where ever the JDK determines the platform bug is likely to be present.

The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.

security-libs/java.security

Issue	Description
JDK-8321408	Added Certainly R1 and E1 Root Certificates The following root certificates have been added to the cacerts truststore: ``` + Certainly + certainlyrootr1 DN: CN=Certainly Root R1, O=Certainly, C=US Certainly certainlyroote1 DN: CN=Certainly Root E1, O=Certainly, C=US ```

Issue

Description

JDK-8321408

Added Certainly R1 and E1 Root Certificates

The following root certificates have been added to the cacerts truststore: ``` + Certainly + certainlyrootr1 DN: CN=Certainly Root R1, O=Certainly, C=US

Certainly
certainlyroote1 DN: CN=Certainly Root E1, O=Certainly, C=US ```

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P4	JDK-8192931	Regression test java/awt/font/TextLayout/CombiningPerf.java fails

client-libs/java.awt

Priority	Bug	Summary
P1	JDK-8322750	Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
P3	JDK-8021961	setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
P4	JDK-8222323	ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"

client-libs/javax.sound

Priority	Bug	Summary
P3	JDK-8301310	The SendRawSysexMessage test may cause a JVM crash

client-libs/javax.swing

Priority	Bug	Summary
P3	JDK-8016451	Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build

core-libs/java.net

Priority	Bug	Summary
P4	JDK-8155590	Dubious collection management in sun.net.www.http.KeepAliveCache

core-libs/java.time

Priority	Bug	Summary
P3	JDK-8322725	(tz) Update Timezone Data to 2023d
P3	JDK-8325150	(tz) Update Timezone Data to 2024a

core-svc/tools

Priority	Bug	Summary
P4	JDK-8251155	HostIdentifier fails to canonicalize hostnames starting with digits
P4	JDK-8276139	TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test

docs

Priority	Bug	Summary
P4	JDK-8251551	Use .md filename extension for README

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8317507	C2 compilation fails with "Exceeded _node_regs array"
P4	JDK-8324530	Build error with gcc 10

hotspot/runtime

Priority	Bug	Summary
P3	JDK-8079441	Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
P4	JDK-8186199	[windows] JNI_DestroyJavaVM not covered by SEH
P4	JDK-8074860	Structured Exception Catcher missing around CreateJavaVM on Windows
P4	JDK-8183503	Update hotspot tests to allow for unique test classes directory
P4	JDK-8213410	UseCompressedOops requirement check fails fails on 32-bit system

hotspot/test

Priority	Bug	Summary
P2	JDK-8208701	Fix for JDK-8208655 causes test failures in CI tier1
P3	JDK-8208706	compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
P4	JDK-8208655	use JTreg skipped status in hotspot tests

infrastructure/build

Priority	Bug	Summary
P4	JDK-8321060	[8u] hotspot needs to recognise VS2022
P4	JDK-8323202	[8u] Remove get_source.sh and hgforest.sh
P4	JDK-8270517	Add Zero support for LoongArch
P4	JDK-8011180	Delete obsolete scripts
P4	JDK-8324184	Windows VS2010 build failed with "error C2275: 'int64_t'"

infrastructure/release_eng

Priority	Bug	Summary
P4	JDK-8320713	Bump update version of OpenJDK: 8u412

other-libs/other

Priority	Bug	Summary
P4	JDK-8186095	upgrade to jtreg 4.2 b08

security-libs

Priority	Bug	Summary
P3	JDK-8315757	[8u] Add cacerts JTREG tests to GHA tier1 test set
P3	JDK-8315042	NPE in PKCS7.parseOldSignedData
P4	JDK-8270280	security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error

security-libs/java.security

Priority	Bug	Summary
P3	JDK-8321408	Add Certainly roots R1 and E1
P3	JDK-8308592	Framework for CA interoperability testing
P3	JDK-8268678	LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
P3	JDK-8224768	Test ActalisCA.java fails
P3	JDK-8288132	Update test artifacts in QuoVadis CA interop tests
P4	JDK-8272708	[Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
P4	JDK-8297955	LDAP CertStore should use LdapName and not String for DNs
P4	JDK-8312126	NullPointerException in CertStore.getCRLs after 8297955

security-libs/org.ietf.jgss:krb5

Priority	Bug	Summary
P4	JDK-8168518	rcache interop with krb5-1.15