RELEASE NOTES FOR: openjdk8u412 ==================================================================================================== Notes generated: Thu Apr 25 05:11:03 CEST 2024 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/org.ietf.jgss:krb5: JDK-8168518: rcache interop with krb5-1.15 The hash algorithm used in the Kerberos 5 replay cache file (rcache) is updated from MD5 to SHA256 with this change. This is also the algorithm used by MIT krb5-1.15. This change is interoperable with earlier releases of MIT krb5, which means Kerberos 5 acceptors from JDK 9 and MIT krb5-1.14 can share the same rcache file. A new system property named jdk.krb5.rcache.useMD5 is introduced. If the system property is set to "true", JDK 9 will still use the MD5 hash algorithm in rcache. This is useful when both of the following conditions are true: 1) the system has a very coarse clock and has to depend on hash values in replay attack detection, and 2) interoperability with earlier versions of JDK for rcache files is required. The default value of this system property is "false". client-libs/java.awt: JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops The `java.awt.SystemTray` API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that. Therefore, in accordance with the existing Java SE specification, `java.awt.SystemTray.isSupported()` will return false where ever the JDK determines the platform bug is likely to be present. The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions. security-libs/java.security: JDK-8321408: Added Certainly R1 and E1 Root Certificates The following root certificates have been added to the cacerts truststore: ``` + Certainly + certainlyrootr1 DN: CN=Certainly Root R1, O=Certainly, C=US + Certainly + certainlyroote1 DN: CN=Certainly Root E1, O=Certainly, C=US ``` ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P4) JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails client-libs/java.awt: (P1) JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray (P3) JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios (P4) JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" client-libs/javax.sound: (P3) JDK-8301310: The SendRawSysexMessage test may cause a JVM crash client-libs/javax.swing: (P3) JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build core-libs/java.net: (P4) JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache core-libs/java.time: (P3) JDK-8322725: (tz) Update Timezone Data to 2023d (P3) JDK-8325150: (tz) Update Timezone Data to 2024a core-svc/tools: (P4) JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits (P4) JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test docs: (P4) JDK-8251551: Use .md filename extension for README hotspot/compiler: (P2) JDK-8317507: C2 compilation fails with "Exceeded _node_regs array" (P4) JDK-8324530: Build error with gcc 10 hotspot/runtime: (P3) JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) (P4) JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH (P4) JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows (P4) JDK-8183503: Update hotspot tests to allow for unique test classes directory (P4) JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system hotspot/test: (P2) JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 (P3) JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile (P4) JDK-8208655: use JTreg skipped status in hotspot tests infrastructure/build: (P4) JDK-8321060: [8u] hotspot needs to recognise VS2022 (P4) JDK-8323202: [8u] Remove get_source.sh and hgforest.sh (P4) JDK-8270517: Add Zero support for LoongArch (P4) JDK-8011180: Delete obsolete scripts (P4) JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" infrastructure/release_eng: (P4) JDK-8320713: Bump update version of OpenJDK: 8u412 other-libs/other: (P4) JDK-8186095: upgrade to jtreg 4.2 b08 security-libs: (P3) JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set (P3) JDK-8315042: NPE in PKCS7.parseOldSignedData (P4) JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error security-libs/java.security: (P3) JDK-8321408: Add Certainly roots R1 and E1 (P3) JDK-8308592: Framework for CA interoperability testing (P3) JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired (P3) JDK-8224768: Test ActalisCA.java fails (P3) JDK-8288132: Update test artifacts in QuoVadis CA interop tests (P4) JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled (P4) JDK-8297955: LDAP CertStore should use LdapName and not String for DNs (P4) JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 security-libs/org.ietf.jgss:krb5: (P4) JDK-8168518: rcache interop with krb5-1.15