CFV: New JDK Reviewer: Martin Balao
Langer, Christoph
christoph.langer at sap.com
Tue Apr 15 07:42:29 UTC 2025
Vote: yes
/Christoph
> -----Original Message-----
> From: jdk-dev <jdk-dev-retn at openjdk.org> On Behalf Of Andrew Dinn
> Sent: Dienstag, 8. April 2025 18:20
> To: jdk-dev <jdk-dev at openjdk.java.net>
> Subject: CFV: New JDK Reviewer: Martin Balao
>
> I hereby nominate Martin Balao (mbalao) [1] to JDK Reviewer.
>
> Martin joined the Red Hat Java Platform team in 2017 as its security expert,
> leading all Red Hat work related to OpenJDK security. He has been a member
> of the OpenJDK Vulnerability Group since its inception, actively involved both
> in preparing & reviewing reproducers/fixes for undisclosed CVEs and in
> planning & preparing 3-monthly CVE patch bundles for mainline/LTS updates
> releases. He has also been an active contributor to mainline security
> development work and bears prime responsibility for Draft JEP 8325511
> (Security Providers Filter) [3].
> As well as reviewing multiple security patches in the VG, Martin has
> contributed 46 changes [4] to mainline JDK over the past 8 years.
>
> Votes are due by 24:00 UTC, April 22, 2025.
>
> Only current JDK Reviewers [1] are eligible to vote on this nomination.
> Votes must be cast in the open by replying to this mailing list.
>
> For Three-Vote Consensus voting instructions, see [2].
>
> Andrew Dinn
>
> [1] https://openjdk.org/census
> [2] https://openjdk.org/projects/#reviewer-vote
> [3] https://openjdk.org/jeps/8325511
> [4] 8148421: Transport Layer Security (TLS) Session Hash and Extended
> Master Secret Extension
> <https://github.com/openjdk/jdk/commit/82bf0799c67f224ffb1875e630f5
> 152e8410ad14>
> 8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS
> uses sqlite
> <https://github.com/openjdk/jdk/commit/f1212e26c3126297268374142cf
> 285ee66fe4e60>
> 8201509: Zero: S390 31bit atomic_copy64 inline assembler is wrong
> <https://github.com/openjdk/jdk/commit/a79484396d8753bfa677426945
> c6cfac536a9c8c>
> 8203182: Release session if initialization of SunPKCS11 Signature fails
> <https://github.com/openjdk/jdk/commit/62c97f695f1650963d4c1f68364
> c99f9315fbd76>
> 8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS
> initialization failed" on NSS 3.34.1
> <https://github.com/openjdk/jdk/commit/b44c24d290362e4edf5b0bf18b1
> ecce1583daeff>
> 8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
> <https://github.com/openjdk/jdk/commit/aafb2b04740911742de1332a83
> d23eefe1e6804d>
> 8213154: Update copyright headers of files in src tree that are missing
> Classpath exception
> <https://github.com/openjdk/jdk/commit/7724fd6d9bf52bc3aa7d5940b82
> 9503dc57e5042>
> 8204142: AWT hang occurs when sequenced events arrive out of sequence in
> multiple AppContexts
> <https://github.com/openjdk/jdk/commit/7c14ebfcd04b147cd6972e3a724
> 2f4b97b1f97e5>
> 6913047: Long term memory leak when using PKCS11 and JCE exceeds 32 bit
> process address space
> <https://github.com/openjdk/jdk/commit/dfcab1b85ae9ca39b95cf3b17cb
> fbaea1238aec7>
> 8217088: Disable JDK-6913047 fix (SunPKCS11 memory leak) after
> JDK-8216597 (SIGBUS error in getNativeKeyInfo)
> <https://github.com/openjdk/jdk/commit/6cfcdde523ed3875cbe31379e04
> a745891816fcb>
> 8219011: Implement MacroAssembler::warn method on AArch64
> <https://github.com/openjdk/jdk/commit/d6bec9017ec205fe790aaed2e47
> 21b2f85b674f3>
> 8218854: FontMetrics.getMaxAdvance may be less than the maximum
> FontMetrics.charWidth
> <https://github.com/openjdk/jdk/commit/ae9ee277b6eca4cbcd91948e7c5
> 18c4a797e6d84>
> 8220753: Re-introduce the test case for TLS 1.2 algorithms in SunPKCS11
> crypto provider
> <https://github.com/openjdk/jdk/commit/0814229ebc94f6821789391df29
> c34610164b47f>
> 8220513: Wrapper Key may get deleted when closing sessions in SunPKCS11
> crypto provider
> <https://github.com/openjdk/jdk/commit/0d35ef38e6f11d4f5bafaefc3d97
> 567c18b57857>
> 8221271: sun/security/pkcs11/tls/tls12/TestTLS12.java test failed
> <https://github.com/openjdk/jdk/commit/a8a29bbae66da112b6012a4d5c
> 7cbf5270b1573a>
> 8222805: sun/security/pkcs11/tls/tls12/TestTLS12.java fails with
> Unsupported signature algorithm: rsa_pss_rsae_sha256
> <https://github.com/openjdk/jdk/commit/11bb97a71c805344c051e4fba75
> 096a539528000>
> 8223482: Unsupported ciphersuites may be offered by a TLS client
> <https://github.com/openjdk/jdk/commit/ebf8e1c0ac605a0613c343d37ab
> ece6d57cd9698>
> 8215032: Support Kerberos cross-realm referrals (RFC 6806)
> <https://github.com/openjdk/jdk/commit/5aae9ef0db20101c5a1473426e5
> dcd6f8a625c6a>
> 8227437: S4U2proxy cannot continue because server's TGT cannot be found
> <https://github.com/openjdk/jdk/commit/3cd50f2666a382c4b85f923c02a
> 5460d4bce515c>
> 8233404: System property to set the number of PBE iterations in JCEKS
> keystores
> <https://github.com/openjdk/jdk/commit/0e5a288dfe0b90e0d2c8c628833
> 4fb9847a4f403>
> 8233946: Add @since 13 annotation to
> KerberosPrincipal.KRB_NT_ENTERPRISE
> field
> <https://github.com/openjdk/jdk/commit/171257ea1aa210d13e7604994e
> 90ad334ed51875>
> 8005819: Support cross-realm MSSFU
> <https://github.com/openjdk/jdk/commit/4fa827ec92665dae9c3cd6505d8
> 85ba5b7998df2>
> 8238555: Allow Initialization of SunPKCS11 with NSS when there are external
> FIPS modules in the NSSDB
> <https://github.com/openjdk/jdk/commit/84f3e86749be8b84b6f39262cfd
> d160e651d6dba>
> 8239385: KerberosTicket client name refers wrongly to sAMAccountName in
> AD
> <https://github.com/openjdk/jdk/commit/2883bccf48f7a63c3635a079213
> 8c5481050966f>
> 8241888: Mirror jdk.security.allowNonCaAnchor system property with a
> security one
> <https://github.com/openjdk/jdk/commit/1c651455a75ff21770bb3b112a4
> 40396fce402a5>
> 8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS
> Kerberos tickets
> <https://github.com/openjdk/jdk/commit/31753ef9bf2508727021cb40fd0
> cf761502bd814>
> 8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
> <https://github.com/openjdk/jdk/commit/4be2173478bd1e84946bd903b3
> 50ce466bddb36b>
> 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
> <https://github.com/openjdk/jdk/commit/47c7dc7734677b64511ab1d4b3
> c30d3197d66ce9>
> 8261355: No data buffering in SunPKCS11 Cipher encryption when the
> underlying mechanism has no padding
> <https://github.com/openjdk/jdk/commit/1ee80e03adfae5f428519f7c134e
> 78a0f277a0a5>
> 8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's
> Secmod
> <https://github.com/openjdk/jdk/commit/bdbe23b9cb6151c81a4de675e6
> 29b0a42f00640d>
> 8270137: Kerberos Credential Retrieval from Cache not Working in Cross-
> Realm Setup
> <https://github.com/openjdk/jdk/commit/67869b491ae1eaf311dfb8c61a9
> e94329a822ffc>
> 8271566: DSA signature length value is not accurate in P11Signature
> <https://github.com/openjdk/jdk/commit/ea8d3c92c69c393cdbc6c62398f1
> e9c6adc708d3>
> 8275535: Retrying a failed authentication on multiple LDAP servers can lead to
> users blocked
> <https://github.com/openjdk/jdk/commit/3be394e1606dd17c2c14ce806c7
> 96f5eb2b1ad6e>
> 8301553: Support Password-Based Cryptography in SunPKCS11
> <https://github.com/openjdk/jdk/commit/4a75fd462c002a209201d8bfc8d
> 6c9eb286a7444>
> 8309569: sun/security/pkcs11/Signature/TestRSAKeyLength.java fails after
> JDK-8301553
> <https://github.com/openjdk/jdk/commit/760cb04a2e099a3af9199d77a23
> 4af75a18cce5d>
> 8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
> <https://github.com/openjdk/jdk/commit/0f5f3c9b9718c61040608832740
> 1210486447462>
> 8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software
> Token
> <https://github.com/openjdk/jdk/commit/13cf0707f903609c9bda99a9bf7
> 511f494f9feae>
> 8330611: AES-CTR vector intrinsic may read out of bounds (x86_64,
> AVX-512)
> <https://github.com/openjdk/jdk/commit/8a8d9288980513db459f7d6b36
> 554b65844951ca>
> 8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11
> <https://github.com/openjdk/jdk/commit/4ab7e98c79a1a0b7aba1ca74a83
> 16820c906e70e>
> 8323231: Improve array management
> <https://github.com/openjdk/jdk/commit/5f365d44be9c1f3413c9ccde970e
> 2745090a516a>
> 8336499: Failure when creating non-CRT RSA private keys in SunPKCS11
> <https://github.com/openjdk/jdk/commit/3251eea1f4289a0505052be204
> 407c02ca38b0ad>
> 8319332: Security properties files inclusion
> <https://github.com/openjdk/jdk/commit/c6f1d5f374bfa9bde75765391d5
> dae0e8e28b4ab>
> 8332644: Improve graph optimizations
> <https://github.com/openjdk/jdk/commit/c89f76c0b9ca085192775af9bd9
> 368562b582dd6>
> 8345221: Replace legacy with new Provider APIs in SunNativeGSS
> <https://github.com/openjdk/jdk/commit/a49f0776eb176129f558b6fab3f
> 50e0453f8cbcb>
> 8330045: Enhance array handling
> <https://github.com/openjdk/jdk/commit/5f6c85420a19d5dd9ccaf0a0c6e8
> f6502fab2aa7>
> 8328119: Support HKDF in SunPKCS11 (Preview) 8346720: Support Generic
> keys in SunPKCS11 SecretKeyFactor
> <https://github.com/openjdk/jdk/commit/6ddbcc34c019d780fc12d8f636e
> 3aa3de33ecaaa>
More information about the jdk-dev
mailing list