OpenJDK 15.0.7 released

Yuri Nesterenko yan at azul.com
Wed Apr 20 08:58:02 UTC 2022 

Hi all,

let me announce the release of OpenJDK 15.0.7.

The release sources are in https://github.com/openjdk/jdk15u Git repository
tagged jdk-15.0.7-ga.
For July release schedule see https://wiki.openjdk.java.net/display/JDKUpdates/JDK+15u

* Security fixes in this release:
=================================
   - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
   - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
   - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
   - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces 
character
   - JDK-8278356: Improve file creation
   - JDK-8270504: Better Xpath expression handling
   - JDK-8272588: Enhanced recording parsing
   - JDK-8272594: Better record of recordings
   - JDK-8277672: Better invocation handler handling
   - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
   - JDK-8278972: Improve URL supports
   - JDK-8272261: Improve JFR recording file processing
   - JDK-8269938: Enhance XML processing passes redux
   - JDK-8272255: Completely handle MIDI files
   - JDK-8278805: Enhance BMP image loading
   - JDK-8278449: Improve keychain support
   - JDK-8277227: Better identification of OIDs
   - JDK-8275151: Improved Object Identification
   - JDK-8274221: More definite BER encodings
   - JDK-8277233: Improve ECDSA signature support
   - JDK-8278798: Improve supported intrinsic

* Other changes:
================
   - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
   - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
   - JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
   - JDK-8276141: XPathFactory set/getProperty method
   - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
   - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms 
where no nsslib artifacts are defined
   - JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
   - JDK-8249867: XML declaration is not followed by a newline
   - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
   - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
   - JDK-8278309: [windows] use of uninitialized OSThread::_state
   - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
   - JDK-8281374: Add MD5.implCompress0 to Graal toBeInvestigated list after 8280978
   - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
   - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
   - JDK-8253639: Change os::attempt_reserve_memory_at parameter order
   - JDK-8251216: Implement MD5 intrinsics on AArch64
   - JDK-8251260: two MD5 tests fail "RuntimeException: Unexpected count of intrinsic"
   - JDK-8250902: Implement MD5 Intrinsics on x86
   - JDK-8275082: Update XML Security for Java to 2.3.0
   - JDK-8280414: Memory leak in DefaultProxySelector
   - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
   - JDK-8259535: ECDSA SignatureValue do not always have the specified length
   - JDK-8273341: Update Siphash to version 1.0
   - JDK-8273359: CI: ciInstanceKlass::get_canonical_holder() doesn't respect instance size
   - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
   - JDK-8274658: ISO 4217 Amendment 170 Update
   - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
   - JDK-8253638: Cleanup os::reserve_memory and remove MAP_FIXED
   - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE

* Notes on some issues:
=========================

     xml/jaxp:
     JDK-8249867 XML declaration is not followed by a newline
     ========================================================
     Added a property jdk.xml.isStandalone to control the newline after the XML header for DOM 
LSSerializer.
     For usage, please refer to java.xml module-summary API document.

     xml/jaxp:
     New XML Processing Limits
     ========================================================
     Added three new processing limits:
     jdk.xml.xpathExprGrpLimit (by default 10, 0 or less means no limit)
     jdk.xml.xpathExprOpLimit  (by default 100, 0 or less means no limit)
     jdk.xml.xpathTotalOpLimit (by default 1000, 0 or less means no limit)
     The limits may be set as system properties or in jaxp.properties file; for XSLT processor - via 
TransformerFactory.
     For detailed information please refer to java.xml module-summary API document.

     core-libs/javax.naming:
     Parsing of URL Strings in Built-In JNDI Providers Is More Strict
     ================================================================
     Added three system properties to control strength of some URLs parsing.
     Properties are com.sun.jndi.ldapURLParsing,
     com.sun.jndi.dnsURLParsing,
     and com.sun.jndi.rmiURLParsing
     with acceptable values "legacy", "compat", "strict".
     The default is always "compat";
     "legacy" would turn validation off;
     "strict" may reject some URLs unless all their fragments are explicitly supported by Uri subclass.

     security-libs/java.security
     Trusted Certificate Entries in macOS KeychainStore
     ==================================================
     Starting from this release only certificates added with the system macOS "security 
add-trusted-cert" command
     will be treated as Trusted Certificate Entries in the macOS KeychainStore

     Thanks,
     --yan

More information about the jdk-updates-dev mailing list