OpenJDK 15.0.7 released
Yuri Nesterenko
yan at azul.com
Wed Apr 20 08:58:02 UTC 2022
Hi all,
let me announce the release of OpenJDK 15.0.7.
The release sources are in https://github.com/openjdk/jdk15u Git repository
tagged jdk-15.0.7-ga.
For July release schedule see https://wiki.openjdk.java.net/display/JDKUpdates/JDK+15u
* Security fixes in this release:
=================================
- JDK-8284920: Incorrect Token type causes XPath expression to return empty result
- JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
- JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces
character
- JDK-8278356: Improve file creation
- JDK-8270504: Better Xpath expression handling
- JDK-8272588: Enhanced recording parsing
- JDK-8272594: Better record of recordings
- JDK-8277672: Better invocation handler handling
- JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
- JDK-8278972: Improve URL supports
- JDK-8272261: Improve JFR recording file processing
- JDK-8269938: Enhance XML processing passes redux
- JDK-8272255: Completely handle MIDI files
- JDK-8278805: Enhance BMP image loading
- JDK-8278449: Improve keychain support
- JDK-8277227: Better identification of OIDs
- JDK-8275151: Improved Object Identification
- JDK-8274221: More definite BER encodings
- JDK-8277233: Improve ECDSA signature support
- JDK-8278798: Improve supported intrinsic
* Other changes:
================
- JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
- JDK-8276141: XPathFactory set/getProperty method
- JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
- JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms
where no nsslib artifacts are defined
- JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
- JDK-8249867: XML declaration is not followed by a newline
- JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
- JDK-8278309: [windows] use of uninitialized OSThread::_state
- JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
- JDK-8281374: Add MD5.implCompress0 to Graal toBeInvestigated list after 8280978
- JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
- JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- JDK-8253639: Change os::attempt_reserve_memory_at parameter order
- JDK-8251216: Implement MD5 intrinsics on AArch64
- JDK-8251260: two MD5 tests fail "RuntimeException: Unexpected count of intrinsic"
- JDK-8250902: Implement MD5 Intrinsics on x86
- JDK-8275082: Update XML Security for Java to 2.3.0
- JDK-8280414: Memory leak in DefaultProxySelector
- JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
- JDK-8259535: ECDSA SignatureValue do not always have the specified length
- JDK-8273341: Update Siphash to version 1.0
- JDK-8273359: CI: ciInstanceKlass::get_canonical_holder() doesn't respect instance size
- JDK-8272570: C2: crash in PhaseCFG::global_code_motion
- JDK-8274658: ISO 4217 Amendment 170 Update
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- JDK-8253638: Cleanup os::reserve_memory and remove MAP_FIXED
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
* Notes on some issues:
=========================
xml/jaxp:
JDK-8249867 XML declaration is not followed by a newline
========================================================
Added a property jdk.xml.isStandalone to control the newline after the XML header for DOM
LSSerializer.
For usage, please refer to java.xml module-summary API document.
xml/jaxp:
New XML Processing Limits
========================================================
Added three new processing limits:
jdk.xml.xpathExprGrpLimit (by default 10, 0 or less means no limit)
jdk.xml.xpathExprOpLimit (by default 100, 0 or less means no limit)
jdk.xml.xpathTotalOpLimit (by default 1000, 0 or less means no limit)
The limits may be set as system properties or in jaxp.properties file; for XSLT processor - via
TransformerFactory.
For detailed information please refer to java.xml module-summary API document.
core-libs/javax.naming:
Parsing of URL Strings in Built-In JNDI Providers Is More Strict
================================================================
Added three system properties to control strength of some URLs parsing.
Properties are com.sun.jndi.ldapURLParsing,
com.sun.jndi.dnsURLParsing,
and com.sun.jndi.rmiURLParsing
with acceptable values "legacy", "compat", "strict".
The default is always "compat";
"legacy" would turn validation off;
"strict" may reject some URLs unless all their fragments are explicitly supported by Uri subclass.
security-libs/java.security
Trusted Certificate Entries in macOS KeychainStore
==================================================
Starting from this release only certificates added with the system macOS "security
add-trusted-cert" command
will be treated as Trusted Certificate Entries in the macOS KeychainStore
Thanks,
--yan
More information about the jdk-updates-dev
mailing list