OpenJDK 13.0.11 released
Yuri Nesterenko
yan at azul.com
Wed Apr 20 08:55:06 UTC 2022
Hi all,
let me announce the release of OpenJDK 13.0.11.
The release sources are in https://github.com/openjdk/jdk13u Git repository
tagged jdk-13.0.11-ga.
For July release schedule see https://wiki.openjdk.java.net/display/JDKUpdates/JDK+13u
* Security fixes in this release:
=================================
- JDK-8284920: Incorrect Token type causes XPath expression to return empty result
- JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
- JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces
character
- JDK-8278356: Improve file creation
- JDK-8270504: Better Xpath expression handling
- JDK-8272594: Better record of recordings
- JDK-8277672: Better invocation handler handling
- JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
- JDK-8278972: Improve URL supports
- JDK-8272261: Improve JFR recording file processing
- JDK-8269938: Enhance XML processing passes redux
- JDK-8272255: Completely handle MIDI files
- JDK-8278805: Enhance BMP image loading
- JDK-8278449: Improve keychain support
- JDK-8277227: Better identification of OIDs
- JDK-8275151: Improved Object Identification
- JDK-8274221: More definite BER encodings
- JDK-8278798: Improve supported intrinsic
* Other changes:
================
- JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
- JDK-8276141: XPathFactory set/getProperty method
- JDK-8249867: XML declaration is not followed by a newline
- JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
- JDK-8278309: [windows] use of uninitialized OSThread::_state
- JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
- JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- JDK-8275082: Update XML Security for Java to 2.3.0
- JDK-8280947: Adapt test/jdk/javax/xml/crypto/dsig/LogParameters.java for 13u
- JDK-8280414: Memory leak in DefaultProxySelector
- JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
- JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
- JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
- JDK-8247907: XMLDsig logging does not work
- JDK-8259535: ECDSA SignatureValue do not always have the specified length
- JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
- JDK-8273341: Update Siphash to version 1.0
- JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
- JDK-8272570: C2: crash in PhaseCFG::global_code_motion
- JDK-8274658: ISO 4217 Amendment 170 Update
- JDK-8065704: Set LC_ALL=C for all relevant commands in the build system
* Notes on some issues:
=========================
xml/jaxp:
JDK-8249867 XML declaration is not followed by a newline
========================================================
Added a property jdk.xml.isStandalone to control the newline after the XML header for DOM
LSSerializer.
For usage, please refer to java.xml module-summary API document.
xml/jaxp:
New XML Processing Limits
========================================================
Added three new processing limits:
jdk.xml.xpathExprGrpLimit (by default 10, 0 or less means no limit)
jdk.xml.xpathExprOpLimit (by default 100, 0 or less means no limit)
jdk.xml.xpathTotalOpLimit (by default 1000, 0 or less means no limit)
The limits may be set as system properties or in jaxp.properties file; for XSLT processor - via
TransformerFactory.
For detailed information please refer to java.xml module-summary API document.
core-libs/javax.naming:
Parsing of URL Strings in Built-In JNDI Providers Is More Strict
================================================================
Added three system properties to control strength of some URLs parsing.
Properties are com.sun.jndi.ldapURLParsing,
com.sun.jndi.dnsURLParsing,
and com.sun.jndi.rmiURLParsing
with acceptable values "legacy", "compat", "strict".
The default is always "compat";
"legacy" would turn validation off;
"strict" may reject some URLs unless all their fragments are explicitly supported by Uri subclass.
security-libs/java.security
Trusted Certificate Entries in macOS KeychainStore
==================================================
Starting from this release only certificates added with the system macOS "security
add-trusted-cert" command
will be treated as Trusted Certificate Entries in the macOS KeychainStore
Thanks,
--yan
More information about the jdk-updates-dev
mailing list