2025-07 Security Update Bundles

Sat Jul 12 13:39:41 UTC 2025

It's ok, after all the code is correct, now.
JBS is just formal stuff...

Best regards, Goetz.

> -----Original Message-----
> From: Hohensee, Paul <hohensee at amazon.com>
> Sent: Friday, July 11, 2025 11:03 PM
> To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; Satyen Subramaniam
> <ssubramaniam at openjdk.org>; jdk-updates-dev <jdk-updates-
> dev at openjdk.org>
> Cc: Andrew Hughes <gnu.andrew at redhat.com>; Volker Simonis
> <volker.simonis at gmail.com>; Langer, Christoph <christoph.langer at sap.com>
> Subject: Re: 2025-07 Security Update Bundles
>
> Apologies, I didn't know the process.
>
> No warning that I saw.
>
> On 7/10/25, 2:36 AM, "Lindenmaier, Goetz" <goetz.lindenmaier at sap.com
> <mailto:goetz.lindenmaier at sap.com>> wrote:
>
> Hi Paul,
>
> On 20.5.2025 you have removed jdk17u-fix-yes and jdk17u-fix-request
> labels from https://bugs.openjdk.org/browse/JDK-8320687
> <https://bugs.openjdk.org/browse/JDK-8320687>
>
> Why have you done this? You should not touch jdk17u-fix-yes labels!!!
> These are reserved to the maintainers.
>
> Now we have a broken situation with two pushes for the same
> change. The correct way would have been to open a [REDO] change,
> this is what I understood as "resubmit".
> Nobody could tell from your 2nd PR that this was a redo of
> a previous change. Please mention such things to be transparent.
>
> Actually I thought that Skara warns that the change
> has already been pushed to the repository. Hasn't there been
> such a warning?
>
> Best regards,
> Goetz.
>
> > -----Original Message-----
> > From: Andrew Hughes <gnu.andrew at redhat.com
> <mailto:gnu.andrew at redhat.com>>
> > Sent: Wednesday, July 9, 2025 8:53 PM
> > To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com
> <mailto:goetz.lindenmaier at sap.com>>
> > Subject: Re: 2025-07 Security Update Bundles
> >
> > On 11:23 Wed 09 Jul , Lindenmaier, Goetz wrote:
> > > Hi Andrew,
> > >
> > > It seems to be working in the meantime. I saw some mails to Christoph.
> > >
> > > Best, Goetz.
> > >
> >
> > Thanks. I've picked up the bundles today.
> >
> > I've just been going through the changes in 17.0.16 and I found this
> > pair confusing:
> >
> > JDK-8320687: sun.jvmstat.monitor.MonitoredHost.getMonitoredHost()
> > throws unexpected exceptions when invoked concurrently
> > JDK-8355914: [17u] Backout backport of JDK-8320687
> >
> > The reason is that there are only two bugs, but three commits. From
> > the bugs alone, it is not clear that 8320687 was later reapplied as it
> > happens under the same ID and in a commit with the same summary.
> >
> > I can see why you might wanted to have avoided a "[REDO]" bug here to
> > retain the link to the original bug. Maybe, as it was only a failing
> > test, it could have just been excluded until fixed?
> >
> > The 8355914 bug says "Tonight rampdown starts" but this was in
> > 17.0.16+1, long before rampdown.
> >
> > Thoughts? I'm just wondering if we could have done things a little
> > better here, though I can understand the change was made under tight
> > time constraints.
> >
> > Best,
> > --
> > Andrew :)
> > Pronouns: he / him or they / them
> > Red Hat, Inc.
> (http://www.r/
> edhat.com%2F&data=05%7C02%7Cgoetz.lindenmaier%40sap.com%7C3f2047
> 0467334c89a7d008ddc0be5f61%7C42f7676cf455423c82f6dc2d99791af7%7C0
> %7C0%7C638878646081791242%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0e
> U1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCI
> sIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=l%2FunoUqgYHLQbSrsB70WcN
> 4IiKlEU4apQSpIfwzd9PI%3D&reserved=0
> <http://www.r/
> edhat.com%2F&data=05%7C02%7Cgoetz.lindenmaier%40sap.com%7C3f2047
> 0467334c89a7d008ddc0be5f61%7C42f7676cf455423c82f6dc2d99791af7%7C0
> %7C0%7C638878646081815462%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0e
> U1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCI
> sIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=GGdI93U65KxVA4MqyzBTayMR
> Se%2FhUnib6aic6rdV8a0%3D&reserved=0>)
> >
> > PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
> >
> > Please contact via e-mail, not proprietary chat networks
>
>