OpenJDK 21.0.10 Released
Andrew Hughes
gnu.andrew at redhat.com
Thu Jan 22 02:04:42 UTC 2026
We are pleased to announce the release of OpenJDK 21.0.10.
The source tarball is available from:
* https://openjdk-sources.osci.io/openjdk21/openjdk-21.0.10+7.tar.xz
The tarball is accompanied by a digital signature available at:
* https://openjdk-sources.osci.io/openjdk21/openjdk-21.0.10+7.tar.xz.sig
This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):
PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6 AC44 92EF 8D39 DC13 168F
SHA256 checksums:
edbadaf8d0ed69ee09e3903b8d351ad9a9bae1886028c1571a19a84968bb913c openjdk-21.0.10+7.tar.xz
9d1d2c06107e8cc165cdd1e9be73e1f7f1cda98d956945aefe2efdec8b6059d3 openjdk-21.0.10+7.tar.xz.sig
SHA512 checksums:
997bae911cd414ae226603f4bb76cae3914dfc324f3c955cb3a3ad767f873b0422d5328fab3813608c59cbe6ec6d6759165c0b1aa57fc6779e051e54729d35cd openjdk-21.0.10+7.tar.xz
1734e1f8469434356dd60bebfaa58e09fcfba42e4ad08aff3d3e95331453a6755aaba81cd0db1570b6390d988b9842524f2480f9634437814f1b3e3ff9c027c1 openjdk-21.0.10+7.tar.xz.sig
The checksums can be downloaded from:
* https://openjdk-sources.osci.io/openjdk21/openjdk-21.0.10+7.sha256
* https://openjdk-sources.osci.io/openjdk21/openjdk-21.0.10+7.sha512
New in release OpenJDK 21.0.10 (2026-01-20):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk2110
* CVEs
- CVE-2026-21925
- CVE-2026-21932
- CVE-2026-21933
- CVE-2026-21945
* Changes
- JDK-7191877: TEST_BUG: java/rmi/transport/checkLeaseInfoLeak/CheckLeaseLeak.java failing intermittently
- JDK-8072701: resume001 failed due to ERROR: timeout for waiting for a BreakpintEvent
- JDK-8139228: JFileChooser renders file names as HTML document
- JDK-8139392: JInternalFrame has incorrect padding
- JDK-8140527: JInternalFrame has incorrect title button width
- JDK-8162380: [TEST_BUG] MouseEvent/.../AltGraphModifierTest.java has only "Fail" button
- JDK-8199149: Improve the exception message thrown by VarHandle of unsupported operation
- JDK-8201183: sjavac build failures: "Connection attempt failed: Connection refused"
- JDK-8201778: Speed up test javax/net/ssl/DTLS/PacketLossRetransmission.java
- JDK-8204868: java/util/zip/ZipFile/TestCleaner.java still fails with "cleaner failed to clean zipfile."
- JDK-8210807: Printing a JTable with a JScrollPane prints table without rows populated
- JDK-8216437: PPC64: Add intrinsic for GHASH algorithm
- JDK-8219408: Tests should handle ${} in the view of jtreg "smart action"
- JDK-8230016: re-visit test sun/security/pkcs11/Serialize/SerializeProvider.java
- JDK-8245545: Disable TLS_RSA cipher suites
- JDK-8265429: Improve GCM encryption
- JDK-8277424: javax/net/ssl/TLSCommon/TLSTest.java fails with connection refused
- JDK-8280482: Window transparency bug on Linux
- JDK-8290043: serviceability/attach/ConcAttachTest.java failed "guarantee(!CheckJNICalls) failed: Attached JNI thread exited without being detached"
- JDK-8297531: sun/security/krb5/MicroTime.java fails with "Exception: What? only 100 musec precision?"
- JDK-8300708: Some nsk jvmti tests fail with virtual thread wrapper due to jvmti missing some virtual thread support
- JDK-8304065: HttpServer.stop should terminate immediately if no exchanges are in progress
- JDK-8304811: vmTestbase/vm/mlvm/indy/func/jvmti/stepBreakPopReturn/INDIFY_Test.java fails with JVMTI_ERROR_TYPE_MISMATCH
- JDK-8305186: Reference.waitForReferenceProcessing should be more accessible to tests
- JDK-8305567: serviceability/tmtools/jstat/GcTest01.java failed utils.JstatGcResults.assertConsistency
- JDK-8306579: Consider building with /Zc:throwingNew
- JDK-8307160: Fix AWT/2D/A11Y to support the permissive- flag on the Microsoft Visual C compiler
- JDK-8308780: Fix the Java Integer types on Windows
- JDK-8309511: Regression test ExtraImportSemicolon.java refers to the wrong bug
- JDK-8310049: Refactor Charset tests to use JUnit
- JDK-8310915: Typo in aarch64.ad: "envcodings"
- JDK-8311076: RedefineClasses doesn't check for ConstantPool overflow
- JDK-8311906: Improve robustness of String constructors with mutable array inputs
- JDK-8313231: Redundant if statement in ZoneInfoFile
- JDK-8313770: jdk/internal/platform/docker/TestSystemMetrics.java fails on Ubuntu
- JDK-8315130: java.lang.IllegalAccessError when processing classlist to create CDS archive
- JDK-8315990: Amend problemlisted tests to proper position
- JDK-8316422: TestIntegerUnsignedDivMod.java triggers "invalid layout" assert in FrameValues::validate
- JDK-8317132: Prepare HotSpot for permissive-
- JDK-8317332: Prepare security for permissive-
- JDK-8317970: Bump target macosx-x64 version to 11.00.00
- JDK-8318467: [jmh] tests concurrent.Queues and concurrent.ProducerConsumer hang with 101+ threads
- JDK-8318730: MonitorVmStartTerminate.java still times out after JDK-8209595
- JDK-8318850: Duplicate code in the LCMSImageLayout
- JDK-8319570: Change to GCC 13.2.0 for building on Linux at Oracle
- JDK-8320049: PKCS10 would not discard the cause when throw SignatureException on invalid key
- JDK-8320577: Improve MessageHeader's toString() function to make HttpURLConnection's debug log readable
- JDK-8320836: jtreg gtest runs should limit heap size
- JDK-8321180: Condition for non-latin1 string size too large exception is off by one
- JDK-8321183: Incorrect warning from cds about the modules file
- JDK-8321514: UTF16 string gets constructed incorrectly from codepoints if CompactStrings is not enabled
- JDK-8322018: Test java/lang/String/CompactString/MaxSizeUTF16String.java fails with -Xcomp
- JDK-8322135: Printing JTable in Windows L&F throws InternalError: HTHEME is null
- JDK-8322140: javax/swing/JTable/JTableScrollPrintTest.java does not print the rows and columns of the table in Nimbus and Aqua LookAndFeel
- JDK-8323803: ConstantOopReadValue::print_on should print 'null' instead of 'nullptr'
- JDK-8324065: Daylight saving information for `Africa/Casablanca` are incorrect
- JDK-8324491: Keyboard layout didn't keep its state if it was changed when dialog was active
- JDK-8325277: [21u] Backout test change of JDK-8291809
- JDK-8325530: Vague error message when com.sun.tools.attach.VirtualMachine fails to load agent library
- JDK-8325590: Regression in round-tripping UTF-16 strings after JDK-8311906
- JDK-8325647: [IR framework] Only prints stdout if exitCode is 134
- JDK-8325731: Installation instructions for Debian/Ubuntu don't mention autoconf
- JDK-8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically
- JDK-8327434: Test java/util/PluggableLocale/TimeZoneNameProviderTest.java timed out
- JDK-8327704: Update nsk/jdi tests to use driver instead of othervm
- JDK-8327757: Convert javax/swing/JSlider/6524424/bug6524424.java applet to main
- JDK-8327856: Convert applet test SpanishDiacriticsTest.java to a main program
- JDK-8327980: Convert javax/swing/JToggleButton/4128979/bug4128979.java applet test to main
- JDK-8328124: Convert java/awt/Frame/ShownOnPack/ShownOnPack.html applet test to main
- JDK-8328247: Remove redundant dir for tests converted from applet to main
- JDK-8328299: Convert DnDFileGroupDescriptor.html applet test to main
- JDK-8328377: Convert java/awt/Cursor/MultiResolutionCursorTest test to main
- JDK-8328562: Convert java/awt/InputMethods/DiacriticsTest/DiacriticsTest.java applet test to main
- JDK-8331231: containers/docker/TestContainerInfo.java fails
- JDK-8333200: Test containers/docker/TestPids.java fails Limit value -1 is not accepted as unlimited
- JDK-8333526: Restructure java/nio/channels/DatagramChannel/StressNativeSignal.java to a fail fast exception handling policy
- JDK-8333569: jpackage tests must run app launchers with retries on Linux only
- JDK-8333783: java/nio/channels/FileChannel/directio/DirectIOTest.java is unstable with AV software
- JDK-8334217: [AIX] Misleading error messages after JDK-8320005
- JDK-8334509: Cancelling PageDialog does not return the same PageFormat object
- JDK-8334756: javac crashed on call to non-existent generic method with explicit annotated type arg
- JDK-8334771: [TESTBUG] Run TestDockerMemoryMetrics.java with -Xcomp fails exitValue = 137
- JDK-8335986: Test javax/swing/JCheckBox/4449413/bug4449413.java fails on Windows 11 x64 because RBMenuItem's and CBMenuItem's checkmark on the left side are not visible
- JDK-8337723: Remove redundant tests from com/sun/security/sasl/gsskerb
- JDK-8338428: Add logging of final VM flags while setting properties
- JDK-8338740: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes
- JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC
- JDK-8339366: [jittester] Make it possible to generate tests without execution
- JDK-8340015: Open source several AWT focus tests - series 7
- JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
- JDK-8340354: Open source AWT desktop properties and print related tests
- JDK-8341097: GHA: Demote Mac x86 jobs to build only
- JDK-8341131: Some jdk/jfr/event/compiler tests shouldn't be executed with Xcomp
- JDK-8341138: Rename jtreg property docker.support as container.support
- JDK-8341443: [macos] AppContentTest and SigningOptionsTest failed due to "codesign" does not fails with "--app-content" on macOS 15
- JDK-8341496: Improve JMX connections
- JDK-8342576: [macos] AppContentTest still fails after JDK-8341443 for same reason on older macOS versions
- JDK-8342582: user.region for formatting number no longer works for 21.0.5
- JDK-8342934: TYPE_USE annotations printed with error causing "," in toString output
- JDK-8343191: Cgroup v1 subsystem fails to set subsystem path
- JDK-8343340: Swapping checking do not work for MetricsMemoryTester failcount
- JDK-8343875: Minor improvements of jpackage test library
- JDK-8343876: Enhancements to jpackage test lib
- JDK-8344143: Test jdk/java/lang/Thread/virtual/stress/GetStackTraceALotWhenPinned.java timed out on macosx-x64
- JDK-8344577: Virtual thread tests are timing out on some macOS systems
- JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on Debian 12
- JDK-8346142: [perf] scalability issue for the specjvm2008::xml.validation workload
- JDK-8346234: javax/swing/text/DefaultEditorKit/4278839/bug4278839.java still fails in CI
- JDK-8346753: Test javax/swing/JMenuItem/RightLeftOrientation/RightLeftOrientation.java fails on Windows Server 2025 x64 because the icons of RBMenuItem and CBMenuItem are not visible in Nimbus LookAndFeel
- JDK-8346839: [TESTBUG] "java/awt/textfield/setechochartest4/setechochartest4.java" failed because the test frame disappears on clicking "Click Several Times" button
- JDK-8346875: Test jdk/jdk/jfr/event/os/TestCPULoad.java fails on macOS
- JDK-8347143: [aix] Fix strdup use in os::dll_load
- JDK-8347277: java/awt/Focus/ComponentLostFocusTest.java fails intermittently
- JDK-8347300: Don't exclude the "PATH" var from the environment when running app launchers in jpackage tests
- JDK-8347377: Add validation checks for ICC_Profile header fields
- JDK-8347434: Richer VM operations events logging
- JDK-8347811: Container detection code for cgroups v2 should use cgroup.controllers
- JDK-8347841: Test fixes that use deprecated time zone IDs
- JDK-8348240: Remove SystemDictionaryShared::lookup_super_for_unregistered_class()
- JDK-8348402: PerfDataManager stalls shutdown for 1ms
- JDK-8349188: LineBorder does not scale correctly
- JDK-8349534: Refactor jdk/sun/security/krb5/runNameEquals.sh to java test
- JDK-8349705: java.net.URI.scanIPv4Address throws unnecessary URISyntaxException
- JDK-8349988: Change cgroup version detection logic to not depend on /proc/cgroups
- JDK-8350102: Decouple jpackage test-lib Executor.Result and Executor classes
- JDK-8350623: Fix -Wzero-as-null-pointer-constant warnings in nsk native test utilities
- JDK-8350813: Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError
- JDK-8351110: ImageIO.write for JPEG can write corrupt JPEG for certain thumbnail dimensions
- JDK-8351359: OperatingSystemMXBean: values from getCpuLoad and getProcessCpuLoad are stale after 24.8 days (Windows)
- JDK-8351382: New test containers/docker/TestMemoryWithSubgroups.java is failing
- JDK-8351567: Jar Manifest test ValueUtf8Coding produces misleading diagnostic output
- JDK-8352016: Improve java/lang/RuntimeTests/RuntimeExitLogTest.java
- JDK-8352533: Report useful IOExceptions when jspawnhelper fails
- JDK-8352678: Opensource few JMenuItem tests
- JDK-8352682: Opensource JComponent tests
- JDK-8352686: Opensource JInternalFrame tests - series3
- JDK-8352687: Opensource few JInternalFrame and JTextField tests
- JDK-8352793: Open source several AWT TextComponent tests - Batch 1
- JDK-8352865: Open source several AWT TextComponent tests - Batch 2
- JDK-8352905: Open some JComboBox bugs 1
- JDK-8352926: New test TestDockerMemoryMetricsSubgroup.java fails
- JDK-8352966: Opensource Several Font related tests - Batch 2
- JDK-8352997: Open source several Swing JTabbedPane tests
- JDK-8353007: Open some JComboBox bugs 2
- JDK-8353011: Open source Swing JButton tests - Set 1
- JDK-8353013: java.net.URI.create(String) may have low performance to scan the host/domain name from URI string when the hostname starts with number
- JDK-8353175: Eliminate double iteration of stream in FieldDescriptor reinitialization
- JDK-8353201: Open source Swing Tooltip tests - Set 2
- JDK-8353299: VerifyJarEntryName.java test fails
- JDK-8353309: Open source several Swing text tests
- JDK-8353319: Open source Swing tests - Set 3
- JDK-8353445: Open source several AWT Menu tests - Batch 1
- JDK-8353470: Clean up and open source couple AWT Graphics related tests (Part 2)
- JDK-8353483: Open source some JProgressBar tests
- JDK-8353486: Open source Swing Tests - Set 4
- JDK-8353585: Provide ChoiceFormat#parse(String, ParsePosition) tests
- JDK-8353586: Open source several toolkit tests
- JDK-8353589: Open source a few Swing menu-related tests
- JDK-8353592: Open source several scrollbar tests
- JDK-8353661: Open source several swing tests batch5
- JDK-8353832: Opensource FontClass, Selection and Icon tests
- JDK-8353953: com/sun/jdi tests should be fixed to not always require includevirtualthreads=y
- JDK-8353957: Open source several AWT ScrollPane tests - Batch 1
- JDK-8353958: Open source several AWT ScrollPane tests - Batch 2
- JDK-8354095: Open some JTable bugs 5
- JDK-8354106: Clean up and open source KeyEvent related tests (Part 2)
- JDK-8354214: Open source Swing tests Batch 2
- JDK-8354233: Open some JTable bugs 6
- JDK-8354235: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine
- JDK-8354248: Open source several AWT GridBagLayout and List tests
- JDK-8354340: Open source Swing Tests - Set 6
- JDK-8354341: Open some JTable bugs 7
- JDK-8354365: Opensource few Modal and Full Screen related tests
- JDK-8354418: Open source Swing tests Batch 4
- JDK-8354451: Open source some more Swing popup menu tests
- JDK-8354465: Open some JTable bugs 8
- JDK-8354466: Open some misc Swing bugs 9
- JDK-8354472: Clean up and open source KeyEvent related tests (Part 3)
- JDK-8354475: TestDockerMemoryMetricsSubgroup.java fails with exitValue = 1
- JDK-8354493: Opensource Several MultiScreen and Insets related tests
- JDK-8354495: Open source several AWT DataTransfer tests
- JDK-8354532: Open source JFileChooser Tests - Set 7
- JDK-8354552: Open source a few Swing tests
- JDK-8354553: Open source several clipboard tests batch0
- JDK-8354561: Open source several swing tests batch0
- JDK-8354646: java.awt.TextField allows to identify the spaces in a password when double clicked at the starting and end of the text
- JDK-8354653: Clean up and open source KeyEvent related tests (Part 4)
- JDK-8354701: Open source few JToolTip tests
- JDK-8354873: javax/swing/plaf/metal/MetalIconFactory/bug4952462.java failing on CI
- JDK-8354928: Clean up and open source some miscellaneous AWT tests
- JDK-8355071: Fix nsk/jdi test to not require lookup of main thread in order to set the breakpoint used for communication
- JDK-8355077: Compiler error at splashscreen_gif.c due to unterminated string initialization
- JDK-8355241: Move NativeDialogToFrontBackTest.java PL test to manual category
- JDK-8355333: Some Problem list entries point to non-existent / wrong files
- JDK-8355387: [jittester] Disable downcasts by default
- JDK-8355444: [java.io] Use @requires tag instead of exiting based on "os.name" property value
- JDK-8355478: DoubleActionESC.java fails intermittently
- JDK-8355558: SJIS.java test is always ignored
- JDK-8355561: [macos] Build failure with Xcode 16.3
- JDK-8355569: Some nsk/jdi tests can glean the "main" thread by using the ClassPrepareEvent for the debuggee main class
- JDK-8355773: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee
- JDK-8356023: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 2
- JDK-8356040: java/util/PluggableLocale/LocaleNameProviderTest.java timed out
- JDK-8356145: ListEnterExitTest.java fails on macos
- JDK-8356187: TestJcmd.java may incorrectly parse podman version
- JDK-8356588: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 3
- JDK-8356752: Log mouse enter and exit events for debugging
- JDK-8356811: Some nsk/jdi tests can fetch ThreadReference from static field in the debuggee: part 4
- JDK-8356897: Update NSS library to 3.111
- JDK-8357172: Extend try block in nsk/jdi tests to capture exceptions thrown by Debuggee.classByName()
- JDK-8357305: Compilation failure in javax/swing/JMenuItem/bug6197830.java
- JDK-8357561: BootstrapLoggerTest does not work on Ubuntu 24 with LANG de_DE.UTF-8
- JDK-8357799: Improve instructions for JFileChooser/HTMLFileName.java
- JDK-8357822: C2: Multiple string optimization tests are no longer testing string concatenation optimizations
- JDK-8357882: Use UTF-8 encoded data in LocaleDataTest
- JDK-8358048: java/net/httpclient/HttpsTunnelAuthTest.java incorrectly calls Thread::stop
- JDK-8358532: JFileChooser in GTK L&F still displays HTML filename
- JDK-8358577: Test serviceability/jvmti/thread/GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object
- JDK-8358679: [asan] vmTestbase/nsk/jvmti tests show memory issues
- JDK-8358748: Large page size initialization fails with assert "page_size must be a power of 2"
- JDK-8358764: (sc) SocketChannel.close when thread blocked in read causes connection to be reset (win)
- JDK-8358813: JPasswordField identifies spaces in password via delete shortcuts
- JDK-8359061: Update and ProblemList manual test java/awt/Cursor/CursorDragTest/ListDragCursor.java
- JDK-8359167: Remove unused test/hotspot/jtreg/vmTestbase/nsk/share/jpda/BindServer.java
- JDK-8359182: Use @requires instead of SkippedException for MaxPath.java
- JDK-8359207: Remove runtime/signal/TestSigusr2.java since it is always skipped
- JDK-8359418: Test "javax/swing/text/GlyphView/bug4188841.java" failed because the phrase of text pane does not match the instructions
- JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again
- JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test
- JDK-8359477: com/sun/net/httpserver/Test12.java appears to have a temp file race
- JDK-8359501: Enhance Handling of URIs
- JDK-8359687: Use PassFailJFrame for java/awt/print/Dialog/DialogType.java
- JDK-8360022: ClassRefDupInConstantPoolTest.java fails when running in repeat
- JDK-8360178: TestArguments.atojulong gtest has incorrect format string
- JDK-8360288: Shenandoah crash at size_given_klass in op_degenerated
- JDK-8360408: [TEST] Use @requires tag instead of exiting based on "os.name" property value for sun/net/www/protocol/file/FileURLTest.java
- JDK-8360411: [TEST] open/test/jdk/java/io/File/MaxPathLength.java Refactor extract method to encapsulate Windows specific test logic
- JDK-8360478: libjsig related tier3 jtreg tests fail when asan is configured
- JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions
- JDK-8360981: Remove use of Thread.stop in test/jdk/java/net/Socket/DeadlockTest.java
- JDK-8361253: CommandLineOptionTest library should report observed values on failure
- JDK-8361298: SwingUtilities/bug4967768.java fails where character P is not underline
- JDK-8361314: Test serviceability/jvmti/VMEvent/MyPackage/VMEventRecursionTest.java FATAL ERROR in native method: Failed during the GetClassSignature call
- JDK-8361423: Add IPSupport::printPlatformSupport to java/net/NetworkInterface/IPv4Only.java
- JDK-8361447: [REDO] Checked version of JNI Release<type>ArrayElements needs to filter out known wrapped arrays
- JDK-8361599: [PPC64] enable missing tests via jtreg requires
- JDK-8361751: Test sun/tools/jcmd/TestJcmdSanity.java timed out on Windows
- JDK-8361754: New test runtime/jni/checked/TestCharArrayReleasing.java can cause disk full errors
- JDK-8361868: [GCC static analyzer] complains about missing calloc - NULL checks in p11_util.c
- JDK-8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c
- JDK-8362123: ClassLoader Leak via Executors.newSingleThreadExecutor(...)
- JDK-8362204: test/jdk/sun/awt/font/TestDevTransform.java fails on Ubuntu 24.04
- JDK-8362207: Add more test cases for possible double-rounding in fma
- JDK-8362308: Enhance Bitmap operations
- JDK-8362516: Support of GCC static analyzer (-fanalyzer)
- JDK-8362532: Test gc/g1/plab/* duplicate command-line options
- JDK-8362533: Tests sun/management/jmxremote/bootstrap/* duplicate VM flags
- JDK-8362602: Add test.timeout.factor to CompileFactory to avoid test timeouts
- JDK-8362632: Improve HttpServer Request handling
- JDK-8363676: [GCC static analyzer] missing return value check of malloc in OGLContext_SetTransform
- JDK-8363720: Follow up to JDK-8360411 with post review comments
- JDK-8363966: GHA: Switch cross-compiling sysroots to Debian trixie
- JDK-8364198: NMT should have a better corruption message
- JDK-8364199: Enhance list of environment variables printed in hserr/hsinfo file
- JDK-8364214: Enhance polygon data support
- JDK-8364235: Fix for JDK-8361447 breaks the alignment requirements for GuardedMemory
- JDK-8364257: JFR: User-defined events and settings with a one-letter name cannot be configured
- JDK-8364258: ThreadGroup constant pool serialization is not normalized
- JDK-8364263: HttpClient: Improve encapsulation of ProxyServer
- JDK-8364484: misc tests fail with Received fatal alert: handshake_failure
- JDK-8364514: [asan] runtime/jni/checked/TestCharArrayReleasing.java heap-buffer-overflow
- JDK-8364556: JFR: Disable SymbolTableStatistics and StringTableStatistics in default.jfc
- JDK-8364597: Replace THL A29 Limited with Tencent
- JDK-8364660: ClassVerifier::ends_in_athrow() should be removed
- JDK-8364786: Test java/net/vthread/HttpALot.java intermittently fails - 24999 handled, expected 25000
- JDK-8364993: JFR: Disable jdk.ModuleExport in default.jfc
- JDK-8364996: java/awt/font/FontNames/LocaleFamilyNames.java times out on Windows
- JDK-8365058: Enhance CopyOnWriteArraySet
- JDK-8365086: CookieStore.getURIs() and get(URI) should return an immutable List
- JDK-8365098: make/RunTests.gmk generates a wrong path to test artifacts on Alpine
- JDK-8365168: Use 64-bit aligned addresses for CK_ULONG access in PKCS11 native key code
- JDK-8365240: [asan] exclude some tests when using asan enabled binaries
- JDK-8365271: Improve Swing supports
- JDK-8365280: Enhance JOptionPane
- JDK-8365425: [macos26] javax/swing/JInternalFrame/8160248/JInternalFrameDraggingTest.java fails on macOS 26
- JDK-8365442: [asan] runtime/ErrorHandling/CreateCoredumpOnCrash.java fails
- JDK-8365487: [asan] some oops (mode) related tests fail
- JDK-8365615: Improve JMenuBar/RightLeftOrientation.java
- JDK-8365660: test/jdk/sun/security/pkcs11/KeyAgreement/ tests skipped without SkipExceprion
- JDK-8365790: Shutdown hook for application image does not work on Windows
- JDK-8365834: Mark java/net/httpclient/ManyRequests.java as intermittent
- JDK-8365913: Support latest MSC_VER in abstract_vm_version.cpp
- JDK-8365919: Replace currentTimeMillis with nanoTime in Stresser.java
- JDK-8365983: Tests should throw SkippedException when SCTP not supported
- JDK-8366092: [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks'
- JDK-8366159: SkippedException is treated as a pass for pkcs11/KeyStore, pkcs11/SecretKeyFactory and pkcs11/SecureRandom
- JDK-8366208: Unexpected exception in sun.java2d.cmm.lcms.LCMSImageLayout
- JDK-8366229: runtime/Thread/TooSmallStackSize.java runs with all collectors
- JDK-8366231: Bump update version for OpenJDK: jdk-21.0.10
- JDK-8366342: Key generator and key pair generator tests skipping, but showing as passed
- JDK-8366359: Test should throw SkippedException when there is no lpstat
- JDK-8366558: Gtests leave /tmp/cgroups-test* files
- JDK-8366750: Remove test 'java/awt/Choice/ChoiceMouseWheelTest/ChoiceMouseWheelTest.java' from problemlist
- JDK-8366764: Deproblemlist java/awt/ScrollPane/ScrollPositionTest.java
- JDK-8366844: Update and automate MouseDraggedOriginatedByScrollBarTest.java
- JDK-8366893: java/lang/Thread/virtual/stress/GetStackTraceALotWhenPinned.java timed out on macos-aarch64
- JDK-8367017: Remove legacy checks from WrappedToolkitTest and convert from bash
- JDK-8367021: Regression in LocaleDataTest refactoring
- JDK-8367131: Test com/sun/jdi/ThreadMemoryLeakTest.java fails on 32 bits
- JDK-8367133: DTLS: fragmentation of Finished message results in handshake failure
- JDK-8367237: Thread-Safety Usage Warning for java.text.Collator Classes
- JDK-8367348: Enhance PassFailJFrame to support links in HTML
- JDK-8367372: Test `test/hotspot/jtreg/gc/TestObjectAlignmentCardSize.java` fails on 32 bit systems
- JDK-8367384: The ICC_Profile class may throw exceptions during serialization
- JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName
- JDK-8367869: Test java/io/FileDescriptor/Sync.java timed out
- JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException
- JDK-8368032: Enhance Certificate Checking
- JDK-8368192: Test java/lang/ProcessBuilder/Basic.java#id0 fails with Exception: Stack trace
- JDK-8368668: Several vmTestbase/vm/gc/compact tests timed out on large memory machine
- JDK-8368960: Adjust java UL logging in the build
- JDK-8368982: Test sun/security/tools/jarsigner/EC.java completed and timed out
- JDK-8369032: Add test to ensure serialized ICC_Profile stores only necessary optional data
- JDK-8369078: Fix faulty test conversion in IllegalCharsetName.java
- JDK-8369184: SimpleTimeZone equals() Returns True for Unequal Instances with Different hashCode Values
- JDK-8369226: GHA: Switch to MacOS 15
- JDK-8369319: java/net/httpclient/CancelRequestTest.java fails intermittently
- JDK-8369450: [Ubuntu 25.10] openjdk fails to build due to rust-coreutils date
- JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64
- JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files
- JDK-8369616: JavaFrameAnchor on RISC-V has unnecessary barriers and wrong store order in MacroAssembler
- JDK-8369946: Bytecode rewriting causes Java heap corruption on PPC
- JDK-8369947: Bytecode rewriting causes Java heap corruption on RISC-V
- JDK-8370214: [21u] Remove -Xdebug and -Xnoagent from tests: backport parts of 8227229 and 8312072
- JDK-8370465: Right to Left Orientation Issues with MenuItem Component
- JDK-8372534: Update Libpng to 1.6.51
- JDK-8375447: Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.10
Notes on individual issues:
===========================
core-libs/java.util:i18n:
JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on Debian 12
=======================================================================
On older Debian-based GNU/Linux systems, the /etc/timezone file
contained the name of the timezone in use on the system and so was
preferred by OpenJDK for determining the default timezone returned by
`TimeZone.getDefault()`. Since Debian 3.1 in 2005, the /etc/localtime
file has also been provided as either a link to or a copy of the zone
data file provided by the tzdata database and this is now the
preferred source of the system timezone following Debian's adoption of
systemd. OpenJDK's continued preference for /etc/timezone meant that
it may be reading a timezone setting which was no longer updated on
modern Debian systems. With this OpenJDK update, OpenJDK only reads
/etc/localtime as on other GNU/Linux systems.
See https://wiki.debian.org/TimeZoneChanges#Check_Configured_Timezone
for more details.
core-libs/java.lang:
JDK-8311906: Improve robustness of String constructors with mutable array inputs
================================================================================
The introduction of Compact Strings (JEP 254, OpenJDK 9) changed the
implementation of the String class to use a byte array to store
character data in either ISO-8859-1/Latin-1 (one byte per character)
or UTF-16 (two bytes per character). This optimisation reduced the
memory usage over a character array when String objects with only
Latin-1 characters were used. However, this also introduced a
potential race condition if the input character array was modified
externally while being converted to bytes. With this release of
OpenJDK, the conversion now includes an additional verification step
which checks that the first character that is not Latin-1 is still not
Latin-1 in the original array after all characters have been copied.
If it has changed to Latin-1, a second attempt is made to compress the
character data to Latin-1. A note is also added to the documentation
of the relevant methods in AbstractStringBuilder, Appendable and
String to indicate that the contents of the final String are
unspecified if the character array is modified during construction.
See https://openjdk.org/jeps/254 for more details on Compact Strings.
core-svc/javax.management:
JDK-8341496: Improve JMX connections
====================================
With this release of OpenJDK, SSL connections created by
javax.rmi.ssl.SslRMIClientSocketFactory now enable HTTPS-based
endpoint identification by default. This can be disabled by setting
the new system property
jdk.rmi.ssl.client.enableEndpointIdentification to false.
security-libs/java.security:
JDK-8368032: Enhance Certificate Checking
=========================================
OpenJDK supports the authorityInfoAccess extension in X.509
certificates when the `com.sun.security.enableAIAcaIssuers` system
property is set to `true`. With this release of OpenJDK, a security
and system property `com.sun.security.allowedAIALocations` is
introduced which acts as a filter on the URIs specified in the
extension. By default, the property is empty, which will cause all
URIs to be denied when the extension is enabled. A value of `any` may
be used to allow all URIs or a whitespace-separated list of filters
may be used for more fine-grained control. The syntax of the filters
is specified in the `java.security` file. A non-empty value for the
system property takes precedence over the security property.
security-libs/javax.net.ssl:
JDK-8245545: Disable TLS_RSA cipher suites
==========================================
The TLS_RSA cipher suites do not preserve forward secrecy and are
rarely used in practice. With this release, they are disabled by
adding "TLS_RSA_*" to the `jdk.tls.disabledAlgorithms` security
property in the `java.security` configuration file. Attempts to use
these suites with this release will result in a
`SSLHandshakeException` being thrown. Note that RSA cipher suites
which use DES, 3DES, RC4 or NULL were already disabled prior to this
change.
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "TLS_RSA_*" is no
longer listed in the `jdk.tls.disabledAlgorithms` security property.
This change results in the following cipher suites being disabled:
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
===============================================================
RFC 9155 deprecates the use of SHA-1 in TLS 1.2 and DTLS 1.2. The
algorithm has been regarded as insecure since 2005 and the first
public attack was published on the 23rd of February, 2017. With this
release of OpenJDK, SHA-1 is disabled in TLS 1.2 and DTLS 1.2
handshake signature by adding "rsa_pkcs1_sha1 usage
HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1
usage HandshakeSignature" to the `jdk.tls.disabledAlgorithms` security
property in the `java.security` configuration file. Attempts to use
these suites with this release will result in a
`SSLHandshakeException` being thrown.
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so the handshake
signatures are no longer listed in the `jdk.tls.disabledAlgorithms`
security property.
This change results in the following signature schemes being disabled
for handshaking:
* dsa_sha1
* ecdsa_sha1
* rsa_pkcs1_sha1
Happy hacking,
--
Andrew :)
Pronouns: he / him or they / them
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
Please contact via e-mail, not proprietary chat networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-updates-dev/attachments/20260122/e8f77954/signature-0001.asc>
More information about the jdk-updates-dev
mailing list