OpenJDK 8u382 Released

Andrew Hughes gnu.andrew at redhat.com
Mon Jul 24 17:31:12 UTC 2023 

We are pleased to announce the release of OpenJDK 8u382.

The source tarball is available from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u382-b05.tar.xz

The tarball is accompanied by a digital signature available at:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u382-b05.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

c29d3443dadd3da1a56e50ff49313944788817bb3d5916dde775720b58968a73  openjdk8u382-b05.tar.xz
a7e6b4a0de2b95421308419119099bd543ae4ce6f72cebd598535684805d8d53  openjdk8u382-b05.tar.xz.sig

The checksums can be downloaded from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u382-b05.sha256

New in release OpenJDK 8u382 (2023-07-18):
===========================================
Live versions of these release notes can be found at:
  * https://bit.ly/openjdk8u382

* CVEs
  - CVE-2023-22045
  - CVE-2023-22049
* Security fixes
  - JDK-8298676: Enhanced Look and Feel
  - JDK-8300596: Enhance Jar Signature validation
  - JDK-8304468: Better array usages
  - JDK-8305312: Enhanced path handling
* Other changes
  - JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
  - JDK-8151460: Metaspace counters can have inconsistent values
  - JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
  - JDK-8185736: missing default exception handler in calls to rethrow_Stub
  - JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
  - JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
  - JDK-8241311: Move some charset mapping tests from closed to open
  - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
  - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
  - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
  - JDK-8276841: Add support for Visual Studio 2022
  - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
  - JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
  - JDK-8282345: handle latest VS2022 in abstract_vm_version
  - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
  - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
  - JDK-8289301: P11Cipher should not throw out of bounds exception during padding
  - JDK-8293232: Fix race condition in pkcs11 SessionManager
  - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
  - JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
  - JDK-8298108: Add a regression test for JDK-8297684
  - JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
  - JDK-8301119: Support for GB18030-2022
  - JDK-8301400: Allow additional characters for GB18030-2022 support
  - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
  - JDK-8303028: Update system property for Java SE specification maintenance version
  - JDK-8303462: Bump update version of OpenJDK: 8u382
  - JDK-8304760: Add 2 Microsoft TLS roots
  - JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
  - JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
  - JDK-8305975: Add TWCA Global Root CA
  - JDK-8307134: Add GTS root CAs
  - JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
  - JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
  - JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119

Notes on individual issues:
===========================

core-libs/java.lang:

JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
===========================================================================
In order to support "Implementation Level 2" of the GB18030-2022
standard, the JDK must be able to use characters from the CJK Unified
Ideographs Extension E block of Unicode 8.0.  The addition of these
characters forms Maintenance Release 5 of the Java SE 8 specification,
which is implemented in this release of OpenJDK via the addition of a
new UnicodeBlock instance,
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.

core-libs/java.util.jar:

8300596: Enhance Jar Signature validation
=========================================
A System property "jdk.jar.maxSignatureFileSize" is introduced to
configure the maximum number of bytes allowed for the
signature-related files in a JAR file during verification. The default
value is 8000000 bytes (8 MB).

security-libs/java.security:

JDK-8307134: Added 4 GTS Root CA Certificates
=============================================
The following root certificates have been added to the cacerts
truststore:

Name: Google Trust Services LLC
Alias Name: gtsrootcar1
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US

Name: Google Trust Services LLC
Alias Name: gtsrootcar2
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US

Name: Google Trust Services LLC
Alias Name: gtsrootcar3
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US

Name: Google Trust Services LLC
Alias Name: gtsrootcar4
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US

JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
=====================================================================
The following root certificates has been added to the cacerts
truststore:

Name: Microsoft Corporation
Alias Name: microsoftecc2017
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US

Name: Microsoft Corporation
Alias Name: microsoftrsa2017
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US

JDK-8305975: Added TWCA Root CA Certificate
===========================================
The following root certificate has been added to the cacerts
truststore:

Name: TWCA
Alias Name: twcaglobalrootca
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW

Thanks,
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk8u-dev/attachments/20230724/07be8a42/signature-0001.asc>

More information about the jdk8u-dev mailing list