OpenJDK 8u472 Released

Andrew Hughes gnu.andrew at redhat.com
Wed Oct 22 23:38:33 UTC 2025 

We are pleased to announce the release of OpenJDK 8u472.

The source tarball is available from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u472-b08.tar.xz

The tarball is accompanied by a digital signature available at:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u472-b08.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

29b83d7c77218dfb1d4d54f16b3e8e05bb91fa31937840363e4214336dea6dad  openjdk8u472-b08.tar.xz
b22c44d7aa91b6bef7f2fb6438259de2085c3b4456bbd703dbd1b391cba533d9  openjdk8u472-b08.tar.xz.sig

SHA512 checksums:

225fe479e5294e38d83b3566c1eb6082bb2568700d86385b5a849e9b7abf0002ec16d74d9c76b1306a3ad94bec38988d67dd29d84042443ca85ac77e5380352d  openjdk8u472-b08.tar.xz
79a6ec99957b56fac05425622b75acb7fb92fdb81f7d4c2b3f7e48a15fd482c489c674cba43462491f739215c6243ea679144eb6e302bf1d7dd6fbb735842330  openjdk8u472-b08.tar.xz.sig

The checksums can be downloaded from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u472-b08.sha256
* https://openjdk-sources.osci.io/openjdk8/openjdk8u472-b08.sha512

New in release OpenJDK 8u472 (2025-10-21):
===========================================
Live versions of these release notes can be found at:
  * https://bit.ly/openjdk8u472

* CVEs
  - CVE-2025-53057
  - CVE-2025-53066
* Changes
  - JDK-7102969: currency.properties supercede not working correctly
  - JDK-8041924: [TESTBUG] sun/net/www/http/ChunkedOutputStream/checkError.java fails on some systems
  - JDK-8044051: Test jdk/lambda/vm/InterfaceAccessFlagsTest.java gets IOException during compilation
  - JDK-8056283: @ignore tools/javac/defaultMethods/Assertions.java until JDK-8047675 is fixed
  - JDK-8081734: ConcurrentHashMap/ConcurrentAssociateTest.java, times out 90% of time on sparc with 256 cpu.
  - JDK-8157138: Error while fetching currency instance by Currency.getInstance(currencycode)
  - JDK-8160767: [TEST_BUG] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java
  - JDK-8185348: Major performance regression in GetMethodDeclaringClass and other JVMTI Method functions
  - JDK-8185500: [TESTBUG] Add keywords headful/printer in java/awt and javax tests.
  - JDK-8186259: IOExceptionIfEncodedURLTest.sh versus IOExceptionIfEncodedURLTest.java
  - JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure
  - JDK-8228658: test GetTotalSafepointTime.java fails on fast Linux machines with Total safepoint time 0 ms
  - JDK-8275303: sun/java2d/pipe/InterpolationQualityTest.java fails with D3D basic render driver
  - JDK-8312065: Socket.connect does not timeout when profiling
  - JDK-8335978: [8u] incorrect include file name in semaphore.inline.hpp
  - JDK-8339414: Fix JDK-8202369 incorrect backport for 8u
  - JDK-8340387: Update OS detection code to recognize Windows Server 2025
  - JDK-8345414: Google CAInterop test failures
  - JDK-8348760: RadioButton is not shown if JRadioButtonMenuItem is rendered with ImageIcon in WindowsLookAndFeel
  - JDK-8351624: [8u] Xerces-J version wrong in THIRD_PARTY_README after JDK-7150324
  - JDK-8352302: Test sun/security/tools/jarsigner/TimestampCheck.java is failing
  - JDK-8352637: Enhance bytecode verification
  - JDK-8356294: Enhance Path Factories
  - JDK-8358328: Bump update version of OpenJDK: 8u472
  - JDK-8358538: Update GHA Windows runner to 2025
  - JDK-8360937: Enhance certificate handling
  - JDK-8361212: Remove AffirmTrust root CAs
  - JDK-8363965: GHA: Switch cross-compiling sysroots to Debian bookworm
  - JDK-8365375: Method SU3.setAcceleratorSelectionForeground assigns to acceleratorForeground
  - JDK-8365389: Remove static color fields from SwingUtilities3 and WindowsMenuItemUI
  - JDK-8365560: [8u] ppc64le MaxRAM default is too low at 4GiB
  - JDK-8365811: test/jdk/java/net/CookieHandler/B6644726.java failure - "Should have 5 cookies. Got only 4, expires probably didn't parse correctly"
  - JDK-8366112: [8u] GHA: Fix broken installation of Windows SDK
  - JDK-8368308: ISO 4217 Amendment 180 Update

Notes on individual issues:
===========================

security-libs/java.security:

JDK-8361212: Remove AffirmTrust root CAs
========================================
The following root certificates from AffirmTrust, which were
deactivated in the 8u432 release of October 2024, have been removed
from the `cacerts` keystore:

Alias name: affirmtrustcommercialca [jdk]
CN=AffirmTrust Commercial
O=AffirmTrust
C=US
SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7

Alias name: affirmtrustnetworkingca [jdk]
CN=AffirmTrust Networking
O=AffirmTrust
C=US
SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B

Alias name: affirmtrustpremiumca [jdk]
CN=AffirmTrust Premium
O=AffirmTrust
C=US
SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A

Alias name: affirmtrustpremiumeccca [jdk]
CN=AffirmTrust Premium ECC
O=AffirmTrust
C=US
SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23

Happy hacking,
-- 
Andrew :)
Pronouns: he / him or they / them
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk8u-dev/attachments/20251023/c7dfa91d/signature-0001.asc>

More information about the jdk8u-dev mailing list