OpenJDK 8u482 Released

Andrew Hughes gnu.andrew at redhat.com
Thu Jan 22 16:58:28 UTC 2026 

On 21:31 Wed 21 Jan 2026, Andrew Hughes wrote:
> We are pleased to announce the release of OpenJDK 8u482.
> 
> The source tarball is available from:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u482-b08.tar.xz
> 
> The tarball is accompanied by a digital signature available at:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u482-b08.tar.xz.sig
> 
> This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):
> 
> PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
> Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F
> 
> SHA256 checksums:
> 
> e348730f8acd36612be8de533d51108038085e45484ceae5bedb7974efaa29e3  openjdk8u482-b08.tar.xz
> 1bf3b8c04fa31a242137788cb9d0b6998185469f289c5c9b95c55cde52e6c57b  openjdk8u482-b08.tar.xz.sig
> 
> SHA512 checksums:
> 
> fec878178bf8cfc2373ef91c7100186c63f4b744e93671b129aab7c24c69f536f175f0b0f1de4385c01941d4657c4ece8e639554611149a3a8c8f9dac1cbe136  openjdk8u482-b08.tar.xz
> 6874e4e468716fa7ab97ac4b10a23c80da45ea62f37d978d9c79040a2dafb542e1b58c160e3b0df85f09934de3686202efe2ac7c663fbb372a409e744edc1652  openjdk8u482-b08.tar.xz.sig
> 
> The checksums can be downloaded from:
> 
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u482-b08.sha256
> * https://openjdk-sources.osci.io/openjdk8/openjdk8u482-b08.sha512
> 
> New in release OpenJDK 8u482 (2026-01-20):
> ===========================================
> Live versions of these release notes can be found at:
>   * https://bit.ly/openjdk8u482
> 
> * Changes
>   - JDK-8154043: Fields not reachable anymore by tab-key, because of new tabbing behaviour of radio button groups.
>   - JDK-8182577: Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel
>   - JDK-8193017: Import freetype sources into OpenJDK source tree
>   - JDK-8211804: Constant AO_UNUSED_MBZ uses left shift of negative value
>   - JDK-8212155: Race condition when posting dynamic_code_generated event leads to JVM crash
>   - JDK-8212678: Windows IME related patch
>   - JDK-8219006: AArch64: Register corruption in slow subtype check
>   - JDK-8222362: Upgrade to Freetype 2.10.0
>   - JDK-8227324: Upgrade to freetype 2.10.1
>   - JDK-8247867: Upgrade to freetype 2.10.2
>   - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
>   - JDK-8261170: Upgrade to FreeType 2.10.4
>   - JDK-8265429: Improve GCM encryption
>   - JDK-8269668: [aarch64] java.library.path not including /usr/lib64
>   - JDK-8285686: Update FreeType to 2.12.0
>   - JDK-8290334: Update FreeType to 2.12.1
>   - JDK-8293672: Update freetype md file
>   - JDK-8297088: Update LCMS to 2.14
>   - JDK-8298974: Add ftcolor.c to imported freetype sources
>   - JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
>   - JDK-8306881: Update FreeType to 2.13.0
>   - JDK-8316028: Update FreeType to 2.13.2
>   - JDK-8316030: Update Libpng to 1.6.40
>   - JDK-8317970: Bump target macosx-x64 version to 11.00.00
>   - JDK-8329004: Update Libpng to 1.6.43
>   - JDK-8339280: jarsigner -verify performs cross-checking between CEN and LOC
>   - JDK-8341496: Improve JMX connections
>   - JDK-8345358: Some DLL Files are missing Windows Properties
>   - JDK-8348596: Update FreeType to 2.13.3
>   - JDK-8348598: Update Libpng to 1.6.47
>   - JDK-8353299: VerifyJarEntryName.java test fails
>   - JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision
>   - JDK-8359501: Enhance Handling of URIs
>   - JDK-8362208: [8u] Buffer overflow in g1GCPhaseTimes.cpp::LineBuffer::_buffer
>   - JDK-8362308: Enhance Bitmap operations
>   - JDK-8362632: Improve HttpServer Request handling
>   - JDK-8364214: Enhance polygon data support
>   - JDK-8364597: Replace THL A29 Limited with Tencent
>   - JDK-8364660: ClassVerifier::ends_in_athrow() should be removed
>   - JDK-8365058: Enhance CopyOnWriteArraySet
>   - JDK-8365271: Improve Swing supports
>   - JDK-8366574: Bump update version of OpenJDK: 8u482
>   - JDK-8367115: [8u] Problem list CAInterop.java#actalisauthenticationrootca test
>   - JDK-8367257: [8u] Problem list CAInterop.java#entrustrootcag4 test
>   - JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName
>   - JDK-8368032: Enhance Certificate Checking
>   - JDK-8371334: [8u] GHA: installation of VS2010 hangs
>   - JDK-8371352: [8u] Fix VS2010 build issue in check_code.c
>   - JDK-8371387: [8u] hotspot needs to recognise latest VS2022
>   - JDK-8372534: Update Libpng to 1.6.51
> 
> Notes on individual issues:
> ===========================
> 
> core-svc/javax.management:
> 
> JDK-8341496: Improve JMX connections
> ====================================
> With this release of OpenJDK, SSL connections created by
> `javax.rmi.ssl.SslRMIClientSocketFactory` now enable HTTPS-based
> endpoint identification by default.  This can be disabled by setting
> the new system property
> `jdk.rmi.ssl.client.enableEndpointIdentification` to false.
> 
> security-libs/java.security:
> 
> JDK-8368032: Enhance Certificate Checking
> =========================================
> OpenJDK supports the authorityInfoAccess extension in X.509
> certificates when the `com.sun.security.enableAIAcaIssuers` system
> property is set to `true`.  With this release of OpenJDK, a security
> and system property `com.sun.security.allowedAIALocations` is
> introduced which acts as a filter on the URIs specified in the
> extension.  By default, the property is empty, which will cause all
> URIs to be denied when the extension is enabled.  A value of `any` may
> be used to allow all URIs or a whitespace-separated list of filters
> may be used for more fine-grained control.  The syntax of the filters
> is specified in the `java.security` file.  A non-empty value for the
> system property takes precedence over the security property.
> 

I forgot to list the CVEs which are the same as for later JDK releases:

* CVEs
  - CVE-2026-21925
  - CVE-2026-21932
  - CVE-2026-21933
  - CVE-2026-21945

See also https://openjdk.org/groups/vulnerability/advisories/2026-01-20

Thanks,
-- 
Andrew :)
Pronouns: he / him or they / them
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk8u-dev/attachments/20260122/4710d3e9/signature.asc>

More information about the jdk8u-dev mailing list