OpenJDK 8u292 Released

Andrew Hughes gnu.andrew at redhat.com
Wed Apr 21 05:14:22 UTC 2021


We are pleased to announce the release of OpenJDK 8u292.

The source tarball is available from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u292-ga.tar.xz

The tarball is accompanied by a digital signature available at:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u292-ga.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

9008c700c699739e185ee5b1b4554b769a81492f9b3358634cd693ce75668b3f  openjdk8u292-ga.tar.xz
3d9f770da61ea72ba43a3ccde1a72d14e40bf6bc3ea7cba947617a9434d2c988  openjdk8u292-ga.tar.xz.sig

The checksums can be downloaded from:

* https://openjdk-sources.osci.io/openjdk8/openjdk8u292-ga.sha256

New in release OpenJDK 8u292 (2021-04-20):
===========================================
Live versions of these release notes can be found at:
  * https://bitly.com/openjdk8u292
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt

* Security fixes
  - JDK-8227467: Better class method invocations
  - JDK-8244473: Contextualize registration for JNDI
  - JDK-8244543: Enhanced handling of abstract classes
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
  - JDK-8253799: Make lists of normal filenames
* Other changes
  - JDK-6345095: regression test EmptyClipRenderingTest fails
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
  - JDK-7009641: Don't fail VM when CodeCache is full
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
  - JDK-8038723: Openup some PrinterJob tests
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
  - JDK-8073108: [AArch64] Use x86 and SPARC CPU instructions for GHASH acceleration
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
  - JDK-8078450: Implement consistent process for quarantine of tests
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
  - JDK-8130309: Need to bailout cleanly if creation of stubs fails when codecache is out of space (AArch64 changes)
  - JDK-8131779: AARCH64: add Montgomery multiply intrinsic
  - JDK-8132875: AArch64: Fix error introduced into AArch64 CodeCache by commit for 8130309
  - JDK-8135018: AARCH64: Missing memory barriers for CMS collector
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
  - JDK-8145320: Create unsafe_arraycopy and generic_arraycopy for AArch64
  - JDK-8148328: aarch64: redundant lsr instructions in stub code.
  - JDK-8148783: aarch64: SEGV running SpecJBB2013
  - JDK-8148948: aarch64: generate_copy_longs calls align() incorrectly
  - JDK-8149080: AArch64: Recognise disjoint array copy in stub code
  - JDK-8149365: aarch64: memory copy does not prefetch on backwards copy
  - JDK-8149907: aarch64: use load/store pair instructions in call_stub
  - JDK-8150038: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero
  - JDK-8150045: arraycopy causes segfaults in SATB during garbage collection
  - JDK-8150082: aarch64: optimise small array copy
  - JDK-8150229: aarch64: pipeline class for several instructions is not set correctly
  - JDK-8150313: aarch64: optimise array copy using SIMD instructions
  - JDK-8150394: aarch64: add support for 8.1 LSE CAS instructions
  - JDK-8150652: Remove unused code in AArch64 back end
  - JDK-8151340: aarch64: prefetch the destination word for write prior to ldxr/stxr loops.
  - JDK-8151502: optimize pd_disjoint_words and pd_conjoint_words
  - JDK-8151775: aarch64: add support for 8.1 LSE atomic operations
  - JDK-8152537: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero.
  - JDK-8152840: aarch64: improve _unsafe_arraycopy stub routine
  - JDK-8153172: aarch64: hotspot crashes after the 8.1 LSE patch is merged
  - JDK-8153713: aarch64: improve short array clearing using store pair
  - JDK-8153797: aarch64: Add Arrays.fill stub code
  - JDK-8154413: AArch64: Better byte behaviour
  - JDK-8154537: AArch64: some integer rotate instructions are never emitted
  - JDK-8154739: AArch64: TemplateTable::fast_xaccess loads in wrong mode
  - JDK-8155015: Aarch64: bad assert in spill generation code
  - JDK-8155100: AArch64: Relax alignment requirement for byte_map_base
  - JDK-8155612: Aarch64: vector nodes need to support misaligned offset
  - JDK-8155617: aarch64: ClearArray does not use DC ZVA
  - JDK-8155627: Enable SA on AArch64
  - JDK-8155653: TestVectorUnalignedOffset.java not pushed with 8155612
  - JDK-8156731: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine
  - JDK-8157841: aarch64: prefetch ignores cache line size
  - JDK-8157906: aarch64: some more integer rotate instructions are never emitted
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
  - JDK-8160217: JavaSound should clean up resources better
  - JDK-8158913: aarch64: SEGV running Spark terasort
  - JDK-8159052: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words
  - JDK-8159063: aarch64: optimise unaligned array copy long
  - JDK-8160748: [AArch64] Inconsistent types for ideal_reg
  - JDK-8161072: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure
  - JDK-8161190: AArch64: Fix overflow in immediate cmp instruction
  - JDK-8163363: AArch64: Stack size in tools/launcher/Settings.java needs to be adjusted
  - JDK-8164113: AArch64: follow-up the fix for 8161598
  - JDK-8165673: AArch64: Fix JNI floating point argument handling
  - JDK-8167200: AArch64: Broken stack pointer adjustment in interpreter
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
  - JDK-8167421: AArch64: in one core system, fatal error: Illegal threadstate encountered
  - JDK-8167595: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt
  - JDK-8168699: Validate special case invocations [AArch64 support]
  - JDK-8168888: Port 8160591: Improve internal array handling to AArch64.
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
  - JDK-8170100: AArch64: Crash in C1-compiled code accessing References
  - JDK-8170188: jtreg test compiler/types/TestMeetIncompatibleInterfaceArrays.java causes JVM crash
  - JDK-8170873: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
  - JDK-8171537: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
  - JDK-8172881: AArch64: assertion failure: the int pressure is incorrect
  - JDK-8173472: AArch64: C1 comparisons with null only use 32-bit instructions
  - JDK-8176100: [AArch64] [REDO][REDO] G1 Needs pre barrier on dereference of weak JNI handles
  - JDK-8177661: Correct ad rule output register types from iRegX to iRegXNoSp
  - JDK-8179954: AArch64: C1 and C2 volatile accesses are not sequentially consistent
  - JDK-8182581: aarch64: fix for crash caused by earlyret of compiled method
  - JDK-8183925: [AArch64] Decouple crash protection from watcher thread
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
  - JDK-8186090: java.nio.Bits.unaligned() doesn't handle aarch64
  - JDK-8186325: AArch64: jtreg test hotspot/test/gc/g1/TestJNIWeakG1/TestJNIWeakG1.java SEGV
  - JDK-8187224: aarch64: some inconsistency between aarch64_ad.m4 and aarch64.ad
  - JDK-8189170: [AArch64] Add option to disable stack overflow checking in primordial thread for use with JNI_CreateJavaJVM
  - JDK-8191915: JCK tests produce incorrect results with C2
  - JDK-8193133: Assertion failure because 0xDEADDEAD can be in-heap
  - JDK-8195685: AArch64 port of 8174962: Better interface invocations
  - JDK-8195859: AArch64: vtableStubs gtest fails after 8174962
  - JDK-8196136: AArch64: Correct register use in patch for JDK-8194686
  - JDK-8196221: AArch64: Mistake in committed patch for JDK-8195859
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
  - JDK-8199712: [AArch64] Flight Recorder
  - JDK-8202343: Disable TLS 1.0 and 1.1
  - JDK-8203481: Incorrect constraint for unextended_sp in frame:safe_for_sender
  - JDK-8203699: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64
  - JDK-8205421: AARCH64: StubCodeMark should be placed after alignment
  - JDK-8206163: AArch64: incorrect code generation for StoreCM
  - JDK-8207345: Trampoline generation code reads from uninitialized memory
  - JDK-8207838: AArch64: Float registers incorrectly restored in JNI call
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
  - JDK-8209413: AArch64: NPE in clhsdb jstack command
  - JDK-8209414: [AArch64] method handle invocation does not respect JVMTI interp_only mode
  - JDK-8209415: Fix JVMTI test failure HS202
  - JDK-8209420: Track membars for volatile accesses so they can be properly optimized
  - JDK-8209835: Aarch64: elide barriers on all volatile operations
  - JDK-8210425: [AArch64] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
  - JDK-8211064: [AArch64] Interpreter and c1 don't correctly handle jboolean results in native calls
  - JDK-8211233: MemBarNode::trailing_membar() and MemBarNode::leading_membar() need to handle dying subgraphs better
  - JDK-8211301: [macos] support full window content options
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
  - JDK-8213134: AArch64: vector shift failed with MaxVectorSize=8
  - JDK-8213419: [AArch64] C2 may hang in MulLNode::Ideal()/MulINode::Ideal() with gcc 8.2.1
  - JDK-8214857: "bad trailing membar" assert failure at memnode.cpp:3220
  - JDK-8215951: AArch64: jtreg test vmTestbase/nsk/jvmti/PopFrame/popframe005 segfaults
  - JDK-8215961: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64
  - JDK-8216350: AArch64: monitor unlock fast path not called
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
  - JDK-8216989: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64
  - JDK-8217368: AArch64: C2 recursive stack locking optimisation not triggered
  - JDK-8218185: aarch64: missing LoadStore barrier in TemplateTable::putfield_or_static
  - JDK-8219011: Implement MacroAssembler::warn method on AArch64
  - JDK-8219635: aarch64: missing LoadStore barrier in TemplateTable::fast_storefield
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
  - JDK-8221220: AArch64: Add StoreStore membar explicitly for Volatile Writes in TemplateTable
  - JDK-8221658: aarch64: add necessary predicate for ubfx patterns
  - JDK-8223186: HotSpot compile warnings from GCC 9
  - JDK-8224671: AArch64: mauve System.arraycopy test failure
  - JDK-8224828: aarch64: rflags is not correct after safepoint poll
  - JDK-8224851: AArch64: fix warnings and errors with Clang and GCC 8.3
  - JDK-8224880: AArch64: java/javac error with AllocatePrefetchDistance
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
  - JDK-8225805: Java Access Bridge does not close the logger
  - JDK-8226899: Problemlist compiler/rtm tests
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
  - JDK-8228400: Remove built-in AArch64 simulator
  - JDK-8228406: Superfluous change in chaitin.hpp
  - JDK-8228593: Revert explicit JDK 7 support additions
  - JDK-8228716: Revert InstanceKlass::print_on debug additions
  - JDK-8228718: Revert incorrect backport of JDK-8129757 to 8-aarch64
  - JDK-8228725: AArch64: Purge method call format support
  - JDK-8228747: Revert "unused" attribute from test_arraycopy_func
  - JDK-8228767: Revert ResourceMark additions
  - JDK-8228770: Revert development hsdis changes
  - JDK-8229123: Revert build fixes for aarch64/zero
  - JDK-8229124: Revert disassembler.cpp changes
  - JDK-8229145: Revert TemplateTable::bytecode() visibility change
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
  - JDK-8230388: Problemlist additional compiler/rtm tests
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
  - JDK-8233839: aarch64: missing memory barrier in NewObjectArrayStub and NewTypeArrayStub
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
  - JDK-8234728: Some security tests should support TLSv1.3
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
  - JDK-8235311: Tag mismatch may alert bad_record_mac
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
  - JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
  - JDK-8242141: New System Properties to configure the TLS signature schemes
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
  - JDK-8246482: Build failures with +JFR -PCH
  - JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg
  - JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
  - JDK-8253368: TLS connection always receives close_notify exception
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
  - JDK-8253932: SSL debug log prints incorrect caller info
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
  - JDK-8256682: JDK-8202343 is incomplete
  - JDK-8257192: Integrate AArch64 JIT port into 8u
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
  - JDK-8258247: Couple of issues in fix for JDK-8249906
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
  - JDK-8258933: G1 needs klass_or_null_acquire
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
  - JDK-8261183: Follow on to Make lists of normal filenames
  - JDK-8261231: Windows IME was disabled after DnD operation
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)

Notes on individual issues:
===========================

security-libs/java.security:

JDK-8260597: Added 2 HARICA Root CA Certificates
================================================

The following root certificates have been added to the cacerts truststore:

Alias Name: haricarootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

Alias Name: haricaeccrootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
===================================================================================
Weak named curves are disabled by default by adding them to the
following `disabledAlgorithms` security properties:

* jdk.tls.disabledAlgorithms
* jdk.certpath.disabledAlgorithms
* jdk.jar.disabledAlgorithms

The disabled curves are as follows:

* secp112r1
* secp112r2
* secp128r1
* secp128r2
* secp160k1
* secp160r1
* secp160r2
* secp192k1
* secp192r1
* secp224k1
* secp224r1
* secp256k1
* sect113r1
* sect113r2
* sect131r1
* sect131r2
* sect163k1
* sect163r1
* sect163r2
* sect193r1
* sect193r2
* sect233k1
* sect233r1
* sect239k1
* sect283k1
* sect283r1
* sect409k1
* sect409r1
* sect571k1
* sect571r1
* X9.62 c2tnb191v1
* X9.62 c2tnb191v2
* X9.62 c2tnb191v3
* X9.62 c2tnb239v1
* X9.62 c2tnb239v2
* X9.62 c2tnb239v3
* X9.62 c2tnb359v1
* X9.62 c2tnb431r1
* X9.62 prime192v2
* X9.62 prime192v3
* X9.62 prime239v1
* X9.62 prime239v2
* X9.62 prime239v3
* brainpoolP256r1
* brainpoolP320r1
* brainpoolP384r1
* brainpoolP512r1

The curves that remain enabled are:

* secp256r1
* secp384r1
* secp521r1
* X25519
* X448

When large numbers of weak named curves need to be disabled, adding
individual named curves to each `disabledAlgorithms` property would be
overwhelming. To relieve this, a new security property,
`jdk.disabled.namedCurves`, is implemented that can list the named
curves common to all of the `disabledAlgorithms` properties. To use
the new property in the `disabledAlgorithms` properties, precede the
full property name with the keyword `include`.  Users can still add
individual named curves to `disabledAlgorithms` properties separate
from this new property.  No other properties can be included in the
`disabledAlgorithms` properties.

To restore the named curves, remove the `include
jdk.disabled.namedCurves` either from specific or from all
`disabledAlgorithms` security properties. To restore one or more
curves, remove the specific named curve(s) from the
`jdk.disabled.namedCurves` property.

JDK-8244286: Tools Warn If Weak Algorithms Are Used
===================================================
The `keytool` and `jarsigner` tools have been updated to warn users
when weak cryptographic algorithms are used in keys, certificates, and
signed JARs before they are disabled. The weak algorithms are set in
the `jdk.security.legacyAlgorithms` security property in the
`java.security` configuration file. In this release, the tools issue
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.

security-libs/javax.net.ssl:

JDK-8256490: Disable TLS 1.0 and 1.1
====================================
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
considered secure and have been superseded by more secure and modern
versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter
issues, you can, at your own risk, re-enable the versions by removing
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
security property in the `java.security` configuration file.

JDK-8242147: New System Properties to Configure the TLS Signature Schemes
=========================================================================
Two new system properties have been added to customize the TLS
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
has been added for the server side.

Each system property contains a comma-separated list of supported
signature scheme names specifying the signature schemes that could be
used for the TLS connections.

The names are described in the "Signature Schemes" section of the
*Java Security Standard Algorithm Names Specification*.

tools/javac:

JDK-8177368: Several incorporation steps are silently failing when an error should be reported
==============================================================================================
Reporting previously silent errors found during incorporation, JLS
8§18.3, was supposed to be a clean-up with performance only
implications. But consider the test case:

import java.util.Arrays;
import java.util.List;

class Klass {
  public static <A> List<List<A>> foo(List<? extends A>... lists) {
    return foo(Arrays.asList(lists));
    }

  public static <B> List<List<B>> foo(List<? extends List<? extends B>> lists) {
    return null;
  }
}

This code was not accepted before the patch for [1], but after this
patch the compiler is accepting it. Accepting this code is the right
behavior as not reporting incorporation errors was a bug in the
compiler.  While determining the applicability of method: <B>
List<List<B>> foo(List<? extends List<? extends B>> lists) for which
we have the constraints: b <: Object t <: List<? extends B> t<:Object
List<? extends A> <: t first, inference variable b is selected for
instantiation: b = CAP1 of ? extends A so this implies that: t <:
List<? extends CAP1 of ? extends A> t<: Object List<? extends A> <: t

Now all the bounds are checked for consistency. While checking if
List<? extends A> is a subtype of List<? extends CAP1 of ? extends A>
a bound error is reported. Before the compiler was just swallowing
it. As now the error is reported while inference variable b is being
instantiated, the bound set is rolled back to it's initial state, 'b'
is instantiated to Object, and with this instantiation the constraint
set is solvable, the method is applicable, it's the only applicable
one and the code is accepted as correct. The compiler behavior in this
case is defined at JLS 8 §18.4

This fix has source compatibility impact, right now code that wasn't
being accepted is now being accepted by the javac compiler. Currently
there are no reports of any other kind of incompatibility.

[1] https://bugs.openjdk.java.net/browse/JDK-8078024

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222


More information about the jdk8u-dev mailing list