RELEASE NOTES FOR: 11.0.21 ==================================================================================================== Notes generated: Fri Jan 03 10:41:58 CET 2025 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8301700: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default. As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk). This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits. JDK-8168261: Use Server Cipher Suites Preference by Default For TLS connections, the cipher suite selection, by default, is updated to use the server cipher suites preference. Applications can configure the behavior by using the `SSLParameters.setUseCipherSuitesOrder​()` method. security-libs/javax.crypto: JDK-8023980: JDK Now Accepts RSA Keys in PKCS#1 Format RSA private and public keys in PKCS#1 format can now be accepted by JDK providers, such as the RSA `KeyFactory.impl` from the SunRsaSign provider. The RSA private or public key object should have the PKCS#1 format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA private key and public key. tools/launcher: JDK-8305950: `-XshowSettings:locale` Output Now Includes Tzdata Version The `-XshowSettings` launcher option has been enhanced to print the tzdata version configured with the JDK. The tzdata version is displayed as part of the `locale` showSettings option. Example output using `-X:showSettings:locale`: ``` ..... Locale settings: default locale = English default display locale = English default format locale = English tzdata version = 2023c ..... ``` security-libs/java.security: JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate The following root certificate from SECOM Trust System has been removed from the `cacerts` keystore: ``` + alias name "secomscrootca1 [jdk]" Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP ``` JDK-8155246: Throw Error If Default java.security File Fails to Load A behavioral change has been made when the default `conf/security/java.security` security configuration file fails to load. In such a scenario, the JDK will now throw an `InternalError`. Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded. JDK-8314960: Added Certigna Root CA Certificate The following root certificate has been added to the cacerts truststore: ``` + Certigna (Dhimyotis) + certignarootca DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR ``` ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P4) JDK-8307569: Build with gcc8 is broken after JDK-8307301 client-libs/2d: (P3) JDK-8307603: [AIX] Broken build after JDK-8307301 (P3) JDK-8307604: gcc12 based Alpine build broken build after JDK-8307301 (P3) JDK-8312555: Ideographic characters aren't stretched by AffineTransform.scale(2, 1) (P3) JDK-8306881: Update FreeType to 2.13.0 (P3) JDK-8307301: Update HarfBuzz to 7.2.0 (P4) JDK-8311033: [macos] PrinterJob does not take into account Sides attribute (P4) JDK-8298974: Add ftcolor.c to imported freetype sources (P4) JDK-8295737: macOS: Print content cut off when width > height with portrait orientation (P4) JDK-8275303: sun/java2d/pipe/InterpolationQualityTest.java fails with D3D basic render driver (P4) JDK-8297681: Unnecessary color conversion during 4BYTE_ABGR_PRE to INT_ARGB_PRE blit client-libs/java.awt: (P2) JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause (P2) JDK-8311689: Wrong visible amount in Adjustable of ScrollPane (P3) JDK-6176679: Application freezes when copying an animated gif image to the system clipboard (P3) JDK-8286481: Exception printed to stdout on Windows when storing transparent image in clipboard (P3) JDK-8297923: java.awt.ScrollPane broken after multiple scroll up/down (P3) JDK-8310054: ScrollPane insets are incorrect (P3) JDK-8305815: Update Libpng to 1.6.39 (P4) JDK-8314086: [11u] A typo in the fix for JDK-8312462 is causing test failure in ChildAlwaysOnTopTest.java (P4) JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" (P4) JDK-8298921: Create a regression test for JDK-8139581 (P4) JDK-8307135: java/awt/dnd/NotReallySerializableTest/NotReallySerializableTest.java failed (P4) JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed (P4) JDK-8306682: Open source a few more AWT Choice tests (P4) JDK-8306133: Open source few AWT Drag & Drop related tests (P4) JDK-8306954: Open source five Focus related tests (P4) JDK-8306484: Open source several AWT Choice jtreg tests (P4) JDK-8306137: Open source several AWT ScrollPane related tests (P4) JDK-8306638: Open source some AWT tests related to datatransfer and Toolkit (P4) JDK-8307128: Open source some drag and drop tests 4 (P4) JDK-8307078: Opensource and clean up five more AWT Focus related tests (P4) JDK-8306718: Optimize and opensource some old AWT tests (P4) JDK-8297523: Various GetPrimitiveArrayCritical miss result - NULL check client-libs/javax.accessibility: (P4) JDK-8284524: Create an automated test for JDK-4422362 (P4) JDK-8284767: Create an automated test for JDK-4422535 client-libs/javax.sound: (P3) JDK-8269091: javax/sound/sampled/Clip/SetPositionHang.java failed with ArrayIndexOutOfBoundsException: Array index out of range: -4 client-libs/javax.swing: (P3) JDK-8263970: Manual test javax/swing/JTextField/JapaneseReadingAttributes/JapaneseReadingAttributes.java failed (P4) JDK-8286172: Create an automated test for JDK-4516019 (P4) JDK-8286620: Create regression test for verifying setMargin() of JRadioButton (P4) JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel (P4) JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM (P4) JDK-8306955: Open source several JComboBox jtreg tests (P4) JDK-8307133: Open source some JTable jtreg tests (P4) JDK-8307080: Open source some more JComboBox jtreg tests (P4) JDK-8225012: sanity/client/SwingSet/src/ToolTipDemoTest.java fails on Windows (P4) JDK-8299713: Test javax/swing/JTableHeader/6889007/bug6889007.java failed: Wrong type of cursor core-libs/java.io: (P3) JDK-8229333: java/io/File/SetLastModified.java timed out (P4) JDK-8249699: java/io/ByteArrayOutputStream/MaxCapacity.java should use @requires instead of @ignore core-libs/java.lang: (P3) JDK-8276651: java/lang/ProcessHandle tests fail with "RuntimeException: Input/output error" in java.lang.ProcessHandleImpl$Info.info0 (P4) JDK-8260934: java/lang/StringBuilder/HugeCapacity.java fails without Compact Strings core-libs/java.lang.invoke: (P4) JDK-8292443: Weak CAS VarHandle/Unsafe tests should test always-failing cases core-libs/java.math: (P4) JDK-8232195: Enable BigInteger tests: DivisionOverflow, SymmetricRangeTests and StringConstructorOverflow (P4) JDK-8239007: java/math/BigInteger/largeMemory/ tests should be disabled on 32-bit platforms (P4) JDK-8232840: java/math/BigInteger/largeMemory/SymmetricRangeTests.java fails due to "OutOfMemoryError: Requested array size exceeds VM limit" (P4) JDK-8241097: java/math/BigInteger/largeMemory/SymmetricRangeTests.java requires -XX:+CompactStrings core-libs/java.net: (P3) JDK-8217237: HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers (P3) JDK-8223573: Replace wildcard address with loopback or local host in tests - part 4 (P3) JDK-8223856: Replace wildcard address with loopback or local host in tests - part 8 (P4) JDK-8232101: (sctp) Add minimal sanity tests for SCTP (P4) JDK-8223714: HTTPSetAuthenticatorTest could be made more resilient (P4) JDK-8229348: java/net/DatagramSocket/UnreferencedDatagramSockets.java fails intermittently (P4) JDK-8231037: java/net/InetAddress/ptr/Lookup.java fails intermittently due to reverse lookup failed (P4) JDK-8230132: java/net/NetworkInterface/NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling Pseudo-Interface (P4) JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections (P4) JDK-8231516: network QuickAckTest.java failed due to "SocketException: maximum number of DatagramSockets reached" (P4) JDK-8305763: Parsing a URI with an underscore goes through a silent exception, negatively impacting performance (P4) JDK-8268464: Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests (P4) JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections (P4) JDK-8229481: sun/net/www/protocol/https/ChunkedOutputStream.java failed with a SSLException core-libs/java.nio: (P3) JDK-8237183: Bug ID missing for test in patch which fixed JDK-8230665 (P4) JDK-8224617: (fs) java/nio/file/FileStore/Basic.java found filesystem twice (P4) JDK-8283756: (zipfs) ZipFSOutputStreamTest.testOutputStream should only check inflated bytes (P4) JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out core-libs/java.time: (P4) JDK-8158880: test/java/time/tck/java/time/format/TCKDateTimeFormatterBuilder.java fail with zh_CN locale core-libs/java.util.concurrent: (P2) JDK-8259796: timed CompletableFuture.get may swallow InterruptedException (P3) JDK-8254350: CompletableFuture.get may swallow InterruptedException (P3) JDK-8300098: java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3 core-libs/java.util.jar: (P3) JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() core-libs/java.util:collections: (P5) JDK-8229338: clean up test/jdk/java/util/RandomAccess/Basic.java core-svc/debugger: (P3) JDK-8234808: jdb quoted option parsing broken (P4) JDK-8260878: com/sun/jdi/JdbOptions.java fails without jfr core-svc/java.lang.management: (P3) JDK-8300659: Refactor TestMemoryAwareness to use WhiteBox api for host values core-svc/javax.management: (P3) JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake" hotspot/compiler: (P2) JDK-8307572: AArch64: Vector registers are clobbered by some macroassemblers (P3) JDK-8299658: C1 compilation crashes in LinearScan::resolve_exception_edge (P3) JDK-8289748: C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM (P3) JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception (P3) JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling (P3) JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument (P3) JDK-8201516: DebugNonSafepoints generates incorrect information (P4) JDK-8306636: Disable compiler/c2/Test6905845.java with -XX:TieredStopAtLevel=3 (P4) JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le (P4) JDK-8218471: generate-unsafe-access-tests.sh does not correctly invoke build.tools.spp.Spp (P4) JDK-8273807: Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java (P5) JDK-8301959: Compile command in compiler.loopopts.TestRemoveEmptyCountedLoop does not work hotspot/gc: (P3) JDK-8310176: JDK 11 G1 crash during full GC with +UseStringDeduplication (P4) JDK-8315529: [11u] Exclude some failing Z-GC tests hotspot/jfr: (P4) JDK-8313803: [11u] Exclude jdk/jfr/event/sampling/TestStackFrameLineNumbers.java hotspot/jvmti: (P2) JDK-8291830: jvmti/RedefineClasses/StressRedefine failed: assert(!is_null(v)) failed: narrow klass value can never be zero (P3) JDK-8221372: Test vmTestbase/nsk/jvmti/GetThreadState/thrstat001/TestDescription.java times out (P3) JDK-8257993: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine/TestDescription.java crash intermittently (P4) JDK-8211343: nsk_jvmti_parseoptions should handle multiple suboptions (P4) JDK-8216059: nsk_jvmti_parseoptions still has dependency on tilde separator hotspot/runtime: (P4) JDK-8239537: cgroup MetricsTester testMemorySubsystem fails sometimes when testing memory.kmem.tcp.usage_in_bytes (P4) JDK-8314950: CMS may miss NMT tag after mark stack expansion (P4) JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit (P4) JDK-8309138: Fix container tests for jdks with symlinked conf dir (P4) JDK-8265980: Fix systemDictionary and loaderConstraints printing (P4) JDK-8312138: jcmd VM.metaspace vslist has no newline character before the Class: label. (P4) JDK-8229147: Linux os::create_thread() overcounts guardpage size with newer glibc (>=2.27) (P4) JDK-8297887: Update Siphash (P4) JDK-8305421: Work around JDK-8305420 in CDSJDITest.java hotspot/svc: (P4) JDK-8313796: AsyncGetCallTrace crash on unreadable interpreter method pointer (P4) JDK-8181383: com/sun/jdi/OptionTest.java fails intermittently with bind failed: Address already in use hotspot/svc-agent: (P4) JDK-8217612: (CL)HSDB cannot show some JVM flags (P4) JDK-8243210: ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace (P4) JDK-8217850: CompressedClassSpaceSizeInJmapHeap fails after JDK-8217612 hotspot/test: (P4) JDK-8313159: [11u] Fix test SSLEngineKeyLimit.java after Merge error (P4) JDK-8244078: ProcessTools executeTestJvm and createJavaProcessBuilder have inconsistent handling of test.*.opts (P5) JDK-8252530: Fix inconsistencies in hotspot whitebox infrastructure: (P4) JDK-8309108: Bump update version for OpenJDK: jdk-11.0.21 infrastructure/build: (P3) JDK-8291444: GHA builds/tests won't run manually if disabled from automatic running (P4) JDK-8304867: Explicitly disable dtrace for ppc builds infrastructure/release_eng: (P4) JDK-8317644: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.21 security-libs/java.security: (P2) JDK-8314960: Add Certigna Root CA - 2 (P3) JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG (P3) JDK-8224729: Cleanups in sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java (P3) JDK-8239264: Clearup the legacy ObjectIdentifier constructor from int array (P3) JDK-8242151: Improve OID mapping and reuse among JDK security providers for aliases registration (P3) JDK-8242897: KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException (P3) JDK-8255348: NPE in PKIXCertPathValidator event logging code (P3) JDK-8295894: Remove SECOM certificate that is expiring in September 2023 (P3) JDK-8228403: SignTwice.java failed with java.io.FileNotFoundException: File name too long (P3) JDK-8224768: Test ActalisCA.java fails (P3) JDK-8155246: Throw error if default java.security file is missing (P3) JDK-8302182: Update Public Suffix List to 88467c9 (P4) JDK-8271838: AmazonCA.java interop test fails (P4) JDK-8317040: Exclude cleaner test failing on older releases (P4) JDK-8292297: Fix up loading of override java.security properties file (P4) JDK-8277353: java/security/MessageDigest/ThreadSafetyTest.java test times out (P4) JDK-8297955: LDAP CertStore should use LdapName and not String for DNs (P4) JDK-8239333: Mark test AmazonCA.java with intermittent key (P4) JDK-8292033: Move jdk.X509Certificate event logic to JCA layer (P4) JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails (P4) JDK-8238157: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java test failures because of revocation date (P4) JDK-8247895: SHA1PRNGReseed.java is calling setSeed(0) (P4) JDK-8308156: VerifyCACerts.java misses blank in error output security-libs/javax.crypto: (P3) JDK-8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1 (P3) JDK-8247968: test/jdk/javax/crypto/SecretKeyFactory/security.properties has wrong header (P4) JDK-8260274: Cipher.init(int, key) does not use highest priority provider for random bytes security-libs/javax.crypto:pkcs11: (P3) JDK-8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE" (P3) JDK-8226221: Update PKCS11 tests to use NSS 3.46 libs (P4) JDK-8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 security-libs/javax.net.ssl: (P3) JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit (P3) JDK-8240193: loadLibrary("osxsecurity") should not be removed (P3) JDK-8168261: Use server cipher suites preference by default security-libs/javax.security: (P3) JDK-8242330: Arrays should be cloned in several JAAS Callback classes (P3) JDK-8284910: Buffer clean in PasswordCallback security-libs/jdk.security: (P3) JDK-8220410: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed with missing expected output (P4) JDK-8228341: SignTwice.java fails intermittently on Windows security-libs/org.ietf.jgss: (P3) JDK-8303809: Dispose context in SPNEGO NegotiatorImpl security-libs/org.ietf.jgss:krb5: (P3) JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC tools/javac: (P3) JDK-8217395: Update langtools shell tests to use ${EXE_SUFFIX} (P4) JDK-8300751: [17u] Remove duplicate entry in javac.properties tools/javadoc(tool): (P3) JDK-8293180: JQuery UI license file not updated (P4) JDK-8297437: javadoc cannot link to old docs (with old style anchors) (P4) JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken (P4) JDK-8302161: Upgrade jQuery UI to version 1.13.2 tools/jshell: (P3) JDK-8304498: JShell does not switch to raw mode when there is no /bin/test (P3) JDK-8297587: Upgrade JLine to 3.22.0 tools/launcher: (P4) JDK-8212045: Add back the tests that were removed from HashesTest.java and AddExportsTest.java (P4) JDK-8305950: Have -XshowSettings option display tzdata version xml: (P4) JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test (P4) JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML xml/jaxp: (P4) JDK-8289508: Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling (P4) JDK-8301269: Update Commons BCEL to Version 6.7.0