RELEASE NOTES FOR: 11.0.25
====================================================================================================

Notes generated: Fri Jan 03 11:58:32 CET 2025

Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP):

  None.

RELEASE NOTES:

core-libs/javax.naming:

    JDK-8290367: Update Default Value and Extend the Scope of com.sun.jndi.ldap.object.trustSerialData System Property

      In this release, the JDK implementation of the LDAP provider no longer supports
      deserialization of Java objects by default:
      
      * The default value of the `com.sun.jndi.ldap.object.trustSerialData` system property has been
      updated to `false`.
      
      * The scope of the `com.sun.jndi.ldap.object.trustSerialData` system property has been
      extended to cover the reconstruction of RMI remote objects from the `javaRemoteLocation` LDAP
      attribute.
      
      The transparent deserialization of Java objects from an LDAP context will now require an
      explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from
      the LDAP attributes would need to set the `com.sun.jndi.ldap.object.trustSerialData` system
      property to `true`.

security-libs/javax.net.ssl:

    JDK-8279164: Disabled TLS_ECDH Cipher Suites

      The TLS_ECDH cipher suites have been disabled by default, by adding "ECDH" to the
      `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The
      TLS_ECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note
      that some TLS_ECDH cipher suites were already disabled because they use algorithms that are
      disabled, such as 3DES and RC4. This action disables the rest.  Any attempts to use cipher
      suites starting with "TLS_ECDH_" will fail with an `SSLHandshakeException`. Users can, at
      their own risk, re-enable these cipher suites by removing "ECDH" from the
      `jdk.tls.disabledAlgorithms` security property.
      
      Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still
      enabled by default.

    JDK-8337664: Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024

      The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored
      by Entrust root certificates, in line with similar plans recently announced by Google and
      Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which
      are managed by Entrust.
      
      TLS server certificates issued on or before November 11, 2024 will continue to be trusted
      until they expire. Certificates issued after that date, and anchored by any of the Certificate
      Authorities in the table below, will be rejected.
      
      The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java
      Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's
      certificate chain is anchored by any of the Certificate Authorities in the table below and the
      certificate has been issued after November 11, 2024.
      
      An application will receive an Exception with a message indicating the trust anchor is not
      trusted, for example:
      
      ``` TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust
      root CA: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited,
      OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net ```
      
      If necessary, and at your own risk, you can work around the restrictions by removing
      "ENTRUST_TLS" from the `jdk.security.caDistrustPolicies` security property in the
      `java.security` configuration file.
      
      The restrictions are imposed on the following Entrust Root certificates included in the JDK:
      
      <table border="1" cellpadding="1" cellspacing="1" style="width:500px;" summary="Root
      Certificates distrusted after 2024-11-11"> 	<caption>Root Certificates distrusted after
      2024-11-11</caption> 	<thead> 		<tr> 			<th scope="col">Distinguished Name</th> 			<th
      scope="col">SHA-256 Fingerprint</th> 		</tr> 	</thead> 	<tbody> 		<tr> 			<td>CN=Entrust Root
      Certification Authority, OU=(c) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by
      reference, O=Entrust, Inc., C=US</td> 			<td>
      			<p>73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - EC1, OU=(c) 2012
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - G2, OU=(c) 2009
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - G4, OU=(c) 2015
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust.net Certification Authority (2048), OU=(c) 1999
      Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
      O=Entrust.net</td> 			<td>
      			<p>6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Commercial, O=AffirmTrust, C=US</td> 			<td>
      			<p>03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Networking, O=AffirmTrust, C=US</td> 			<td>
      			<p>0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Premium, O=AffirmTrust, C=US</td> 			<td>
      			<p>70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US</td> 			<td>
      			<p>BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23</p>
      			</td> 		</tr> 	</tbody> </table>
      
      You can also use the `keytool` utility from the JDK to print out details of the certificate
      chain, as follows:
      
      keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
      
      If any of the certificates in the chain are issued by one of the root CAs in the table above
      are listed in the output you will need to update the certificate or contact the organization
      that manages the server. 

    JDK-8341059: Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024

      The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored
      by Entrust root certificates, in line with similar plans recently announced by Google and
      Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which
      are managed by Entrust.
      
      TLS server certificates issued on or before November 11, 2024 will continue to be trusted
      until they expire. Certificates issued after that date, and anchored by any of the Certificate
      Authorities in the table below, will be rejected.
      
      The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java
      Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's
      certificate chain is anchored by any of the Certificate Authorities in the table below and the
      certificate has been issued after November 11, 2024.
      
      An application will receive an Exception with a message indicating the trust anchor is not
      trusted, for example:
      
      ``` TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust
      root CA: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited,
      OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net ```
      
      If necessary, and at your own risk, you can work around the restrictions by removing
      "ENTRUST_TLS" from the `jdk.security.caDistrustPolicies` security property in the
      `java.security` configuration file.
      
      The restrictions are imposed on the following Entrust Root certificates included in the JDK:
      
      <table border="1" cellpadding="1" cellspacing="1" style="width:500px;" summary="Root
      Certificates distrusted after 2024-11-11"> 	<caption>Root Certificates distrusted after
      2024-11-11</caption> 	<thead> 		<tr> 			<th scope="col">Distinguished Name</th> 			<th
      scope="col">SHA-256 Fingerprint</th> 		</tr> 	</thead> 	<tbody> 		<tr> 			<td>CN=Entrust Root
      Certification Authority, OU=(c) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by
      reference, O=Entrust, Inc., C=US</td> 			<td>
      			<p>73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - EC1, OU=(c) 2012
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - G2, OU=(c) 2009
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust Root Certification Authority - G4, OU=(c) 2015
      Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc.,
      C=US</td> 			<td>
      			<p>DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88</p>
      			</td> 		</tr> 		<tr> 			<td>CN=Entrust.net Certification Authority (2048), OU=(c) 1999
      Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
      O=Entrust.net</td> 			<td>
      			<p>6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Commercial, O=AffirmTrust, C=US</td> 			<td>
      			<p>03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Networking, O=AffirmTrust, C=US</td> 			<td>
      			<p>0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Premium, O=AffirmTrust, C=US</td> 			<td>
      			<p>70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A</p>
      			</td> 		</tr> 		<tr> 			<td>CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US</td> 			<td>
      			<p>BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23</p>
      			</td> 		</tr> 	</tbody> </table>
      
      You can also use the `keytool` utility from the JDK to print out details of the certificate
      chain, as follows:
      
      keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
      
      If any of the certificates in the chain are issued by one of the root CAs in the table above
      are listed in the output you will need to update the certificate or contact the organization
      that manages the server. 

tools/launcher:

    JDK-8310201: Available Locales Information Now Listed with -XshowSettings:locale Option

      The `showSettings` launcher option no longer prints available locales information by default,
      when `-XshowSettings` is used. The `-XshowSettings:locale` option will continue to print all
      settings related to available locales.

security-libs/java.security:

    JDK-8341057: Added SSL.com TLS Root CA Certificates Issued in 2022

      The following root certificates have been added to the cacerts truststore: ``` + SSL.com   +
      ssltlsrootecc2022     DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
      
      + SSL.com   + ssltlsrootrsa2022     DN: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation,
      C=US ```

core-svc/java.lang.management:

    JDK-8338139:  The ClassLoadingMXBean and MemoryMXBean isVerbose Methods Are Now Consistent with Their setVerbose Methods

      The `ClassLoadingMXBean::setVerbose(boolean enabled)` method will set `class+load*` logging on
      log output `stdout` to level `info` if `enabled` is true, and to level `off` otherwise. In
      contrast, the `isVerbose` method would check if exactly `class+load` logging was enabled at
      the `info` level on _any_ log output. This could result in counter-intuitive behavior when
      logging `class+load=info` to a file via the command-line, as it caused `isVerbose` to return
      true, even after a call to `setVerbose(false)` had been made. A similar problem existed for
      the `MemoryMXBean::isVerbose` method. Starting with this release, the behavior is as follows:
      
      - `ClassLoadingMXBean::isVerbose` will return true only if `class+load*` logging (note the
      wildcard use) has been enabled at the `info` level (or above) on the `stdout` log output. -
      `MemoryMXBean::isVerbose` will return true only if `gc` logging has been enabled at the `info`
      level (or above) on the `stdout` log output.


ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:

client-libs:
  (P4) JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows
  (P4) JDK-8275851: Deproblemlist open/test/jdk/javax/swing/JComponent/6683775/bug6683775.java
  (P4) JDK-8276819: javax/print/PrintServiceLookup/FlushCustomClassLoader.java fails to free
  (P4) JDK-8294148: Support JSplitPane for instructions and test UI

client-libs/2d:
  (P3) JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
  (P4) JDK-8331746: Create a test to verify that the cmm id is not ignored
  (P4) JDK-8273135: java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in liblcms.dylib with NULLSeek+0x7
  (P4) JDK-8320079: The ArabicBox.java test has no control buttons

client-libs/java.awt:
  (P3) JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab
  (P3) JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04
  (P3) JDK-8328999: Update GIFlib to 5.2.2
  (P3) JDK-8329004: Update Libpng to 1.6.43
  (P4) JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
  (P4) JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test
  (P4) JDK-8328115: Convert java/awt/font/TextLayout/TestJustification.html applet test to main
  (P4) JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/GetBoundsResizeTest.java applet test to main
  (P4) JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html
  (P4) JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ClickDuringKeypress.java imports Applet
  (P4) JDK-8280392: java/awt/Focus/NonFocusableWindowTest/NonfocusableOwnerTest.java failed with "RuntimeException: Test failed."
  (P4) JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful
  (P4) JDK-8306489: Open source AWT List related tests
  (P4) JDK-8306850: Open source AWT Modal related tests
  (P4) JDK-8306060: Open source few AWT Insets related tests
  (P4) JDK-8306466: Open source more AWT Drag & Drop related tests
  (P4) JDK-8316240: Open source several add/remove MenuBar manual tests
  (P4) JDK-8306432: Open source several AWT Text Component related tests
  (P4) JDK-8306566: Open source several clipboard AWT tests
  (P4) JDK-8316211: Open source several manual applet tests
  (P4) JDK-8315965: Open source various AWT applet tests
  (P4) JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/FilenameFilterTest.java fails on Mac OS
  (P4) JDK-8328561: test java/awt/Robot/ManualInstructions/ManualInstructions.java isn't used
  (P5) JDK-8279337: The MToolkit is still referenced in a few places

client-libs/javax.accessibility:
  (P4) JDK-8326140: src/jdk.accessibility/windows/native/libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp ReleaseStringChars might be missing in early returns

client-libs/javax.swing:
  (P2) JDK-8307091: A few client tests intermittently throw ConcurrentModificationException
  (P3) JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
  (P3) JDK-8328953: JEditorPane.read throws ChangedCharSetException
  (P3) JDK-8325179: Race in BasicDirectoryModel.validateFileCache
  (P4) JDK-7124313: [macosx] Swing Popups should overlap taskbar
  (P4) JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel
  (P4) JDK-8327840: Automate javax/swing/border/Test4129681.java
  (P4) JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock
  (P4) JDK-8328238: Convert few closed manual applet tests to main
  (P4) JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main
  (P4) JDK-7156347: javax/swing/JList/6462008/bug6462008.java fails
  (P4) JDK-8316306: Open source and convert manual Swing test
  (P4) JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests
  (P4) JDK-8316104: Open source several Swing SplitPane and RadioButton related tests
  (P4) JDK-8315898: Open source swing JMenu tests
  (P4) JDK-8316285: Opensource JButton manual tests
  (P4) JDK-8329559:  Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected
  (P4) JDK-8305072: Win32ShellFolder2.compareTo is inconsistent

core-libs:
  (P4) JDK-8206440: Remove javac -source/-target 6 from jdk regression tests

core-libs/java.io:
  (P4) JDK-8255969: Improve java/io/BufferedInputStream/LargeCopyWithMark.java using jtreg tags

core-libs/java.io:serialization:
  (P4) JDK-8222884: ConcurrentClassDescLookup.java times out intermittently
  (P4) JDK-8231427: Warning cleanup in tests of java.io.Serializable

core-libs/java.lang:
  (P3) JDK-8320570: NegativeArraySizeException decoding >1G UTF8 bytes with non-ascii characters

core-libs/java.net:
  (P3) JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle
  (P3) JDK-8242999: HTTP/2 client may not handle CONTINUATION frames correctly
  (P3) JDK-8292044: HttpClient doesn't handle 102 or 103 properly
  (P3) JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures
  (P3) JDK-8284585: PushPromiseContinuation test fails intermittently in timeout
  (P4) JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean
  (P4) JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address
  (P4) JDK-8263031: HttpClient throws Exception if it receives a Push Promise that is too large
  (P4) JDK-8296410: HttpClient throws java.io.IOException: no statuscode in response for HTTP2
  (P4) JDK-8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields
  (P4) JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError
  (P4) JDK-8330523: Reduce runtime and improve efficiency of KeepAliveTest
  (P4) JDK-8224081: SOCKS v4 tests require IPv4
  (P4) JDK-8331063: Some HttpClient tests don't report leaks
  (P4) JDK-8299487: Test java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out
  (P4) JDK-8229822: ThrowingPushPromises tests sometimes fail due to EOF
  (P5) JDK-8303216: Prefer ArrayList to LinkedList in sun.net.httpserver.ServerImpl

core-libs/java.nio:
  (P4) JDK-8249772: (ch) Improve sun/nio/ch/TestMaxCachedBufferSize.java
  (P4) JDK-8255913: Decrease number of iterations in TestMaxCachedBufferSize
  (P4) JDK-8259274: Increase timeout duration in sun/nio/ch/TestMaxCachedBufferSize.java
  (P4) JDK-8336301: test/jdk/java/nio/channels/AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion

core-libs/java.util.concurrent:
  (P4) JDK-8269428: java/util/concurrent/ConcurrentHashMap/ToArray.java timed out

core-libs/java.util.jar:
  (P4) JDK-8240226: DeflateIn_InflateOut.java test incorrectly assumes size of compressed file
  (P4) JDK-8249097: test/lib/jdk/test/lib/util/JarBuilder.java has a bad copyright

core-libs/java.util.logging:
  (P4) JDK-8329013: StackOverflowError when starting Apache Tomcat with signed jar

core-libs/java.util:i18n:
  (P3) JDK-8334653: ISO 4217 Amendment 177 Update
  (P4) JDK-8327631: Update IANA Language Subtag Registry to Version 2024-03-07
  (P4) JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16
  (P4) JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14

core-libs/javax.naming:
  (P3) JDK-8290367: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
  (P4) JDK-8211920: Close server socket and cleanups in test/jdk/javax/naming/module/RunBasic.java
  (P4) JDK-8251188: Update LDAP tests not to use wildcard addresses

core-svc/java.lang.management:
  (P1) JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods

core-svc/javax.management:
  (P4) JDK-8328273: sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use

core-svc/tools:
  (P3) JDK-8236917: TestInstanceKlassSize.java fails with "The size computed by SA for java.lang.Object does not match"
  (P4) JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error

hotspot/compiler:
  (P4) JDK-8266150: mark hotspot compiler/arguments tests which ignore VM flags
  (P4) JDK-8266153: mark hotspot compiler/onSpinWait tests which ignore VM flags
  (P4) JDK-8266154: mark hotspot compiler/oracle tests which ignore VM flags
  (P4) JDK-8266149: mark hotspot compiler/startup tests which ignore VM flags
  (P5) JDK-8276036: The value of full_count in the message of insufficient codecache is wrong

hotspot/gc:
  (P3) JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
  (P3) JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/TestDescription.java fails with no GC's recorded
  (P4) JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests
  (P4) JDK-8317316: G1: Make TestG1PercentageOptions use createTestJvm
  (P4) JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
  (P4) JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java assumes that GCs take 1ms minimum
  (P4) JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
  (P4) JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
  (P4) JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
  (P4) JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC
  (P4) JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java

hotspot/jfr:
  (P4) JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash

hotspot/jvmti:
  (P3) JDK-8222005: ClassRedefinition crashes with: guarantee(false) failed: OLD and/or OBSOLETE method(s) found
  (P3) JDK-8078725: method adjustments can be done just once for all classes involved into redefinition

hotspot/runtime:
  (P4) JDK-8305079: Remove finalize() from compiler/c2/Test719030
  (P4) JDK-8305081: Remove finalize() from test/hotspot/jtreg/compiler/runtime/Test8168712
  (P4) JDK-8286781: Replace the deprecated/obsolete gethostbyname and inet_addr calls
  (P4) JDK-8325862: set -XX:+ErrorFileToStderr when executing java in containers for some container related jtreg tests

hotspot/svc:
  (P4) JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling
  (P4) JDK-8315437: Enable parallelism in vmTestbase/nsk/monitoring/stress/classload tests
  (P4) JDK-8315442: Enable parallelism in vmTestbase/nsk/monitoring/stress/thread tests
  (P4) JDK-8316462: sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.java ignores VM flags

hotspot/test:
  (P4) JDK-8325876: crashes in docker container tests on Linuxppc64le Power8 machines
  (P4) JDK-8332898: failure_handler: log directory of commands
  (P4) JDK-8332113: Update nsk.share.Log to be always verbose
  (P5) JDK-8328234: Remove unused nativeUtils files

infrastructure:
  (P4) JDK-8334166: Enable binary check
  (P4) JDK-8332008: Enable issuestitle check

infrastructure/build:
  (P2) JDK-8294310: compare.sh fails on macos after JDK-8293550
  (P3) JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039
  (P4) JDK-8317039: Enable specifying the JDK used to run jtreg
  (P4) JDK-8318039: GHA: Bump macOS and Xcode versions
  (P4) JDK-8336928: GHA: Bundle artifacts removal broken
  (P4) JDK-8286601: Mac Aarch: Excessive warnings to be ignored for build jdk
  (P4) JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg
  (P5) JDK-8244966: Add .vscode to .hgignore and .gitignore

infrastructure/release_eng:
  (P4) JDK-8341675: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25
  (P4) JDK-8331263: Bump update version for OpenJDK: jdk-11.0.25

other-libs/other:
  (P3) JDK-8333837: [11u] HexPrinterTest.java javac compile fails illegal start of expression
  (P3) JDK-8333839: [11u] LingeredAppTest.java fails Can't find source file: LingeredApp.java

security-libs/java.security:
  (P2) JDK-8341057: Add 2 SSL.com TLS roots
  (P3) JDK-8335803: SunJCE cipher throws NPE for un-extractable RSA keys

security-libs/javax.crypto:pkcs11:
  (P3) JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

security-libs/javax.net.ssl:
  (P1) JDK-8301189: validate-source fails after JDK-8298873
  (P2) JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
  (P3) JDK-8249826: 5 javax/net/ssl/SSLEngine tests use @ignore w/o bug-id
  (P3) JDK-8279164: Disable TLS_ECDH_* cipher suites
  (P3) JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
  (P4) JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl
  (P4) JDK-8325022: Incorrect error message on client authentication
  (P4) JDK-8332524: Instead of printing "TLSv1.3," it is showing "TLS13"
  (P4) JDK-8298873: Update IllegalRecordVersion.java for changes to TLS implementation

security-libs/javax.xml.crypto:
  (P4) JDK-8210338: Better output for GenerationTests.java

tools/javadoc(tool):
  (P3) JDK-8330063: Upgrade jQuery to 3.7.1

tools/jshell:
  (P2) JDK-8314614: jdk/jshell/ImportTest.java failed with "InternalError: Failed remote listen"
  (P4) JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
  (P4) JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails intermittently on storage acquisition

tools/launcher:
  (P3) JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option

xml/javax.xml.validation:
  (P4) JDK-8320602: Lock contention in SchemaDVFactory.getInstance()