RELEASE NOTES FOR: 15.0.10 ==================================================================================================== Notes generated: Fri Jan 03 21:55:31 CET 2025 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: security-libs/javax.net.ssl: JDK-8253368: Behavior changes for SSLSocket input stream shut down The SunJSSE close notification checks for `SSLSocket` have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. If an application tries to close the input stream of an `SSLSocket` (via `shutdownInput()` method) without having received a close notification message from its peer, the `SSLSocket` will no longer: 1. trigger the transmission of a TLS fatal-level alert to the peer, and 2. invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. A fatal-level alert will no longer be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLSocket` will also now be closed. Previously, this step didn't occur if a fatal message was generated. JDK-8273553: Change in SSLEngine.closeInbound() Behavior The SunJSSE close notification checks for `SSLEngine` to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also [JDK-8253368](https://bugs.openjdk.org/browse/JDK-8253368). Specifically, if an application tries to close its `SSLEngine` inbound side using `SSLEngine.closeInbound()` without having received a close notification message from its peer, the `SSLEngine` will no longer: 1. trigger the transmission of a TLS fatal-level alert to the peer, and 2. invalidate the current TLS session. The new behavior will still consider this condition an error and will throw a local `javax.net.ssl.SSLException`. But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid. In addition, the internal transport context for the `SSLEngine` will also now be closed. This may result in a different `SSLEngineResult.HandshakeStatus` value on the `SSLEngine`. Any outstanding outbound data must still be obtained (`SSLEngine.wrap()`) and sent in order to gracefully close the connection. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P3) JDK-8293672: Update freetype md file client-libs/java.awt: (P3) JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 (P3) JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation (P4) JDK-8295554: Move the "sizecalc.h" to the correct location client-libs/javax.accessibility: (P3) JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox client-libs/javax.imageio: (P4) JDK-8266171: -Warray-bounds happens in imageioJPEG.c (P4) JDK-8266174: -Wmisleading-indentation happens in libmlib_image sources core-libs: (P4) JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 core-libs/java.lang: (P4) JDK-8297530: java.lang.IllegalArgumentException: Negative length on strings concatenation core-libs/java.text: (P3) JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR core-libs/java.time: (P3) JDK-8294357: (tz) Update Timezone Data to 2022d (P3) JDK-8295173: (tz) Update Timezone Data to 2022e (P3) JDK-8296108: (tz) Update Timezone Data to 2022f (P3) JDK-8297804: (tz) Update Timezone Data to 2022g core-libs/java.util.jar: (P4) JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13 core-libs/java.util:i18n: (P3) JDK-8296715: CLDR v42 update for tzdata 2022f (P3) JDK-8294307: ISO 4217 Amendment 173 Update (P3) JDK-8296239: ISO 4217 Amendment 174 Update (P4) JDK-8261279: sun/util/resources/cldr/TimeZoneNamesTest.java timed out (P4) JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02 (P4) JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08 hotspot/compiler: (P1) JDK-8297027: Fix broken aarch64 build of 13u/15u after bad backport of 8293044 (P2) JDK-8292158: AES-CTR cipher state corruption with AVX-512 (P2) JDK-8293044: C1: Missing access check on non-accessible class (P3) JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent (P3) JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1 infrastructure: (P4) JDK-8293987: Bump update version for OpenJDK: jdk-15.0.10 infrastructure/build: (P3) JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals" (P4) JDK-8283323: libharfbuzz optimization level results in extreme build times security-libs/java.security: (P3) JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing security-libs/javax.net.ssl: (P3) JDK-8270344: Session resumption errors (P3) JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 (P3) JDK-8253368: TLS connection always receives close_notify exception (P4) JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode security-libs/org.ietf.jgss:krb5: (P4) JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral tools: (P3) JDK-8293701: jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present xml/org.w3c.dom: (P3) JDK-8287076: Document.normalizeDocument() produces different results