JDK 11.0.8 Release Notes

JDK 11 Update Release Notes

Java™ SE Development Kit 11.0.8 (JDK 11.0.8)

July 14, 2020

The full version string for this update release is 11.0.8+10 (where "+" means "build"). The version number is 11.0.8.

IANA Data 2020a

JDK 11.0.8 contains IANA time zone data version 2020a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.8 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
11 11.0.8+10
8 1.8.0_261-b12
7 1.7.0_271-b10

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.8) be used after the next critical patch update scheduled for October 20, 2020.

New Features

security-libs/javax.net.ssl
New System Properties to Configure the TLS Signature Schemes
Two new System Properties are added to customize the TLS signature schemes in JDK. jdk.tls.client.SignatureSchemes is added for TLS client side, and jdk.tls.server.SignatureSchemes for server side.

Each System Property contains a comma-separated list of supported signature scheme names, which specifying the signature schemes that could be used for the TLS connections.

The names are described in the "Signature Schemes" section of the Java Security Standard Algorithm Names Specification.

See JDK-8242141

security-libs/javax.xml.crypto
Apache Santuario Library Updated to Version 2.1.4
The Apache Santuario library has been upgraded to version 2.1.4. As a result, a new system property com.sun.org.apache.xml.internal.security.parser.pool-size has been introduced.

This new system property sets the pool size of the internal DocumentBuilder cache used when processing XML Signatures. The function is equivalent to the org.apache.xml.security.parser.pool-size system property used in Apache Santuario and has the same default value of 20.

See JDK-8231507

infrastructure
Toolchain Upgrade to Xcode 10.1
Build Environment Update for macOS Moved to Xcode 10.1 On macOS, the toolchain used to build the JDK has been upgraded from Xcode 4.5 to Xcode 10.1.

JDK-8232007 (not public)

install/install
 Oracle JDK Installer for Windows Provides Executables (javac, etc) in a Path Reachable From Any Command Prompt

The Oracle JDK installer for Windows provides java.exe, javaw.exe, javac.exe, and jshell.exe commands in a system location so that users can run Java applications without needing to provide the path to the Oracle JDK's installation folder.

JDK-8222383 (not public)

Removed Features and Options

security-libs/java.security
Removal of Comodo Root CA Certificate
The following expired Comodo root CA certificate was removed from the cacerts keystore:

  • alias name "addtrustclass1ca [jdk]"

    Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

See JDK-8225069

security-libs/java.security
Removal of DocuSign Root CA Certificate
The following expired DocuSign root CA certificate was removed from the cacerts keystore:

  • alias name "keynectisrootca [jdk]"

    Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

See JDK-8225068

Other notes

core-libs/java.io:serialization
 Improved Serialization Handling

When setting a serialization filter by using java.io.ObjectInputStream.setObjectInputFilter the method must be called before reading any objects from the stream. If the methods readObject or readUnshared are called, the setObjectInputFilter method throws IllegalStateException.

JDK-8234836 (not public)

core-libs/java.util:collections
 Better Listing of Arrays
The preferred way to copy a collection is to use a "copy constructor." For example, to copy a collection into a new ArrayList, one would write new ArrayList<>(collection). In certain circumstances, an additional, temporary copy of the collection's contents might be made in order to improve robustness. If the collection being copied is exceptionally large, then the application should be (aware of/monitor) the significant resources required involved in making the copy.

JDK-8231800 (not public)

security-libs/javax.net.ssl
Default SSLEngine Should Create in Server Role
In JDK 11 and later, javax.net.ssl.SSLEngine by default used client mode when handshaking. As a result, the set of default enabled protocols may differ to what is expected. SSLEngine would usually be used in server mode. From this JDK release onwards, SSLEngine will default to server mode. The javax.net.ssl.SSLEngine.setUseClientMode​(boolean mode) method may be used to configure the mode.

See JDK-8237474

core-svc/java.lang.management
OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
When executing in a container, or other virtualized operating environment, the following OperatingSystemMXBean methods in this release return container specific information, if available. Otherwise, they return host specific data:

  • getFreePhysicalMemorySize()
  • getTotalPhysicalMemorySize()
  • getFreeSwapSpaceSize()
  • getTotalSwapSpaceSize()
  • getSystemCpuLoad()

See JDK-8226575

security-libs
Default SSL Session Cache Size Updated to 20480
The default SSL session cache size has been updated to 20480 in this JDK release

See JDK-8210985

client-libs/javax.swing
Deprecated NSWindowStyleMaskTexturedBackground
After an upgrade of the macOS SDK used to build the JDK, the behavior of the apple.awt.brushMetalLook and textured Swing properties has changed. When these properties are set, the title of the frame is still visible. It is recommended that the apple.awt.transparentTitleBar property be set to true to make the title of the frame invisible again. The apple.awt.fullWindowContent property can also be used.

Please note that Textured window support was implemented by using the NSTexturedBackgroundWindowMask value of NSWindowStyleMask. However, this was deprecated in macOS 10.12 along with NSWindowStyleMaskTexturedBackground, which was deprecated in macOS 10.14.

For additional information, refer to the following documentation:

See JDK-8240995

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 11.0.8:

# BugId Component Subcomponent Summary
1 JDK-6933331 client-libs 2d (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created
2 JDK-8196181 client-libs 2d sun/java2d/GdiRendering/InsetClipping.java fails
3 JDK-8209113 client-libs 2d Use WeakReference for lastFontStrike for created Fonts
4 JDK-8214481 client-libs 2d freetype path does not disable TrueType hinting with AA+FM hints
5 JDK-8224109 client-libs 2d Text spaced incorrectly by drawString under rotation with fractional metrics
6 JDK-8234398 client-libs 2d Replace ID2D1Factory::GetDesktopDpi with GetDeviceCaps
7 JDK-8235904 client-libs 2d Infinite loop when rendering huge lines
8 JDK-8236996 client-libs 2d Incorrect Roboto font rendering on Windows with subpixel antialiasing
9 JDK-8239091 client-libs 2d Reversed arguments in call to strstr in freetype "debug" code.
10 JDK-8176359 client-libs java.awt Frame#setMaximizedbounds not working properly in multi screen environments
11 JDK-8196019 client-libs java.awt java/awt/Window/Grab/GrabTest.java fails on Windows
12 JDK-8211301 client-libs java.awt [macos] support full window content options
13 JDK-8225126 client-libs java.awt Test SetBoundsPaintTest.html failed on Windows when desktop is scaled
14 JDK-8226806 client-libs java.awt [macOS 10.14] Methods of Java Robot should be called from appropriate thread
15 JDK-8231438 client-libs java.awt [macOS] Dark mode for the desktop is not supported
16 JDK-8231564 client-libs java.awt setMaximizedBounds is broken with large display scale and multiple monitors
17 JDK-8233573 client-libs java.awt Toolkit.getScreenInsets(GraphicsConfiguration) may throw ClassCastException
18 JDK-8233707 client-libs java.awt systemScale.cpp could not compile with VS2019
19 JDK-8234107 client-libs java.awt Several AWT modal dialog tests failing on Linux after JDK-8231991
20 JDK-8237221 client-libs java.awt [macos] java/awt/MenuBar/SeparatorsNavigation/SeparatorsNavigation.java fails
21 JDK-8238575 client-libs java.awt DragSourceEvent.getLocation() returns wrong value on HiDPI screens (Windows)
22 JDK-8242174 client-libs java.awt [macos] The NestedModelessDialogTest test make the macOS unstable
23 JDK-8242498 client-libs java.awt Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
24 JDK-8226253 client-libs javax.accessibility JAWS reports wrong number of radio buttons when buttons are hidden
25 JDK-8238842 client-libs javax.imageio AIOOBE in GIFImageReader.initializeStringTable
26 JDK-8221445 client-libs javax.sound FastSysexMessage constructor crashes MIDI receiption thread
27 JDK-8040630 client-libs javax.swing Popup menus and tooltips flicker with previous popup contents when first shown
28 JDK-8198339 client-libs javax.swing Test javax/swing/border/Test6981576.java is unstable
29 JDK-8183369 core-libs java.net RFC unconformity of HttpURLConnection with proxy
30 JDK-8210147 core-libs java.net adjust some WSAGetLastError usages in windows network coding
31 JDK-8232854 core-libs java.net URLClassLoader.close() doesn't close cached JAR file on Windows when load() fails
32 JDK-8044365 core-libs java.nio (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
33 JDK-8221531 core-libs java.nio Incorrect copyright header in src/java.base/windows/native/libnio/ch/FileChannelImpl.c
34 JDK-8205399 core-libs java.util:collections Set node color on pinned HashMap.TreeNode deletion
35 JDK-8160768 core-libs javax.naming Add capability to custom resolve host/domain names within the default JNDI LDAP provider
36 JDK-8214440 core-libs javax.naming ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
37 JDK-8217606 core-libs javax.naming LdapContext#reconnect always opens a new connection
38 JDK-8240523 core-libs javax.naming JCK Test Case api/modulegraph/index.html#ModuleGraphTest failed in CI
39 JDK-8193879 core-svc debugger Java debugger hangs on method invocation
40 JDK-8239055 core-svc debugger Wrong implementation of VMState.hasListener
41 JDK-8206179 core-svc javax.management com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
42 JDK-8132849 hotspot compiler Increased stop time in cleanup phase because of single-threaded walk of thread stacks in NMethodSweeper::mark_active_nmethods()
43 JDK-8156207 hotspot compiler Resource allocated BitMaps are often cleared unnecessarily
44 JDK-8163511 hotspot compiler Allocation of compile task fails with assert: "Leaking compilation tasks?"
45 JDK-8187078 hotspot compiler -XX:+VerifyOops finds numerous problems when running JPRT
46 JDK-8208277 hotspot compiler Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages
47 JDK-8209420 hotspot compiler Track membars for volatile accesses so they can be properly optimized
48 JDK-8209439 hotspot compiler C2 library_call can potentially ignore Math.pow intrinsic or use null pointer
49 JDK-8209684 hotspot compiler Intrinsics that assume some input non null should use GraphKit::must_be_not_null()
50 JDK-8209686 hotspot compiler cleanup arguments to PhaseIdealLoop() constructor
51 JDK-8210284 hotspot compiler "assert((av & 0x00000001) == 0) failed: unsupported V8" on Solaris 11.4
52 JDK-8210389 hotspot compiler C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc
53 JDK-8211129 hotspot compiler compiler/whitebox/ForceNMethodSweepTest.java fails after JDK-8132849
54 JDK-8211233 hotspot compiler MemBarNode::trailing_membar() and MemBarNode::leading_membar() need to handle dying subgraphs better
55 JDK-8211332 hotspot compiler code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs
56 JDK-8211740 hotspot compiler [AOT] -XX:AOTLibrary doesn't accept windows path
57 JDK-8211743 hotspot compiler [AOT] crash in ScopeDesc::decode_body() when JVMTI walks AOT frames
58 JDK-8214344 hotspot compiler C2: assert(con.basic_type() != T_ILLEGAL) failed: elembt=byte; loadbt=void; unsigned=0
59 JDK-8214444 hotspot compiler Wrong strncat limits in dfa.cpp
60 JDK-8214857 hotspot compiler "bad trailing membar" assert failure at memnode.cpp:3220
61 JDK-8214862 hotspot compiler assert(proj != __null) at compile.cpp:3251
62 JDK-8215551 hotspot compiler Missing case label in nmethod::reloc_string_for()
63 JDK-8215555 hotspot compiler TieredCompilation C2 threads can excessively block handshakes
64 JDK-8216151 hotspot compiler [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.debug
65 JDK-8216154 hotspot compiler C4819 warnings at HotSpot sources on Windows
66 JDK-8216541 hotspot compiler CompiledICHolders of VM locked unloaded nmethods are released too late
67 JDK-8217230 hotspot compiler assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
68 JDK-8217447 hotspot compiler Develop flag TraceICs is broken
69 JDK-8219214 hotspot compiler Infinite Loop in CodeSection::dump()
70 JDK-8219919 hotspot compiler RuntimeStub's name lost with PrintFrameConverterAssembly
71 JDK-8220341 hotspot compiler Class redefinition fails with assert(!is_unloaded()) failed: unloaded method on the stack
72 JDK-8221482 hotspot compiler Initialize VMRegImpl::regName[] earlier to prevent assert during PrintStubCode
73 JDK-8221782 hotspot compiler [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.jdk.vm.ci.services
74 JDK-8225567 hotspot compiler Wrong file headers with 8202414 fix changeset
75 JDK-8225783 hotspot compiler Incorrect use of binary operators on booleans in type.cpp
76 JDK-8226198 hotspot compiler use of & instead of && in LibraryCallKit::arraycopy_restore_alloc_state
77 JDK-8226879 hotspot compiler Memory leak in Type::hashcons
78 JDK-8227034 hotspot compiler Graal crash with gcbasher
79 JDK-8227632 hotspot compiler Incorrect PrintCompilation message: made not compilable on levels 0 1 2 3 4
80 JDK-8229855 hotspot compiler C2 fails with assert(false) failed: bad AD file
81 JDK-8231515 hotspot compiler [Graal] Crash during exception throwing in InterpreterRuntime::resolve_invoke
82 JDK-8232106 hotspot compiler [x86] C2: SIGILL due to usage of SSSE3 instructions on processors which don't support it
83 JDK-8233019 hotspot compiler java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
84 JDK-8233364 hotspot compiler Fix undefined behavior in Canonicalizer::do_ShiftOp
85 JDK-8235332 hotspot compiler TestInstanceCloneAsLoadsStores.java fails with -XX:+StressGCM
86 JDK-8235762 hotspot compiler JVM crash in SWPointer during C2 compilation
87 JDK-8235984 hotspot compiler C2: assert(out->in(PhiNode::Region) == head || out->in(PhiNode::Region) == slow_head) failed: phi must be either part of the slow or the fast loop
88 JDK-8236285 hotspot compiler [JVMCI] improve TranslatedException traces
89 JDK-8236709 hotspot compiler struct SwitchRange in HS violates C++ One Definition Rule
90 JDK-8236759 hotspot compiler ShouldNotReachHere in PhaseIdealLoop::verify_strip_mined_scheduling
91 JDK-8237045 hotspot compiler JVM uses excessive memory with -XX:+EnableJVMCI -XX:JVMCICounterSize=2147483648
92 JDK-8237086 hotspot compiler assert(is_MachReturn()) running CTW with fix for JDK-8231291
93 JDK-8237375 hotspot compiler SimpleThresholdPolicy misses CounterDecay timestamp initialization
94 JDK-8237945 hotspot compiler CTW: C2 compilation fails with assert(just_allocated_object(alloc_ctl) == ptr) failed: most recent allo
95 JDK-8237951 hotspot compiler CTW: C2 compilation fails with "malformed control flow"
96 JDK-8238190 hotspot compiler [JVMCI] Fix single implementor speculation for diamond shapes.
97 JDK-8238356 hotspot compiler CodeHeap::blob_count() overestimates the number of blobs
98 JDK-8238438 hotspot compiler SuperWord::co_locate_pack picks memory state of first instead of last load
99 JDK-8238756 hotspot compiler C2: assert(((n) == __null || !VerifyIterativeGVN || !((n)->is_dead()))) failed: can not use dead node
100 JDK-8238765 hotspot compiler PhaseCFG::schedule_pinned_nodes cannot handle precedence edges from unmatched CFG nodes correctly
101 JDK-8238811 hotspot compiler C2: assert(i >= req() || i == 0 || is_Region() || is_Phi()) with -XX:+VerifyGraphEdges
102 JDK-8239142 hotspot compiler C2's UseUniqueSubclasses optimization is broken for array accesses
103 JDK-8239456 hotspot compiler [win][x86] vtable stub generation: assert failure (code size estimate)
104 JDK-8239852 hotspot compiler java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
105 JDK-8239931 hotspot compiler [win][x86] vtable stub generation: assert failure (code size estimate) follow-up
106 JDK-8240220 hotspot compiler IdealLoopTree::dump_head predicate printing is broken
107 JDK-8240223 hotspot compiler Use consistent predicate order in and with PhaseIdealLoop::find_predicate
108 JDK-8240576 hotspot compiler JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
109 JDK-8240831 hotspot compiler [JVMCI] Export missing vmStructs entries used by JVMCI compilers
110 JDK-8240905 hotspot compiler assert(mem == (Node*)1 || mem == mem2) failed: multiple Memories being matched at once?
111 JDK-8240976 hotspot compiler [JVMCI] MethodProfileWidth flag is broken
112 JDK-8241556 hotspot compiler Memory leak if -XX:CompileCommand is set
113 JDK-8241900 hotspot compiler Loop unswitching may cause dependence on null check to be lost
114 JDK-8242108 hotspot compiler Performance regression after fix for JDK-8229496
115 JDK-8242357 hotspot compiler [JVMCI] Incorrect use of JVMCI_CHECK_ on return statement
116 JDK-8243467 hotspot compiler [BACKOUT] JDK-8132849 and JDK-8211129 from 11.0.8-oracle
117 JDK-8204834 hotspot gc Fix confusing "allocate" naming in OopStorage
118 JDK-8221534 hotspot gc Incorrect copyright header in src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/gc/z/ZPageTableEntry.java
119 JDK-8231779 hotspot gc crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
120 JDK-8189633 hotspot runtime Missing -Xcheck:jni checking for DeleteWeakGlobalRef
121 JDK-8203911 hotspot runtime Test runtime/modules/getModuleJNI/GetModule fails with -Xcheck:jni
122 JDK-8209850 hotspot runtime Allow NamedThreads to use GlobalCounter critical sections
123 JDK-8209976 hotspot runtime Improve iteration over non-JavaThreads
124 JDK-8210303 hotspot runtime VM_HandshakeAllThreads fails assert with "failed: blocked and not walkable"
125 JDK-8212933 hotspot runtime Thread-SMR: requesting a VM operation whilst holding a ThreadsListHandle can cause deadlocks
126 JDK-8213250 hotspot runtime CDS archive creation aborts due to metaspace object allocation failure
127 JDK-8219241 hotspot runtime Provide basic virtualization related info in the hs_error file on linux/windows x86_64
128 JDK-8219562 hotspot runtime Line of code in osContainer_linux.cpp#L102 appears unreachable
129 JDK-8222720 hotspot runtime Provide extended VMWare/vSphere virtualization related info in the hs_error file on linux/windows x86_64
130 JDK-8224793 hotspot runtime os::die() does not honor CreateCoredumpOnCrash option
131 JDK-8240529 hotspot runtime CheckUnhandledOops breaks NULL check in Modules::define_module
132 JDK-8241296 hotspot runtime Segfault in JNIHandleBlock::oops_do()
133 JDK-8241464 hotspot runtime [11u] Backport: make rehashing be a needed guaranteed safepoint cleanup action
134 JDK-8241660 hotspot runtime Add virtualization information output to hs_err file on macOS
135 JDK-8237589 other-libs other Fix copyright header formatting
136 JDK-7092821 security-libs java.security java.security.Provider.getService() is synchronized and became scalability bottleneck
137 JDK-8228613 security-libs java.security java.security.Provider#getServices order is no longer deterministic
138 JDK-8231387 security-libs java.security java.security.Provider.getService returns random result due to race condition with mutating methods in the same class
139 JDK-8238452 security-libs java.security Keytool generates wrong expiration date if validity is set to 2050/01/01
140 JDK-8246613 security-libs java.security Choose the default SecureRandom algo based on registration ordering
141 JDK-8240983 security-libs javax.crypto Incorrect copyright header in Apache Santuario 2.1.3 files
142 JDK-8238898 security-libs javax.crypto:pkcs11 Missing hash characters for header on license file
143 JDK-8209333 security-libs javax.net.ssl Socket reset issue for TLS 1.3 socket close
144 JDK-8211339 security-libs javax.net.ssl NPE during SSL handshake caused by HostnameChecker
145 JDK-8215711 security-libs javax.net.ssl Missing key_share extension for (EC)DHE key exchange should alert missing_extension
146 JDK-8223482 security-libs javax.net.ssl Unsupported ciphersuites may be offered by a TLS client
147 JDK-8223940 security-libs javax.net.ssl Private key not supported by chosen signature algorithm
148 JDK-8233621 security-libs javax.net.ssl Mismatch in jsse.enableMFLNExtension property name
149 JDK-8235874 security-libs javax.net.ssl The ordering of Cipher Suites is not maintained provided through “jdk.tls.client.cipherSuites” and “jdk.tls.server.cipherSuites” system property.
150 JDK-8236039 security-libs javax.net.ssl JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
151 JDK-8239798 security-libs javax.net.ssl SSLSocket closes socket both socket endpoints on a SocketTimeoutException
152 JDK-8242294 security-libs javax.net.ssl JSSE Client does not throw SSLException when an alert occurs during handshaking
153 JDK-8246031 security-libs javax.net.ssl SSLSocket.getSession() doesn't close connection for timeout/ interrupts
154 JDK-8163251 security-libs javax.smartcardio Hard coded loop limit prevents reading of smart card data greater than 8k
155 JDK-8210197 tools javac javac can't tell during speculative attribution if a diamond expression is creating an anonymous inner class or not
156 JDK-8213908 tools javac AssertionError in DeferredAttr at setOverloadKind
157 JDK-8214345 tools javac infinite recursion while checking super class
158 JDK-8218268 tools javac Javac treats Manifest Class-Path entries as Paths instead of URLs
159 JDK-8200432 tools javadoc(tool) javadoc fails with ClassCastException on {@link byte[]}
160 JDK-8212233 tools javadoc(tool) javadoc fails on jdk12 with "The code being documented uses modules but the packages defined in $URL are in the unnamed module."
161 JDK-8214856 tools javadoc(tool) Errors with JSZip in web console after upgrade to 3.1.5
162 JDK-8236700 tools javadoc(tool) Upgrading JSZip from v3.1.5 to v3.2.2
163 JDK-8216261 tools javap Javap ignores default modifier on interfaces
164 JDK-8217093 tools launcher Support extended-length paths in parse_manifest.c on Windows
165 JDK-8240629 tools launcher argfiles parsing broken for argfiles with comment cross 4096 bytes chunk
166 JDK-8221533 xml jaxp Incorrect copyright header in DurationDayTimeImpl.java, DurationYearMonthImpl.java and XMLStreamException.java
167 JDK-8242470 xml jaxp Update Xerces to Version 2.12.1