java

JDK 8u181 Release Notes

Java SE 8u181 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u181 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.

To determine the version of your JDK software, use the following command:

java -version

Changes in Java SE 8u181 b37

Bug Fixes

BugId Component Subcomponent Summary
8211107 core-libs javax.naming LDAPS communication failure with jdk 1.8.0_181

Changes in Java SE 8u181 b36

Bug Fixes

BugId Component Subcomponent Summary
8204513
(Confidential)
deploy deployment_toolkit Context lost after resizing the browser window in applet with Forms

Changes in Java SE 8u181 b35

Bug Fixes

BugId Component Subcomponent Summary
8201818 client-libs 2d [macosx] Printing attributes break page size set via "java.awt.print.Book" object

Changes in Java SE 8u181 b34

Bug Fixes

BugId Component Subcomponent Summary
8208583 security-libs javax.crypto Better management of internal KeyStore buffers
8209129 security-libs javax.crypto Further improvements to cipher buffer management
8207775 security-libs javax.crypto Better management of CipherCore buffers

Changes in Java SE 8u181 b33

Bug Fixes

BugId Component Subcomponent Summary
8202696 client-libs javax.swing Remove exclusion range for phonetic chars in windows fontconfig.properties
8206242
(Confidential)
deploy webstart Java Web Start checks "user.dir" read permission when opening http connection

Changes in Java SE 8u181 b32

Please note that fixes from the prior BPR (8u172 b37) are included in this version.

Bug Fixes

BugId Component Subcomponent Summary
8195095 client-libs javax.swing Images are not scaled correctly in JEditorPane

Java™ SE Development Kit 8, Update 181 (JDK 8u181)

July 17, 2018

The full version string for this update release is 1.8.0_181-b13 (where "b" means "build"). The version number is 8u181.

IANA Data 2018e

JDK 8u181 contains IANA time zone data version 2018e. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u181 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_181-b13
7 1.7.0_191-b08
6 1.6.0_201-b07

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u181) will expire with the release of the next critical patch update scheduled for October 16, 2018.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u181) on November 16, 2018. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

Removed Features and Options

other-libs/javadb

 Removal of Java DB 

Java DB, also known as Apache Derby, has been removed in this release.

We recommend that you obtain the latest Apache Derby directly from the Apache project at:

https://db.apache.org/derby

JDK-8197871 (not public)

Changes

core-libs/javax.naming

 Improve LDAP support

Endpoint identification has been enabled on LDAPS connections.

To improve the robustness of LDAPS (secure LDAP over TLS) connections, endpoint identification algorithms have been enabled by default.

Note that there may be situations where some applications that were previously able to successfully connect to an LDAPS server may no longer be able to do so. Such applications may, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification.

Define this system property (or set it to true) to disable endpoint identification algorithms.

JDK-8200666 (not public)

core-libs/java.io:serialization

 Better stack walking

New access checks have been added during the object creation phase of deserialization. This should not affect ordinary uses of deserialization. However, reflective frameworks that make use of JDK-internal APIs may be impacted. The new checks can be disabled if necessary by setting the system property jdk.disableSerialConstructorChecks to the value "true". This must be done by adding the argument -Djdk.disableSerialConstructorChecks=true to the Java command line.

JDK-8197925 (not public)

Bug Fixes

The following are some of the notable bug fixes included in this release:

core-svc/debugger

 Unable to use the JDWP API in JDK 8 to debug JDK >=9

The implementation of VirtualMachineImpl.canGetInstanceInfo() has been corrected, so it is now able to see JDK JVMs >= JDK 9.

This correction allows certain debugger agents to operate correctly without any action required from a user (developer).

See JDK-8197943

hotspot/gc

 JVM Crash during G1 GC 

A klass that has been considered unreachable by the concurrent marking of G1, can be looked up in the ClassLoaderData/SystemDictionary, and its _java_mirror or _class_loader fields can be stored in a root or any other reachable object making it alive again. Whenever a klass is resurrected in this manner, the SATB part of G1 needs to be notified about this, otherwise, the concurrent marking remark phase will erroneously unload that klass.

In this particular crash, while G1 was doing concurrent marking and had prepared its list of unreachable classes, JVMTI on a Java thread could traverse classes in the CLD and store thread-local JNIHandles for the java_mirror of the loaded classes. G1 did not have knowledge of these thread-local JNIHandles, and in the remark phase, it unloaded the classes per its prior knowledge of unreachable classes. When these JNIHandles were later scanned, it lead to a crash.

This fix for JDK-8187577 informs G1's SATB that a klass has been resurrected and it should not be unloaded.

See JDK-8187577

hotspot/gc

 Better stability with older NUMA libraries (-XX+UseNuma) 

A fix included in JDK 8 Update 152 introduced a regression that might cause the HotSpot JVM to crash during startup when the UseNUMA flag is used on Linux systems with versions of libnuma older than 2.0.9. This issue has been resolved.

See JDK-8198794

 

Bug Fix List

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8201433 client-libs 2d Fix potential crash in BufImg_SetupICM
2 JDK-8198605 client-libs java.awt Touch keyboard is shown for a non-focusable text component
3 JDK-8198606 client-libs java.awt Touch keyboard does not hide, when a text component looses focus
4 JDK-8199748 client-libs java.awt Touch keyboard is not shown, if text component gets focus from other text component
5 JDK-8187635 client-libs java.awt On Windows Swing changes keyboard layout on a window activation
6 JDK-8203368 core-libs java.io:serialization ObjectInputStream filterCheck method throws NullPointerException
7 JDK-8202996 core-libs java.rmi Remove debug print statements from RMI fix
8 JDK-8197943 core-svc debugger Unable to use JDWP API in JDK 8 to debug JDK 9 VM
9 JDK-8194690 deploy   JRE bundled in App-V package will not start Java Web Start applications
10 JDK-8190689 deploy plugin Java incorrectly requires "HttpOnly" cookie attribute to be case sensitive
11 JDK-8201133 deploy webstart Security check failure for main jar downlaod with jnlp.versionEnabled and Deployment Rule Set feature
12 JDK-8189783 deploy webstart Java Web Start application with file extension association is removed from cache when invoked for the second time from browser
13 JDK-8187223 deploy webstart Long JNLP file is not parsed correctly and ends with javaws path
14 JDK-8199304 deploy webstart javaws.exe failed to launch UTF-8 encoded JNLP file
15 JDK-8038636 hotspot compiler speculative traps break when classes are redefined
16 JDK-8156137 hotspot compiler SIGSEGV in ReceiverTypeData::clean_weak_klass_links
17 JDK-8188223 hotspot compiler IfNode::range_check_trap_proj() should handle dying subgraph with single if proj
18 JDK-8169201 hotspot compiler Montgomery multiply intrinsic should use correct name
19 JDK-8187577 hotspot gc JVM crash during gc doing concurrent marking
20 JDK-8199406 hotspot gc Performance drop with Java JDK 1.8.0_162-b32
21 JDK-8055008 hotspot jvmti Clean up code that saves the previous versions of redefined classes
22 JDK-8057570 hotspot jvmti RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid
23 JDK-8198794 hotspot runtime Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3
24 JDK-8078628 hotspot runtime linux-zero does not build without precompiled header
25 JDK-8202065 install install jre/bin/javaw.exe is missing from server-jre for windows since 8u171
26 JDK-8199650 install install JDK installation uninstalls public JRE
27 JDK-8200418 javafx web webPage.executeCommand("removeFormat", null) removes the style of the body element
28 JDK-8196011 javafx web Intermittent crash when using WebView from JFXPanel application
29 JDK-8076117 security-libs java.security EndEntityChecker should not process custom extensions after PKIX validation
30 JDK-8170035 security-libs javax.net.ssl When determining the ciphersuite lists there is no debug output for disabled suites.
31 JDK-8074373 tools launcher NMT is not enabled if NMT option is specified after class path specifiers
32 JDK-8196491 xml jax-ws Newlines in JAXB string values of SOAP-requests are escaped to " "