JDK 8u221 Release Notes

Java SE 8u221 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u221 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

Changes in Java SE 8u221 b36

Bug Fixes

BugId Component Subcomponent Summary
8221246 client-libs java.awt NullPointerException within Win32ShellFolder2

Changes in Java SE 8u221 b35

Bug Fixes

BugId Component Subcomponent Summary
8080157 hotspot compiler assert(allocates2(pc)) failed: not in CodeBuffer memory
8130341 hotspot compiler GHASH 32bit intrinsics has AEADBadTagException
8073108 security-libs javax.crypto Use x86 and SPARC CPU instructions for GHASH acceleration
8048556 hotspot gc Unnecessary GCLocker-initiated young GCs

Changes in Java SE 8u221 b34

Bug Fixes

BugId Component Subcomponent Summary
xml jaxp Problems when validating XML with STax

Changes in Java SE 8u221 b33

Bug Fixes

BugId Component Subcomponent Summary
8226543 security-libs javax.crypto Reduce GC pressure during message digest calculations in password-based encryption
8139965 core-libs javax.naming Hang seen when using
deploy packager Need javapackager to work with Inno Setup 6.x
core-libs javax.naming com/sun/jndi/ldap/privconn/ failed due to hang in LdapRequest.getReplyBer

Changes in Java SE 8u221 b32

Please note that fixes from prior BPR are included in this version.

Bug Fixes

BugId Component Subcomponent Summary
8219914 client-libs   Change the environment variable for Java Access Bridge logging to have a directory
8196681 client-libs javax.accessibility Java Access Bridge logging and debug flags dynamically controlled

Java™ SE Development Kit 8, Update 221 (JDK 8u221)

July 16, 2019

The full version string for this update release is 1.8.0_221-b11 (where "b" means "build"). The version number is 8u221.

IANA Data 2018i

JDK 8u221 contains IANA time zone data version 2018i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u221 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_221-b11
7 1.7.0_231-b08

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u221) will expire with the release of the next critical patch update scheduled for October 15, 2019.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u221) on November 15, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features


HotSpot Windows OS Detection Correctly Identifies Windows Server 2019

Prior to this fix, Windows Server 2019 was recognized as "Windows Server 2016", which produced incorrect values in the system property and the hs_err_pid file.

See JDK-8211106

Removed Features and Options


Removal of Two DocuSign Root CA Certificates

Two DocuSign root CA certificates are expired and have been removed from the cacerts keystore:

  • alias name "certplusclass2primaryca [jdk]"

    Distinguished Name: CN=Class 2 Primary CA, O=Certplus, C=FR

  • alias name "certplusclass3pprimaryca [jdk]"

    Distinguished Name: CN=Class 3P Primary CA, O=Certplus, C=FR

See JDK-8223499


Removal of Two Comodo Root CA Certificates

Two Comodo root CA certificates are expired and have been removed from the cacerts keystore:

  • alias name "utnuserfirstclientauthemailca [jdk]"

    Distinguished Name: CN=UTN-USERFirst-Client Authentication and Email, OU=, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  • alias name "utnuserfirsthardwareca [jdk]"

    Distinguished Name: CN=UTN-USERFirst-Hardware, OU=, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

See JDK-8222136


Removal of T-Systems Deutsche Telekom Root CA 2 Certificate

The T-Systems Deutsche Telekom Root CA 2 certificate is expired and has been removed from the cacerts keystore:

  • alias name "deutschetelekomrootca2 [jdk]"

    Distinguished Name: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

See JDK-8222137

Other notes


Java Access Bridge Installation Workaround

There is a risk of breaking Java Access Bridge functionality when installing Java on a Windows system that has both a previously installed version of Java and an instance of JAWS running. After rebooting, the system can be left without the WindowsAccessBridge-64.dll in either the system directory (C:\Windows\System32) for 64bit Java products or the system directory used by WOW64 (C:\Windows\SysWoW64) for 32bit Java products.

To prevent breaking Java Access Bridge functionality, use one of the following workarounds:

  • Stop JAWS before running the Java installer.
  • Uninstall the existing JRE(s) before installing the new version of Java.
  • Uninstall the existing JRE(s) after the new version of Java is installed and the machine is rebooted.

The goal of the workarounds is to avoid the scenario of uninstalling existing JRE(s) from Java installer when JAWS is running.

JDK-8223293 (not public)


System Property to Switch Between Implementations of ECC

A new boolean system property,, has been introduced that enables switching between implementations of ECC.

When the system property,, is set to "true" (the value is case-insensitive) the JDK uses the old, native implementation of ECC. If the option is set to an empty string, it is treated as if it were set to "true". This makes it possible to specify in the command line.

If the option is explicitly set to "false", the provider decides which implementation of ECC is used.

The default value of the option is "true". Note that the default value might change in a future update release of the JDK.

JDK-8217763 (not public)


Missing Glyphs in AWT/Swing Components Due to Lack of CJK TrueType Fonts in RHEL 8

Red Hat Enterprise Linux 8 no longer includes packages which provided TrueType fonts used by JDK for CJK (Chinese, Japanese, and Korean) languages.

Text display for those languages will therefore result in missing glyphs.

See JDK-8209672 for a resolution to this issue.

See JDK-8230150

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8214252 client-libs   Expanded & Collapsed nodes of a JTree look the same on GTK3
2 JDK-8153732 client-libs 2d Windows remote printer changes do not reflect in lookupPrintServices()
3 JDK-8212202 client-libs 2d [Windows] Exception if no printers are installed.
4 JDK-8218020 client-libs 2d Fix version number in 3rd party legal file
5 JDK-8215210 client-libs 2d [macos] Hangul text does not shape to the precomposed form on JDK8u
6 JDK-8218605 client-libs 2d Startup Splash Screen of SwingSet2 flashes in smaller coordinates before appearing in the final size
7 JDK-8214765 client-libs java.awt All TrayIcon MessageType icons does not show up with gtk3 option set
8 JDK-8204142 client-libs java.awt AWT hang occurs when sequenced events arrive out of sequence in multiple AppContexts.
9 JDK-8210886 client-libs java.awt Remove references in to non-existent files.
10 JDK-8214109 client-libs java.awt XToolkit is not correctly displayed color on 16-bit high color setting
11 JDK-8213183 client-libs java.awt:i18n InputMethod cannot be used after its restarting
12 JDK-8214253 client-libs javax.swing Tooltip is transparent rather than having a black background
13 JDK-8214112 client-libs javax.swing The whole text in target JPasswordField image are not selected.
14 JDK-8214111 client-libs javax.swing There is no icon in all JOptionPane target image
15 JDK-8220349 client-libs javax.swing The fix done for JDK-8214253 have caused issues in JTree behaviour
16 JDK-8218674 client-libs javax.swing HTML Tooltip with "img src=" on component doesn't show
17 JDK-8196775 core-libs java/net/Socket/asyncClose/ failed intermittently on Windows with ConnectException: Connection refused
18 JDK-8044047 core-libs Missing null pointer checks for streams
19 JDK-8213294 core-libs java.util:i18n Upgrade IANA LSR data
20 JDK-8040211 core-libs java.util:i18n Update LSR datafile for BCP 47
21 JDK-8191404 core-libs java.util:i18n Upgrading JDK with latest available LSR data from IANA.
22 JDK-8203872 core-libs java.util:i18n Upgrading JDK with latest available LSR data from IANA.
23 JDK-8214935 core-libs java.util:i18n Upgrade IANA LSR data
24 JDK-8218781 core-libs java.util:i18n Localized names for Japanese Era Reiwa in COMPAT provider
25 JDK-8209775 core-libs java.util:i18n ISO 4217 Amendment #169 Update
26 JDK-8210153 core-libs java.util:i18n localized currency symbol of VES
27 JDK-8209951 hotspot compiler Problematic sparc intrinsic: com.sun.crypto.provider.CipherBlockChaining
28 JDK-8211106 hotspot runtime [windows] Update OS detection code to recognize Windows Server 2019
29 JDK-8134030 hotspot svc test/serviceability/dcmd/gc/HeapDumpTest fails to verify the dump
30 JDK-8202884 hotspot svc-agent SA: Attach/detach might fail on Linux if debugee application create/destroy threads during attaching
31 JDK-8222812 install install java usage unit tests are failing
32 JDK-8212742 install uninstall More information link at Java Uninstall tool for MAC point to Windows page instructions
33 JDK-8215686 javafx build FX build fails using gradle 5
34 JDK-8217942 javafx build Upgrade to libxslt 1.1.33
35 JDK-8219008 javafx graphics Update OpenGL Headers to version 4.6
36 JDK-8204060 javafx graphics [Canvas] Add API in GraphicsContext to control image smoothing
37 JDK-8215894 javafx media Provide media support for libav version 58
38 JDK-8133841 javafx media Full HD video can not be played on standard 1080p screen in portrait mode
39 JDK-8222217 javafx media FX build fails on 32-bit Windows after fix for JDK-8133841
40 JDK-8218174 javafx other Add missing license file for Mesa header files
41 JDK-8222883 javafx samples Ensemble: Update version of Lucene to 7.7.1
42 JDK-8219734 javafx web [WebView] Get rid of macOS SDK private API usage
43 JDK-8215775 javafx web Scrollbars from web pages appear to be absolute, overlapping everything
44 JDK-8220147 javafx web Cherry pick GTK WebKit 2.22.7 changes
45 JDK-8219917 javafx web [WebView] Sub-resource integrity check fails on Windows and Linux
46 JDK-8151225 security-libs Mark as intermittently failing
47 JDK-8222137 security-libs Remove T-Systems root CA certificate
48 JDK-8223499 security-libs Remove two DocuSign root certificates that are expiring
49 JDK-8222136 security-libs Remove two Comodo root CA certificates that are expiring
50 JDK-8181594 security-libs javax.crypto Efficient and constant-time modular arithmetic
51 JDK-8203228 security-libs javax.crypto Branch-free output conversion for X25519 and X448
52 JDK-8201317 security-libs javax.crypto X25519/X448 code improvements
53 JDK-8208648 security-libs javax.crypto ECC Field Arithmetic Enhancements
54 JDK-8204909 security-libs javax.crypto Improved ECC Implementation
55 JDK-8193830 xml jaxp Xalan Update: Xalan Java 2.7.2