The following sections summarize changes made in all Java SE 8u221 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8221246 | client-libs | java.awt | NullPointerException within Win32ShellFolder2 |
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8080157 | hotspot | compiler | assert(allocates2(pc)) failed: not in CodeBuffer memory |
8130341 | hotspot | compiler | GHASH 32bit intrinsics has AEADBadTagException |
8073108 | security-libs | javax.crypto | Use x86 and SPARC CPU instructions for GHASH acceleration |
8048556 | hotspot | gc | Unnecessary GCLocker-initiated young GCs |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8226895 (Confidential) |
xml | jaxp | Problems when validating XML with STax |
Bug Fixes
BugId | Component | Subcomponent | Summary |
---|---|---|---|
8226543 | security-libs | javax.crypto | Reduce GC pressure during message digest calculations in password-based encryption |
8139965 | core-libs | javax.naming | Hang seen when using com.sun.jndi.ldap.search.replyQueueSize |
8225615 (Confidential) |
deploy | packager | Need javapackager to work with Inno Setup 6.x |
8223727 (Confidential) |
core-libs | javax.naming | com/sun/jndi/ldap/privconn/RunTest.java failed due to hang in LdapRequest.getReplyBer |
Please note that fixes from prior BPR are included in this version.
July 16, 2019
The full version string for this update release is 1.8.0_221-b11 (where "b" means "build"). The version number is 8u221.
JDK 8u221 contains IANA time zone data version 2018i. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u221 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 1.8.0_221-b11 |
7 | 1.7.0_231-b08 |
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JRE (version 8u221) will expire with the release of the next critical patch update scheduled for October 15, 2019.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u221) on November 15, 2019. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
hotspot/runtime
HotSpot Windows OS Detection Correctly Identifies Windows Server 2019
Prior to this fix, Windows Server 2019 was recognized as "Windows Server 2016", which produced incorrect values in the os.name
system property and the hs_err_pid
file.
See JDK-8211106
security-libs/java.security
Removal of Two DocuSign Root CA Certificates
Two DocuSign root CA certificates are expired and have been removed from the cacerts
keystore:
Distinguished Name: CN=Class 2 Primary CA, O=Certplus, C=FR
Distinguished Name: CN=Class 3P Primary CA, O=Certplus, C=FR
See JDK-8223499
security-libs/java.security
Removal of Two Comodo Root CA Certificates
Two Comodo root CA certificates are expired and have been removed from the cacerts
keystore:
Distinguished Name: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Distinguished Name: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
See JDK-8222136
security-libs/java.security
Removal of T-Systems Deutsche Telekom Root CA 2 Certificate
The T-Systems Deutsche Telekom Root CA 2 certificate is expired and has been removed from the cacerts
keystore:
Distinguished Name: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
See JDK-8222137
install
Java Access Bridge Installation Workaround
There is a risk of breaking Java Access Bridge functionality when installing Java on a Windows system that has both a previously installed version of Java and an instance of JAWS running. After rebooting, the system can be left without the WindowsAccessBridge-64.dll
in either the system directory (C:\Windows\System32
) for 64bit Java products or the system directory used by WOW64 (C:\Windows\SysWoW64
) for 32bit Java products.
To prevent breaking Java Access Bridge functionality, use one of the following workarounds:
The goal of the workarounds is to avoid the scenario of uninstalling existing JRE(s) from Java installer when JAWS is running.
JDK-8223293 (not public)
security-libs/javax.crypto
System Property to Switch Between Implementations of ECC
A new boolean system property, jdk.security.useLegacyECC
, has been introduced that enables switching between implementations of ECC.
When the system property, jdk.security.useLegacyECC
, is set to "true" (the value is case-insensitive) the JDK uses the old, native implementation of ECC. If the option is set to an empty string, it is treated as if it were set to "true". This makes it possible to specify -Djdk.security.useLegacyECC
in the command line.
If the option is explicitly set to "false", the provider decides which implementation of ECC is used.
The default value of the option is "true". Note that the default value might change in a future update release of the JDK.
JDK-8217763 (not public)
client-libs/2d
Missing Glyphs in AWT/Swing Components Due to Lack of CJK TrueType Fonts in RHEL 8
Red Hat Enterprise Linux 8 no longer includes packages which provided TrueType fonts used by JDK for CJK (Chinese, Japanese, and Korean) languages.
Text display for those languages will therefore result in missing glyphs.
See JDK-8209672 for a resolution to this issue.
See JDK-8230150
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8214252 | client-libs | Expanded & Collapsed nodes of a JTree look the same on GTK3 | |
2 | JDK-8153732 | client-libs | 2d | Windows remote printer changes do not reflect in lookupPrintServices() |
3 | JDK-8212202 | client-libs | 2d | [Windows] Exception if no printers are installed. |
4 | JDK-8218020 | client-libs | 2d | Fix version number in mesa.md 3rd party legal file |
5 | JDK-8215210 | client-libs | 2d | [macos] Hangul text does not shape to the precomposed form on JDK8u |
6 | JDK-8218605 | client-libs | 2d | Startup Splash Screen of SwingSet2 flashes in smaller coordinates before appearing in the final size |
7 | JDK-8214765 | client-libs | java.awt | All TrayIcon MessageType icons does not show up with gtk3 option set |
8 | JDK-8204142 | client-libs | java.awt | AWT hang occurs when sequenced events arrive out of sequence in multiple AppContexts. |
9 | JDK-8210886 | client-libs | java.awt | Remove references in xwindows.md to non-existent files. |
10 | JDK-8214109 | client-libs | java.awt | XToolkit is not correctly displayed color on 16-bit high color setting |
11 | JDK-8213183 | client-libs | java.awt:i18n | InputMethod cannot be used after its restarting |
12 | JDK-8214253 | client-libs | javax.swing | Tooltip is transparent rather than having a black background |
13 | JDK-8214112 | client-libs | javax.swing | The whole text in target JPasswordField image are not selected. |
14 | JDK-8214111 | client-libs | javax.swing | There is no icon in all JOptionPane target image |
15 | JDK-8220349 | client-libs | javax.swing | The fix done for JDK-8214253 have caused issues in JTree behaviour |
16 | JDK-8218674 | client-libs | javax.swing | HTML Tooltip with "img src=" on component doesn't show |
17 | JDK-8196775 | core-libs | java.net | java/net/Socket/asyncClose/Race.java failed intermittently on Windows with ConnectException: Connection refused |
18 | JDK-8044047 | core-libs | java.util.stream | Missing null pointer checks for streams |
19 | JDK-8213294 | core-libs | java.util:i18n | Upgrade IANA LSR data |
20 | JDK-8040211 | core-libs | java.util:i18n | Update LSR datafile for BCP 47 |
21 | JDK-8191404 | core-libs | java.util:i18n | Upgrading JDK with latest available LSR data from IANA. |
22 | JDK-8203872 | core-libs | java.util:i18n | Upgrading JDK with latest available LSR data from IANA. |
23 | JDK-8214935 | core-libs | java.util:i18n | Upgrade IANA LSR data |
24 | JDK-8218781 | core-libs | java.util:i18n | Localized names for Japanese Era Reiwa in COMPAT provider |
25 | JDK-8209775 | core-libs | java.util:i18n | ISO 4217 Amendment #169 Update |
26 | JDK-8210153 | core-libs | java.util:i18n | localized currency symbol of VES |
27 | JDK-8209951 | hotspot | compiler | Problematic sparc intrinsic: com.sun.crypto.provider.CipherBlockChaining |
28 | JDK-8211106 | hotspot | runtime | [windows] Update OS detection code to recognize Windows Server 2019 |
29 | JDK-8134030 | hotspot | svc | test/serviceability/dcmd/gc/HeapDumpTest fails to verify the dump |
30 | JDK-8202884 | hotspot | svc-agent | SA: Attach/detach might fail on Linux if debugee application create/destroy threads during attaching |
31 | JDK-8222812 | install | install | java usage unit tests are failing |
32 | JDK-8212742 | install | uninstall | More information link at Java Uninstall tool for MAC point to Windows page instructions |
33 | JDK-8215686 | javafx | build | FX build fails using gradle 5 |
34 | JDK-8217942 | javafx | build | Upgrade to libxslt 1.1.33 |
35 | JDK-8219008 | javafx | graphics | Update OpenGL Headers to version 4.6 |
36 | JDK-8204060 | javafx | graphics | [Canvas] Add API in GraphicsContext to control image smoothing |
37 | JDK-8215894 | javafx | media | Provide media support for libav version 58 |
38 | JDK-8133841 | javafx | media | Full HD video can not be played on standard 1080p screen in portrait mode |
39 | JDK-8222217 | javafx | media | FX build fails on 32-bit Windows after fix for JDK-8133841 |
40 | JDK-8218174 | javafx | other | Add missing license file for Mesa header files |
41 | JDK-8222883 | javafx | samples | Ensemble: Update version of Lucene to 7.7.1 |
42 | JDK-8219734 | javafx | web | [WebView] Get rid of macOS SDK private API usage |
43 | JDK-8215775 | javafx | web | Scrollbars from web pages appear to be absolute, overlapping everything |
44 | JDK-8220147 | javafx | web | Cherry pick GTK WebKit 2.22.7 changes |
45 | JDK-8219917 | javafx | web | [WebView] Sub-resource integrity check fails on Windows and Linux |
46 | JDK-8151225 | security-libs | java.security | Mark SpecTest.java as intermittently failing |
47 | JDK-8222137 | security-libs | java.security | Remove T-Systems root CA certificate |
48 | JDK-8223499 | security-libs | java.security | Remove two DocuSign root certificates that are expiring |
49 | JDK-8222136 | security-libs | java.security | Remove two Comodo root CA certificates that are expiring |
50 | JDK-8181594 | security-libs | javax.crypto | Efficient and constant-time modular arithmetic |
51 | JDK-8203228 | security-libs | javax.crypto | Branch-free output conversion for X25519 and X448 |
52 | JDK-8201317 | security-libs | javax.crypto | X25519/X448 code improvements |
53 | JDK-8208648 | security-libs | javax.crypto | ECC Field Arithmetic Enhancements |
54 | JDK-8204909 | security-libs | javax.crypto | Improved ECC Implementation |
55 | JDK-8193830 | xml | jaxp | Xalan Update: Xalan Java 2.7.2 |