java

JDK 8u251 Release Notes

Java SE 8u251 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u251 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

Changes in Java SE 8u251 b36

Bug Fixes

BugId Component Subcomponent Summary
8244579 javafx web Windows "User Objects" leakage with WebView

Changes in Java SE 8u251 b35

Bug Fixes

BugId Component Subcomponent Summary
8242884 deploy plugin 8u241 32 bit SSV Helper causes long load time and page load on IE11
8151788 core-libs java.net NullPointerException from ntlm.Client.type3
8210147 core-libs java.net adjust some WSAGetLastError usages in windows network coding

Changes in Java SE 8u251 b34

Bug Fixes

BugId Component Subcomponent Summary
8241966 (Confidential) install Add Oracle copyright to modified Sparkle 1.23.0 files
8241965 (Confidential) install Update THIRD_PARTY_README for Sparkle 1.23.0
8241814 (Confidential) install auto_update [macos] 8u251b60 AU missing "Remind Me" button
8241410 (Confidential) infrastructure 8u251 b60 Mac notarized build is missing the ant-javafx.jar
8241399 (Confidential) client-libs java.awt jdk8 build broken on macOS 10.7 and sdk 10.8
8240780 infrastructure build[8u] update jprt.properties to add Xcode 10.1 / macOS 10.13 builds
8239919 hotspot [8u] enable parentheses-equality warnings in HotSpot
8239808 (Confidential) install auto_update Change URL In <cntry-lookup> Tag In mac-XXX-XX.xml
8239400 hotspot [8u] clean up delete-non-virtual-dtor warnings in HotSpot
8239223 hotspot [8u] enable Wparentheses warnings in HotSpot
8239112 hotspot [8u] clean up empty-body warnings in HotSpot
8239053 hotspot runtime [8u] clean up undefined-var-template warnings
8238852 (Confidential) install install [macos] AU to NEXTVER failed when AU from 8u251 to future
8238700 (Confidential) infrastructure build Signing reliability change not fully working on 8u
8238225 infrastructure build Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
8237820 infrastructure build remove clang version check for optimization bug workaround from 8u
8236971 javafx window-toolkit [macos] Gestures handled incorrectly due to missing events
8236956 (Confidential) security-libs javax.net.ssl Backport test lib files from JDK-8228967
8235687 infrastructure build Contents/MacOS/libjli.dylib cannot be a symlink
8232580 (Confidential) infrastructure build Sign Macosx binaries with hardened runtime enabled
8232087 (Confidential) security-libs org.ietf.jgss Migrate KDC from sca00jvo/burge0401/sca00kte/sca00lol/adc1140258/sca00joh to new OCI hosts
8231438 client-libs java.awt [macOS] Dark mode for the desktop is not supported
8231092 (Confidential) infrastructure build Implement Apple notarization support in the build
8230555 (Confidential) security-libs javax.net.ssl OCI migration on IIS
8226306 (Confidential) infrastructure build Improve signing reliability
8214046 client-libs java.awt [macosx] Undecorated Frame does not Iconify when set to
8213838 (Confidential) install Upgrade sparkle to 1.23.0
8202393 javafx media App Transport Security blocks http media on macOS with JDK build using new compilers
8200550 hotspot gc Xcode 9.3 produce warning -Wexpansion-to-defined
8196724 infrastructure build Change macosx deployment target to 10.9
8196538 (Confidential) infrastructure build Fix compilation errors when using Xcode 9.2/Macosx 10.13 in deploy and install
8181872 hotspot compiler C1: possible overflow when strength reducing integer multiply by constant
8152856 hotspot runtime Xcode 7.3 -Wshift-negative-value compile failure on Mac OS X
8141056 hotspot gc Erroneous assignment in HeapRegionSet.cpp
8060721 hotspot runtime Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
8043646 client-libs java.awt libosxapp.dylib fails to build on Mac OS 10.9 with clang
8030680 hotspot compiler 292 cleanup from default method code assessment
7188942 (Confidential) client-libs 2d Remove support of pbuffers in OGL Java2d pipeline

Changes in Java SE 8u251 b33

Bug Fixes

BugId Component Subcomponent Summary
8239444 (Confidential) security-libs java.security High contention java.security.Provider.getService()-JDK-7092821
7092821 security-libs java.security java.security.Provider.getService() is synchronized and became scalability bottleneck
8231387 security-libs java.security java.security.Provider.getService returns random result due to race condition with mutating methods in the same class
8228613 security-libs java.security java.security.Provider#getServices order is no longer deterministic
8239946 (Confidential) security-libs javax.crypto Update JarVerifier class with new signing cert details
8240439 (Confidential) core-libs java.net java.net.PlainDatagramSocketImpl.receive0 seems to fail for UDP traffic spontaneously

Changes in Java SE 8u251 b32

Bug Fixes

BugId Component Subcomponent Summary
8240694 javafx media [macos 10.15] JavaFX Media hangs on some video files on Catalina
8241629 javafx media Long startup delay playing media over https on Catalina
8176100 hotspot gc [REDO][REDO] G1 Needs pre barrier on dereference of weak JNI handles

Changes in Java SE 8u251 b31

Bug Fixes

BugId Component Subcomponent Summary
8231779 hotspot gc crash HeapWord*ParallelScavengeHeap::failed_mem_allocate

Java™ SE Development Kit 8, Update 251 (JDK 8u251)

April 14, 2020

The full version string for this update release is 1.8.0_251-b08 (where "b" means "build"). The version number is 8u251. This JDK 8 Update release implements JSR 337 Maintenance Release 3 (approved Feb 2020).

IANA Data 2019c

JDK 8u251 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u251 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_251-b08
7 1.7.0_261-b07

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u251) be used after the next critical patch update scheduled for July 14, 2020.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u251) on August 14, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

 

New Features

security-libs/javax.net.ssl
TLS Application-Layer Protocol Negotiation Extension
JEP 244 has enhanced the Java Secure Socket Extension (JSSE) to provide support for the TLS Application-Layer Protocol Negotiation (ALPN) Extension (RFC 7301). New methods have been added to the javax.net.ssl classes SSLEngine, SSLSocket, and SSLParameters to allow clients and servers to negotiate an application layer value as part of the TLS handshake.

This API change was required by JSR 337 MR 3.

See JDK-8051498

security-libs/javax.crypto
RSASSA-PSS Signature Support Added to SunMSCAPI
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.

See JDK-8205445

security-libs/java.security
Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
The SunRsaSign and SunJCE providers have been enhanced with support for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS signature and OAEP using FIPS 180-4 digest algorithms. New constructors and methods have been added to relevant JCA/JCE classes under the java.security.spec and javax.crypto.spec packages for supporting additional RSASSA-PSS parameters.

This API change was required by JSR 337 MR 3.

See JDK-8146293

 

Other notes

javafx/web
WebEngine Limits JavaScript Method Calls for Certain Classes
JavaScript programs that are run in the context of a web page loaded by WebEngine can communicate with Java objects passed from the application to the JavaScript program. JavaScript programs that reference java.lang.Class objects are now limited to the following methods:


     
getCanonicalName
getEnumConstants
getFields
getMethods
getName
getPackageName
getSimpleName
getSuperclass
getTypeName
getTypeParameters
isAssignableFrom
isArray
isEnum
isInstance
isInterface
isLocalClass
isMemberClass
isPrimitive
isSynthetic
toGenericString
toString

No methods can be called on the following classes:


  
java.lang.ClassLoader
java.lang.Module
java.lang.Runtime
java.lang.System

java.lang.invoke.*
java.lang.module.*
java.lang.reflect.*
java.security.*
sun.misc.*

JDK-8236798 (not public)

security-libs/javax.xml.crypto
New Oracle Specific JDK 8 Updates System Property to Fallback to Legacy Base64 Encoding Format
Oracle JDK 8u231 upgraded the Apache Santuario libraries to v2.1.3. This upgrade introduced an issue where XML signature using Base64 encoding resulted in appending &#xd or &#13 to the encoded output. This behavioral change was made in the Apache Santuario codebase to comply with RFC 2045. The Santuario team has adopted a position of keeping their libraries compliant with RFC 2045.

Oracle JDK 8u221 using the legacy encoder returns encoded data in a format without &#xd or &#13.

Therefore, a new Oracle JDK 8 Updates only system property, - com.sun.org.apache.xml.internal.security.lineFeedOnly, is made available to fall back to legacy Base64 encoded format.

Users can set this flag in one of two ways:

  1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
  2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")

This new system property is disabled by default. It has no effect on default behavior nor when com.sun.org.apache.xml.internal.security.ignoreLineBreaks property is set.

Later JDK family versions might only support the recommended property: com.sun.org.apache.xml.internal.security.ignoreLineBreaks

See JDK-8236645

 

security-libs/javax.crypto
Support for MS Cryptography Next Generation (CNG)
The SunMSCAPI provider now supports reading private keys in Cryptography Next Generation (CNG) format. This means that RSA and EC keys in CNG format are loadable from Windows keystores, such as "Windows-MY". Signature algorithms related to EC (SHA1withECDSA, SHA256withECDSA, etc.) are also supported.

See JDK-8026953

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8232154 client-libs 2d Update Mesa 3-D Headers to version 19.2.1
2 JDK-8214578 client-libs java.awt [macos] Problem with backslashes on macOS/JIS keyboard: Java ignores system settings
3 JDK-8230597 client-libs java.awt Update GIFlib library to the 5.2.1
4 JDK-8230926 client-libs java.awt [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
5 JDK-4949105 client-libs javax.accessibility Access Bridge lacks html tags parsing
6 JDK-8223158 client-libs javax.swing Docked MacBook cannot start any Java Swing applications
7 JDK-8224475 client-libs javax.swing JTextPane does not show images in HTML rendering
8 JDK-8226892 client-libs javax.swing ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
9 JDK-8230235 client-libs javax.swing Rendering HTML with empty img attribute and documentBaseKey cause Exception
10 JDK-8235744 client-libs javax.swing PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
11 JDK-8229022 core-libs java.io BufferedReader performance can be improved by using StringBuilder
12 JDK-6996807 core-libs java.io:serialization FieldReflectorKey hash code computation can be improved
13 JDK-8067796 core-libs java.lang (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
14 JDK-8208715 core-libs java.lang Conversion of milliseconds to nanoseconds in UNIXProcess contains bug.
15 JDK-8051853 core-libs java.net new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
16 JDK-8230856 core-libs java.net Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
17 JDK-8233022 core-libs java.net [test] backout accidental change to SetLoopbackMode.java
18 JDK-8232003 core-libs java.nio (fs) Files.write can leak file descriptor in the exception case
19 JDK-8237368 core-libs java.rmi Problem with NullPointerException in RMI TCPEndpoint.read
20 JDK-8227127 core-libs java.text Era designator not displayed correctly using the COMPAT provider
21 JDK-8234466 core-libs java.util.jar Class loading deadlock involving X509Factory#commitEvent()
22 JDK-8066652 core-libs java.util:i18n Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
23 JDK-8225435 core-libs java.util:i18n Upgrade IANA Language Subtag Registry to the latest for JDK14
24 JDK-8033215 hotspot compiler clang: node.cpp:284 IDX_INIT macro use uninitialized field _out
25 JDK-8146792 hotspot compiler Predicate moved after partial peel may lead to broken graph
26 JDK-8231988 hotspot compiler Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop
27 JDK-8222122 hotspot jfr Provision to disable XML validation in .jfc file in JFR
28 JDK-8215355 hotspot runtime Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
29 JDK-8229345 hotspot runtime Memory leak due to vtable stubs not being shared on SPARC
30 JDK-8146293 security-libs java.security Add support for RSASSA-PSS Signature algorithm
31 JDK-8175029 security-libs java.security StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
32 JDK-8206171 security-libs java.security Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized
33 JDK-8214096 security-libs java.security sun.security.util.SignatureUtil passes null parameter, so JCE validation fails
34 JDK-8215694 security-libs java.security keytool cannot generate RSASSA-PSS certificates
35 JDK-8225180 security-libs java.security SignedObject with invalid Key not throwing the InvalidKeyException in Windows
36 JDK-8225745 security-libs java.security NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
37 JDK-8236470 security-libs java.security Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
38 JDK-8193262 security-libs javax.crypto JNI array not released in libsunmscapi convertToLittleEndian
39 JDK-8205445 security-libs javax.crypto Add RSASSA-PSS Signature support to SunMSCAPI
40 JDK-8221407 security-libs javax.crypto Windows 32bit build error in libsunmscapi/security.cpp
41 JDK-8223003 security-libs javax.crypto SunMSCAPI keys are not cleaned up
42 JDK-8145849 security-libs javax.net.ssl ALPN: getHandshakeApplicationProtocol() always return null
43 JDK-8158978 security-libs javax.net.ssl ALPN not working when values are set directly on a SSLServerSocket
44 JDK-8170282 security-libs javax.net.ssl Enable ALPN parameters to be supplied during the TLS handshake
45 JDK-8171443 security-libs javax.net.ssl (spec) An ALPN callback function may also ignore ALPN
46 JDK-8216039 security-libs javax.net.ssl TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
47 JDK-8236645 security-libs javax.xml.crypto JDK 8u231 introduces a regression with incompatible handling of XML messages
48 JDK-8207760 xml javax.xml.transform SAXException: Invalid UTF-16 surrogate detected: d83c ?
49 JDK-8046274 xml jaxp Removing dependency on jakarta-regexp
50 JDK-8163121 xml jaxp BCEL: update to the latest 6.0 release
51 JDK-8233548 xml jaxp Update CUP to v0.11b