JDK 8u281 Release Notes

Java SE 8u281 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u281 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.


Changes in Java SE 8u281 b35

Bug Fixes

BugId Component Subcomponent Summary
JDK-8204568 javafx controls Relative CSS-Attributes don't work all time
JDK-8262829 client-libs 2d Native crash in Win32PrintServiceLookup.getAllPrinterNames()
JDK-8262940 (Confidential) install [macOS] Java Webstart protocol schemes not registered by JRE installer on macOS
JDK-8247707 deploy plugin UAC prompt of unknown publisher after upgrading java 8u241
JDK-8263575 (Confidential) install install Conflict between JDK rpms and OL8 Modularity prevents dnf install/updates
JDK-8263842 (Confidential) install install Clean up "Provides" tag of OracleJDK/JRE rpms


Changes in Java SE 8u281 b34

Bug Fixes

BugId Component Subcomponent Summary
JDK-8261970 xml reutilization of,produces unexpected result in 8u271


Changes in Java SE 8u281 b33

Bug Fixes

BugId Component Subcomponent Summary
JDK-8259680 javafx scenegraph Need API to query states of CAPS LOCK and NUM LOCK keys
JDK-8258803 xml WLS/Tuxedo error in encoding post JDK upgrade
JDK-8261209 xml jaxp isStandalone property: remove dependency on pretty-print
JDK-8249867 xml jaxp xml declaration is not followed by a newline


Changes in Java SE 8u281 b32

Bug Fixes

BugId Component Subcomponent Summary
JDK-8259048 core-libs java.time (tz) Upgrade time-zone data to tzdata2020f
JDK-8259215 install install default java version is not updated for double click jar execution


Changes in Java SE 8u281 b31

Bug Fixes

BugId Component Subcomponent Summary
JDK-8256925 (Confidential) security-libs Regression with JDK-8236464 in Oracle 8u271
JDK-8256818 security-libs SSLSocket that is never bound or connected leaks socket resources
JDK-8257670 security-libs sun/security/ssl/SSLSocketImpl/ reports leaks
JDK-8257884 security-libs Re-enable sun/security/ssl/SSLSocketImpl/ as automatic test
JDK-8257997 security-libs sun/security/ssl/SSLSocketImpl/ again reports leaks after JDK-8257884
JDK-8256004 (Confidential) deploy plugin DRS: Can not run applet in DRS with java 6 after 8u261 upgrade
JDK-8258373 client-libs javax.swing Update the text handling in the JPasswordField
JDK-8253368 security-libs TLS connection always receives close_notify exception

Java™ SE Development Kit 8, Update 281 (JDK 8u281)

January 19, 2021

The full version string for this update release is 1.8.0_281-b09 (where "b" means "build"). The version number is 8u281.

IANA Data 2020d

JDK 8u281 contains IANA time zone data version 2020d. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u281 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_281-b09
7 1.7.0_291-b09

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u281) be used after the next critical patch update scheduled for April 20, 2021.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u281) on May 15, 2021. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features

 -groupname Option Added to keytool Key Pair Generation

A new -groupname option has been added to keytool -genkeypair so that a user can specify a named group when generating a key pair. For example, keytool -genkeypair -keyalg EC -groupname secp384r1 will generate an EC key pair by using the secp384r1 curve. Because there might be multiple curves with the same size, using the -groupname option is preferred over the -keysize option.

See JDK-8213400

 Apache Santuario Library Updated to Version 2.1.4

The Apache Santuario library has been upgraded to version 2.1.4. As a result, a new system property has been introduced.

This new system property sets the pool size of the internal DocumentBuilder cache used when processing XML Signatures. The function is equivalent to the system property used in Apache Santuario and has the same default value of 20.

See JDK-8231507

 Support for certificate_authorities Extension

The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.

With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.

Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.

Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.

See JDK-8206925

Other Notes


 Disk Access From Java Control Panel on macOS

Starting from macOS Catalina 10.15, applications do not have access to the Desktop, Documents and Downloads folders. So, if you use JavaControlPanel app to access files at the locations specified above, (such as load certificates from the Downloads folder) you must either move the files to another location or grant the required permissions to the JavaControlPanel app.

The steps to required to grant the permissions to JavaControlPanel are provided below:

1. On your Mac, open the Apple menu, click System Preferences, click Security & Privacy, then click Privacy.

2. Select Full Disk Access and click +.

3. In Applications, navigate to the System Preferences app (Applications > System Preferences), and click Open.

Note: You must grant permissions to the System Preferences app because the JavaControlPanel app is a part of that application on macOS.

JDK-8265416 (not public)

 JDK time-zone data upgraded to tzdata2020d

The JDK update incorporates tzdata2020d. The main change is

  • Palestine ends DST earlier than predicted, on 2020-10-24.

Please refer to for more information.

See JDK-8255226

 JDK time-zone data upgraded to tzdata2020c

The JDK update incorporates tzdata2020c. The main change is

  • Fiji starts DST later than usual, on 2020-12-20.

Please refer to for more information.

See JDK-8254982

 US/Pacific-New Zone Name Removed as Part of tzdata2020b

Following the JDK's update to tzdata2020b, the long-obsolete files named pacificnew and systemv have been removed. As a result, the "US/Pacific-New" Zone name declared in the pacificnew data file is no longer available for use.

Information regarding this update can be viewed at

See JDK-8254177

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8209113 client-libs 2d Use WeakReference for lastFontStrike for created Fonts
2 JDK-8245400 client-libs 2d Upgrade to LittleCMS 2.11
3 JDK-8198334 client-libs java.awt java/awt/FileDialog/8003399/ fails in headless mode
4 JDK-8232114 client-libs java.awt JVM crashed at imjpapi.dll in native code
5 JDK-8252470 client-libs java.awt java/awt/dnd/DisposeFrameOnDragCrash/ fails on Windows
6 JDK-8240633 client-libs javax.swing Memory leaks in the implementations of FileChooserUI
7 JDK-8253072 core-libs XERCES version is displayed incorrect
8 JDK-8069211 core-libs java.nio (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
9 JDK-8242480 core-svc Negative value may be returned by getFreeSwapSpaceSize() in the docker
10 JDK-8252789 deploy deployment_toolkit Empty client certificate issue during TLS handshake
11 JDK-8253695 docs guides JDK 8 Install Guide - 8u RPM Installer Failed to Install on SUSE When Updating Alternatives
12 JDK-8255558 docs guides InstallGuide: Update documentation of JDK RPM installation steps
13 JDK-8250665 globalization locale-data Wrong translation for the month of May in ar_JO, ar_LB and ar_SY
14 JDK-8146612 hotspot compiler C2: Precedence edges specification violated
15 JDK-8160006 hotspot compiler Fix AArch64 after changes made by 8151661
16 JDK-8214862 hotspot compiler assert(proj != __null) at compile.cpp:3251
17 JDK-8248214 hotspot gc Add paddings for TaskQueueSuper to reduce false-sharing cache contention
18 JDK-8185348 hotspot jvmti Major performance regression in GetMethodDeclaringClass and other JVMTI Method functions
19 JDK-8140091 hotspot runtime remove VMStructs cast_uint64_t workaround for GCC 4.1.1 bug
20 JDK-8148854 hotspot runtime Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
21 JDK-8217338 hotspot runtime [Containers] Improve systemd slice memory limit support
22 JDK-8217766 hotspot runtime Container Support doesn't work for some Join Controllers combinations
23 JDK-8221408 hotspot runtime Windows 32bit build build errors/warnings in hotspot
24 JDK-8221725 hotspot runtime AArch64 build failures after JDK-8221408 (Windows 32bit build build errors/warnings in hotspot)
25 JDK-8227006 hotspot runtime [linux] Runtime.availableProcessors execution time increased by factor of 100
26 JDK-8246648 hotspot runtime issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
27 JDK-8247839 javafx graphics Wrong position of GUI elements using multiple HiDPI displays in JavaFX 8
28 JDK-8252060 javafx media gstreamer fails to build with gcc 10
29 JDK-8254100 javafx other FX: Update copyright year in docs, readme files to 2021
30 JDK-8181775 javafx web JavaFX WebView does not calculate border-radius properly
31 JDK-8234471 javafx web Canvas in webview displayed with wrong scale on Windows
32 JDK-8251241 javafx window-toolkit macOS: iconify property doesn't change after minimize when resizable is false
33 JDK-8244151 security-libs javax.smartcardio Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26