JDK 8u281 Release Notes
Java SE 8u281 Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 8u281 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
Changes in Java SE 8u281 b35
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8204568 | javafx | controls | Relative CSS-Attributes don't work all time |
| JDK-8262829 | client-libs | 2d | Native crash in Win32PrintServiceLookup.getAllPrinterNames() |
| JDK-8262940 (Confidential) | install | [macOS] Java Webstart protocol schemes not registered by JRE installer on macOS | |
| JDK-8247707 | deploy | plugin | UAC prompt of unknown publisher after upgrading java 8u241 |
| JDK-8263575 (Confidential) | install | install | Conflict between JDK rpms and OL8 Modularity prevents dnf install/updates |
| JDK-8263842 (Confidential) | install | install | Clean up "Provides" tag of OracleJDK/JRE rpms |
Changes in Java SE 8u281 b34
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8261970 | xml | reutilization of org.w3c.dom.ls.LSSerializer,produces unexpected result in 8u271 |
Changes in Java SE 8u281 b33
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8259680 | javafx | scenegraph | Need API to query states of CAPS LOCK and NUM LOCK keys |
| JDK-8258803 | xml | WLS/Tuxedo error in encoding post JDK upgrade | |
| JDK-8261209 | xml | jaxp | isStandalone property: remove dependency on pretty-print |
| JDK-8249867 | xml | jaxp | xml declaration is not followed by a newline |
Changes in Java SE 8u281 b32
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8259048 | core-libs | java.time | (tz) Upgrade time-zone data to tzdata2020f |
| JDK-8259215 | install | install | default java version is not updated for double click jar execution |
Changes in Java SE 8u281 b31
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8256925 (Confidential) | security-libs | java.security | Regression with JDK-8236464 in Oracle 8u271 |
| JDK-8256818 | security-libs | javax.net.ssl | SSLSocket that is never bound or connected leaks socket resources |
| JDK-8257670 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
| JDK-8257884 | security-libs | javax.net.ssl | Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test |
| JDK-8257997 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
| JDK-8256004 (Confidential) | deploy | plugin | DRS: Can not run applet in DRS with java 6 after 8u261 upgrade |
| JDK-8258373 | client-libs | javax.swing | Update the text handling in the JPasswordField |
| JDK-8253368 | security-libs | javax.net.ssl | TLS connection always receives close_notify exception |
Java™ SE Development Kit 8, Update 281 (JDK 8u281)
January 19, 2021
The full version string for this update release is 1.8.0_281-b09 (where "b" means "build"). The version number is 8u281.
IANA Data 2020d
JDK 8u281 contains IANA time zone data version 2020d. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u281 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 8 | 1.8.0_281-b09 |
| 7 | 1.7.0_291-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u281) be used after the next critical patch update scheduled for April 20, 2021.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u281) on May 15, 2021. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
New Features
A new -groupname option has been added to keytool -genkeypair so that a user can specify a named group when generating a key pair. For example, keytool -genkeypair -keyalg EC -groupname secp384r1 will generate an EC key pair by using the secp384r1 curve. Because there might be multiple curves with the same size, using the -groupname option is preferred over the -keysize option.
The Apache Santuario library has been upgraded to version 2.1.4. As a result, a new system property com.sun.org.apache.xml.internal.security.parser.pool-size has been introduced.
This new system property sets the pool size of the internal DocumentBuilder cache used when processing XML Signatures. The function is equivalent to the org.apache.xml.security.parser.pool-size system property used in Apache Santuario and has the same default value of 20.
The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.
With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.
Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.
Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.
Other Notes
Starting from macOS Catalina 10.15, applications do not have access to the Desktop, Documents and Downloads folders. So, if you use JavaControlPanel app to access files at the locations specified above, (such as load certificates from the Downloads folder) you must either move the files to another location or grant the required permissions to the JavaControlPanel app.
The steps to required to grant the permissions to JavaControlPanel are provided below:
1. On your Mac, open the Apple menu, click System Preferences, click Security & Privacy, then click Privacy.
2. Select Full Disk Access and click +.
3. In Applications, navigate to the System Preferences app (Applications > System Preferences), and click Open.
Note: You must grant permissions to the System Preferences app because the JavaControlPanel app is a part of that application on macOS.
The JDK update incorporates tzdata2020d. The main change is
- Palestine ends DST earlier than predicted, on 2020-10-24.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html for more information.
The JDK update incorporates tzdata2020c. The main change is
- Fiji starts DST later than usual, on 2020-12-20.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000060.html for more information.
Following the JDK's update to tzdata2020b, the long-obsolete files named pacificnew and systemv have been removed. As a result, the "US/Pacific-New" Zone name declared in the pacificnew data file is no longer available for use.
Information regarding this update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
| # | BugId | Component | Subcomponent | Summary |
|---|---|---|---|---|
| 1 | JDK-8209113 | client-libs | 2d | Use WeakReference for lastFontStrike for created Fonts |
| 2 | JDK-8245400 | client-libs | 2d | Upgrade to LittleCMS 2.11 |
| 3 | JDK-8198334 | client-libs | java.awt | java/awt/FileDialog/8003399/bug8003399.java fails in headless mode |
| 4 | JDK-8232114 | client-libs | java.awt | JVM crashed at imjpapi.dll in native code |
| 5 | JDK-8252470 | client-libs | java.awt | java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows |
| 6 | JDK-8240633 | client-libs | javax.swing | Memory leaks in the implementations of FileChooserUI |
| 7 | JDK-8253072 | core-libs | XERCES version is displayed incorrect | |
| 8 | JDK-8069211 | core-libs | java.nio | (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once |
| 9 | JDK-8242480 | core-svc | java.lang.management | Negative value may be returned by getFreeSwapSpaceSize() in the docker |
| 10 | JDK-8252789 | deploy | deployment_toolkit | Empty client certificate issue during TLS handshake |
| 11 | JDK-8253695 | docs | guides | JDK 8 Install Guide - 8u RPM Installer Failed to Install on SUSE When Updating Alternatives |
| 12 | JDK-8255558 | docs | guides | InstallGuide: Update documentation of JDK RPM installation steps |
| 13 | JDK-8250665 | globalization | locale-data | Wrong translation for the month of May in ar_JO, ar_LB and ar_SY |
| 14 | JDK-8146612 | hotspot | compiler | C2: Precedence edges specification violated |
| 15 | JDK-8160006 | hotspot | compiler | Fix AArch64 after changes made by 8151661 |
| 16 | JDK-8214862 | hotspot | compiler | assert(proj != __null) at compile.cpp:3251 |
| 17 | JDK-8248214 | hotspot | gc | Add paddings for TaskQueueSuper to reduce false-sharing cache contention |
| 18 | JDK-8185348 | hotspot | jvmti | Major performance regression in GetMethodDeclaringClass and other JVMTI Method functions |
| 19 | JDK-8140091 | hotspot | runtime | remove VMStructs cast_uint64_t workaround for GCC 4.1.1 bug |
| 20 | JDK-8148854 | hotspot | runtime | Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent |
| 21 | JDK-8217338 | hotspot | runtime | [Containers] Improve systemd slice memory limit support |
| 22 | JDK-8217766 | hotspot | runtime | Container Support doesn't work for some Join Controllers combinations |
| 23 | JDK-8221408 | hotspot | runtime | Windows 32bit build build errors/warnings in hotspot |
| 24 | JDK-8221725 | hotspot | runtime | AArch64 build failures after JDK-8221408 (Windows 32bit build build errors/warnings in hotspot) |
| 25 | JDK-8227006 | hotspot | runtime | [linux] Runtime.availableProcessors execution time increased by factor of 100 |
| 26 | JDK-8246648 | hotspot | runtime | issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 |
| 27 | JDK-8247839 | javafx | graphics | Wrong position of GUI elements using multiple HiDPI displays in JavaFX 8 |
| 28 | JDK-8252060 | javafx | media | gstreamer fails to build with gcc 10 |
| 29 | JDK-8254100 | javafx | other | FX: Update copyright year in docs, readme files to 2021 |
| 30 | JDK-8181775 | javafx | web | JavaFX WebView does not calculate border-radius properly |
| 31 | JDK-8234471 | javafx | web | Canvas in webview displayed with wrong scale on Windows |
| 32 | JDK-8251241 | javafx | window-toolkit | macOS: iconify property doesn't change after minimize when resizable is false |
| 33 | JDK-8244151 | security-libs | javax.smartcardio | Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 |