JDK 8u291 Release Notes

Java SE 8u291 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u291 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.


Changes in Java SE 8u291 b35

Bug Fixes

BugId Component Subcomponent Summary
JDK-8268128 security-libs ProviderConfig deadlock in JDK 8u291



Changes in Java SE 8u291 b34

Bug Fixes

BugId Component Subcomponent Summary
JDK-8259886 security-libs Improve SSL session cache performance and scalability
JDK-8266943 (Confidential) install install Request to reinstate MacOS JRE pkg.dmg binary bundle
JDK-8267429 (Confidential) infrastructure release_eng MacOS JRE pkg.dmg binary bundle reinstated



Changes in Java SE 8u291 b33

Bug Fixes

BugId Component Subcomponent Summary
JDK-8258753 core-libs javax.naming StartTlsResponse.close() hangs due to synchronization issues
JDK-8263788 javafx web JavaFX application freezes completely after some time when using the WebView
JDK-8185854 javafx controls NPE on non-editable ComboBox in TabPane with custom Skin
JDK-8260300 security-libs Restrict TLS signature schemes in 8u



Changes in Java SE 8u291 b32

Bug Fixes

BugId Component Subcomponent Summary
JDK-8239589 javafx graphics JavaFX UI will not repaint after reconnecting via Remote Desktop

Java™ SE Development Kit 8, Update 291 (JDK 8u291)

April 20, 2021

The full version string for this update release is 1.8.0_291-b10 (where "b" means "build"). The version number is 8u291.

IANA TZ Data 2020e, 2020f, 2021a

JDK 8u291 contains IANA time zone data 2020e, 2020f, 2021a.

  • * Volgograd switches to Moscow time on 2020-12-27 at 02:00.
  • * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u291 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_291-b10
7 1.7.0_301-b09

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u291) be used after the next critical patch update scheduled for July 20, 2021.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u291) on 2021-08-20. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

Other Notes

 New System and Security Properties to Control Reconstruction of Remote Objects by JDK's Built-in JNDI RMI and LDAP Implementations

jdk.jndi.object.factoriesFilter: This system and security property allows a serial filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems. The factory class named by the reference instance is matched against this filter during remote reference reconstruction. The filter property supports pattern-based filter syntax with the format specified by JEP 290. This property applies both to the JNDI/RMI and the JNDI/LDAP built-in provider implementations. The default value allows any object factory class specified in the reference to recreate the referenced object.

com.sun.jndi.ldap.object.trustSerialData: This system property allows control of the deserialization of java objects from the javaSerializedData LDAP attribute. To prevent deserialization of java objects from the attribute, the system property can be set to false value. By default, deserialization of java objects from the javaSerializedData attribute is allowed.

JDK-8244473 (not public)

 Added 2 HARICA Root CA Certificates

The following root certificates have been added to the cacerts truststore:


  + haricarootca2015
    DN: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

  + haricaeccrootca2015
    DN: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
See JDK-8256421

 Default java Version Is Not Updated for Double Click jar Execution

Oracle JRE installers will update the PATH environment variable with their directory behind any already put in place by other Oracle JDK installers.

See JDK-8259215

 Disable TLS 1.0 and 1.1

TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the configuration file.

See JDK-8202343

 Disable TLS 1.0 and 1.1 for Java Plugin Applets and Java Web Start Applications

TLS 1.0 and 1.1 have been disabled. These protocols are NOT used by Java Plugin applets and Java Web Start applications by default. In case of any issues there is an option to re-enable the protocols via Java Control Panel.

JDK-8255892 (not public)

 Less Ambiguous Processing of ProcessBuilder Quotes on Windows

In the java.lang.ProcessBuilder implementation on Windows, the system property jdk.lang.Process.allowAmbiguousCommands=false ensures, for each argument, that double-quotes are properly encoded in the command string passed to Windows CreateProcess. An argument with a final trailing double-quote preceded by a backslash is encoded as a literal double-quote; previously, the argument including the double-quote would be joined with the next argument. An empty argument is encoded as a pair of double-quotes ("") resulting in a zero length string passed for the argument to the process; previously, it was silently ignored. An argument containing double-quotes, other than first and last, is encoded to preserve the double-quotes when passed to the process; previously, the embedded double-quotes would be dropped and not passed to the process. If a security manager is set, such as in WebStart applications, double-quotes are encoded as described. When there is no security manager, there is no change to existing behavior; the jdk.lang.Process.allowAmbiguousCommands property can be set to true: jdk.lang.Process.allowAmbiguousCommands=true or false. If left unset, it is the same as setting it to true.

JDK-8250568 (not public)

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8244621 client-libs 2d [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
2 JDK-8258805 client-libs java.awt Japanese characters not entered by mouse click on Windows 10
3 JDK-8212678 client-libs java.awt Windows IME related patch
4 JDK-8239137 client-libs javax.accessibility JAWS does not always announce the value of JSliders in JColorChooser
5 JDK-8249588 client-libs javax.accessibility libwindowsaccessbridge issues on 64bit Windows
6 JDK-8255880 client-libs javax.swing UI of Swing components is not redrawn after their internal state changed
7 JDK-8250627 core-libs Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
8 JDK-8251397 core-libs java.lang NPE on ClassValue.ClassValueMap.cacheArray
9 JDK-7146776 core-libs Deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
10 JDK-8247766 hotspot compiler AArch64: guarantee(val < (1U << nbits)) failed: Field too big for insn
11JDK-8252482hotspotcompilerdisable cbcond instructions on SPARC64
12 JDK-8243290 hotspot runtime Improve diagnostic messages for class verification and redefinition failures
13 JDK-8257168 hotspot runtime Use SkippedException instead of RuntimeException for docker not able to pull the repository
14 JDK-8260159 install install Typo in Javapath.cpp
15 JDK-8260190 install install Incomplete JDK-8259215 fix
16 JDK-8259215 install install Default Java version is not updated for double click jar execution
17 JDK-8242565 security-libs Policy initialization issues when the denyAfter constraint is enabled
18 JDK-8244154 security-libs javax.crypto:pkcs11 Update SunPKCS11 provider with PKCS11 v3.0 header files
19 JDK-8240871 security-libs SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3
20 JDK-8257997 security-libs sun/security/ssl/SSLSocketImpl/ again reports leaks after JDK-8257884
21 JDK-8253368 security-libs TLS connection always receives close_notify exception
22 JDK-8202343 security-libs Disable TLS 1.0 and 1.1
23 JDK-8256818 security-libs SSLSocket that is never bound or connected leaks socket resources
24 JDK-8257670 security-libs sun/security/ssl/SSLSocketImpl/ reports leaks
25 JDK-8255559 security-libs javax.xml.crypto Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
26 JDK-8261970 xml reutilization of,produces unexpected result in 8u271
27 JDK-8256685 xml jaxp Behavior change in XML since JDK 8u271
28 JDK-8249867 xml jaxp XML declaration is not followed by a newline