JDK 8u311 Release Notes

Java SE 8u311 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u311 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.

Changes in Java SE 8u311 b34

Bug Fixes

BugId Component Subcomponent Summary
JDK-8182577 client-libs javax.swing Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel
JDK-8241248 security-libs NullPointerException in


Changes in Java SE 8u311 b33

Bug Fixes

BugId Component Subcomponent Summary
JDK-8274929 javafx window-toolkit Crash while reading specific clipboard content
JDK-8089884 javafx controls TextInputControls capturing function key events
JDK-8253353 hotspot compiler Crash in C2: guarantee(n != NULL) failed: No Node
JDK-8275766 core-libs java.time (tz) Update Timezone Data to 2021e


Changes in Java SE 8u311 b32

Bug Fixes

BugId Component Subcomponent Summary
JDK-8275138 javafx web WebView: UserAgent string is empty for first request
JDK-8274779 core-libs HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
JDK-8273229 hotspot runtime Update OS detection code to recognize Windows Server 2022
JDK-8274840 hotspot runtime Update OS detection code to recognize Windows 11
JDK-8041928 client-libs java.awt MouseEvent.getModifiersEx gives wrong result
JDK-8275723 javafx window-toolkit Crash on macOS 12 in GlassRunnable::dealloc
JDK-8274407 core-libs java.time (tz) Update Timezone Data to 2021c


Changes in Java SE 8u311 b31

Bug Fixes

BugId Component Subcomponent Summary
JDK-8269538 javafx controls StackOverflowError when pressing F10 within SpinnerSkin
JDK-8240256 security-libs javax.crypto:pkcs11 Better resource cleaning for SunPKCS11 Provider
JDK-8098580 security-libs javax.crypto:pkcs11 drainRefQueueBounds() puts pressure on pool.size()
JDK-8190482 core-libs InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
JDK-8169416 security-libs SSLSessionImpl finalize overhead

Java™ SE Development Kit 8, Update 311 (JDK 8u311)

October 19, 2021

The full version string for this update release is 8u311-b11 (where "b" means "build"). The version number is 8u311.

IANA TZ Data 2021a

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u311 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 8u311-b11
7 7u321-b08

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u311) be used after the next critical patch update scheduled for January 18, 2022.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u311) on 2022-02-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features

 Marlin Renderer in JDK 8u

Starting from version 8u311, the Marlin graphics rasterizer and its artifacts will be built and distributed as a part of the JDK/JRE bundles. It is not the default rendering engine, however there is an option to enable it by setting the following system property:


See JDK-8143849

 Context-specific Deserialization Filter Subset

Allow applications to configure context-specific and dynamically-selected deserialization filters via a JVM-wide filter factory that is invoked to select a filter for each deserialization stream. The behavior is a strict subset of JEP 415: Context-Specific Deserialization Filters to allow a filter factory to be configured using a property configured on the command line or in the security properties file.

The behavior is opt-in based on the presence of the jdk.serialFilterFactory system property on the command line or the jdk.serialFilterFactory security property. If set, the JVM-wide filter factory selects the filter for each stream when the stream is constructed and when a stream-specific filter is set.

The JVM-wide filter factory is a java.util.function.BinaryOperator<sun.misc.ObjectInputFilter> function invoked when each ObjectInputStream is constructed and when the stream-specific filter is set using sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter). The parameters are the current filter and a requested filter and the function returns the filter to be used for the stream. When invoked from the ObjectInputStream constructors, the first parameter is null and the second parameter is the static JVM-wide filter. When invoked from sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter), the first parameter is the filter currently set on the stream (which was set in the constructor), and the second parameter is the filter requested.

A typical filter factory should use or merge the static JVM-wide filter with other application and context specific filters and the stream-specific filter, if one is set on the stream. The filter factory implementation can also use any contextual information at its disposal, for example, extracted from the application thread context, or its call stack, to compose and combine a new filter. It is not restricted to only use its two parameters.

Refer to Context-Specific Deserialization Filter and Serialization Filtering Guide for details.

JDK-8268680 (not public)

Removed Features and Options

 Removed IdenTrust Root Certificate

The following root certificate from IdenTrust has been removed from the cacerts keystore:

+ alias name "identrustdstx3 [jdk]"

  Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
See JDK-8225082

Other Notes

 Release Doesn't Correctly Recognize Windows 11

This release doesn't correctly identify Windows 11. The property is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

See JDK-8274840

 Updated the Default Enabled Cipher Suites Preference

The default priority order of the cipher suites for TLS 1.0 to TLS 1.3 has been adjusted.

For TLS 1.3, TLS_AES_256_GCM_SHA384 is now preferred over TLS_AES_128_GCM_SHA256.

For TLS 1.0 to TLS 1.2, some of the intermediate suites have been lowered in priority as follows:

  • Cipher suites that do not preserve forward secrecy have been moved lower in priority than those that do support forward secrecy.
  • Cipher suites that use SHA-1 have been moved lower in priority.

 Modified HttpURLConnection Behavior When a Suitable Proxy Is Not Found

The behavior of HttpURLConnection when using ProxySelector has been modified in this JDK release. HttpURLConnection used to fall back to a direct connection attempt if the configured proxy(s) failed to make a connection. Beginning with this release, the default behavior has been changed to no longer use a direct connection when the first proxy connection attempt fails.

A new system property,, can be set to a value of "true" should an application need to fall back to the old behavior (fall back to a direct connection when the first proxy connection attempt fails).

See JDK-8161016

 System Property to Control Reconstruction of Reference Address Objects by JDK's Built-in JNDI LDAP Implementation

The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData and javaReferenceAddress LDAP attributes.

To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed.

JDK-8267712 (not public)

 Release Doesn't Correctly Recognize Windows Server

This release doesn't correctly identify Windows Server. The property is set to Windows 2019 on Windows Server 2022. In HotSpot error logs, the OS is identified as Windows 10.0 for Windows Server releases 2016, 2019, and 2022; however, the HotSpot error log does show the Build number. Windows Server 2016 has Build 14393 or above, Windows Server 2019 has Build 17763 or above, and Windows Server 2022 has Build 20348 or above.

See JDK-8273229

 SunPKCS11 Initialization With NSS When External FIPS Modules Are in Security Modules Database

The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module".

This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.

See JDK-8238555

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8148886 client-libs SEGV in sun.java2d.marlin.Renderer._endRendering
2 JDK-8149338 client-libs 2d JVM Crash caused by Marlin renderer not handling NaN coordinates
3 JDK-8144938 client-libs 2d Handle properly coordinate overflow in Marlin Renderer
4 JDK-8180055 client-libs 2d Upgrade the Marlin renderer in Java2D
5 JDK-8202580 client-libs 2d Dashed BasicStroke randomly painted incorrectly, may freeze application
6 JDK-8210335 client-libs 2d Clipping problems with complex affine transforms: negative scaling factors or small scaling factors
7 JDK-8228711 client-libs 2d Path rendered incorrectly when it goes outside the clipping region
8 JDK-8230728 client-libs 2d Thin stroked shapes are not rendered if affine transform has flip bit
9 JDK-8145055 client-libs 2d Marlin renderer causes unaligned write accesses
10 JDK-8244088 client-libs 2d [Regression] Switch of Gnome theme ends up in deadlocked UI
11 JDK-8262392 client-libs 2d Update Mesa 3-D Headers to version 21.0.3
12 JDK-8262731 client-libs 2d [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
13 JDK-8198885 client-libs 2d Upgrade Marlin (java2d) to 0.9.1
14 JDK-8273358 client-libs 2d macOS Monterey does not have the font Times needed by Serif
15 JDK-8269984 client-libs java.awt [macos] JTabbedPane title looks like disabled
16 JDK-8129940 client-libs javax.swing JRadioButton does not honor non-standard FocusTraversalKeys
17 JDK-8251377 client-libs javax.swing [macos11] JTabbedPane selected tab text is barely legible
18 JDK-8269931 client-libs javax.swing fails on macOS
19 JDK-8268518 client-libs javax.swing Add headful keyword to
20 JDK-8154043 client-libs javax.swing Fields not reachable anymore by tab-key, because of new tabbing behaviour of radio button groups.
21 JDK-8035424 core-libs java.lang:reflect Performance problem in sun.reflect.generics.parser.SignatureParser
22 JDK-8161016 core-libs Strange behavior of URLConnection with proxy
23 JDK-8183369 core-libs RFC unconformity of HttpURLConnection with proxy
24 JDK-8067744 hotspot compiler XMM/SSE float register values corrupted by JNI_CreateVM call in JRE 8 (Windows)
25 JDK-8268366 hotspot compiler Incorrect calculation of has_fpu_registers in C1 linear scan
26 JDK-8268347 hotspot compiler C2: nested locks optimization may create unbalanced monitor enter/exit code
27 JDK-8269304 hotspot compiler Regression ~5% in spec2005 in b27
28 JDK-8065895 hotspot runtime Synchronous signals during error reporting may terminate or hang VM process
29 JDK-8261397 hotspot runtime try catch Method failing to work when dividing an integer by 0
30 JDK-8262396 javafx graphics Update Mesa 3-D Headers to version 21.0.3
31 JDK-8266860 javafx media [macos] Incorrect duration reported for HLS live streams
32 JDK-8264737 javafx media JavaFX media stream stops playing after reconnecting via Remote Desktop
33 JDK-8267819 javafx media CoInitialize/CoUninitialize should be called on same thread
34 JDK-8268219 javafx media hlsprogressbuffer should provide PTS after GStreamer update
35 JDK-8269147 javafx media Update GStreamer to version 1.18.4
36 JDK-8268718 javafx media [macos] Video stops, but audio continues to play when stopTime is reached
37 JDK-8269131 javafx web Update libxml2 to version 2.9.12
38 JDK-8270479 javafx web WebKit 612.1 build fails with Visual Studio 2017
39 JDK-8272329 javafx web Cherry pick GTK WebKit 2.32.3 changes
40 JDK-8268849 javafx web Update to 612.1 version of WebKit
41 JDK-8274107 javafx web Cherry pick GTK WebKit 2.32.4 changes
42 JDK-8231558 javafx window-toolkit [macos] Platform.exit causes assertion error on macOS 10.15 or later
43 JDK-8268158 security-libs Partial backport of JDK-8214074
44 JDK-8156584 security-libs Initialization race in
45 JDK-8268128 security-libs ProviderConfig deadlock in JDK 8u291
46 JDK-8225082 security-libs Remove IdenTrust certificate that is expiring in September 2021
47 JDK-8238555 security-libs javax.crypto:pkcs11 Allow initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
48 JDK-8163326 security-libs Update the default enabled cipher suites preference
49 JDK-8259886 security-libs Improve SSL session cache performance and scalability
50 JDK-8255255 security-libs javax.xml.crypto Update Apache Santuario (XML Signature) to version 2.2.1
51 JDK-8260690 tools jconsole JConsole User Guide Link from the Help menu is not accessible by keyboard
52 JDK-8268213 xml jax-ws Racecondition at