The following sections summarize changes made in all Java SE 8u311 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
|JDK-8274929||javafx||window-toolkit||Crash while reading specific clipboard content|
|JDK-8089884||javafx||controls||TextInputControls capturing function key events|
|JDK-8253353||hotspot||compiler||Crash in C2: guarantee(n != NULL) failed: No Node|
|JDK-8275766||core-libs||java.time||(tz) Update Timezone Data to 2021e|
|JDK-8275138||javafx||web||WebView: UserAgent string is empty for first request|
|JDK-8274779||core-libs||java.net||HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST|
|JDK-8273229||hotspot||runtime||Update OS detection code to recognize Windows Server 2022|
|JDK-8274840||hotspot||runtime||Update OS detection code to recognize Windows 11|
|JDK-8041928||client-libs||java.awt||MouseEvent.getModifiersEx gives wrong result|
|JDK-8275723||javafx||window-toolkit||Crash on macOS 12 in GlassRunnable::dealloc|
|JDK-8274407||core-libs||java.time||(tz) Update Timezone Data to 2021c|
|JDK-8269538||javafx||controls||StackOverflowError when pressing F10 within SpinnerSkin|
|JDK-8240256||security-libs||javax.crypto:pkcs11||Better resource cleaning for SunPKCS11 Provider|
|JDK-8098580||security-libs||javax.crypto:pkcs11||drainRefQueueBounds() puts pressure on pool.size()|
|JDK-8190482||core-libs||InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride|
|JDK-8169416||security-libs||javax.net.ssl||SSLSessionImpl finalize overhead|
October 19, 2021
The full version string for this update release is 8u311-b11 (where "b" means "build"). The version number is 8u311.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u311 are specified in the following table:
|JRE Family Version||JRE Security Baseline (Full Version String)|
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u311) be used after the next critical patch update scheduled for January 18, 2022.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u311) on 2022-02-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Starting from version 8u311, the Marlin graphics rasterizer and its artifacts will be built and distributed as a part of the JDK/JRE bundles. It is not the default rendering engine, however there is an option to enable it by setting the following system property:
Allow applications to configure context-specific and dynamically-selected deserialization filters via a JVM-wide filter factory that is invoked to select a filter for each deserialization stream. The behavior is a strict subset of JEP 415: Context-Specific Deserialization Filters to allow a filter factory to be configured using a property configured on the command line or in the security properties file.
The behavior is opt-in based on the presence of the
jdk.serialFilterFactory system property on the command line or the
jdk.serialFilterFactory security property. If set, the JVM-wide filter factory selects the filter for each stream when the stream is constructed and when a stream-specific filter is set.
The JVM-wide filter factory is a
java.util.function.BinaryOperator<sun.misc.ObjectInputFilter> function invoked when each
ObjectInputStream is constructed and when the stream-specific filter is set using
sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter). The parameters are the current filter and a requested filter and the function returns the filter to be used for the stream. When invoked from the
ObjectInputStream constructors, the first parameter is
null and the second parameter is the
static JVM-wide filter. When invoked from
sun.misc.ObjectInputFilter.Config.setObjectInputFilter(sun.misc.ObjectInputFilter), the first parameter is the filter currently set on the stream (which was set in the constructor), and the second parameter is the filter requested.
A typical filter factory should use or merge the static JVM-wide filter with other application and context specific filters and the stream-specific filter, if one is set on the stream. The filter factory implementation can also use any contextual information at its disposal, for example, extracted from the application thread context, or its call stack, to compose and combine a new filter. It is not restricted to only use its two parameters.
The following root certificate from IdenTrust has been removed from the
+ alias name "identrustdstx3 [jdk]" Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
This release doesn't correctly identify Windows 11. The property
os.name is set to
Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as
Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.
The default priority order of the cipher suites for TLS 1.0 to TLS 1.3 has been adjusted.
For TLS 1.3, TLS_AES_256_GCM_SHA384 is now preferred over TLS_AES_128_GCM_SHA256.
For TLS 1.0 to TLS 1.2, some of the intermediate suites have been lowered in priority as follows:
The behavior of
HttpURLConnection when using
ProxySelector has been modified in this JDK release.
HttpURLConnection used to fall back to a direct connection attempt if the configured proxy(s) failed to make a connection. Beginning with this release, the default behavior has been changed to no longer use a direct connection when the first proxy connection attempt fails.
A new system property,
sun.net.http.fallbackToDirect, can be set to a value of "true" should an application need to fall back to the old behavior (fall back to a direct connection when the first proxy connection attempt fails).
The scope of the
com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the
javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the
javaReferenceAddress LDAP attributes.
To prevent deserialization of java objects from these attributes, the system property can be set to
false. By default, the deserialization of java objects from
javaReferenceAddress attributes is allowed.
This release doesn't correctly identify Windows Server. The property
os.name is set to
Windows 2019 on Windows Server 2022. In HotSpot error logs, the OS is identified as
Windows 10.0 for Windows Server releases 2016, 2019, and 2022; however, the HotSpot error log does show the Build number. Windows Server 2016 has Build 14393 or above, Windows Server 2019 has Build 17763 or above, and Windows Server 2022 has Build 20348 or above.
The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module".
This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
|1||JDK-8148886||client-libs||SEGV in sun.java2d.marlin.Renderer._endRendering|
|2||JDK-8149338||client-libs||2d||JVM Crash caused by Marlin renderer not handling NaN coordinates|
|3||JDK-8144938||client-libs||2d||Handle properly coordinate overflow in Marlin Renderer|
|4||JDK-8180055||client-libs||2d||Upgrade the Marlin renderer in Java2D|
|5||JDK-8202580||client-libs||2d||Dashed BasicStroke randomly painted incorrectly, may freeze application|
|6||JDK-8210335||client-libs||2d||Clipping problems with complex affine transforms: negative scaling factors or small scaling factors|
|7||JDK-8228711||client-libs||2d||Path rendered incorrectly when it goes outside the clipping region|
|8||JDK-8230728||client-libs||2d||Thin stroked shapes are not rendered if affine transform has flip bit|
|9||JDK-8145055||client-libs||2d||Marlin renderer causes unaligned write accesses|
|10||JDK-8244088||client-libs||2d||[Regression] Switch of Gnome theme ends up in deadlocked UI|
|11||JDK-8262392||client-libs||2d||Update Mesa 3-D Headers to version 21.0.3|
|12||JDK-8262731||client-libs||2d||[macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"|
|13||JDK-8198885||client-libs||2d||Upgrade Marlin (java2d) to 0.9.1|
|14||JDK-8273358||client-libs||2d||macOS Monterey does not have the font Times needed by Serif|
|15||JDK-8269984||client-libs||java.awt||[macos] JTabbedPane title looks like disabled|
|16||JDK-8129940||client-libs||javax.swing||JRadioButton does not honor non-standard FocusTraversalKeys|
|17||JDK-8251377||client-libs||javax.swing||[macos11] JTabbedPane selected tab text is barely legible|
|18||JDK-8269931||client-libs||javax.swing||ButtonGroupLayoutTraversalTest.java fails on macOS|
|19||JDK-8268518||client-libs||javax.swing||Add headful keyword to LayoutFocusTraversalPolicy.java|
|20||JDK-8154043||client-libs||javax.swing||Fields not reachable anymore by tab-key, because of new tabbing behaviour of radio button groups.|
|21||JDK-8035424||core-libs||java.lang:reflect||Performance problem in sun.reflect.generics.parser.SignatureParser|
|22||JDK-8161016||core-libs||java.net||Strange behavior of URLConnection with proxy|
|23||JDK-8183369||core-libs||java.net||RFC unconformity of HttpURLConnection with proxy|
|24||JDK-8067744||hotspot||compiler||XMM/SSE float register values corrupted by JNI_CreateVM call in JRE 8 (Windows)|
|25||JDK-8268366||hotspot||compiler||Incorrect calculation of has_fpu_registers in C1 linear scan|
|26||JDK-8268347||hotspot||compiler||C2: nested locks optimization may create unbalanced monitor enter/exit code|
|27||JDK-8269304||hotspot||compiler||Regression ~5% in spec2005 in b27|
|28||JDK-8065895||hotspot||runtime||Synchronous signals during error reporting may terminate or hang VM process|
|29||JDK-8261397||hotspot||runtime||try catch Method failing to work when dividing an integer by 0|
|30||JDK-8262396||javafx||graphics||Update Mesa 3-D Headers to version 21.0.3|
|31||JDK-8266860||javafx||media||[macos] Incorrect duration reported for HLS live streams|
|32||JDK-8264737||javafx||media||JavaFX media stream stops playing after reconnecting via Remote Desktop|
|33||JDK-8267819||javafx||media||CoInitialize/CoUninitialize should be called on same thread|
|34||JDK-8268219||javafx||media||hlsprogressbuffer should provide PTS after GStreamer update|
|35||JDK-8269147||javafx||media||Update GStreamer to version 1.18.4|
|36||JDK-8268718||javafx||media||[macos] Video stops, but audio continues to play when stopTime is reached|
|37||JDK-8269131||javafx||web||Update libxml2 to version 2.9.12|
|38||JDK-8270479||javafx||web||WebKit 612.1 build fails with Visual Studio 2017|
|39||JDK-8272329||javafx||web||Cherry pick GTK WebKit 2.32.3 changes|
|40||JDK-8268849||javafx||web||Update to 612.1 version of WebKit|
|41||JDK-8274107||javafx||web||Cherry pick GTK WebKit 2.32.4 changes|
|42||JDK-8231558||javafx||window-toolkit||[macos] Platform.exit causes assertion error on macOS 10.15 or later|
|43||JDK-8268158||security-libs||Partial backport of JDK-8214074|
|44||JDK-8156584||security-libs||java.security||Initialization race in sun.security.x509.AlgorithmId.get|
|45||JDK-8268128||security-libs||java.security||ProviderConfig deadlock in JDK 8u291|
|46||JDK-8225082||security-libs||java.security||Remove IdenTrust certificate that is expiring in September 2021|
|47||JDK-8238555||security-libs||javax.crypto:pkcs11||Allow initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB|
|48||JDK-8163326||security-libs||javax.net.ssl||Update the default enabled cipher suites preference|
|49||JDK-8259886||security-libs||javax.net.ssl||Improve SSL session cache performance and scalability|
|50||JDK-8255255||security-libs||javax.xml.crypto||Update Apache Santuario (XML Signature) to version 2.2.1|
|51||JDK-8260690||tools||jconsole||JConsole User Guide Link from the Help menu is not accessible by keyboard|
|52||JDK-8268213||xml||jax-ws||Racecondition at ContextClassloaderLocal.java:45|