JDK 8u321 Release Notes

Java SE 8u321 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u321 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.


Changes in Java SE 8u321 b35

Bug Fixes

BugId Component Subcomponent Summary
JDK-8278472 client-libs java.awt:i18n Invalid value set to CANDIDATEFORM structure
JDK-8278186 security-libs javax.xml.crypto throws StringIndexOutOfBoundsException when calling substring method
JDK-8255199 security-libs javax.xml.crypto Catching a few NumberFormatExceptions in xmldsig
JDK-8275082 security-libs javax.xml.crypto Update XML Security for Java to 2.3.0
JDK-8090477 javafx controls Customizable visibility timing for Tooltip


Changes in Java SE 8u321 b34

Bug Fixes

BugId Component Subcomponent Summary
JDK-8247469 core-svc getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
JDK-8265836 core-svc OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
JDK-8268103 core-svc JNI functions incorrectly return a double after JDK-8265836


Changes in Java SE 8u321 b33

Bug Fixes

BugId Component Subcomponent Summary
JDK-8141508 tools javac java.lang.invoke.LambdaConversionException: Invalid receiver type
JDK-8209178 core-libs Proxied HttpsURLConnection doesn't send BODY when retrying POST request
JDK-8279618 core-libs java.util Deserializing HashMap throws access denied suppressAccessChecks
JDK-8273747 deploy webstart Grant JWS JavaFX apps access to Windows trust store



Changes in Java SE 8u321 b32

Bug Fixes

BugId Component Subcomponent Summary
JDK-8279118 core-libs ServerSocket.close bind exception with ResourceManagement
JDK-8151974 javafx accessibility Invisible controls are still accessible by screen readers.


Java™ SE Development Kit 8, Update 321 (JDK 8u321)

January 18, 2022

The full version string for this update release is 8u321-b07 (where "b" means "build"). The version number is 8u321.


IANA TZ Data 2021b, 2021c, 2021d, 2021e

JDK 8u321 contains IANA time zone data 2021b, 2021c, 2021d, 2021e.
  • Jordan now starts DST on February's last Thursday.
  • Samoa no longer observes DST.
  • Merge more location-based Zones whose timestamps agree since 1970.
  • Move some backward-compatibility links to 'backward'.
  • Rename Pacific/Enderbury to Pacific/Kanton.
  • Correct many pre-1993 transitions in Malawi, Portugal, etc.
  • zic now creates each output file or link atomically.
  • zic -L no longer omits the POSIX TZ string in its output.
  • zic fixes for truncation and leap second table expiration.
  • zic now follows POSIX for TZ strings using all-year DST.
  • Fix some localtime crashes and bugs in obscure cases.
  • zdump -v now outputs more-useful boundary cases.
  • tzfile.5 better matches a draft successor to RFC 8536.
  • A new file SECURITY.
  • Revert most 2021b changes to 'backward'.
  • Fix 'zic -b fat' bug in pre-1970 32-bit data.
  • Fix two Link line typos.
  • Distribute SECURITY file.

This release is intended as a bugfix release, to fix compatibility problems and typos reported since 2021b was released.

  • Fiji suspends DST for the 2021/2022 season.
  • 'zic -r' marks unspecified timestamps with "-00".
  • Palestine will fall back 10-29 (not 10-30) at 01:00.
For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u321 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 8u321-b07
7 7u331-b06


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u321) be used after the next critical patch update scheduled for April 19, 2022.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u321) on 2022-05-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


New Features

 New SunPKCS11 Configuration Properties

SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy the underlying PKCS11 Token after logout.

The 3 new attributes for SunPKCS11 provider configuration file are:

  1. destroyTokenAfterLogout (boolean, defaults to false)

    If set to true, when is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that a PKCS11 provider with this attribute set to true should not be added to the system provider list since the provider object is not usable after a logout() method call.

  2. cleaner.shortInterval (integer, defaults to 2000, in milliseconds)

    This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).

  3. cleaner.longInterval (integer, defaults to 60000, in milliseconds)

    This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.

See JDK-8240256

 Configurable Extensions With System Properties

Two new system properties have been added. The system property, jdk.tls.client.disableExtensions, is used to disable TLS extensions used in the client. The system property, jdk.tls.server.disableExtensions, is used to disable TLS extensions used in the server. If an extension is disabled, it will be neither produced nor processed in the handshake messages.

The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.

Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.

See JDK-8217633


Removed Features and Options

 Removed Google's GlobalSign Root Certificate

The following root certificate from Google has been removed from the cacerts keystore:

+ alias name "globalsignr2ca [jdk]"

  Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

See JDK-8225083



Other Notes

 Update Timezone Data to 2021c

IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b

See JDK-8274407

 SocketExceptions Are Not Wrapped Into SSLExceptions in SSLSocketImpl

This release reverts the behavior of SSLSocketImpl and SSLTransport introduced by JDK-8196584. SocketException will now be thrown as is instead of being suppressed into an SSLException.

See JDK-8259662

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

# BugId Component Subcomponent Summary
1 JDK-8263846 client-libs Bad JNI lookup getFocusOwner in accessibility code on Mac OS X
2 JDK-8155742 client-libs [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows
3 JDK-8249548 client-libs backward focus traversal gets stuck in button group
4 JDK-8259232 client-libs 2d Bad JNI lookup during printing
5 JDK-6801613 client-libs 2d Cross-platform pageDialog and printDialog top margin entry broken
6 JDK-8042713 client-libs 2d [macosx] Print dialog does not update attribute set with page range
7 JDK-8257853 client-libs java.awt Remove dependencies on JNF's JNI utility functions in AWT and 2D code
8 JDK-8259585 client-libs java.awt [macOS] Bad JNI lookup error : Accessible actions do not work on macOS
9 JDK-8038631 client-libs java.awt Create wrapper for awt.Robot with additional functionality
10 JDK-6722236 client-libs java.awt 3 Choice regression testcases are failing from 6u10_b26 build onwards
11 JDK-8041928 client-libs java.awt MouseEvent.getModifiersEx gives wrong result
12 JDK-8275131 client-libs java.awt Exceptions after a touchpad gesture on macOS
13 JDK-8263490 client-libs java.awt:i18n [macos] Crash occurs on JPasswordField with activated InputMethod
14 JDK-8274326 client-libs javax.accessibility [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
15 JDK-8274056 client-libs javax.accessibility JavaAccessibilityUtilities leaks JNI objects
16 JDK-8274381 client-libs javax.accessibility missing CAccessibility definitions in JNI code
17 JDK-8259729 client-libs javax.accessibility Missed JNFInstanceOf -> IsInstanceOf conversion
18 JDK-8208640 client-libs javax.accessibility [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard.
19 JDK-8208747 client-libs javax.accessibility [a11y] [macos] In Optionpane Demo, inside ComponentDialog Example, unable to navigate to all items, with VO on
20 JDK-8194873 client-libs javax.swing right ALT key hotkeys no longer work in Swing components
21 JDK-8182577 client-libs javax.swing Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel
22 JDK-8269850 core-libs Most JDK releases report macOS version 12 as 10.16 instead of 12.0
23 JDK-8190482 core-libs InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
24 JDK-8143317 core-libs jdk/lambda/vm/ fails with IncompatibleClassChangeError
25 JDK-8253702 core-libs java.lang BigSur version number reported as 10.16, should be 11.nn
26 JDK-8202788 core-libs java.nio Explicitly reclaim cached thread-local direct buffers at thread exit
27 JDK-8276536 core-libs java.time Update TimeZoneNames files to follow the changes made by JDK-8275766
28 JDK-8273924 core-libs java.util:i18n ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
29 JDK-8187649 core-libs java.util:i18n ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
30 JDK-8273819 docs guides Update JSSE Reference Guide with new properties to disable TLS extensions
31 JDK-8139247 hotspot compiler Improper locking of MethodData::_extra_data_lock
32 JDK-8057038 hotspot compiler Speculative traps not robust when compilation and class unloading are concurrent
33 JDK-8253353 hotspot compiler Crash in C2: guarantee(n != NULL) failed: No Node
34 JDK-8069034 hotspot gc gc/g1/ nightly failure
35 JDK-8071530 hotspot runtime Update OS detection code to reflect Windows 10 version change
36 JDK-8273229 hotspot runtime Update OS detection code to recognize Windows Server 2022
37 JDK-8274840 hotspot runtime Update OS detection code to recognize Windows 11
38 JDK-8273342 hotspot runtime Null pointer dereference in classFileParser.cpp:2817
39 JDK-8266404 hotspot runtime Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report
40 JDK-8219562 hotspot runtime Line of code in osContainer_linux.cpp#L102 appears unreachable
41 JDK-8186902 hotspot svc jcmd should not be blocked by DisableExplicitGC
42 JDK-8263807 javafx controls Button types of a DialogPane are set twice, returns a wrong button
43 JDK-8261460 javafx controls Incorrect CSS applied to ContextMenu on DialogPane
44 JDK-8178297 javafx controls TableView scrolls slightly when adding new elements
45 JDK-8269538 javafx controls StackOverflowError when pressing F10 within SpinnerSkin
46 JDK-8208088 javafx controls Memory Leak in ControlAcceleratorSupport
47 JDK-8275138 javafx web WebView: UserAgent string is empty for first request
48 JDK-8274929 javafx window-toolkit Crash while reading specific clipboard content
49 JDK-8275723 javafx window-toolkit Crash on macOS 12 in GlassRunnable::dealloc
50 JDK-8192988 security-libs keytool should support -storepasswd for pkcs12 keystores
51 JDK-8225083 security-libs Remove Google certificate that is expiring in December 2021
52 JDK-8273826 security-libs Correct Manifest file name and NPE checks
53 JDK-8277224 security-libs throws NPE
54 JDK-8269034 security-libs javax.crypto:pkcs11 AccessControlException for SunPKCS11 daemon threads
55 JDK-8240256 security-libs javax.crypto:pkcs11 Better resource cleaning for SunPKCS11 Provider
56 JDK-8098580 security-libs javax.crypto:pkcs11 drainRefQueueBounds() puts pressure on pool.size()
57 JDK-8270344 security-libs Session resumption errors
58 JDK-8217633 security-libs Configurable extensions with system properties
59 JDK-8268965 security-libs TCP Connection Reset when connecting simple socket to SSL server
60 JDK-8259662 security-libs Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
61 JDK-8169416 security-libs SSLSessionImpl finalize overhead
62 JDK-8147051 xml StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator