The following sections summarize changes made in all Java SE 8u331 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Component | Subcomponent | Summary |
---|---|---|---|
JDK-8277922 | client-libs | javax.accessibility | Unable to click JCheckBox in JTable through Java Access Bridge |
JDK-8282583 | xml | jaxp | Update BCEL md to include the copyright notice |
JDK-8283350 | core-libs | java.time | (tz) Update Timezone Data to 2022a |
April 19, 2022
The full version string for this update release is 8u331-b09 (where "b" means "build"). The version number is 8u331.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u331 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u331-b09 |
7 | 7u341-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u331) be used after the next critical patch update scheduled for July 19, 2022.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u331) on 2022-08-19. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
Three processing limits have been added. These are:
jdk.xml.xpathExprGrpLimit
Description: Limits the number of groups an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 10.
jdk.xml.xpathExprOpLimit
Description: Limits the number of operators an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 100.
jdk.xml.xpathTotalOpLimit
Description: Limits the total number of XPath operators in an XSL Stylesheet.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException
is thrown. Default 10000.
Supported processors
jdk.xml.xpathExprGrpLimit
and jdk.xml.xpathExprOpLimit
are supported by the XPath processor.
All three limits are supported by the XSLT processor.
Setting properties
For the XSLT processor, the properties can be changed through the TransformerFactory
. For example,
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");
For both the XPath and XSLT processors, the properties can be set through the system property and jaxp.properties
configuration file located in the conf
directory of the Java installation. For example,
System.setProperty("jdk.xml.xpathExprGrpLimit", "20");
or in the jaxp.properties
file,
jdk.xml.xpathExprGrpLimit=20
There are two known issues:
On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling the KeyStore::setCertificateEntry
method or the keytool -importcert
command on a KeychainStore keystore now fails with a KeyStoreException
. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.
The gencert
command of the keytool
utility has been updated to create AKID from the SKID of the issuing certificate as specified by RFC 5280.
The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers has been made more strict. The strength of the parsing can be controlled by system properties:
-Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control "ldap:" URLs)
-Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control "dns:" URLs)
-Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control "rmi:" URLs)
-Dcom.sun.jndi.corbaURLParsing="legacy" | "compat" | "strict" (to control "iiop:" and "iiopname:" URLs)
The default value is "compat" for all of the three providers.
In "compat" and "strict" mode, more validation is performed. As an example, in the URL authority component, the new parsing only accepts brackets around IPv6 literal addresses. Developers are encouraged to use java.net.URI
constructors or its factory method to build URLs rather than handcrafting URL strings.
If an illegal URL string is found, a java.lang.IllegalArgumentException
or a javax.naming.NamingException
(or a subclass of it) is raised.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
# | BugId | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8259343 | client-libs | [macOS] Update JNI error handling in Cocoa code. | |
2 | JDK-8251840 | client-libs | java.awt | Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers |
3 | JDK-8259237 | client-libs | javax.swing | Demo selection changes with left/right arrow key. No need to press space for selection. |
4 | JDK-8074883 | client-libs | javax.swing | Tab key should move to focused button in a button group |
5 | JDK-8258554 | client-libs | javax.swing | javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F |
6 | JDK-8272105 | client-libs | javax.swing | TestButtonGroupFocusTraversal.java fails in 8u |
7 | JDK-8275703 | core-libs | java.lang | System.loadLibrary fails on Big Sur for libraries hidden from filesystem |
8 | JDK-8274779 | core-libs | java.net | HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST |
9 | JDK-8209178 | core-libs | java.net | Proxied HttpsURLConnection doesn't send BODY when retrying POST request |
10 | JDK-8272473 | core-libs | java.time | Parsing epoch seconds at a DST transition with a non-UTC parser is wrong |
11 | JDK-8279618 | core-libs | java.util | Deserializing HashMap throws access denied suppressAccessChecks |
12 | JDK-8274658 | core-libs | java.util:i18n | ISO 4217 Amendment 170 Update |
13 | JDK-8277795 | core-libs | javax.naming | ldap connection timeout not honoured under contention |
14 | JDK-8266187 | core-svc | java.lang.instrument | Memory leak in appendBootClassPath() |
15 | JDK-8273575 | core-svc | java.lang.instrument | memory leak in appendBootClassPath(), paths must be deallocated |
16 | JDK-8276957 | docs | guides | Fix broken JDK8 documentation links |
17 | JDK-8166140 | hotspot | compiler | C1: Possible integer overflow in LIRGenerator::generate_address on several platforms |
18 | JDK-8183543 | hotspot | compiler | Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" |
19 | JDK-8132306 | hotspot | gc | java/lang/ref/ReferenceEnqueue.java fails with "RuntimeException: Error: poll() returned null; expected ref object" |
20 | JDK-8273341 | hotspot | runtime | Update Siphash to version 1.0 |
21 | JDK-8189641 | javafx | accessibility | [Accessibility, windows] NPE when navigating to ComboBox with empty string |
22 | JDK-8151974 | javafx | accessibility | Invisible controls are still accessible by screen readers. |
23 | JDK-8089884 | javafx | controls | TextInputControls capturing function key events |
24 | JDK-8274022 | javafx | controls | Additional Memory Leak in ControlAcceleratorSupport |
25 | JDK-8244075 | javafx | controls | Accelerator of ContextMenu's MenuItem is not removed when ContextMenu is removed from Scene |
26 | JDK-8276847 | javafx | web | JSException: ReferenceError: Can't find variable: IntersectionObserver |
27 | JDK-8278980 | javafx | web | Update WebKit to 613.1 |
28 | JDK-8281711 | javafx | web | Cherry-pick WebKit 613.1 stabilization fixes |
29 | JDK-8282099 | javafx | web | Cherry-pick WebKit 613.1 stabilization fixes (2) |
30 | JDK-8242544 | javafx | window-toolkit | CMD+ENTER key event crashes the application when invoked on dialog |
31 | JDK-8257497 | security-libs | java.security | Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280 |
32 | JDK-8274736 | security-libs | java.security | Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily |
33 | JDK-8241248 | security-libs | javax.net.ssl | NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) |
34 | JDK-8275811 | security-libs | javax.net.ssl | Incorrect instance to dispose |
35 | JDK-8141508 | tools | javac | java.lang.invoke.LambdaConversionException: Invalid receiver type ... |
36 | JDK-8255035 | xml | jaxp | Update BCEL to Version 6.5.0 |
37 | JDK-8276141 | xml | jaxp | XPathFactory set/getProperty method |