The following sections summarize changes made in all Java SE 8u361 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8299439 | core-libs | java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
JDK-8017487 | client-libs | javax.swing | filechooser in Windows-Libraries folder: columns are mixed up |
JDK-8301318 (Confidential) | deploy | webstart | Few JVM arguments are not supported in JAVAWS/JNLP |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8274205 | security-libs | org.ietf.jgss:krb5 | Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC |
JDK-8284662 | javafx | accessibility | Screen reader fails to read ListView/ComboBox item count if > 100 |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8251862 | javafx | graphics | Wrong position of Popup windows at the intersection of 2 screens |
JDK-8149508 | javafx | controls | Performance issue when scrolling ListView due to excess CSS processing |
JDK-8299741 | install | autoupdate | A temporary file is left in 'locallow' temp directory after Java Update |
The JVM will fail to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.
A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8089986 | javafx | controls | Menu beeps when mnemonics is used |
JDK-7131823 | client-libs | javax.imageio | bug in GIFImageReader |
JDK-6357887 | client-libs | 2d | selected printertray is ignored under linux |
JDK-8239559 | hotspot | runtime | Cgroups: Incorrect detection logic on some systems |
JDK-8239785 | hotspot | runtime | Cgroups: Incorrect detection logic on old systems in hotspot |
JDK-8048190 | hotspot | runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
JDK-8271506 | hotspot | runtime | Add ResourceHashtable support for deleting selected entries |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8205959 | core-libs | java.net | Do not restart close if errno is EINTR |
JDK-8280890 | security-libs | java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
JDK-8299628 (Confidential) | javafx | graphics | BMP top-down images fail to load after JDK-8289336 |
JDK-8297804 | core-libs | java.time | (tz) Update Timezone Data to 2022g |
January 17, 2023
The full version string for this update release is 8u361-b09 (where "b" means "build"). The version number is 8u361.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u361 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u361-b09 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u361) be used after the next critical patch update scheduled for April 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u361) on 2023-05-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
An OCSP response signed with the RSASSA-PSS algorithm is now supported.
After updating to JDK 8u361, applications may fail to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException
occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem
.
The JVM will fail to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.
A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).
Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.
Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares
command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.
The “JavaScript script engine” for FXML is now disabled by default. Any .fxml file that has a "javascript" Processing Instruction (PI) will no longer load by default, and an exception will be thrown.
It can be enabled by setting the system property: -Djavafx.allowjs=true
ProcessBuilder on Windows is restored to address a regression caused by JDK-8250568. Previously, an argument to ProcessBuilder that started with a double-quote and ended with a backslash followed by a double-quote was passed to a command incorrectly and may cause the command to fail. For example the argument "C:\\Program Files\"
, would be seen by the command with extra double-quotes. This update restores the long standing behavior that does not treat the backslash before the final double-quote specially.
Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server
and http.keepAlive.time.proxy
respectively. More information about them can be found in Networking Properties.
This version of the JDK no longer includes a copy of Java VisualVM. VisualVM is now available as a separate download from https://visualvm.github.io.
The readObject
method of _DynAnyFactoryStub
has been amended, such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format, only. As DynAnyFactory
is a locally or ORB constrained type, it is not useful that serialized data should contain corbaname or corbaloc URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to a DynAnyFactory
IOR, as such, using a corbaname to reference an instance of DynAnyFactory
is not meaningful.
A system property is introduced, org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck
, which when set to true, will revert the _DynAnyFactoryStub::readObject
to its current behavior and bypass the additional IOR checks.
The SunJSSE close notification checks for SSLEngine
to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also JDK-8253368.
Specifically, if an application tries to close its SSLEngine
inbound side using SSLEngine.closeInbound()
without having received a close notification message from its peer, the SSLEngine
will no longer:
The new behavior will still consider this condition an error and will throw a local javax.net.ssl.SSLException
. But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid.
In addition, the internal transport context for the SSLEngine
will also now be closed. This may result in a different SSLEngineResult.HandshakeStatus
value on the SSLEngine
. Any outstanding outbound data must still be obtained (SSLEngine.wrap()
) and sent in order to gracefully close the connection.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u361 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8240756 | client-libs/2d | [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled |
2 | JDK-8212677 | client-libs/java.awt | X11 default visual support for IM status window on VNC |
3 | JDK-8231445 | client-libs/java.awt | check ZALLOC return values in awt coding |
4 | JDK-8284033 | client-libs/java.awt | Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c |
5 | JDK-8277497 | client-libs/javax.accessibility | Last column cell in the JTable row is read as empty cell |
6 | JDK-8280950 | core-libs/java.util | RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix |
7 | JDK-8281183 | core-libs/java.util | RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950 |
8 | JDK-8294307 | core-libs/java.util:i18n | ISO 4217 Amendment 173 Update |
9 | JDK-8215571 | core-svc/debugger | jdb does not include jdk.* in the default class filter |
10 | JDK-8197387 | core-svc/tools | jcmd started by "root" must be allowed to access all VM processes |
11 | JDK-8294294 | docs/guides | Document jdk.xml.xpathExprGrpLimit, jdk.xml.xpathExprOpLimit, and jdk.xml.xpathTotalOpLimit in the JAXP Security Guide |
12 | JDK-8145458 | docs/hotspot | JDK 8 man page incorrectly states -XX:ThreadStackSize=size sets the thread stack size (in bytes). |
13 | JDK-8217359 | hotspot/compiler | C2 compiler triggers SIGSEGV after transformation in ConvI2LNode::Ideal |
14 | JDK-8255058 | hotspot/compiler | C1: assert(is_virtual()) failed: type check |
15 | JDK-8253816 | hotspot/compiler | Support macOS W^X |
16 | JDK-8253795 | hotspot/compiler | Implementation of JEP 391: macOS/AArch64 Port |
17 | JDK-8168712 | hotspot/compiler | [AOT] assert(false) failed: DEBUG MESSAGE: InterpreterMacroAssembler::call_VM_base: last_sp != NULL |
18 | JDK-8261336 | hotspot/compiler | IGV: enhance default filters |
19 | JDK-8253817 | hotspot/runtime | Support macOS Aarch64 ABI in Interpreter |
20 | JDK-8200109 | hotspot/runtime | NMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type") |
21 | JDK-8238676 | hotspot/runtime | jni crashes on accessing it from process exit hook |
22 | JDK-8230305 | hotspot/runtime | Cgroups v2: Container awareness |
23 | JDK-8027429 | hotspot/runtime | Add diagnostic command VM.info to get hs_err print-out |
24 | JDK-8253714 | hotspot/runtime | [cgroups v2] Soft memory limit incorrectly using memory.high |
25 | JDK-8253727 | hotspot/runtime | [cgroups v2] Memory and swap limits reported incorrectly |
26 | JDK-8255716 | hotspot/runtime | AArch64: Regression: JVM crashes if manually offline a core |
27 | JDK-8191846 | hotspot/svc | jstat prints debug message when debugging is disabled |
28 | JDK-8038392 | hotspot/svc | Generating prelink cache breaks JAVA 'jinfo' utility normal behaviour |
29 | JDK-8087557 | javafx/accessibility | [Win] [Accessibility, Dialogs] Alert Dialog content is not fully read by Screen Reader |
30 | JDK-8284281 | javafx/accessibility | [Accessibility] [Win] [Narrator] Exceptions with TextArea & TextField when deleted last char |
31 | JDK-8291087 | javafx/accessibility | Wrong position of focus of screen reader on Windows with screen scale > 1 |
32 | JDK-8293795 | javafx/accessibility | [Accessibility] [Win] [Narrator] Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField |
33 | JDK-8289542 | javafx/graphics | Update JPEG Image Decoding Software to 9e |
34 | JDK-8293971 | javafx/media | Loading new Media from resources can sometimes fail when loading from FXML |
35 | JDK-8289541 | javafx/web | Update ICU4C to 71.1 |
36 | JDK-8257722 | security-libs/java.security | Improve "keytool -printcert -jarfile" output |
37 | JDK-8273553 | security-libs/javax.net.ssl | sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 |