JDK 8u361 Release Notes

Java SE 8u361 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u361 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.


Changes in Java SE 8u361 b35

Bug Fixes

BugId Category Subcategory Summary
JDK-8299439 core-libs java.text java/text/Format/NumberFormat/ fails for hr_HR
JDK-8017487 client-libs javax.swing filechooser in Windows-Libraries folder: columns are mixed up
JDK-8301318 (Confidential) deploy webstart Few JVM arguments are not supported in JAVAWS/JNLP


Changes in Java SE 8u361 b34

Bug Fixes

BugId Category Subcategory Summary
JDK-8274205 security-libs org.ietf.jgss:krb5 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
JDK-8284662 javafx accessibility Screen reader fails to read ListView/ComboBox item count if > 100


Changes in Java SE 8u361 b33

Bug Fixes

BugId Category Subcategory Summary
JDK-8251862 javafx graphics Wrong position of Popup windows at the intersection of 2 screens
JDK-8149508 javafx controls Performance issue when scrolling ListView due to excess CSS processing
JDK-8299741 install autoupdate A temporary file is left in 'locallow' temp directory after Java Update


Changes in Java SE 8u361 b32

 JVM Will Fail to Initialize on Some cgroups v1 Systems (JDK-8302716)

The JVM will fail to initialize on Linux systems where /proc/self/mountinfo does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.

A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).

Bug Fixes

BugId Category Subcategory Summary
JDK-8089986 javafx controls Menu beeps when mnemonics is used
JDK-7131823 client-libs javax.imageio bug in GIFImageReader
JDK-6357887 client-libs 2d selected printertray is ignored under linux
JDK-8239559 hotspot runtime Cgroups: Incorrect detection logic on some systems
JDK-8239785 hotspot runtime Cgroups: Incorrect detection logic on old systems in hotspot
JDK-8048190 hotspot runtime NoClassDefFoundError omits original ExceptionInInitializerError
JDK-8271506 hotspot runtime Add ResourceHashtable support for deleting selected entries


Changes in Java SE 8u361 b31

Bug Fixes

BugId Category Subcategory Summary
JDK-8205959 core-libs Do not restart close if errno is EINTR
JDK-8280890 security-libs Cannot use '-Djava.system.class.loader' with class loader in signed JAR
JDK-8299628 (Confidential) javafx graphics BMP top-down images fail to load after JDK-8289336
JDK-8297804 core-libs java.time (tz) Update Timezone Data to 2022g

Java™ SE Development Kit 8, Update 361 (JDK 8u361)

January 17, 2023

The full version string for this update release is 8u361-b09 (where "b" means "build"). The version number is 8u361.


IANA TZ Data 2022d, 2022e, 2022f

JDK 8u361 contains IANA time zone data 2022d, 2022e, 2022f.
  • Palestine transitions are now Saturdays at 02:00.
  • Simplify three Ukraine zones into one.
  • Jordan and Syria switch from +02/+03 with DST to year-round +03.
  • Mexico will no longer observe DST except near the US border.
  • Chihuahua moves to year-round -06 on 2022-10-30.
  • Fiji no longer observes DST.
  • Move links to 'backward'.
  • In vanguard form, GMT is now a Zone and Etc/GMT a link.
  • zic now supports links to links, and vanguard form uses this.
  • Simplify four Ontario zones.
  • Fix a Y2438 bug when reading TZif data.
  • Enable 64-bit time_t on 32-bit glibc platforms.
  • Omit large-file support when no longer needed.
  • In C code, use some C23 features if available.
  • Remove no-longer-needed workaround for Qt bug 53071.
For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u361 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u361) be used after the next critical patch update scheduled for April 18, 2023.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u361) on 2023-05-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


New Features

 Support for RSASSA-PSS in OCSP Response (JDK-8274471)

An OCSP response signed with the RSASSA-PSS algorithm is now supported.


Known Issues

 JVM Will Fail to Initialize on Some cgroups v1 Systems (JDK-8302716)

After updating to JDK 8u361, applications may fail to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem.

The JVM will fail to initialize on Linux systems where /proc/self/mountinfo does not contain any mounted filesystem or controllers for cgroups. This failure occurs due to faulty detection logic where it incorrectly detects a cgroup v1 system, having no mounted controllers, as a cgroup v2 system.

A fix is available via the 8u361 b32 BPR available on My Oracle Support (see KM Doc ID 2923131.1).


Other Notes

 CPU Shares Ignored When Computing Active Processor Count (JDK-8281181)

Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.

Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.

 FXML JavaScript Engine Disabled by Default (JDK-8294779 (not public))

The “JavaScript script engine” for FXML is now disabled by default. Any .fxml file that has a "javascript" Processing Instruction (PI) will no longer load by default, and an exception will be thrown.

It can be enabled by setting the system property: -Djavafx.allowjs=true

 Incorrect Handling of Quoted Arguments in ProcessBuilder (JDK-8282008)

ProcessBuilder on Windows is restored to address a regression caused by JDK-8250568. Previously, an argument to ProcessBuilder that started with a double-quote and ended with a backslash followed by a double-quote was passed to a command incorrectly and may cause the command to fail. For example the argument "C:\\Program Files\", would be seen by the command with extra double-quotes. This update restores the long standing behavior that does not treat the backslash before the final double-quote specially.

 Make HttpURLConnection Default Keep Alive Timeout Configurable (JDK-8278067)

Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server and http.keepAlive.time.proxy respectively. More information about them can be found in Networking Properties.

 VisualVM tool no longer bundled (JDK-8294184)

This version of the JDK no longer includes a copy of Java VisualVM. VisualVM is now available as a separate download from

 CORBA _DynAnyFactoryStub readObject Accepts Only Stringified ior in IOR: URI format (JDK-8285021 (not public))

The readObject method of _DynAnyFactoryStub has been amended, such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format, only. As DynAnyFactory is a locally or ORB constrained type, it is not useful that serialized data should contain corbaname or corbaloc URIs. Furthermore, an ORB will prohibit the binding of a name in the INS to a DynAnyFactory IOR, as such, using a corbaname to reference an instance of DynAnyFactory is not meaningful.

A system property is introduced, org.omg.DynamicAny.DynAnyFactoryStub.disableIORCheck, which when set to true, will revert the _DynAnyFactoryStub::readObject to its current behavior and bypass the additional IOR checks.

 Change in SSLEngine.closeInbound() Behavior (JDK-8273553)

The SunJSSE close notification checks for SSLEngine to have been made less strict to conform to changes in the Transport Layer Security (TLS) RFCs. See also JDK-8253368.

Specifically, if an application tries to close its SSLEngine inbound side using SSLEngine.closeInbound() without having received a close notification message from its peer, the SSLEngine will no longer:

  1. trigger the transmission of a TLS fatal-level alert to the peer, and
  2. invalidate the current TLS session

The new behavior will still consider this condition an error and will throw a local But a fatal-level alert will no longer be generated to be sent to the peer, and the underlying session will remain valid.

In addition, the internal transport context for the SSLEngine will also now be closed. This may result in a different SSLEngineResult.HandshakeStatus value on the SSLEngine. Any outstanding outbound data must still be obtained (SSLEngine.wrap()) and sent in order to gracefully close the connection.


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. The following table lists the bug fixes included in the JDK 8u361 release:

# BugId Component Summary
1JDK-8240756client-libs/2d[macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
2JDK-8212677client-libs/java.awtX11 default visual support for IM status window on VNC
3JDK-8231445client-libs/java.awtcheck ZALLOC return values in awt coding
4JDK-8284033client-libs/java.awtLeak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
5JDK-8277497client-libs/javax.accessibilityLast column cell in the JTable row is read as empty cell
6JDK-8280950core-libs/java.utilRandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
7JDK-8281183core-libs/java.utilRandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
8JDK-8294307core-libs/java.util:i18nISO 4217 Amendment 173 Update
9JDK-8215571core-svc/debuggerjdb does not include jdk.* in the default class filter
10JDK-8197387core-svc/toolsjcmd started by "root" must be allowed to access all VM processes
11JDK-8294294docs/guidesDocument jdk.xml.xpathExprGrpLimit, jdk.xml.xpathExprOpLimit, and jdk.xml.xpathTotalOpLimit in the JAXP Security Guide
12JDK-8145458docs/hotspotJDK 8 man page incorrectly states -XX:ThreadStackSize=size sets the thread stack size (in bytes).
13JDK-8217359hotspot/compilerC2 compiler triggers SIGSEGV after transformation in ConvI2LNode::Ideal
14JDK-8255058hotspot/compilerC1: assert(is_virtual()) failed: type check
15JDK-8253816hotspot/compilerSupport macOS W^X
16JDK-8253795hotspot/compilerImplementation of JEP 391: macOS/AArch64 Port
17JDK-8168712hotspot/compiler[AOT] assert(false) failed: DEBUG MESSAGE: InterpreterMacroAssembler::call_VM_base: last_sp != NULL
18JDK-8261336hotspot/compilerIGV: enhance default filters
19JDK-8253817hotspot/runtimeSupport macOS Aarch64 ABI in Interpreter
20JDK-8200109hotspot/runtimeNMT: diff_malloc_site assert(early->flags() == current->flags(), "Must be the same memory type")
21JDK-8238676hotspot/runtimejni crashes on accessing it from process exit hook
22JDK-8230305hotspot/runtimeCgroups v2: Container awareness
23JDK-8027429hotspot/runtimeAdd diagnostic command to get hs_err print-out
24JDK-8253714hotspot/runtime[cgroups v2] Soft memory limit incorrectly using memory.high
25JDK-8253727hotspot/runtime[cgroups v2] Memory and swap limits reported incorrectly
26JDK-8255716hotspot/runtimeAArch64: Regression: JVM crashes if manually offline a core
27JDK-8191846hotspot/svcjstat prints debug message when debugging is disabled
28JDK-8038392hotspot/svcGenerating prelink cache breaks JAVA 'jinfo' utility normal behaviour
29JDK-8087557javafx/accessibility[Win] [Accessibility, Dialogs] Alert Dialog content is not fully read by Screen Reader
30JDK-8284281javafx/accessibility[Accessibility] [Win] [Narrator] Exceptions with TextArea & TextField when deleted last char
31JDK-8291087javafx/accessibilityWrong position of focus of screen reader on Windows with screen scale > 1
32JDK-8293795javafx/accessibility[Accessibility] [Win] [Narrator] Exceptions When Deleting Text with Continuous Key Press in TextArea and TextField
33JDK-8289542javafx/graphicsUpdate JPEG Image Decoding Software to 9e
34JDK-8293971javafx/mediaLoading new Media from resources can sometimes fail when loading from FXML
35JDK-8289541javafx/webUpdate ICU4C to 71.1
36JDK-8257722security-libs/java.securityImprove "keytool -printcert -jarfile" output
37JDK-8273553security-libs/ also has similar error of JDK-8253368