java

JDK 8u371 Release Notes

Java SE 8u371 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u371 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.

 

Changes in Java SE 8u371 b33

Bug Fixes

BugId Category Subcategory Summary
JDK-8307400 (not public) install install The new Java 8u371 RPMs break the standard RHEL OS update mechanism
JDK-8307777 (not public) install install JDK rpm packages have wrong license
JDK-8307831 (not public) install install Move dependency on libfreetype.so.6 from JDK8 headless to headful jdk

 

Changes in Java SE 8u371 b32

Bug Fixes

BugId Category Subcategory Summary
JDK-8159956 client-libs java.awt EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins
JDK-8305113 core-libs java.time (tz) Update Timezone Data to 2023c
JDK-8212970 core-libs java.time TZ database in "vanguard" format support
JDK-8306690 install install Restore missing /usr/java/default symlink on Linux
JDK-8305976 install install Installation of OL-specific x64 jdk rpms pulls in i686 dependencies
JDK-8305177 (not public) infrastructure build Perf and milestone suffix missing in rpm bundle names
JDK-8302112 (not public) hotspot test remove windows 2012 from task definitions

 

Changes in Java SE 8u371 b31

Bug Fixes

Fixes from the prior BPR are included in this version.


Java™ SE Development Kit 8, Update 371 (JDK 8u371)

April 18, 2023

The full version string for this update release is 8u371-b11 (where "b" means "build"). The version number is 8u371.

 

IANA TZ Data 2022g

JDK 8u371 contains IANA time zone data 2022g which contains the following changes since the previous update.

  • The northern edge of Chihuahua changes to US timekeeping.
  • Much of Greenland stops changing clocks after March 2023.
  • Fix some pre-1996 timestamps in northern Canada.
  • C89 is now deprecated; please use C99 or later.
  • Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.
  • In C code, use more C23 features if available.
  • C23 timegm now supported by default.
  • Fixes for unlikely integer overflows.

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u371 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
88u371-b11

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 8u371) after the next critical patch update release, scheduled for July 18, 2023.

Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u371) on 2023-08-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

 

New Features

security-libs/org.ietf.jgss
 Added a Default Native GSS-API Library on Windows (JDK-6722928)

A native GSS-API library named sspi_bridge.dll has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib system property to its path.

Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly system property should be set to false.

com.sun.security.auth.module.Krb5LoginModule does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule from JAAS config.

 

Removed Features and Options

other-libs
 javax.script Engine Implementation and com.apple.concurrent.Dispatch Are Removed for macOS AArch64 (DK-8297475 (Not Public))

The AppleScript engine implementing the javax.script engine API has been removed without replacement. The AppleScript engine has worked inconsistently. The services configuration (META-INF/services) file was missing and only worked by accident when installing JDK 7 or JDK 8 on systems that had Apple's version of AppleScriptEngine.jar already on the system.

The com.apple.concurrent.Dispatch API was a Mac-only API. It was carried into JDK 7u4 with the port of Apple's JDK 6 code. Developers are encouraged to use the standard java.util.concurrent.Executor and java.util.concurrent.ExecutorService APIs instead.

 

Known Issues

install/install
 Installation of Oracle Linux Specific x64 JDK RPMs Pulls in i686 Dependencies (JDK-8305976 (Not Public))

This issue prevents yum from automatically installing the correct packages required by Oracle Linux specific x86_64 headless and headful JDK packages. Instead of x86_64 packages, it will install i686 packages. To workaround the issue, you may manually install packages with the same names as indicated by yum but with the x86_64 architecture.

After you have the x86_64 headless and/or headful jdk packages installed, you can get the list of required x86_64 packages by running the following script:

rpm -qa | grep -E -e '^jdk-.*-headful-.*\.x86_64$' -e '^jdk-.*-headless-.*\.x86_64$' | xargs -r rpm -q --requires | sort -u | cut -d ' ' -f 1 | grep -v '^rpmlib' | xargs -r rpm -q --whatprovides | sort -u | grep -e '.i[3456]86$' | xargs -r rpm -q --queryformat '%{name}.x86_64\n' | xargs -r echo

It will output a space-separated list of names of required x86_64 packages to stdout. You can pass this list to a sudo yum install command to ensure the installation of the required packages.

install/install
 Installation of Oracle Linux Specific x64 JDK RPMs Pulls in i686 Dependencies (JDK-8306690 (Not Public))

Fixed a regression where the /usr/java/default symlink is not created by RPM installers on Linux platforms. Now, installers will create the /usr/java/default symlink if it doesn't exist, targeting the /usr/java/latest symlink.

hotspot
 JVM Crashes with `Internal Error (g1CollectedHeap.cpp:5923)` after Upgrading to JDK 8u371 (JDK-8311244 (not public))

After upgrading to JDK 8u371 or later, there is the possibility of an application crash. The error log has a stack trace that starts with the following:


# Internal Error (g1CollectedHeap.cpp:5923), pid=xxxxx, tid=xxxxxx
# guarantee(!dcqs.completed_buffers_exist_dirty()) failed: must be

 

The above error may impact applications using G1 GC on all supported platforms.

Those who encounter the above error are encouraged to create a Service Request through My Oracle Support so that we can provide an interim solution to resolve the error.

 

Other Notes

client-libs/javax.swing
 System Property to Handle HTML ObjectView Creation (JDK-8296832 (Not Public))

Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true.

install/install
 RPM JDK Installer Changes (JDK-8292838 (Not Public))

The installation directory name of the Oracle JRE in an RPM package has changed from /usr/java/jre-1.8.0_${UPDATE}-${ARCH} to /usr/lib/jvm/jre-1.8-oracle-${ARCH}. The installation directory name of the Oracle JDK in an RPM package has changed from /usr/java/jdk-1.8.0_${UPDATE}-${ARCH} to /usr/lib/jvm/jdk-1.8-oracle-${ARCH}. Thus the 8u371 and 8u381 releases of JDK for x64 will both be installed in the /usr/lib/jvm/jdk-1.8-oracle-x64 directory and the JRE for x64 will both be installed in the /usr/lib/jvm/jre-1.8-oracle-x64 directory. Both JDK and JRE RPM packages will create /usr/java/jdk-1.8.0-${ARCH} and /usr/java/jre-1.8.0-${ARCH} links respectively pointing to the installation directories for backward compatibility.

For the x86_64 platform, the value of the ${ARCH} suffix has changed from amd64 to x64. For the x86_32 platform, the value of the ${ARCH} has changed from i586 to x86.

The JRE RPM package name has changed from jre1.8 to jre-1.8 to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JRE and then install the new JRE. For example, sudo rpm -e jre1.8; sudo rpm -i jre-8u371-linux-x64.rpm. The JDK RPM package name has changed from jdk1.8 to jdk-1.8 to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JDK and then install the new JDK. For example, sudo rpm -e jdk1.8; sudo rpm -i jdk-8u371-linux-x64.rpm.

Communication with the alternatives framework for the JDK RPM package has changed. JDK RPM packages of prior versions registered a single java group of commands with the alternatives framework. The JDK 1.8 RPM package registers java and javac groups with the alternatives framework. The java group is for commands used to run applications: java, javaws, jcontrol, jjs, keytool, orbd, pack200, policytool, rmic, rmid, rmiregistry, servertool, tnameserv, unpack200. The javac group is used for all other commands. The set of commands registered by the package has not changed.

Three new Oracle Linux (OL)-specific JDK RPM packages have been added: jdk-1.8-headless, jdk-1.8-headful, and jre-1.8-headful. These packages are available in OL7, OL8, and OL9 repositories. They are not available for download from oracle.com.

  • jdk-1.8-headless is a Headless Java Runtime for running non-GUI applications.
  • jdk-1.8-headful is a Headful Java Runtime with Development Tools for developing and running applications of all types.
  • jre-1.8-headful is a Headful Java Runtime for running applications of all types.

The combination of the OL-specific jdk-1.8-headless and jdk-1.8-headful packages provides the same JDK image and the same capabilities as the jdk-1.8 oracle.com package. The jre-1.8-headful package provides the same JRE image and the same capabilities as the jre-1.8 oracle.com package. OL-specific JDK and JRE RPM packages specify required capabilities, and the "Release" property of these packages has a %{dist} suffix. The value of the Release property of all RPM packages contains the value of the build number instead of the milestone.

install/install
 Disable Side-by-Side Installations of Multiple JDK Updates in Windows JDK Installers (JDK-8292824 (Not Public))

Windows JDK installers must install the Oracle JDK in %Program Files%\Java\jdk-%FEATURE% instead of %Program Files%\Java\jdk-%VNUM%. That is, all updates of the same release must share one installation directory. It will not be possible to install older versions of a family if there is a newer JRE of that family already installed.

Thus the JDK 8u371 and JDK 8u381 releases will both install into %Program Files%\Java\jdk-1.8 by default, and they both cannot be installed at the same time.

Note: The Java 8u371 feature JDK-8293762 will now only allow one JRE of each family to be installed at one time. The REMOVEOLDERJRES=1 feature will no longer be supported with the standalone MSI. This is by design, as we only allow one JRE of each family of Java. The newer JREs will auto-upgrade older JREs of the same family.

install/install
 All JDK Update Releases Are Installed into the Same Directory on macOS (JDK-8292832 (Not Public))

The Oracle JDK installation directory name will be changed from /Library/Java/JavaVirtualMachines/jdk1.8.0_${UPDATE}.jdk to /Library/Java/JavaVirtualMachines/jdk-1.8.jdk. Thus the 8u371 and 8u381 releases will both install into the /Library/Java/JavaVirtualMachines/jdk-1.8.jdk installation directory. Installing an older JDK update release will log an error, and not install the JDK, if a newer version of the same feature release already exists. An error dialog will be shown except in the case of a silent installation. JDK 8 update releases shipped prior to this release, JDK 8u371, will not be uninstalled during installation of JDK 8u371 or later.

security-libs/java.security
 Added Certigna(Dhimyotis) CA Certificate (JDK-8245654)

The following root certificate has been added to the cacerts truststore:


+ Certigna (Dhimyotis)
   + certignaca
      DN: CN=Certigna, O=Dhimyotis, C=FR

security-libs/javax.net.ssl
 Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols (JDK-8190492)

SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms security property, the SSLSocket.getEnabledProtocols(), SSLServerSocket.getEnabledProtocols(), SSLEngine.getEnabledProtocols() and SSLParameters.getProtocols() APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.

If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols or jdk.tls.server.protocols system properties or with the SSLSocket.setEnabledProtocols(), SSLServerSocket.setEnabledProtocols() and SSLEngine.setEnabledProtocols() APIs.

hotspot/runtime
 JVM May Fail to Initialize on Some cgroups v1 Systems (JDK-8302716)

After updating to JDK 8u361, applications failed to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem.

The JVM sometimes failed to initialize on Linux systems where /proc/self/mountinfo does not contain any mounted filesystem or controllers for cgroup.

For background information, see also My Oracle Support see KM Doc ID 2923131.1.

infrastructure
 Toolchain Upgrade to Visual Studio 2022 (JDK-8283723)

As part of ongoing maintenance, the JDK for Windows is built using the Microsoft Visual Studio 2022 toolchain starting with this release.

If you have issues with a Java application and if you have native or JNI libraries that are compiled with a different release of the compiler, then you must consider compatibility issues between the runtimes. Specifically, your environment is supported only if you follow the Microsoft guidelines when dealing with multiple runtimes. More information can be found in “C++ binary compatibility between Visual Studio versions”.

security-libs/java.security
 Crypto-J Exception for Diffie-Hellman and DSA AlgorithmParameters Requests (JDK-8278027)

Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:

Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)

Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.

install
 No Default Java after 8u371 32-bit Upgrade (JDK-8306784 (not public))

Upgrading from an 8u361 (or earlier) 32-bit JRE to an 8u371 (or later) 32-bit JRE when an 8u371 (or later) 64-bit JRE is already installed will cause the java.exe command to not be found. For example:

  1. Install 32-bit 8u361
  2. Install 64-bit 8u371 (or later)
  3. Install 32-bit 8u371 (or later)

java.exe will now not work from all places. It will only work directly from the bin directory.

java.exe will not work unless you specify the full path to the bin directory of your JRE.

There are 2 workarounds:

  • Workaround 1: uninstall and reinstall the latest version of 64-bit 8u371 (or later)
  • Workaround 2: specify the full path to java.exe in the \bin directory of the JRE, for example: C:\Program Files\Java\jre-1.8\bin\java.exe

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

The following table lists the bug fixes included in the JDK 8u371 release:

# BugId Component Summary
1JDK-8285399client-libs/2dJNI exception pending in awt_GraphicsEnv.c:1432
2JDK-8284023client-libs/java.awtjava.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
3JDK-8296496client-libs/java.awtOverzealous check in sizecalc.h prevents large memory allocation
4JDK-8295685client-libs/java.awtUpdate Libpng to 1.6.38
5JDK-8294378core-libs/java.netURLPermission constructor exception when using tr locale
6JDK-8297569core-libs/java.netURLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
7JDK-8299439core-libs/java.textjava/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
8JDK-8295530core-libs/java.util.jarUpdate Zlib Data Compression Library to Version 1.2.13
9JDK-8287180core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-08-08
10JDK-8267038core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-03-02
11JDK-8296239core-libs/java.util:i18nISO 4217 Amendment 174 Update
12JDK-8241900hotspot/compilerLoop unswitching may cause dependence on null check to be lost
13JDK-8179954hotspot/compilerAArch64: C1 and C2 volatile accesses are not sequentially consistent
14JDK-8210387hotspot/compilerC2 compilation fails with "assert(node->_last_del == _last) failed: must have deleted the edge just produced"
15JDK-8248552hotspot/compilerC2 crashes with SIGFPE due to division by zero
16JDK-8069191hotspot/compilermoving predicate out of loops may cause array accesses to bypass null check
17JDK-8250825hotspot/compilerC2 crashes with assert(field != __null) failed: missing field
18JDK-8255466hotspot/compilerC2 crashes at ciObject::get_oop() const+0x0
19JDK-8272985hotspot/gcReference discovery is confused about atomicity and degree of parallelism
20JDK-8005165hotspot/runtimeRemove CPU-dependent code in self-patching vtables
21JDK-8271506hotspot/runtimeAdd ResourceHashtable support for deleting selected entries
22JDK-8253797hotspot/runtime[cgroups v2] Account for the fact that swap accounting is disabled on some systems
23JDK-8239785hotspot/runtimeCgroups: Incorrect detection logic on old systems in hotspot
24JDK-8239559hotspot/runtimeCgroups: Incorrect detection logic on some systems
25JDK-8048190hotspot/runtimeNoClassDefFoundError omits original ExceptionInInitializerError
26JDK-8197859hotspot/runtimeVS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp
27JDK-8254997hotspot/runtimeRemove unimplemented OSContainer::read_memory_limit_in_bytes
28JDK-8252359hotspot/runtimeHotSpot Not Identifying it is Running in a Container
29JDK-8253435hotspot/runtimeCgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
30JDK-8284633hotspot/runtimeCompressedClassPointers.java fails on macos-aarch64
31JDK-8220658hotspot/runtimeImprove the readability of container information in the error log
32JDK-8291763hotspot/runtimeInclude virtualization information in hs_err crash log on Solaris
33JDK-8289424hotspot/runtimeInclude LD_HWCAP in hs_err log output
34JDK-8298349install/install/usr/java/latest points to wrong JDK
35JDK-8298330install/install/usr/java/latest is missing after one of JDK rpms is uninstalled
36JDK-8149508javafx/controlsPerformance issue when scrolling ListView due to excess CSS processing
37JDK-8294400javafx/mediaProvide media support for libavcodec version 59
38JDK-8257895javafx/mediaAllow building of JavaFX media libs for Apple Silicon
39JDK-8298167javafx/webOpacity in WebView not working anymore
40JDK-8295755javafx/webUpdate SQLite to 3.39.4
41JDK-8303217javafx/webWebview loaded webpage is not showing play, volume related buttons for embeded Audio/Video elements
42JDK-8301022javafx/webVideo distortion is observed while playing youtube video
43JDK-8300954javafx/webHTML default Range input control not rendered
44JDK-8301712javafx/web[linux] Crash on exit from WebKit 615.1
45JDK-8302684javafx/webCherry-pick WebKit 615.1 stabilization fixes (2)
46JDK-8302294javafx/webCherry-pick WebKit 615.1 stabilization fixes
47JDK-8299977javafx/webUpdate WebKit to 615.1
48JDK-8242151security-libs/java.securityImprove OID mapping and reuse among JDK security providers for aliases registration
49JDK-8242897security-libs/java.securityKeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException
50JDK-8280890security-libs/java.securityCannot use '-Djava.system.class.loader' with class loader in signed JAR
51JDK-8200468security-libs/org.ietf.jgssPort the native GSS-API bridge to Windows
52JDK-8253829security-libs/org.ietf.jgssWrong length compared in SSPI bridge
53JDK-8225687security-libs/org.ietf.jgssNewly added sspi.cpp in JDK-6722928 still contains some small errors
54JDK-8175000tools/launcherjexec fails to execute simple helloworld.jar