The following sections summarize changes made in all Java SE 8u371 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8307400 (not public) | install | install | The new Java 8u371 RPMs break the standard RHEL OS update mechanism |
JDK-8307777 (not public) | install | install | JDK rpm packages have wrong license |
JDK-8307831 (not public) | install | install | Move dependency on libfreetype.so.6 from JDK8 headless to headful jdk |
BugId | Category | Subcategory | Summary |
---|---|---|---|
JDK-8159956 | client-libs | java.awt | EXCEPTION_ACCESS_VIOLATION in sun.awt.windows.ThemeReader.getThemeMargins |
JDK-8305113 | core-libs | java.time | (tz) Update Timezone Data to 2023c |
JDK-8212970 | core-libs | java.time | TZ database in "vanguard" format support |
JDK-8306690 | install | install | Restore missing /usr/java/default symlink on Linux |
JDK-8305976 | install | install | Installation of OL-specific x64 jdk rpms pulls in i686 dependencies |
JDK-8305177 (not public) | infrastructure | build | Perf and milestone suffix missing in rpm bundle names |
JDK-8302112 (not public) | hotspot | test | remove windows 2012 from task definitions |
Fixes from the prior BPR are included in this version.
April 18, 2023
The full version string for this update release is 8u371-b11 (where "b" means "build"). The version number is 8u371.
JDK 8u371 contains IANA time zone data 2022g which contains the following changes since the previous update.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u371 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
8 | 8u371-b11 |
Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 8u371) after the next critical patch update release, scheduled for July 18, 2023.
Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC).
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u371) on 2023-08-18. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.
A native GSS-API library named sspi_bridge.dll
has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native
system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib
system property to its path.
Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly
system property should be set to false.
com.sun.security.auth.module.Krb5LoginModule
does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule
from JAAS config.
The AppleScript engine implementing the javax.script engine API has been removed without replacement. The AppleScript engine has worked inconsistently. The services configuration (META-INF/services)
file was missing and only worked by accident when installing JDK 7 or JDK 8 on systems that had Apple's version of AppleScriptEngine.jar already on the system.
The com.apple.concurrent.Dispatch
API was a Mac-only API. It was carried into JDK 7u4 with the port of Apple's JDK 6 code. Developers are encouraged to use the standard java.util.concurrent.Executor
and java.util.concurrent.ExecutorService
APIs instead.
This issue prevents yum
from automatically installing the correct packages required by Oracle Linux specific x86_64 headless and headful JDK packages. Instead of x86_64 packages, it will install i686 packages. To workaround the issue, you may manually install packages with the same names as indicated by yum
but with the x86_64 architecture.
After you have the x86_64 headless and/or headful jdk packages installed, you can get the list of required x86_64 packages by running the following script:
rpm -qa | grep -E -e '^jdk-.*-headful-.*\.x86_64$' -e '^jdk-.*-headless-.*\.x86_64$' | xargs -r rpm -q --requires | sort -u | cut -d ' ' -f 1 | grep -v '^rpmlib' | xargs -r rpm -q --whatprovides | sort -u | grep -e '.i[3456]86$' | xargs -r rpm -q --queryformat '%{name}.x86_64\n' | xargs -r echo
It will output a space-separated list of names of required x86_64 packages to stdout. You can pass this list to a sudo yum install
command to ensure the installation of the required packages.
Fixed a regression where the /usr/java/default
symlink is not created by RPM installers on Linux platforms. Now, installers will create the /usr/java/default
symlink if it doesn't exist, targeting the /usr/java/latest
symlink.
After upgrading to JDK 8u371 or later, there is the possibility of an application crash. The error log has a stack trace that starts with the following:
# Internal Error (g1CollectedHeap.cpp:5923), pid=xxxxx, tid=xxxxxx # guarantee(!dcqs.completed_buffers_exist_dirty()) failed: must be
The above error may impact applications using G1 GC on all supported platforms.
Those who encounter the above error are encouraged to create a Service Request through My Oracle Support so that we can provide an interim solution to resolve the error.
Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object>
tag which allows for subclasses of java.awt.Component
to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true
.
The installation directory name of the Oracle JRE in an RPM package has changed from /usr/java/jre-1.8.0_${UPDATE}-${ARCH}
to /usr/lib/jvm/jre-1.8-oracle-${ARCH}
. The installation directory name of the Oracle JDK in an RPM package has changed from /usr/java/jdk-1.8.0_${UPDATE}-${ARCH}
to /usr/lib/jvm/jdk-1.8-oracle-${ARCH}
. Thus the 8u371 and 8u381 releases of JDK for x64 will both be installed in the /usr/lib/jvm/jdk-1.8-oracle-x64
directory and the JRE for x64 will both be installed in the /usr/lib/jvm/jre-1.8-oracle-x64
directory. Both JDK and JRE RPM packages will create /usr/java/jdk-1.8.0-${ARCH}
and /usr/java/jre-1.8.0-${ARCH}
links respectively pointing to the installation directories for backward compatibility.
For the x86_64
platform, the value of the ${ARCH}
suffix has changed from amd64
to x64
. For the x86_32
platform, the value of the ${ARCH}
has changed from i586
to x86
.
The JRE RPM package name has changed from jre1.8
to jre-1.8
to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JRE and then install the new JRE. For example, sudo rpm -e jre1.8; sudo rpm -i jre-8u371-linux-x64.rpm
. The JDK RPM package name has changed from jdk1.8
to jdk-1.8
to make it consistent with other release families. To prevent confusion between the old and new naming patterns, the new package cannot be upgraded using a single "rpm -i ..." or "rpm -U ..." command. Please uninstall the old JDK and then install the new JDK. For example, sudo rpm -e jdk1.8; sudo rpm -i jdk-8u371-linux-x64.rpm
.
Communication with the alternatives framework for the JDK RPM package has changed. JDK RPM packages of prior versions registered a single java
group of commands with the alternatives framework. The JDK 1.8 RPM package registers java
and javac
groups with the alternatives framework. The java
group is for commands used to run applications: java
, javaws
, jcontrol
, jjs
, keytool
, orbd
, pack200
, policytool
, rmic
, rmid
, rmiregistry
, servertool
, tnameserv
, unpack200
. The javac
group is used for all other commands. The set of commands registered by the package has not changed.
Three new Oracle Linux (OL)-specific JDK RPM packages have been added: jdk-1.8-headless
, jdk-1.8-headful
, and jre-1.8-headful
. These packages are available in OL7, OL8, and OL9 repositories. They are not available for download from oracle.com.
jdk-1.8-headless
is a Headless Java Runtime for running non-GUI applications.jdk-1.8-headful
is a Headful Java Runtime with Development Tools for developing and running applications of all types.jre-1.8-headful
is a Headful Java Runtime for running applications of all types.The combination of the OL-specific jdk-1.8-headless
and jdk-1.8-headful
packages provides the same JDK image and the same capabilities as the jdk-1.8
oracle.com package. The jre-1.8-headful
package provides the same JRE image and the same capabilities as the jre-1.8
oracle.com package. OL-specific JDK and JRE RPM packages specify required capabilities, and the "Release" property of these packages has a %{dist}
suffix. The value of the Release property of all RPM packages contains the value of the build number instead of the milestone.
Windows JDK installers must install the Oracle JDK in %Program Files%\Java\jdk-%FEATURE%
instead of %Program Files%\Java\jdk-%VNUM%
. That is, all updates of the same release must share one installation directory. It will not be possible to install older versions of a family if there is a newer JRE of that family already installed.
Thus the JDK 8u371 and JDK 8u381 releases will both install into %Program Files%\Java\jdk-1.8
by default, and they both cannot be installed at the same time.
Note: The Java 8u371 feature JDK-8293762 will now only allow one JRE of each family to be installed at one time. The REMOVEOLDERJRES=1
feature will no longer be supported with the standalone MSI. This is by design, as we only allow one JRE of each family of Java. The newer JREs will auto-upgrade older JREs of the same family.
The Oracle JDK installation directory name will be changed from /Library/Java/JavaVirtualMachines/jdk1.8.0_${UPDATE}.jdk
to /Library/Java/JavaVirtualMachines/jdk-1.8.jdk
. Thus the 8u371 and 8u381 releases will both install into the /Library/Java/JavaVirtualMachines/jdk-1.8.jdk
installation directory. Installing an older JDK update release will log an error, and not install the JDK, if a newer version of the same feature release already exists. An error dialog will be shown except in the case of a silent installation. JDK 8 update releases shipped prior to this release, JDK 8u371, will not be uninstalled during installation of JDK 8u371 or later.
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignaca
DN: CN=Certigna, O=Dhimyotis, C=FR
SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.
After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms
security property, the SSLSocket.getEnabledProtocols()
, SSLServerSocket.getEnabledProtocols()
, SSLEngine.getEnabledProtocols()
and SSLParameters.getProtocols()
APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols
or jdk.tls.server.protocols
system properties or with the SSLSocket.setEnabledProtocols()
, SSLServerSocket.setEnabledProtocols()
and SSLEngine.setEnabledProtocols()
APIs.
After updating to JDK 8u361, applications failed to start, with multiple Exceptions being thrown, ultimately identified by a java.lang.ArrayIndexOutOfBoundsException
occurring at jdk.internal.platform.cgroupv2.CgroupV2Subsystem.initSubsystem
.
The JVM sometimes failed to initialize on Linux systems where /proc/self/mountinfo
does not contain any mounted filesystem or controllers for cgroup.
For background information, see also My Oracle Support see KM Doc ID 2923131.1.
As part of ongoing maintenance, the JDK for Windows is built using the Microsoft Visual Studio 2022 toolchain starting with this release.
If you have issues with a Java application and if you have native or JNI libraries that are compiled with a different release of the compiler, then you must consider compatibility issues between the runtimes. Specifically, your environment is supported only if you follow the Microsoft guidelines when dealing with multiple runtimes. More information can be found in “C++ binary compatibility between Visual Studio versions”.
Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:
Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.
Upgrading from an 8u361 (or earlier) 32-bit JRE to an 8u371 (or later) 32-bit JRE when an 8u371 (or later) 64-bit JRE is already installed will cause the java.exe
command to not be found. For example:
java.exe
will now not work from all places. It will only work directly from the bin
directory.
java.exe
will not work unless you specify the full path to the bin directory of your JRE.
There are 2 workarounds:
java.exe
in the \bin
directory of the JRE, for example: C:\Program Files\Java\jre-1.8\bin\java.exe
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
The following table lists the bug fixes included in the JDK 8u371 release:
# | BugId | Component | Summary |
---|---|---|---|
1 | JDK-8285399 | client-libs/2d | JNI exception pending in awt_GraphicsEnv.c:1432 |
2 | JDK-8284023 | client-libs/java.awt | java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo |
3 | JDK-8296496 | client-libs/java.awt | Overzealous check in sizecalc.h prevents large memory allocation |
4 | JDK-8295685 | client-libs/java.awt | Update Libpng to 1.6.38 |
5 | JDK-8294378 | core-libs/java.net | URLPermission constructor exception when using tr locale |
6 | JDK-8297569 | core-libs/java.net | URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 |
7 | JDK-8299439 | core-libs/java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
8 | JDK-8295530 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.2.13 |
9 | JDK-8287180 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-08-08 |
10 | JDK-8267038 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-03-02 |
11 | JDK-8296239 | core-libs/java.util:i18n | ISO 4217 Amendment 174 Update |
12 | JDK-8241900 | hotspot/compiler | Loop unswitching may cause dependence on null check to be lost |
13 | JDK-8179954 | hotspot/compiler | AArch64: C1 and C2 volatile accesses are not sequentially consistent |
14 | JDK-8210387 | hotspot/compiler | C2 compilation fails with "assert(node->_last_del == _last) failed: must have deleted the edge just produced" |
15 | JDK-8248552 | hotspot/compiler | C2 crashes with SIGFPE due to division by zero |
16 | JDK-8069191 | hotspot/compiler | moving predicate out of loops may cause array accesses to bypass null check |
17 | JDK-8250825 | hotspot/compiler | C2 crashes with assert(field != __null) failed: missing field |
18 | JDK-8255466 | hotspot/compiler | C2 crashes at ciObject::get_oop() const+0x0 |
19 | JDK-8272985 | hotspot/gc | Reference discovery is confused about atomicity and degree of parallelism |
20 | JDK-8005165 | hotspot/runtime | Remove CPU-dependent code in self-patching vtables |
21 | JDK-8271506 | hotspot/runtime | Add ResourceHashtable support for deleting selected entries |
22 | JDK-8253797 | hotspot/runtime | [cgroups v2] Account for the fact that swap accounting is disabled on some systems |
23 | JDK-8239785 | hotspot/runtime | Cgroups: Incorrect detection logic on old systems in hotspot |
24 | JDK-8239559 | hotspot/runtime | Cgroups: Incorrect detection logic on some systems |
25 | JDK-8048190 | hotspot/runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
26 | JDK-8197859 | hotspot/runtime | VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp |
27 | JDK-8254997 | hotspot/runtime | Remove unimplemented OSContainer::read_memory_limit_in_bytes |
28 | JDK-8252359 | hotspot/runtime | HotSpot Not Identifying it is Running in a Container |
29 | JDK-8253435 | hotspot/runtime | Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist |
30 | JDK-8284633 | hotspot/runtime | CompressedClassPointers.java fails on macos-aarch64 |
31 | JDK-8220658 | hotspot/runtime | Improve the readability of container information in the error log |
32 | JDK-8291763 | hotspot/runtime | Include virtualization information in hs_err crash log on Solaris |
33 | JDK-8289424 | hotspot/runtime | Include LD_HWCAP in hs_err log output |
34 | JDK-8298349 | install/install | /usr/java/latest points to wrong JDK |
35 | JDK-8298330 | install/install | /usr/java/latest is missing after one of JDK rpms is uninstalled |
36 | JDK-8149508 | javafx/controls | Performance issue when scrolling ListView due to excess CSS processing |
37 | JDK-8294400 | javafx/media | Provide media support for libavcodec version 59 |
38 | JDK-8257895 | javafx/media | Allow building of JavaFX media libs for Apple Silicon |
39 | JDK-8298167 | javafx/web | Opacity in WebView not working anymore |
40 | JDK-8295755 | javafx/web | Update SQLite to 3.39.4 |
41 | JDK-8303217 | javafx/web | Webview loaded webpage is not showing play, volume related buttons for embeded Audio/Video elements |
42 | JDK-8301022 | javafx/web | Video distortion is observed while playing youtube video |
43 | JDK-8300954 | javafx/web | HTML default Range input control not rendered |
44 | JDK-8301712 | javafx/web | [linux] Crash on exit from WebKit 615.1 |
45 | JDK-8302684 | javafx/web | Cherry-pick WebKit 615.1 stabilization fixes (2) |
46 | JDK-8302294 | javafx/web | Cherry-pick WebKit 615.1 stabilization fixes |
47 | JDK-8299977 | javafx/web | Update WebKit to 615.1 |
48 | JDK-8242151 | security-libs/java.security | Improve OID mapping and reuse among JDK security providers for aliases registration |
49 | JDK-8242897 | security-libs/java.security | KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException |
50 | JDK-8280890 | security-libs/java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
51 | JDK-8200468 | security-libs/org.ietf.jgss | Port the native GSS-API bridge to Windows |
52 | JDK-8253829 | security-libs/org.ietf.jgss | Wrong length compared in SSPI bridge |
53 | JDK-8225687 | security-libs/org.ietf.jgss | Newly added sspi.cpp in JDK-6722928 still contains some small errors |
54 | JDK-8175000 | tools/launcher | jexec fails to execute simple helloworld.jar |