java

Enterprise Performance Pack Release Notes

Java™ SE Development Kit 8, Update 411 Enterprise Performance Pack (JDK 8u411-PERF)

Release date: April 16, 2024

The full version string for this update release is 8u411-perf-b08 (where "b" means "build"). The version number is 8u411-perf.

 

IANA TZ Data 2024a

JDK 8u411 contains IANA time zone data 2024a which contains the following changes:

  • Ittoqqortoormiit, Greenland changes time zones on 2024-03-31.
  • Vostok, Antarctica changed time zones on 2023-12-18.
  • Casey, Antarctica changed time zones five times since 2020.
  • Code and data fixes for Palestine timestamps starting in 2072.
  • A new data file zonenow.tab for timestamps starting now.
  • Kazakhstan unifies on UTC+5 beginning 2024-03-01.
  • Palestine springs forward a week later after Ramadan.
  • zic no longer pretends to support indefinite-past DST.
  • localtime no longer mishandles Ciudad Juárez in 2422.

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 8u411 are specified in the following table:

Java Family Version Security Baseline (Full Version String)
88u411-perf-b08

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u411) be used after the next critical patch update scheduled for July 16, 2024.

Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider Java Management Service (JMS).

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u411-perf) on 2024-08-16. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


New Features

security-libs/javax.crypto
 Update XML Security for Java to 3.0.3 (JDK-8319124)

The XML Signature implementation has been updated to Santuario 3.0.3. Support for four new SHA-3 based RSA-MGF1 signature methods have been added: SHA3_224_RSA_MGF1, SHA3_256_RSA_MGF1, SHA3_384_RSA_MGF1, and SHA3_512_RSA_MGF1. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod in the JDK update releases, they may be represented as string literals in order to be functionally equivalent. SHA-3 hash algorithm support was delivered to JDK 9 via JEP 287. Releases earlier than that may use third party security providers.

Additionally, support for the following EdDSA signatures has been added: ED25519 and ED448. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod in the JDK Update releases, they may be represented as string literals in order to be functionally equivalent. The JDK supports EdDSA since JDK 15. Releases earlier than that may use 3rd party security providers. One other difference is that the JDK still supports the here() function by default. However, we recommend avoiding the use of the here() function in new signatures and replacing existing signatures that use the here() function. Future versions of the JDK will likely disable, and eventually remove, support for this function, as it cannot be supported using the standard Java XPath API. Users can now disable the here() function by setting the security property jdk.xml.dsig.hereFunctionSupported to "false".

 

Other Notes

java-libs/java.awt
 AWT SystemTray API Is Not Supported on Most Linux Desktops (JDK-8322750)

The java.awt.SystemTray API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that.

Therefore, in accordance with the existing Java SE specification, java.awt.SystemTray.isSupported() will return false where ever the JDK determines the platform bug is likely to be present.

The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.

security-libs/java.security
 Added Certainly R1 and E1 Root Certificates (JDK-8321408)

The following root certificates have been added to the cacerts truststore:

+ Certainly

  + certainlyrootr1
    DN: CN=Certainly Root R1, O=Certainly, C=US

+ Certainly
  + certainlyroote1
    DN: CN=Certainly Root E1, O=Certainly, C=US

 

Changes in Java SE 8u411-Perf

Bug Fixes

JDK 8u411 Enterprise Performance Pack includes the following fixes from JDK 17:
# BugId Component Summary
1JDK-8271118hotspot/compilerC2: StressGCM should have higher priority than frequency-based policy
2JDK-8316679hotspot/compilerC2 SuperWord: wrong result, load should not be moved before store if not comparable
3JDK-8274060hotspot/compilerC2: Incorrect computation after JDK-8273454
4JDK-8273454hotspot/compilerC2: Transform (-a)*(-b) into a*b
5JDK-8315920hotspot/compilerC2: "control input must dominate current control" assert failure
6JDK-8297968hotspot/compilerCrash in PrintOptoAssembly
7JDK-8321215hotspot/compilerIncorrect x86 instruction encoding for VSIB addressing mode
8JDK-8316414hotspot/compilerC2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86
9JDK-8320209hotspot/compilerVectorMaskGen clobbers rflags on x86_64
10JDK-8318889hotspot/compilerC2: add bailout after assert Bad graph detected in build_loop_late
11JDK-8317507hotspot/compilerC2 compilation fails with "Exceeded _node_regs array"
12JDK-8277919hotspot/jfrOldObjectSample event causing bloat in the class constant pool in JFR recording
13JDK-8287113hotspot/jfrJFR: Periodic task thread uses period for method sampling events
14JDK-8322321hotspot/runtimeAdd man page doc for -XX:+VerifySharedSpaces
15JDK-8312585hotspot/runtimeRename DisableTHPStackMitigation flag to THPStackMitigation
16JDK-8312182hotspot/runtimeTHPs cause huge RSS due to thread start timing issue
17JDK-8312620hotspot/runtimeWSL Linux build crashes after JDK-8310233
18JDK-8312394hotspot/runtime[linux] SIGSEGV if kernel was built without hugepage support
19JDK-8323243hotspot/runtimeJNI invocation of an abstract instance method corrupts the stack