This section lists all the changes in the selected update release.
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8229888 | 4 | (zipfs) Updating an existing zip file does not preserve original permissions | core-libs / java.nio | |
| JDK-8230591 | 4 | AArch64: Missing intrinsics for Math.ceil, floor, rint | hotspot / compiler | |
| JDK-8230094 | 3 | CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter | xml / javax.xml.stream | |
| JDK-8231649 | 4 | PPC64: Intrinsics for Math.ceil, floor, rint on Power | hotspot | |
| JDK-8231449 | 4 | HttpClient's client ssl certificate authentication seems to be broken. | core-libs / java.net | |
| JDK-8232864 | 4 | Classes generated at link time by GenerateJLIClassesPlugin are not reproducible | tools / jlink | |
| JDK-8233787 | 4 | Break cycle in vm_version* includes | hotspot / runtime | |
| JDK-8234535 | 4 | Cross compilation fails due to missing CFLAGS for the BUILD_CC | infrastructure / build | |
| JDK-8234645 | 2 | ARM32: C1: PatchingStub for field access: not enough bytes | hotspot / compiler | |
| JDK-8236862 / CVE-2020-14779 |
2 | Enhance support of Proxy class | Serialization | |
| JDK-8237995 / CVE-2020-14782 |
2 | Enhance certificate processing | Libraries | |
| JDK-8237990 / CVE-2020-14781 |
2 | Enhanced LDAP contexts | JNDI | |
| JDK-8238284 | 4 | [macos] Zero VM build fails due to an obvious typo | hotspot / runtime | |
| JDK-8239856 | 4 | [ntintel] asserts about copying unaligned array element | core-svc / debugger | |
| JDK-8240360 | 4 | NativeLibraryEvent has wrong library name on Linux | hotspot / jfr | |
| JDK-8241114 / CVE-2020-14792 |
2 | Better range handling | Hotspot | |
| JDK-8241602 | 3 | jlink does not produce reproducible jimage files | tools / jlink | |
| JDK-8242141 | 3 | New System Properties to configure the TLS signature schemes | security-libs / javax.net.ssl | |
| JDK-8242695 / CVE-2020-14798 |
2 | Enhanced Buffer Support | Libraries | |
| JDK-8242685 / CVE-2020-14797 |
2 | Better Path Validation | Libraries | |
| JDK-8242680 / CVE-2020-14796 |
2 | Improved URI support | Libraries | |
| JDK-8243470 | 4 | [macos] bring back O2 opt level for unsafe.cpp | hotspot / runtime | |
| JDK-8244136 / CVE-2020-14803 |
2 | Improved Buffer supports | Libraries | |
| JDK-8244777 | 4 | ClassLoaderStats VM Op uses constant hash value | hotspot / jfr | |
| JDK-8244818 | 2 | [macos] Java2D Queue Flusher crash while moving application window to external monitor | client-libs / 2d | |
| JDK-8246031 | 3 | SSLSocket.getSession() doesn't close connection for timeout/ interrupts | security-libs / javax.net.ssl | |
| JDK-8246613 | 3 | Choose the default SecureRandom algo based on registration ordering | security-libs / java.security | |
| JDK-8247607 | 4 | Bump update version for OpenJDK: jdk-13.0.5 | infrastructure | |
| JDK-8247873 | 4 | [arm32] client vm build failure | hotspot / runtime | |
| JDK-8248348 | 3 | Regression caused by the update to BCEL 6.0 | xml / jaxp | |
| JDK-8248406 | 3 | Some zipfs tests fail with AccessControlException | core-libs / java.nio | |
| JDK-8248495 | 4 | [macos] zerovm is broken due to libffi headers location | infrastructure | |
| JDK-8248505 | 2 | Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider | security-libs / java.security | |
| JDK-8248851 | 2 | CMS: Missing memory fences between free chunk check and klass read | hotspot / gc | |
| JDK-8249278 | 2 | Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList | client-libs / javax.accessibility | |
| JDK-8250609 | 2 | C2 crash in IfNode::fold_compares | hotspot / compiler | |
| JDK-8252497 | 4 | Incorrect numeric currency code for ROL | core-libs / java.util:i18n | |
| JDK-8253528 | 4 | Update .jcheck/conf for jdk13u-dev | infrastructure / build |
This section organizes the changes in the selected update release by the main component under which each issue is filed.
Core Libs (4)
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8229888 | 4 | (zipfs) Updating an existing zip file does not preserve original permissions | core-libs / java.nio | |
| JDK-8231449 | 4 | HttpClient's client ssl certificate authentication seems to be broken. | core-libs / java.net | |
| JDK-8248406 | 3 | Some zipfs tests fail with AccessControlException | core-libs / java.nio | |
| JDK-8252497 | 4 | Incorrect numeric currency code for ROL | core-libs / java.util:i18n |
Security Libs (4)
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8242141 | 3 | New System Properties to configure the TLS signature schemes | security-libs / javax.net.ssl | |
| JDK-8246031 | 3 | SSLSocket.getSession() doesn't close connection for timeout/ interrupts | security-libs / javax.net.ssl | |
| JDK-8246613 | 3 | Choose the default SecureRandom algo based on registration ordering | security-libs / java.security | |
| JDK-8248505 | 2 | Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider | security-libs / java.security |
Hotspot (11)
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8230591 | 4 | AArch64: Missing intrinsics for Math.ceil, floor, rint | hotspot / compiler | |
| JDK-8231649 | 4 | PPC64: Intrinsics for Math.ceil, floor, rint on Power | hotspot | |
| JDK-8233787 | 4 | Break cycle in vm_version* includes | hotspot / runtime | |
| JDK-8234645 | 2 | ARM32: C1: PatchingStub for field access: not enough bytes | hotspot / compiler | |
| JDK-8238284 | 4 | [macos] Zero VM build fails due to an obvious typo | hotspot / runtime | |
| JDK-8240360 | 4 | NativeLibraryEvent has wrong library name on Linux | hotspot / jfr | |
| JDK-8243470 | 4 | [macos] bring back O2 opt level for unsafe.cpp | hotspot / runtime | |
| JDK-8244777 | 4 | ClassLoaderStats VM Op uses constant hash value | hotspot / jfr | |
| JDK-8247873 | 4 | [arm32] client vm build failure | hotspot / runtime | |
| JDK-8248851 | 2 | CMS: Missing memory fences between free chunk check and klass read | hotspot / gc | |
| JDK-8250609 | 2 | C2 crash in IfNode::fold_compares | hotspot / compiler |
Client Libs (2)
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8244818 | 2 | [macos] Java2D Queue Flusher crash while moving application window to external monitor | client-libs / 2d | |
| JDK-8249278 | 2 | Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList | client-libs / javax.accessibility |
Other (17)
|
Issue
|
Priority
|
Title
|
Component
|
Voting
|
|---|---|---|---|---|
| JDK-8230094 | 3 | CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter | xml / javax.xml.stream | |
| JDK-8232864 | 4 | Classes generated at link time by GenerateJLIClassesPlugin are not reproducible | tools / jlink | |
| JDK-8234535 | 4 | Cross compilation fails due to missing CFLAGS for the BUILD_CC | infrastructure / build | |
| JDK-8236862 | 2 | Enhance support of Proxy class | ||
| JDK-8237995 | 2 | Enhance certificate processing | ||
| JDK-8237990 | 2 | Enhanced LDAP contexts | ||
| JDK-8239856 | 4 | [ntintel] asserts about copying unaligned array element | core-svc / debugger | |
| JDK-8241114 | 2 | Better range handling | ||
| JDK-8241602 | 3 | jlink does not produce reproducible jimage files | tools / jlink | |
| JDK-8242695 | 2 | Enhanced Buffer Support | ||
| JDK-8242685 | 2 | Better Path Validation | ||
| JDK-8242680 | 2 | Improved URI support | ||
| JDK-8244136 | 2 | Improved Buffer supports | ||
| JDK-8247607 | 4 | Bump update version for OpenJDK: jdk-13.0.5 | infrastructure | |
| JDK-8248348 | 3 | Regression caused by the update to BCEL 6.0 | xml / jaxp | |
| JDK-8248495 | 4 | [macos] zerovm is broken due to libffi headers location | infrastructure | |
| JDK-8253528 | 4 | Update .jcheck/conf for jdk13u-dev | infrastructure / build |
This section summarizes JDK Common Vulnerabilities and Exposure (CVE) fixes in the selected update release.
CVE Fixes (8)
|
CVE
|
Component
|
Protocol
|
CVSS Version 3.0 Risk (see Risk Matrix Definitions)
Base
Score
|
Attack
Vector
|
Attack
Complex
|
Privs
Req'd
|
User
Interact
|
Scope
|
Confidentiality
|
Integrity
|
Availability
|
Notes
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2020-14803 / JDK-8244136 |
Libraries | Multiple | 5.3 | Network | Low | None | None | Unchanged | Low | None | None | Note 1 * |
| CVE-2020-14792 / JDK-8241114 |
Hotspot | Multiple | 4.2 | Network | High | None | Required | Unchanged | Low | Low | None | Note 2 * |
| CVE-2020-14797 / JDK-8242685 |
Libraries | Multiple | 3.7 | Network | High | None | None | Unchanged | None | Low | None | Note 2 * |
| CVE-2020-14782 / JDK-8237995 |
Libraries | Multiple | 3.7 | Network | High | None | None | Unchanged | None | Low | None | Note 2 * |
| CVE-2020-14781 / JDK-8237990 |
JNDI | Multiple | 3.7 | Network | High | None | None | Unchanged | Low | None | None | Note 2 * |
| CVE-2020-14779 / JDK-8236862 |
Serialization | Multiple | 3.7 | Network | High | None | None | Unchanged | None | None | Low | Note 2 * |
| CVE-2020-14798 / JDK-8242695 |
Libraries | Multiple | 3.1 | Network | High | None | Required | Unchanged | None | Low | None | Note 1 * |
| CVE-2020-14796 / JDK-8242680 |
Libraries | Multiple | 3.1 | Network | High | None | Required | Unchanged | Low | None | None | Note 1 * |
Notes:
| ID | Notes |
|---|---|
| 1 | This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
| 2 | This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
-
ID: 1
Notes: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
-
ID: 2
Notes: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.