This section lists all the changes in the selected update release.

Issue
Priority
Title
Component
Voting
JDK-8229888 4 (zipfs) Updating an existing zip file does not preserve original permissions core-libs / java.nio 0
JDK-8230591 4 AArch64: Missing intrinsics for Math.ceil, floor, rint hotspot / compiler 0
JDK-8230094 3 CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter xml / javax.xml.stream 0
JDK-8231649 4 PPC64: Intrinsics for Math.ceil, floor, rint on Power hotspot 0
JDK-8231449 4 HttpClient's client ssl certificate authentication seems to be broken. core-libs / java.net 0
JDK-8232864 4 Classes generated at link time by GenerateJLIClassesPlugin are not reproducible tools / jlink 0
JDK-8233787 4 Break cycle in vm_version* includes hotspot / runtime 0
JDK-8234535 4 Cross compilation fails due to missing CFLAGS for the BUILD_CC infrastructure / build 0
JDK-8234645 2 ARM32: C1: PatchingStub for field access: not enough bytes hotspot / compiler 0
JDK-8236862
/ CVE-2020-14779
2 Enhance support of Proxy class Serialization 0
JDK-8237995
/ CVE-2020-14782
2 Enhance certificate processing Libraries 0
JDK-8237990
/ CVE-2020-14781
2 Enhanced LDAP contexts JNDI 0
JDK-8238284 4 [macos] Zero VM build fails due to an obvious typo hotspot / runtime 0
JDK-8239856 4 [ntintel] asserts about copying unaligned array element core-svc / debugger 0
JDK-8240360 4 NativeLibraryEvent has wrong library name on Linux hotspot / jfr 0
JDK-8241114
/ CVE-2020-14792
2 Better range handling Hotspot 0
JDK-8241602 3 jlink does not produce reproducible jimage files tools / jlink 0
JDK-8242141 3 New System Properties to configure the TLS signature schemes security-libs / javax.net.ssl 0
JDK-8242695
/ CVE-2020-14798
2 Enhanced Buffer Support Libraries 0
JDK-8242685
/ CVE-2020-14797
2 Better Path Validation Libraries 0
JDK-8242680
/ CVE-2020-14796
2 Improved URI support Libraries 0
JDK-8243470 4 [macos] bring back O2 opt level for unsafe.cpp hotspot / runtime 0
JDK-8244136
/ CVE-2020-14803
2 Improved Buffer supports Libraries 0
JDK-8244777 4 ClassLoaderStats VM Op uses constant hash value hotspot / jfr 0
JDK-8244818 2 [macos] Java2D Queue Flusher crash while moving application window to external monitor client-libs / 2d 0
JDK-8246031 3 SSLSocket.getSession() doesn't close connection for timeout/ interrupts security-libs / javax.net.ssl 0
JDK-8246613 3 Choose the default SecureRandom algo based on registration ordering security-libs / java.security 0
JDK-8247607 4 Bump update version for OpenJDK: jdk-13.0.5 infrastructure 0
JDK-8247873 4 [arm32] client vm build failure hotspot / runtime 0
JDK-8248348 3 Regression caused by the update to BCEL 6.0 xml / jaxp 0
JDK-8248406 3 Some zipfs tests fail with AccessControlException core-libs / java.nio 0
JDK-8248495 4 [macos] zerovm is broken due to libffi headers location infrastructure 0
JDK-8248505 2 Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider security-libs / java.security 0
JDK-8248851 2 CMS: Missing memory fences between free chunk check and klass read hotspot / gc 0
JDK-8249278 2 Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList client-libs / javax.accessibility 0
JDK-8250609 2 C2 crash in IfNode::fold_compares hotspot / compiler 0
JDK-8252497 4 Incorrect numeric currency code for ROL core-libs / java.util:i18n 0
JDK-8253528 4 Update .jcheck/conf for jdk13u-dev infrastructure / build 0

This section organizes the changes in the selected update release by the main component under which each issue is filed.

Core Libs (4)

Issue
Priority
Title
Component
Voting
JDK-8229888 4 (zipfs) Updating an existing zip file does not preserve original permissions core-libs / java.nio 0
JDK-8231449 4 HttpClient's client ssl certificate authentication seems to be broken. core-libs / java.net 0
JDK-8248406 3 Some zipfs tests fail with AccessControlException core-libs / java.nio 0
JDK-8252497 4 Incorrect numeric currency code for ROL core-libs / java.util:i18n 0

Security Libs (4)

Issue
Priority
Title
Component
Voting
JDK-8242141 3 New System Properties to configure the TLS signature schemes security-libs / javax.net.ssl 0
JDK-8246031 3 SSLSocket.getSession() doesn't close connection for timeout/ interrupts security-libs / javax.net.ssl 0
JDK-8246613 3 Choose the default SecureRandom algo based on registration ordering security-libs / java.security 0
JDK-8248505 2 Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider security-libs / java.security 0

Hotspot (11)

Issue
Priority
Title
Component
Voting
JDK-8230591 4 AArch64: Missing intrinsics for Math.ceil, floor, rint hotspot / compiler 0
JDK-8231649 4 PPC64: Intrinsics for Math.ceil, floor, rint on Power hotspot 0
JDK-8233787 4 Break cycle in vm_version* includes hotspot / runtime 0
JDK-8234645 2 ARM32: C1: PatchingStub for field access: not enough bytes hotspot / compiler 0
JDK-8238284 4 [macos] Zero VM build fails due to an obvious typo hotspot / runtime 0
JDK-8240360 4 NativeLibraryEvent has wrong library name on Linux hotspot / jfr 0
JDK-8243470 4 [macos] bring back O2 opt level for unsafe.cpp hotspot / runtime 0
JDK-8244777 4 ClassLoaderStats VM Op uses constant hash value hotspot / jfr 0
JDK-8247873 4 [arm32] client vm build failure hotspot / runtime 0
JDK-8248851 2 CMS: Missing memory fences between free chunk check and klass read hotspot / gc 0
JDK-8250609 2 C2 crash in IfNode::fold_compares hotspot / compiler 0

Client Libs (2)

Issue
Priority
Title
Component
Voting
JDK-8244818 2 [macos] Java2D Queue Flusher crash while moving application window to external monitor client-libs / 2d 0
JDK-8249278 2 Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList client-libs / javax.accessibility 0

Other (17)

Issue
Priority
Title
Component
Voting
JDK-8230094 3 CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter xml / javax.xml.stream 0
JDK-8232864 4 Classes generated at link time by GenerateJLIClassesPlugin are not reproducible tools / jlink 0
JDK-8234535 4 Cross compilation fails due to missing CFLAGS for the BUILD_CC infrastructure / build 0
JDK-8236862 2 Enhance support of Proxy class 0
JDK-8237995 2 Enhance certificate processing 0
JDK-8237990 2 Enhanced LDAP contexts 0
JDK-8239856 4 [ntintel] asserts about copying unaligned array element core-svc / debugger 0
JDK-8241114 2 Better range handling 0
JDK-8241602 3 jlink does not produce reproducible jimage files tools / jlink 0
JDK-8242695 2 Enhanced Buffer Support 0
JDK-8242685 2 Better Path Validation 0
JDK-8242680 2 Improved URI support 0
JDK-8244136 2 Improved Buffer supports 0
JDK-8247607 4 Bump update version for OpenJDK: jdk-13.0.5 infrastructure 0
JDK-8248348 3 Regression caused by the update to BCEL 6.0 xml / jaxp 0
JDK-8248495 4 [macos] zerovm is broken due to libffi headers location infrastructure 0
JDK-8253528 4 Update .jcheck/conf for jdk13u-dev infrastructure / build 0

This section summarizes JDK Common Vulnerabilities and Exposure (CVE) fixes in the selected update release.

CVE Fixes (8)

CVE
Component
Protocol
CVSS Version 3.0 Risk (see Risk Matrix Definitions)
Base Score
Attack Vector
Attack Complex
Privs Req'd
User Interact
Scope
Confidentiality
Integrity
Availability
Notes
CVE-2020-14803
/ JDK-8244136
Libraries Multiple 5.3 Network Low None None Unchanged Low None None Note 1 *
CVE-2020-14792
/ JDK-8241114
Hotspot Multiple 4.2 Network High None Required Unchanged Low Low None Note 2 *
CVE-2020-14797
/ JDK-8242685
Libraries Multiple 3.7 Network High None None Unchanged None Low None Note 2 *
CVE-2020-14782
/ JDK-8237995
Libraries Multiple 3.7 Network High None None Unchanged None Low None Note 2 *
CVE-2020-14781
/ JDK-8237990
JNDI Multiple 3.7 Network High None None Unchanged Low None None Note 2 *
CVE-2020-14779
/ JDK-8236862
Serialization Multiple 3.7 Network High None None Unchanged None None Low Note 2 *
CVE-2020-14798
/ JDK-8242695
Libraries Multiple 3.1 Network High None Required Unchanged None Low None Note 1 *
CVE-2020-14796
/ JDK-8242680
Libraries Multiple 3.1 Network High None Required Unchanged Low None None Note 1 *

Notes:

ID Notes
1 This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2 This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.
  • ID: 1

    Notes: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

  • ID: 2

    Notes: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.