JDK 8 Update Release Details & Highlights

This section lists and comments on the highlights of the changes in the selected update release.

JDK-8236645
24
- Priority: 3
- Title: JDK 8u231 introduces a regression with incompatible handling of XML messages
- Component: security-libs
JDK-8245466
9
- Priority: 3
- Title: Backport TLSv1.3 protocol implementation
- Component: security-libs
JDK-8225068
2
- Priority: 3
- Title: Remove DocuSign root certificate that is expiring in May 2020
- Component: security-libs
JDK-8225069
2
- Priority: 3
- Title: Remove Comodo root certificate that is expiring in May 2020
- Component: security-libs
JDK-8245468
2
- Priority: 4
- Title: Add TLSv1.3 implementation classes from 11.0.7
- Component: security-libs

This section lists all the changes in the selected update release.

Issue	Priority	Title	Component	Voting
JDK-8006205	3	[TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java	hotspot / compiler	0
JDK-6574989	4	TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes	client-libs / javax.sound	0
JDK-8026236	5	Add PrimeTest for BigInteger	core-libs / java.math	0
JDK-8025886	5	replace [[ and == bash extensions in regtest	core-svc / java.lang.management	0
JDK-8023697	4	failed class resolution reports different class name in detail message for the first and subsequent times	hotspot / runtime	0
JDK-8039082	4	[TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails	client-libs / java.awt	0
JDK-8036088	5	Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c	core-libs / java.net	0
JDK-8035493	3	JVMTI PopFrame capability must instruct compilers not to prune locals	hotspot / jvmti	0
JDK-8031625	2	javadoc problems referencing inner class constructors	tools / javadoc(tool)	0
JDK-8060721	2	Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler	hotspot / runtime	0
JDK-8057003	3	Large reference arrays cause extremely long synchronization times	hotspot / gc	0
JDK-8048933	4	-XX:+TraceExceptions output should include the message	hotspot / runtime	0
JDK-8046274	3	Removing dependency on jakarta-regexp	xml / jaxp	0
JDK-8061616	3	HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double	core-svc / java.lang.management	0
JDK-8064319	3	Need to enable -XX:+TraceExceptions in release builds	hotspot / runtime	0
JDK-8062947	4	Fix exception message to correctly represent LDAP connection failure	core-libs / javax.naming	0
JDK-8078880	3	Mark a few more intermittently failing security-libs tests	security-libs / javax.crypto	0
JDK-8078334	3	Mark regression tests using randomness	core-libs	0
JDK-8076151	4	[TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails	client-libs / java.awt	0
JDK-8075774	4	Small readability and performance improvements for zipfs	core-libs / java.nio	0
JDK-8132745	4	TEST_BUG: minor cleanup of java/util/Scanner/ScanTest.java	core-libs / java.util	0
JDK-8132376	4	Add @requires os.family to the client tests with access to internal OS-specific API	client-libs / java.awt	0
JDK-8132206	4	move ScanTest.java into OpenJDK	core-libs / java.util.regex	0
JDK-8080462	3	Update SunPKCS11 provider with PKCS11 v2.40 support	security-libs / javax.crypto:pkcs11	0
JDK-8145808	3	[PIT] test java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8	client-libs / 2d	0
JDK-8144539	3	Update PKCS11 tests to run with security manager	security-libs / javax.crypto:pkcs11	0
JDK-8137087	4	[TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh	client-libs / java.awt	0
JDK-8151788	3	NullPointerException from ntlm.Client.type3	core-libs / java.net	0
JDK-8151678	2	com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect	core-libs / javax.naming	0
JDK-8148854	3	Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent	hotspot / runtime	0
JDK-8148754	1	C2 loop unrolling fails due to unexpected graph shape	hotspot / compiler	0
JDK-8153583	4	Make OutputAnalyzer.reportDiagnosticSummary public	hotspot / gc	0
JDK-8153430	4	TESTBUG: jdk regression test javax/management/loading/MletParserLocaleTest.java reduce default timeout	core-svc / javax.management	0
JDK-8152077	3	(cal) Calendar.roll does not always roll the hours during daylight savings changes	core-libs / java.util:i18n	0
JDK-8151834	4	Test SmallPrimeExponentP.java times out intermittently	security-libs / java.security	0
JDK-8160768	4	Add capability to custom resolve host/domain names within the default JNDI LDAP provider	core-libs / javax.naming	0
JDK-8156169	3	Some sound tests rarely hangs because of incorrect synchronization	client-libs / javax.sound	0
JDK-8154313	4	Generated javadoc scattered all over the place	infrastructure / build	0
JDK-8165996	4	PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite	security-libs / java.security	0
JDK-8165936	3	Potential Heap buffer overflow when seaching timezone info files	core-libs / java.util:i18n	0
JDK-8163251	3	Hard coded loop limit prevents reading of smart card data greater than 8k	security-libs / javax.smartcardio	0
JDK-8161973	4	PKIXRevocationChecker.getSoftFailExceptions() not working	security-libs / java.security	0
JDK-8168517	4	java/lang/ProcessBuilder/Basic.java failed with "java.lang.AssertionError: Some tests failed"	core-libs / java.lang	0
JDK-8167615	4	Opensource unit/regression tests for JavaSound	client-libs / javax.sound	0
JDK-8167300	4	Scheduling failures during gcm should be fatal	hotspot / compiler	0
JDK-8166148	1	Fix for JDK-8165936 broke Solaris builds	core-libs / java.util	0
JDK-8173300	3	[TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled	hotspot / compiler	0
JDK-8172012	4	[TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java	client-libs / javax.swing	0
JDK-8169925	3	Organize licenses by module in source, JMOD file, and run-time image	tools / jlink	0
JDK-8183349	4	Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java	client-libs / javax.imageio	0
JDK-8183341	4	Better cleanup for javax/imageio/AllowSearch.java	client-libs / javax.imageio	0
JDK-8177628	4	Opensource unit/regression tests for ImageIO	client-libs / 2d	0
JDK-8177334	3	Update xmldsig implementation to Apache Santuario 2.1.1	security-libs / javax.xml.crypto	0
JDK-8192953	2	sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied	core-svc / java.lang.management	0
JDK-8191678	4	[TESTBUG] Add keyword headful in java/awt and javax tests.	client-libs / java.awt	0
JDK-8184762	4	ZapStackSegments should use optimized memset	hotspot / runtime	0
JDK-8183351	4	Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh	client-libs / javax.imageio	0
JDK-8194298	3	Add support for per Socket configuration of TCP keepalive	core-libs / java.net	0
JDK-8193234	4	When using -Xcheck:jni an internally allocated buffer can leak	hotspot / runtime	0
JDK-8193137	3	Nashorn crashes when given an empty script file.	core-libs / jdk.nashorn	0
JDK-8200313	3	java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails	client-libs / java.awt	0
JDK-8198004	4	javax/swing/JFileChooser/6868611/bug6868611.java throws error	client-libs / javax.swing	0
JDK-8201633	3	Problems with AES-GCM native acceleration	security-libs / javax.crypto	0
JDK-8203357	3	Container Metrics	core-svc	0
JDK-8209113	3	Use WeakReference for lastFontStrike for created Fonts	client-libs / 2d	0
JDK-8210147	3	adjust some WSAGetLastError usages in windows network coding	core-libs / java.net	0
JDK-8211163	4	UNIX version of Java_java_io_Console_echo does not return a clean boolean	core-libs / java.io	0
JDK-8211049	3	Second parameter of "initialize" method is not used	security-libs / java.security	0
JDK-8211714	4	Need to update vm_version.cpp to recognise VS2017 minor versions	hotspot / runtime	0
JDK-8214862	3	assert(proj != __null) at compile.cpp:3251	hotspot / compiler	0
JDK-8217606	2	LdapContext#reconnect always opens a new connection	core-libs / javax.naming	0
JDK-8216283	3	Allow shorter method sampling interval than 10 ms	hotspot / jfr	0
JDK-8218629	3	XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10	security-libs / javax.xml.crypto	0
JDK-8217878	2	ENVELOPING XML signature no longer works	security-libs / javax.xml.crypto	0
JDK-8217647	3	JFR: recordings on 32-bit systems unreadable	hotspot / jfr	0
JDK-8219919	4	RuntimeStub's name lost with PrintFrameConverterAssembly	hotspot / compiler	0
JDK-8219566	4	JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero	hotspot / jfr	0
JDK-8220555	4	JFR tool shows potentially misleading message when it cannot access a file	hotspot / jfr	0
JDK-8220313	3	[TESTBUG] Update base image for Docker testing to OL 7.6	hotspot / runtime	0
JDK-8220293	2	Deadlock in JFR string pool	hotspot / jfr	0
JDK-8220165	2	Encryption using GCM results in RuntimeException: input length out of bound	security-libs / javax.crypto	0
JDK-8221569	3	JFR tool produces incorrect output when both --categories and --events are specified	hotspot / jfr	0
JDK-8220674	4	[TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs	core-svc	0
JDK-8222079	4	Don't use memset to initialize fields decode_env constructor in disassembler.cpp	hotspot / compiler	0
JDK-8224217	3	RecordingInfo should use textual representation of path	hotspot / jfr	0
JDK-8225069	3	Remove Comodo root certificate that is expiring in May 2020	security-libs / java.security	2
JDK-8225068	3	Remove DocuSign root certificate that is expiring in May 2020	security-libs / java.security	2
JDK-8225695	1	32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)	security-libs / javax.crypto:pkcs11	0
JDK-8226809	4	Circular reference in printed stack trace is not correctly indented & ambiguous	core-libs / java.lang	0
JDK-8226697	4	Several tests which need the @key headful keyword are missing it.	client-libs / javax.swing	0
JDK-8226575	3	OperatingSystemMXBean should be made container aware	core-svc / java.lang.management	0
JDK-8228835	3	Memory leak in PKCS11 provider when using AES GCM	security-libs / javax.crypto:pkcs11	0
JDK-8229378	4	jdwp library loader in linker_md.c quietly truncates on buffer overflow	core-svc / debugger	0
JDK-8230303	3	JDB hangs when running monitor command	core-svc / debugger	0
JDK-8230711	3	ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG	hotspot / compiler	0
JDK-8231213	4	Migrate SimpleDateFormatConstTest to JDK Repo	core-libs / java.text	0
JDK-8231779	3	crash HeapWord*ParallelScavengeHeap::failed_mem_allocate	hotspot / gc	0
JDK-8233197	3	Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing	hotspot / jfr	0
JDK-8233097	2	Fontmetrics for large Fonts has zero width	client-libs / 2d	0
JDK-8233621	3	Mismatch in jsse.enableMFLNExtension property name	security-libs / javax.net.ssl	0
JDK-8234617	3	C1: Incorrect result of field load due to missing narrowing conversion	hotspot / compiler	0
JDK-8235687	2	Contents/MacOS/libjli.dylib cannot be a symlink	infrastructure / build	0
JDK-8235325	2	build failure on Linux after 8235243	hotspot / runtime	0
JDK-8235243	4	handle VS2017 15.9 and VS2019 in abstract_vm_version	hotspot / runtime	0
JDK-8236039	2	JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3	security-libs / javax.net.ssl	0
JDK-8236645	3	JDK 8u231 introduces a regression with incompatible handling of XML messages	security-libs / javax.xml.crypto	24
JDK-8236862 / CVE-2020-14779	2	Enhance support of Proxy class	Serialization	0
JDK-8237951	4	CTW: C2 compilation fails with "malformed control flow"	hotspot / compiler	0
JDK-8237995 / CVE-2020-14782	2	Enhance certificate processing	Libraries	0
JDK-8237990 / CVE-2020-14781	2	Enhanced LDAP contexts	JNDI	0
JDK-8238225	3	Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary	infrastructure / build	0
JDK-8238388	4	libj2gss/NativeFunc.o "multiple definition" link errors with GCC10	security-libs / java.security	0
JDK-8238386	4	(sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10	core-libs / java.net	0
JDK-8238380	4	java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10	core-libs	0
JDK-8238898	2	Missing hash characters for header on license file	security-libs / javax.crypto:pkcs11	0
JDK-8239819	4	XToolkit: Misread of screen information memory	client-libs / java.awt	0
JDK-8239385	3	Support the 'canonicalize' setting (krb5.conf) in the Kerberos client	security-libs / javax.security	0
JDK-8240295	4	hs_err elapsed time in seconds is not accurate enough	hotspot / runtime	0
JDK-8240676	3	Meet not symmetric failure when running lucene on jdk8	hotspot / compiler	0
JDK-8241114 / CVE-2020-14792	2	Better range handling	Hotspot	0
JDK-8241888	4	Mirror jdk.security.allowNonCaAnchor system property with a security one	security-libs / jdk.security	0
JDK-8242498	2	Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash	client-libs / java.awt	0
JDK-8242556	3	Cannot load RSASSA-PSS public key with non-null params from byte array	security-libs / java.security	0
JDK-8242695 / CVE-2020-14798	2	Enhanced Buffer Support	Libraries	0
JDK-8242685 / CVE-2020-14797	2	Better Path Validation	Libraries	0
JDK-8242680 / CVE-2020-14796	2	Improved URI support	Libraries	0
JDK-8243321	3	Add Entrust root CA - G4 to Oracle Root CA program	security-libs / java.security	0
JDK-8243320	3	Add SSL root certificates to Oracle Root CA program	security-libs / java.security	0
JDK-8243138	4	Enhance BaseLdapServer to support starttls extended request	core-libs / javax.naming	0
JDK-8243541	3	(tz) Upgrade time-zone data to tzdata2020a	core-libs / java.time	0
JDK-8243489	4	Thread CPU Load event may contain wrong data for CPU time under certain conditions	hotspot / jfr	0
JDK-8244136	2	Improved Buffer supports		0
JDK-8244151	4	Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26	security-libs / javax.smartcardio	0
JDK-8244818	2	[macos] Java2D Queue Flusher crash while moving application window to external monitor	client-libs / 2d	0
JDK-8245167	4	Top package in method profiling shows "null" in JMC	hotspot / jfr	0
JDK-8245469	4	Remove DTLS protocol implementation	security-libs	0
JDK-8245468	4	Add TLSv1.3 implementation classes from 11.0.7	security-libs	2
JDK-8245467	4	Remove 8u TLSv1.2 implementation files	security-libs	0
JDK-8245466	3	Backport TLSv1.3 protocol implementation	security-libs / javax.net.ssl	9
JDK-8245473	4	OCSP stapling support	security-libs	0
JDK-8245472	4	Backport JDK-8038893 to JDK8	security-libs	0
JDK-8245471	4	Revert JDK-8148188	security-libs	0
JDK-8245470	4	Fix JDK8 compatibility issues	security-libs	0
JDK-8245477	4	Adjust TLS tests location	security-libs	0
JDK-8245476	4	Disable TLSv1.3 protocol in the ClientHello message by default	security-libs	0
JDK-8245474	4	Add TLS_KRB5 cipher suites support according to RFC-2712	security-libs	0
JDK-8245681	3	Add TLSv1.3 regression test from 11.0.7	security-libs / javax.net.ssl	0
JDK-8245653	4	Remove 8u TLS tests	security-libs / javax.net.ssl	0
JDK-8246193	3	Possible NPE in ENC-PA-REP search in AS-REQ	security-libs / org.ietf.jgss:krb5	0
JDK-8246310	4	Clean commented-out code about ModuleEntry andPackageEntry in JFR	hotspot / jfr	0
JDK-8246223	2	Windows build fails after JDK-8227269	core-svc / debugger	0
JDK-8246384	4	Enable JFR by default on supported architectures for October 2020 release	hotspot / jfr	0
JDK-8246703	4	[TESTBUG] Add test for JDK-8233197	hotspot / jfr	0
JDK-8247276	4	Backport JDK-8161973	security-libs / javax.net.ssl	0
JDK-8248399	4	[8u262] Build installs jfr binary when JFR is disabled	infrastructure / build	0
JDK-8248643	4	Remove extra leading space in JDK-8240295 8u backport	hotspot / runtime	0
JDK-8248715	4	[8u262] New JavaTimeSupplementary localisation for 'in' installed in wrong package	core-libs / java.util:i18n	0
JDK-8248851	2	CMS: Missing memory fences between free chunk check and klass read	hotspot / gc	0
JDK-8249158	4	THREAD_START and THREAD_END event posted in primordial phase	hotspot / jvmti	0
JDK-8249610	4	Make sun.security.krb5.Config.getBooleanObject(String... keys) method public	security-libs / javax.security	0
JDK-8249677	2	Regression in 8u after JDK-8237117: Better ForkJoinPool behavior	core-libs / java.util.concurrent	0
JDK-8250546	4	Expect changed behaviour reported in JDK-8249846	core-libs / java.util.concurrent	0
JDK-8250755	4	Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java	client-libs / javax.imageio	0
JDK-8250627	4	Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics	core-libs	0
JDK-8251120	4	[8u] HotSpot build assumes ENABLE_JFR is set to either true or false	infrastructure / build	0
JDK-8251117	4	Cannot check P11Key size in P11Cipher and P11AEADCipher	security-libs / javax.crypto:pkcs11	0
JDK-8250875	4	Incorrect parameter type for update_number in JDK_Version::jdk_update	hotspot / runtime	0
JDK-8251478	4	Backport TLSv1.3 regression tests to JDK8u	security-libs	0
JDK-8251341	4	Minimal Java specification change	security-libs / javax.net.ssl	0
JDK-8252084	4	Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled	hotspot / jfr	0
JDK-8251546	3	8u backport of JDK-8194298 breaks AIX and Solaris builds	core-libs / java.net	0
JDK-8252573	2	8u: Windows build failed after 8222079 backport	hotspot / compiler	0
JDK-8252886	3	[TESTBUG] sun/security/ec/TestEC.java : Compilation failed	security-libs / javax.net.ssl	0

This section organizes the changes in the selected update release by the main component under which each issue is filed.

Core Libs (30)

Issue	Priority	Title	Component
JDK-8026236	5	Add PrimeTest for BigInteger	core-libs / java.math
JDK-8036088	5	Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c	core-libs / java.net
JDK-8062947	4	Fix exception message to correctly represent LDAP connection failure	core-libs / javax.naming
JDK-8078334	3	Mark regression tests using randomness	core-libs
JDK-8075774	4	Small readability and performance improvements for zipfs	core-libs / java.nio
JDK-8132745	4	TEST_BUG: minor cleanup of java/util/Scanner/ScanTest.java	core-libs / java.util
JDK-8132206	4	move ScanTest.java into OpenJDK	core-libs / java.util.regex
JDK-8151788	3	NullPointerException from ntlm.Client.type3	core-libs / java.net
JDK-8151678	2	com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect	core-libs / javax.naming
JDK-8152077	3	(cal) Calendar.roll does not always roll the hours during daylight savings changes	core-libs / java.util:i18n
JDK-8160768	4	Add capability to custom resolve host/domain names within the default JNDI LDAP provider	core-libs / javax.naming
JDK-8165936	3	Potential Heap buffer overflow when seaching timezone info files	core-libs / java.util:i18n
JDK-8168517	4	java/lang/ProcessBuilder/Basic.java failed with "java.lang.AssertionError: Some tests failed"	core-libs / java.lang
JDK-8166148	1	Fix for JDK-8165936 broke Solaris builds	core-libs / java.util
JDK-8194298	3	Add support for per Socket configuration of TCP keepalive	core-libs / java.net
JDK-8193137	3	Nashorn crashes when given an empty script file.	core-libs / jdk.nashorn
JDK-8210147	3	adjust some WSAGetLastError usages in windows network coding	core-libs / java.net
JDK-8211163	4	UNIX version of Java_java_io_Console_echo does not return a clean boolean	core-libs / java.io
JDK-8217606	2	LdapContext#reconnect always opens a new connection	core-libs / javax.naming
JDK-8226809	4	Circular reference in printed stack trace is not correctly indented & ambiguous	core-libs / java.lang
JDK-8231213	4	Migrate SimpleDateFormatConstTest to JDK Repo	core-libs / java.text
JDK-8238386	4	(sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10	core-libs / java.net
JDK-8238380	4	java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10	core-libs
JDK-8243138	4	Enhance BaseLdapServer to support starttls extended request	core-libs / javax.naming
JDK-8243541	3	(tz) Upgrade time-zone data to tzdata2020a	core-libs / java.time
JDK-8248715	4	[8u262] New JavaTimeSupplementary localisation for 'in' installed in wrong package	core-libs / java.util:i18n
JDK-8249677	2	Regression in 8u after JDK-8237117: Better ForkJoinPool behavior	core-libs / java.util.concurrent
JDK-8250546	4	Expect changed behaviour reported in JDK-8249846	core-libs / java.util.concurrent
JDK-8250627	4	Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics	core-libs
JDK-8251546	3	8u backport of JDK-8194298 breaks AIX and Solaris builds	core-libs / java.net

Security Libs (48)

Issue	Priority	Title	Component	Voting
JDK-8078880	3	Mark a few more intermittently failing security-libs tests	security-libs / javax.crypto	0
JDK-8080462	3	Update SunPKCS11 provider with PKCS11 v2.40 support	security-libs / javax.crypto:pkcs11	0
JDK-8144539	3	Update PKCS11 tests to run with security manager	security-libs / javax.crypto:pkcs11	0
JDK-8151834	4	Test SmallPrimeExponentP.java times out intermittently	security-libs / java.security	0
JDK-8165996	4	PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite	security-libs / java.security	0
JDK-8163251	3	Hard coded loop limit prevents reading of smart card data greater than 8k	security-libs / javax.smartcardio	0
JDK-8161973	4	PKIXRevocationChecker.getSoftFailExceptions() not working	security-libs / java.security	0
JDK-8177334	3	Update xmldsig implementation to Apache Santuario 2.1.1	security-libs / javax.xml.crypto	0
JDK-8201633	3	Problems with AES-GCM native acceleration	security-libs / javax.crypto	0
JDK-8211049	3	Second parameter of "initialize" method is not used	security-libs / java.security	0
JDK-8218629	3	XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10	security-libs / javax.xml.crypto	0
JDK-8217878	2	ENVELOPING XML signature no longer works	security-libs / javax.xml.crypto	0
JDK-8220165	2	Encryption using GCM results in RuntimeException: input length out of bound	security-libs / javax.crypto	0
JDK-8225069	3	Remove Comodo root certificate that is expiring in May 2020	security-libs / java.security	2
JDK-8225068	3	Remove DocuSign root certificate that is expiring in May 2020	security-libs / java.security	2
JDK-8225695	1	32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)	security-libs / javax.crypto:pkcs11	0
JDK-8228835	3	Memory leak in PKCS11 provider when using AES GCM	security-libs / javax.crypto:pkcs11	0
JDK-8233621	3	Mismatch in jsse.enableMFLNExtension property name	security-libs / javax.net.ssl	0
JDK-8236039	2	JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3	security-libs / javax.net.ssl	0
JDK-8236645	3	JDK 8u231 introduces a regression with incompatible handling of XML messages	security-libs / javax.xml.crypto	24
JDK-8238388	4	libj2gss/NativeFunc.o "multiple definition" link errors with GCC10	security-libs / java.security	0
JDK-8238898	2	Missing hash characters for header on license file	security-libs / javax.crypto:pkcs11	0
JDK-8239385	3	Support the 'canonicalize' setting (krb5.conf) in the Kerberos client	security-libs / javax.security	0
JDK-8241888	4	Mirror jdk.security.allowNonCaAnchor system property with a security one	security-libs / jdk.security	0
JDK-8242556	3	Cannot load RSASSA-PSS public key with non-null params from byte array	security-libs / java.security	0
JDK-8243321	3	Add Entrust root CA - G4 to Oracle Root CA program	security-libs / java.security	0
JDK-8243320	3	Add SSL root certificates to Oracle Root CA program	security-libs / java.security	0
JDK-8244151	4	Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26	security-libs / javax.smartcardio	0
JDK-8245469	4	Remove DTLS protocol implementation	security-libs	0
JDK-8245468	4	Add TLSv1.3 implementation classes from 11.0.7	security-libs	2
JDK-8245467	4	Remove 8u TLSv1.2 implementation files	security-libs	0
JDK-8245466	3	Backport TLSv1.3 protocol implementation	security-libs / javax.net.ssl	9
JDK-8245473	4	OCSP stapling support	security-libs	0
JDK-8245472	4	Backport JDK-8038893 to JDK8	security-libs	0
JDK-8245471	4	Revert JDK-8148188	security-libs	0
JDK-8245470	4	Fix JDK8 compatibility issues	security-libs	0
JDK-8245477	4	Adjust TLS tests location	security-libs	0
JDK-8245476	4	Disable TLSv1.3 protocol in the ClientHello message by default	security-libs	0
JDK-8245474	4	Add TLS_KRB5 cipher suites support according to RFC-2712	security-libs	0
JDK-8245681	3	Add TLSv1.3 regression test from 11.0.7	security-libs / javax.net.ssl	0
JDK-8245653	4	Remove 8u TLS tests	security-libs / javax.net.ssl	0
JDK-8246193	3	Possible NPE in ENC-PA-REP search in AS-REQ	security-libs / org.ietf.jgss:krb5	0
JDK-8247276	4	Backport JDK-8161973	security-libs / javax.net.ssl	0
JDK-8249610	4	Make sun.security.krb5.Config.getBooleanObject(String... keys) method public	security-libs / javax.security	0
JDK-8251117	4	Cannot check P11Key size in P11Cipher and P11AEADCipher	security-libs / javax.crypto:pkcs11	0
JDK-8251478	4	Backport TLSv1.3 regression tests to JDK8u	security-libs	0
JDK-8251341	4	Minimal Java specification change	security-libs / javax.net.ssl	0
JDK-8252886	3	[TESTBUG] sun/security/ec/TestEC.java : Compilation failed	security-libs / javax.net.ssl	0

Hotspot (46)

Issue	Priority	Title	Component
JDK-8006205	3	[TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java	hotspot / compiler
JDK-8023697	4	failed class resolution reports different class name in detail message for the first and subsequent times	hotspot / runtime
JDK-8035493	3	JVMTI PopFrame capability must instruct compilers not to prune locals	hotspot / jvmti
JDK-8060721	2	Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler	hotspot / runtime
JDK-8057003	3	Large reference arrays cause extremely long synchronization times	hotspot / gc
JDK-8048933	4	-XX:+TraceExceptions output should include the message	hotspot / runtime
JDK-8064319	3	Need to enable -XX:+TraceExceptions in release builds	hotspot / runtime
JDK-8148854	3	Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent	hotspot / runtime
JDK-8148754	1	C2 loop unrolling fails due to unexpected graph shape	hotspot / compiler
JDK-8153583	4	Make OutputAnalyzer.reportDiagnosticSummary public	hotspot / gc
JDK-8167300	4	Scheduling failures during gcm should be fatal	hotspot / compiler
JDK-8173300	3	[TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled	hotspot / compiler
JDK-8184762	4	ZapStackSegments should use optimized memset	hotspot / runtime
JDK-8193234	4	When using -Xcheck:jni an internally allocated buffer can leak	hotspot / runtime
JDK-8211714	4	Need to update vm_version.cpp to recognise VS2017 minor versions	hotspot / runtime
JDK-8214862	3	assert(proj != __null) at compile.cpp:3251	hotspot / compiler
JDK-8216283	3	Allow shorter method sampling interval than 10 ms	hotspot / jfr
JDK-8217647	3	JFR: recordings on 32-bit systems unreadable	hotspot / jfr
JDK-8219919	4	RuntimeStub's name lost with PrintFrameConverterAssembly	hotspot / compiler
JDK-8219566	4	JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero	hotspot / jfr
JDK-8220555	4	JFR tool shows potentially misleading message when it cannot access a file	hotspot / jfr
JDK-8220313	3	[TESTBUG] Update base image for Docker testing to OL 7.6	hotspot / runtime
JDK-8220293	2	Deadlock in JFR string pool	hotspot / jfr
JDK-8221569	3	JFR tool produces incorrect output when both --categories and --events are specified	hotspot / jfr
JDK-8222079	4	Don't use memset to initialize fields decode_env constructor in disassembler.cpp	hotspot / compiler
JDK-8224217	3	RecordingInfo should use textual representation of path	hotspot / jfr
JDK-8230711	3	ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG	hotspot / compiler
JDK-8231779	3	crash HeapWord*ParallelScavengeHeap::failed_mem_allocate	hotspot / gc
JDK-8233197	3	Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing	hotspot / jfr
JDK-8234617	3	C1: Incorrect result of field load due to missing narrowing conversion	hotspot / compiler
JDK-8235325	2	build failure on Linux after 8235243	hotspot / runtime
JDK-8235243	4	handle VS2017 15.9 and VS2019 in abstract_vm_version	hotspot / runtime
JDK-8237951	4	CTW: C2 compilation fails with "malformed control flow"	hotspot / compiler
JDK-8240295	4	hs_err elapsed time in seconds is not accurate enough	hotspot / runtime
JDK-8240676	3	Meet not symmetric failure when running lucene on jdk8	hotspot / compiler
JDK-8243489	4	Thread CPU Load event may contain wrong data for CPU time under certain conditions	hotspot / jfr
JDK-8245167	4	Top package in method profiling shows "null" in JMC	hotspot / jfr
JDK-8246310	4	Clean commented-out code about ModuleEntry andPackageEntry in JFR	hotspot / jfr
JDK-8246384	4	Enable JFR by default on supported architectures for October 2020 release	hotspot / jfr
JDK-8246703	4	[TESTBUG] Add test for JDK-8233197	hotspot / jfr
JDK-8248643	4	Remove extra leading space in JDK-8240295 8u backport	hotspot / runtime
JDK-8248851	2	CMS: Missing memory fences between free chunk check and klass read	hotspot / gc
JDK-8249158	4	THREAD_START and THREAD_END event posted in primordial phase	hotspot / jvmti
JDK-8250875	4	Incorrect parameter type for update_number in JDK_Version::jdk_update	hotspot / runtime
JDK-8252084	4	Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled	hotspot / jfr
JDK-8252573	2	8u: Windows build failed after 8222079 backport	hotspot / compiler

Client Libs (23)

Issue	Priority	Title	Component
JDK-6574989	4	TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes	client-libs / javax.sound
JDK-8039082	4	[TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails	client-libs / java.awt
JDK-8076151	4	[TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails	client-libs / java.awt
JDK-8132376	4	Add @requires os.family to the client tests with access to internal OS-specific API	client-libs / java.awt
JDK-8145808	3	[PIT] test java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8	client-libs / 2d
JDK-8137087	4	[TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh	client-libs / java.awt
JDK-8156169	3	Some sound tests rarely hangs because of incorrect synchronization	client-libs / javax.sound
JDK-8167615	4	Opensource unit/regression tests for JavaSound	client-libs / javax.sound
JDK-8172012	4	[TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java	client-libs / javax.swing
JDK-8183349	4	Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java	client-libs / javax.imageio
JDK-8183341	4	Better cleanup for javax/imageio/AllowSearch.java	client-libs / javax.imageio
JDK-8177628	4	Opensource unit/regression tests for ImageIO	client-libs / 2d
JDK-8191678	4	[TESTBUG] Add keyword headful in java/awt and javax tests.	client-libs / java.awt
JDK-8183351	4	Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh	client-libs / javax.imageio
JDK-8200313	3	java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails	client-libs / java.awt
JDK-8198004	4	javax/swing/JFileChooser/6868611/bug6868611.java throws error	client-libs / javax.swing
JDK-8209113	3	Use WeakReference for lastFontStrike for created Fonts	client-libs / 2d
JDK-8226697	4	Several tests which need the @key headful keyword are missing it.	client-libs / javax.swing
JDK-8233097	2	Fontmetrics for large Fonts has zero width	client-libs / 2d
JDK-8239819	4	XToolkit: Misread of screen information memory	client-libs / java.awt
JDK-8242498	2	Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash	client-libs / java.awt
JDK-8244818	2	[macos] Java2D Queue Flusher crash while moving application window to external monitor	client-libs / 2d
JDK-8250755	4	Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java	client-libs / javax.imageio

Other (26)

Issue	Priority	Title	Component
JDK-8025886	5	replace [[ and == bash extensions in regtest	core-svc / java.lang.management
JDK-8031625	2	javadoc problems referencing inner class constructors	tools / javadoc(tool)
JDK-8046274	3	Removing dependency on jakarta-regexp	xml / jaxp
JDK-8061616	3	HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double	core-svc / java.lang.management
JDK-8153430	4	TESTBUG: jdk regression test javax/management/loading/MletParserLocaleTest.java reduce default timeout	core-svc / javax.management
JDK-8154313	4	Generated javadoc scattered all over the place	infrastructure / build
JDK-8169925	3	Organize licenses by module in source, JMOD file, and run-time image	tools / jlink
JDK-8192953	2	sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied	core-svc / java.lang.management
JDK-8203357	3	Container Metrics	core-svc
JDK-8220674	4	[TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs	core-svc
JDK-8226575	3	OperatingSystemMXBean should be made container aware	core-svc / java.lang.management
JDK-8229378	4	jdwp library loader in linker_md.c quietly truncates on buffer overflow	core-svc / debugger
JDK-8230303	3	JDB hangs when running monitor command	core-svc / debugger
JDK-8235687	2	Contents/MacOS/libjli.dylib cannot be a symlink	infrastructure / build
JDK-8236862	2	Enhance support of Proxy class
JDK-8237995	2	Enhance certificate processing
JDK-8237990	2	Enhanced LDAP contexts
JDK-8238225	3	Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary	infrastructure / build
JDK-8241114	2	Better range handling
JDK-8242695	2	Enhanced Buffer Support
JDK-8242685	2	Better Path Validation
JDK-8242680	2	Improved URI support
JDK-8244136	2	Improved Buffer supports
JDK-8246223	2	Windows build fails after JDK-8227269	core-svc / debugger
JDK-8248399	4	[8u262] Build installs jfr binary when JFR is disabled	infrastructure / build
JDK-8251120	4	[8u] HotSpot build assumes ENABLE_JFR is set to either true or false	infrastructure / build

This section summarizes JDK Common Vulnerabilities and Exposure (CVE) fixes in the selected update release.

CVE Fixes (7)

CVE	Component	Protocol	CVSS Version 3.0 Risk (see Risk Matrix Definitions) Base Score	Attack Vector	Attack Complex	Privs Req'd	User Interact	Scope	Confidentiality	Integrity	Availability	Notes
CVE-2020-14792 / JDK-8241114	Hotspot	Multiple	4.2	Network	High	None	Required	Unchanged	Low	Low	None	Note 2 *
CVE-2020-14797 / JDK-8242685	Libraries	Multiple	3.7	Network	High	None	None	Unchanged	None	Low	None	Note 2 *
CVE-2020-14782 / JDK-8237995	Libraries	Multiple	3.7	Network	High	None	None	Unchanged	None	Low	None	Note 2 *
CVE-2020-14781 / JDK-8237990	JNDI	Multiple	3.7	Network	High	None	None	Unchanged	Low	None	None	Note 2 *
CVE-2020-14779 / JDK-8236862	Serialization	Multiple	3.7	Network	High	None	None	Unchanged	None	None	Low	Note 2 *
CVE-2020-14798 / JDK-8242695	Libraries	Multiple	3.1	Network	High	None	Required	Unchanged	None	Low	None	Note 1 *
CVE-2020-14796 / JDK-8242680	Libraries	Multiple	3.1	Network	High	None	Required	Unchanged	Low	None	None	Note 1 *

Notes:

ID	Notes
1	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2	This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

ID: 1
Notes: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
ID: 2
Notes: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.