Liberica JDK 8u412+9: Release Notes
1. Introduction
This document provides the late-breaking information about Liberica JDK 8u412 release.
The full version string for this update release is 8u412+9. The version number is 8.
2. Liberica JDK 8u412+9
Liberica is a certified, Java SE 8-compliant distribution of OpenJDK 8, which works on server (Linux x86_64, Linux ARM64, Windows 64), desktop (Windows 64, Mac, Linux x86_64), and embedded devices (Linux ARM64, Linux ARMv7, including Raspberry Pi 2 & 3 (ARMv6 hardfloat)). It has the following notable additions:
-
Linux x86_64 version contains support for ZGC.
-
Linux x86_64, ARMv8 and ARMv7 distributions include a choice of Client VM, Server VM and Minimal VM.
-
Alpine Linux x86_64 and aarch64 are built with musl support.
-
Windows x86_64, Windows ARMv8, Mac, Linux x86_64, and Linux ARMv7 distributions contain OpenJFX 8.
-
Linux ARMv7 distribution contains Device IO API compiled for Raspberry Pi.
Refer to the Oracle JDK 8u412 release notes for further information on JDK 8 features. This document further outlines the peculiarities of Liberica distribution as compared to Oracle JDK 8 distribution.
3. Liberica JDK 8 distribution
Liberica JDK 8 is distributed as .rpm, .zip, .deb and .tar.gz packages. Please select the most appropriate for your purposes.
Liberica JDK 8 introduced all new features supported by OpenJDK 8.
With the introduction of the Jigsaw feature in JDK 9 and Minimal VM it is now possible to create a Runtime that is sufficient to run your application and trim down the size of the Runtime. To generate a Runtime with just the Minimal VM, add --vm=minimal to jlink options.
By default, the Liberica uses Server VM. Server VM and Client VM can be enabled with -server and -client command line options, respectively. In case the deployment requires minimizing the footprint, it may be beneficial to use Minimal VM, which emphasis is a minimal footprint. It has C1 JIT compiler only, Serial GC and no serviceability features.
4. Security Baselines
BellSoft Liberica follows the security baselines for Oracle Java SE. Please refer to the Oracle documentation for a list of issues fixed in a given release.
5. Known Issues
This release does not contain any known issues.
6. CVEs
This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.
| CVE ID | CVSS score | Component | Module | Attack Vector | Complexity | Privileges | User Interaction | Scope | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2023-41993 | 7.5 | javafx | web | network | high | none | required | unchanged | high | high | high |
CVE-2024-21002 | 2.5 | javafx | graphics | local | high | none | required | unchanged | none | low | none |
CVE-2024-21003 | 3.1 | javafx | graphics | network | high | none | required | unchanged | none | low | none |
CVE-2024-21004 | 2.5 | javafx | window-toolkit | local | high | none | required | unchanged | none | low | none |
CVE-2024-21005 | 3.1 | javafx | graphics | network | high | none | required | unchanged | none | low | none |
CVE-2024-21011 | 3.7 | hotspot | runtime | network | high | none | none | unchanged | none | none | low |
CVE-2024-21068 | 3.7 | hotspot | compiler | network | high | none | none | unchanged | none | low | none |
CVE-2024-21085 | 3.7 | core-libs | java.util | network | high | none | none | unchanged | none | none | low |
CVE-2024-21094 | 3.7 | hotspot | compiler | network | high | none | none | unchanged | none | low | none |
7. Notable Issues
This is the list of the notable issues fixed in this release.
| Issue ID | |
|---|---|
JDK-8321717 | Summary: Add Telia Root CA v2 Description: Telia root certificate was added. |
JDK-8321804 | Summary: Add Let’s Encrypt ISRG Root X2 Description: New Let’s Encrypt root certificates were added. |
JDK-8321813 | Summary: Add four DigiCert root certificates Description: Four new DigiCert root certificates were added. |
JDK-8325961 | Summary: rcache interop with krb5-1.15 Description: Java’s DFL-style rcache uses MD5 hash, which is the same as krb5-1.14 and earlier. krb5-1.15 uses SHA256. If the same AP-REQ was sent to krb5-1.15 first (which created a new rcache entry) and then sent to a Java acceptor, Java could not find a match in the rcache file and accepted it. |
JDK-8327570 | Summary: Test 'api/java_awt/interactive/SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray Description: When pressing the 'Add tray icon' button, the blue ball icon is now added to the system tray. |
JDK-8328838 | Summary: Add Certainly roots R1 and E1 Description: Certainly Root R1 CA certificate was added. |
8. Resolved Issues
JDK issues
This is the list of general JDK issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-8011180 | Delete obsolete scripts |
JDK-8016451 | Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build |
JDK-8021961 | setAlwaysOnTop doesn’t behave correctly in Linux/Solaris under certain scenarios |
JDK-8023735 | [TESTBUG] [macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X |
JDK-8074860 | Structured Exception Catcher missing around CreateJavaVM on Windows |
JDK-8079441 | Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) |
JDK-8155590 | Dubious collection management in sun.net.www.http.KeepAliveCache |
JDK-8168518 | rcache interop with krb5-1.15 |
JDK-8183503 | Update hotspot tests to allow for unique test classes directory |
JDK-8186095 | upgrade to jtreg 4.2 b08 |
JDK-8186199 | [windows] JNI_DestroyJavaVM not covered by SEH |
JDK-8192931 | Regression test java/awt/font/TextLayout/CombiningPerf.java fails |
JDK-8208655 | use JTreg skipped status in hotspot tests |
JDK-8208701 | Fix for JDK-8208655 causes test failures in CI tier1 |
JDK-8208706 | compiler/tiered/ConstantGettersTransitionsTest.java fails to compile |
JDK-8213410 | UseCompressedOops requirement check fails fails on 32-bit system |
JDK-8222323 | ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" |
JDK-8224768 | Test ActalisCA.java fails |
JDK-8251155 | HostIdentifier fails to canonicalize hostnames starting with digits |
JDK-8251551 | Use .md filename extension for README |
JDK-8268678 | LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired |
JDK-8270280 | security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error |
JDK-8270517 | Add Zero support for LoongArch |
JDK-8272708 | [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled |
JDK-8276139 | TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test |
JDK-8288132 | Update test artifacts in QuoVadis CA interop tests |
JDK-8297955 | LDAP CertStore should use LdapName and not String for DNs |
JDK-8301310 | The SendRawSysexMessage test may cause a JVM crash |
JDK-8302017 | Allocate BadPaddingException only if it will be thrown |
JDK-8308592 | Framework for CA interoperability testing |
JDK-8312126 | NullPointerException in CertStore.getCRLs after 8297955 |
JDK-8315042 | NPE in PKCS7.parseOldSignedData |
JDK-8315757 | [8u] Add cacerts JTREG tests to GHA tier1 test set |
JDK-8317373 | Add Telia Root CA v2 |
JDK-8317374 | Add Let’s Encrypt ISRG Root X2 |
JDK-8317507 | C2 compilation fails with "Exceeded _node_regs array" |
JDK-8318340 | Improve RSA key implementations |
JDK-8318759 | Add four DigiCert root certificates |
JDK-8319187 | Add three eMudhra emSign roots |
JDK-8319851 | Improve exception logging |
JDK-8320597 | RSA signature verification fails on signed data that does not encode params correctly |
JDK-8320713 | Bump update version of OpenJDK: 8u412 |
JDK-8321060 | [8u] hotspot needs to recognise VS2022 |
JDK-8321408 | Add Certainly roots R1 and E1 |
JDK-8322114 | Improve Pack 200 handling |
JDK-8322122 | Enhance generation of addresses |
JDK-8322725 | (tz) Update Timezone Data to 2023d |
JDK-8322750 | Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray |
JDK-8323202 | [8u] Remove get_source.sh and hgforest.sh |
JDK-8323640 | [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed |
JDK-8324184 | Windows VS2010 build failed with "error C2275: 'int64_t'" |
JDK-8324530 | Build error with gcc 10 |
JDK-8325150 | (tz) Update Timezone Data to 2024a |
JFX issues
This is the list of JFX issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-8221261 | Deadlock on macOS in JFXPanel app when handling IME calls |
JDK-8309374 | Accessibility Focus Rectangle on ListItem is not drawn when ListView is shown for first time |
JDK-8311492 | FontSmoothingType LCD produces wrong color when transparency is used |
JDK-8313032 | Enhanced handling of Glass |
JDK-8313040 | Enhanced Font handling |
JDK-8313064 | General enhancements of image handling |
JDK-8313072 | Enhanced handling of Fonts |
JDK-8318386 | Update Glib to 2.78.1 |
JDK-8318387 | Update GStreamer to 1.22.6 |
JDK-8318388 | Update libxslt to 1.1.39 |
JDK-8318614 | Update WebKit to 617.1 |
JDK-8318984 | Update to Xcode 14.3.1 on macOS |
JDK-8319079 | Missing range checks in decora |
JDK-8319669 | [macos14] Running any JavaFX app prints Secure coding warning |
JDK-8319762 | Update to Visual Studio 2022 version 17.6.5 on Windows |
JDK-8319996 | Update to GCC 13.2.0 on Linux |
JDK-8320260 | WebView: Update Public Suffix List to b5bf572 |
JDK-8320267 | WebView crashes on macOS 11 with WebKit 616.1 |
JDK-8322236 | Build failure after JDK-8313064 |
JDK-8322703 | Intermittent crash in WebView in a JFXPanel from IME calls on macOS |
JDK-8323879 | constructor Path(Path) which takes another Path object fail to draw on canvas html |
JDK-8323880 | Caret rendered at wrong position in case of a click event on RTL text |
JDK-8324337 | Cherry-pick WebKit 617.1 stabilization fixes |
JDK-8325258 | Additional WebKit 617.1 fixes from WebKitGTK 2.42.5 |
JDK-8326989 | Text selection issues on WebView after WebKit 617.1 |