Liberica JDK 8u432+7: Release Notes
1. Version information
This document provides information about Liberica JDK 8u432 release.
The full version string for this update release is 8u432+7. The version number is 8.
Liberica JDK 8 is distributed as .apk, .rpm, .zip, .deb, and .tar.gz packages. Please select the most appropriate for your purposes.
2. What’s New
This release contains the following updates and new features.
Notable Changes
This is the list of the notable issues fixed in this release.
| Issue ID | |
|---|---|
JDK-8334296 | Summary: Disable TLS_ECDH_* cipher suites Description: These cipher suites do not preserve forward-secrecy and are rarely used in practice. Other TLS implementations (ex: Chrome, Mozilla) do not enable these suites. The successor of RFC 7525 recommends that these suites not be used. |
JDK-8337007 | Summary: Relax the java.awt.Robot specification Description: This fix relaxes the specification of three methods in the |
JDK-8337619 | Summary: Exception when Tab key moves focus to a JCheckbox with a custom ButtonModel Description: As stated in JDK-8182577, when a custom ButtonModel was used and keyboard focus was moved by pressing TAB key, then in LayoutFocusTraversalPolicy.accept() method, it typecasts buttonmodel object to JToggleButton.ToggleButtonModel, which resulted in ClassCastException. |
JDK-8338735 | Summary: Infinite loop in ZipOutputStream.close() Description: ZipOutputStream.close() had the potential for falling into an infinite loop. Sometimes, when the client disconnected or the socket write timed out, the underlying output stream was closed before the zip file was completely written. This caused the ARM block call of ZipOutputStream.close() to fall into an infinite loop. |
JDK-8340530 | Summary: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs Description: Google and Mozilla have announced plans to distrust TLS Server certificates issued by Entrust. This enhancement implements similar restrictions in the JDK. The restrictions is enforced in the SunJSSE Provider of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities specified in this issue and the certificate’s notBefore date is after October 31, 2024. If necessary, you can work around the restrictions by removing 'ENTRUST_TLS' from the 'jdk.security.caDistrustPolicies' security property. |
IANA TZ Data update
This release of Liberica JDK 8u432 comes with IANA Time Zone Database version 2024a. The following are the main changes in this update:
Kazakhstan unifies on UTC+5 beginning 2024-03-01. Palestine springs forward a week later after Ramadan. zic no longer pretends to support indefinite-past DST. localtime no longer mishandles Ciudad Juárez in 2422.
3. Known Issues
This release does not contain any known issues.
4. Fixed CVEs
This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.
| CVE ID | CVSS score | Component | Module | Attack Vector | Complexity | Privileges | User Interaction | Scope | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2023-42950 | 7.5 | javafx | web | network | high | none | required | unchanged | high | high | high |
CVE-2024-21208 | 3.7 | core-libs | java.net | network | high | none | none | unchanged | none | none | low |
CVE-2024-21210 | 3.7 | hotspot | compiler | network | high | none | none | unchanged | none | low | none |
CVE-2024-21217 | 3.7 | core-libs | java.io:serialization | network | high | none | none | unchanged | none | none | low |
CVE-2024-21235 | 4.8 | hotspot | compiler | network | high | none | none | unchanged | low | low | none |
CVE-2024-25062 | 7.5 | javafx | web | network | low | none | none | unchanged | none | none | high |
5. Resolved Issues
JDK issues
This is the list of general JDK issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-4660158 | TTY: NumberFormatException while trying to set values by 'set' command |
JDK-6544871 | java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows. |
JDK-7188098 | TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails |
JDK-8021775 | compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50" |
JDK-8030204 | com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found |
JDK-8030795 | java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option |
JDK-8035395 | sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use |
JDK-8075511 | Enable -Woverloaded-virtual C++ warning for HotSpot build |
JDK-8137329 | [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging" |
JDK-8145919 | sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials |
JDK-8152207 | Perform array bound checks while getting a length of bytecode instructions |
JDK-8193682 | Infinite loop in ZipOutputStream.close() |
JDK-8196770 | Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java |
JDK-8205407 | [windows, vs<2017] C4800 after 8203197 |
JDK-8221903 | PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04 |
JDK-8233364 | Fix undefined behavior in Canonicalizer::do_ShiftOp |
JDK-8238274 | (sctp) JDK-7118373 is not fixed for SctpChannel |
JDK-8251188 | Update LDAP tests not to use wildcard addresses |
JDK-8262017 | C2: assert(n != __null) failed: Bad immediate dominator info. |
JDK-8264328 | Broken license in javax/swing/JComboBox/8072767/bug8072767.java |
JDK-8266248 | Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5 |
JDK-8278794 | Infinite loop in DeflaterOutputStream.finish() |
JDK-8279164 | Disable TLS_ECDH_* cipher suites |
JDK-8281096 | Flags introduced by configure script are not passed to ADLC build |
JDK-8284771 | java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" |
JDK-8290367 | Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property |
JDK-8298887 | On the latest macOS+XCode the Robot API may report wrong colors |
JDK-8299677 | Formatter.format might take a long time to format an integer or floating-point |
JDK-8303466 | C2: failed: malformed control flow. Limit type made precise with MaxL/MinL |
JDK-8305400 | ISO 4217 Amendment 175 Update |
JDK-8305931 | jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none" |
JDK-8307779 | Relax the java.awt.Robot specification |
JDK-8309138 | Fix container tests for jdks with symlinked conf dir |
JDK-8311666 | Disabled tests in test/jdk/sun/java2d/marlin |
JDK-8313626 | C2 crash due to unexpected exception control flow |
JDK-8315117 | Update Zlib Data Compression Library to Version 1.3 |
JDK-8315863 | [GHA] Update checkout action to use v4 |
JDK-8316328 | Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes |
JDK-8318039 | GHA: Bump macOS and Xcode versions |
JDK-8318951 | Additional negative value check in JPEG decoding |
JDK-8320964 | sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese |
JDK-8321480 | ISO 4217 Amendment 176 Update |
JDK-8324632 | Update Zlib Data Compression Library to Version 1.3.1 |
JDK-8324723 | GHA: Upgrade some actions to avoid deprecated Node 16 |
JDK-8326351 | Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1 |
JDK-8326521 | JFR: CompilerPhase event test fails on windows 32 bit |
JDK-8326529 | JFR: Test for CompilerCompile events fails due to time out |
JDK-8327007 | javax/swing/JSpinner/8008657/bug8008657.java fails |
JDK-8328286 | Enhance HTTP client |
JDK-8328544 | Improve handling of vectorization |
JDK-8328726 | Better Kerberos support |
JDK-8330415 | Update system property for Java SE specification maintenance version |
JDK-8331446 | Improve deserialization support |
JDK-8331730 | [8u] GHA: update sysroot for cross builds to Debian bullseye |
JDK-8332644 | Improve graph optimizations |
JDK-8333126 | Bump update version of OpenJDK: 8u432 |
JDK-8333669 | [8u] GHA: Dead VS2010 download link |
JDK-8333724 | Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 |
JDK-8334653 | ISO 4217 Amendment 177 Update |
JDK-8334905 | [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690 |
JDK-8335552 | [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes |
JDK-8335713 | Enhance vectorization analysis |
JDK-8335851 | [8u] Test JMXStartStopTest.java fails after JDK-8334415 |
JDK-8335894 | [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir |
JDK-8336928 | GHA: Bundle artifacts removal broken |
JDK-8337110 | [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory |
JDK-8337312 | [8u] Windows x86 VS2010 build broken by JDK-8320097 |
JDK-8337664 | Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs |
JDK-8338144 | [8u] Remove duplicate license files |
JDK-8341057 | Add 2 SSL.com TLS roots |
JDK-8341059 | Change Entrust TLS distrust date to November 12, 2024 |
JFX issues
This is the list of JFX issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-8296283 | JUnit5 tests using Params API fails to compile |
JDK-8322251 | [Linux] JavaFX is not displaying CJK on Ubuntu 23.10 and later |
JDK-8328994 | Update WebKit to 619.1 |
JDK-8329011 | Update SQLite to 3.45.3 |
JDK-8330462 | StringIndexOutOfBoundException when typing anything into TextField |
JDK-8331748 | Update libxml2 to 2.12.6 |
JDK-8332539 | Update libxml2 to 2.12.7 |
JDK-8334124 | Rendering issues with CSS "text-shadow" in WebView |
JDK-8335548 | testCookieEnabled fails with WebKit 619.1 |
JDK-8336798 | DRT test cssrounding.html test for linear layout fails with WebKit 619.1 |
JDK-8336939 | Update Glib to 2.80.4 |
JDK-8336940 | Update GStreamer to 1.24.6 |
JDK-8337481 | File API: file.name contains path instead of name |
JDK-8338306 | WebView Drag and Drop fails with WebKit 619.1 |
JDK-8338307 | Additional WebKit 619.1 fixes from WebKitGTK 2.44.3 |
JDK-8338886 | JavaFX debug builds fail on macOS |
6. Updates to Third Party Libraries
This is the list of changes in the third party libraries.
| Library | Full name | New Version | Module | JBS |
|---|---|---|---|---|
zlib | Zlib Data Compression Library | 1.3.1 | java.base | JDK-8324632 |
7. Upgrading to the New Version
To keep your Liberica JDK up-to-date and secure, always upgrade to the newest available version once it is released. To upgrade, install the new version over the previous one. For the installation instructions, see Liberica JDK Installation Guide.