Liberica JDK 8u442+7: Release Notes

JDK-8335912/JDK-8337499

Summary: Add an operation mode to the jar command when extracting to not overwrite existing files

Description: In previous OpenJDK releases, when the jar tool extracted files from an archive, it would overwrite any existing files with the same name in the target directory. With this release, a new option ('-k' or '--keep-old-files') may be specified so that existing files are not overwritten. The option may be specified in short or long option form, as in the following examples: '* jar xkf foo.jar', '* jar --extract --keep-old-files --file foo.jar'. By default, the old behaviour remains in place and files are overwritten.

JDK-8341380

Summary: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs

Description: Google and Mozilla have announced plans to distrust TLS Server certificates issued by Entrust. This enhancement implements similar restrictions in the JDK. The restrictions is enforced in the SunJSSE Provider of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities specified in this issue and the certificate’s notBefore date is after October 31, 2024. If necessary, you can work around the restrictions by removing 'ENTRUST_TLS' from the 'jdk.security.caDistrustPolicies' security property.

JDK-8341488

Summary: Change Entrust TLS distrust date to November 12, 2024

Description: Google has changed their distrust date for Entrust from November 1 to November 12, 2024. Entrust has also changed the date they plan to use SSL.com as the issuing CA for public TLS server certificates to November 12. To align with those updated dates, the distrust date was changed to November 12, 2024.

JDK-8341533

Summary: Add 2 SSL.com TLS roots

Description: New SSL.com TLS roots are added as they are the issuing CA used by Entrust going forward.

JDK-8343097

Summary: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

Description: The LDAP Naming Service Provider implementation’s default settings can be improved by disallowing the reconstruction of Java objects from different LDAP attributes (RFC 2713). Changes include the following modifications: Extended the scope of the system property to cover the creation of RMI remote objects from the 'javaRemoteLocation' LDAP attribute; Updated the default value of 'com.sun.jndi.ldap.object.trustSerialData' system property to "false". That prevents the deserialization of java objects from the 'javaSerializedData' and the 'javaRemoteLocation' LDAP attributes.

JDK-8048003

test/compiler/8009761/Test8009761.java failed with: java.lang.RuntimeException: static java.lang.Object Test8009761.m3(boolean,boolean) not compiled

JDK-8058322

Zero name_index item of MethodParameters attribute cause MalformedParameterException.

JDK-8066708

JMXStartStopTest fails to connect to port 38112

JDK-8133287

(fs) java/nio/file/Files/probeContentType/ParallelProbes.java should use othervm mode

JDK-8189687

Swing: Invalid position of candidate pop-up of InputMethod in Hi-DPI on Windows

JDK-8196770

Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java

JDK-8209023

fix 2 compiler tests to avoid JDK-8208690

JDK-8233364

Fix undefined behavior in Canonicalizer::do_ShiftOp

JDK-8239312

[macOS] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java

JDK-8251188

Update LDAP tests not to use wildcard addresses

JDK-8260380

Upgrade to LittleCMS 2.12

JDK-8313626

C2 crash due to unexpected exception control flow

JDK-8315731

Open source several Swing Text related tests

JDK-8335428

Enhanced Building of Processes

JDK-8335912

Add an operation mode to the jar command when extracting to not overwriting existing files

JDK-8336564

Enhance mask blit functionality redux

JDK-8338402

GHA: some of bundles may not get removed

JDK-8339133

[8u] Profiler crashes at guarantee(is_result_safe || is_in_asgct()): unsafe access to zombie method

JDK-8339180

Enhanced Building of Processes: Follow-on Issue

JDK-8339394

Bump update version of OpenJDK: 8u442

JDK-8339882

Replace ThreadLocalStorage::thread with Thread::current_or_null in jdk8 backport of JDK-8183925

JDK-8340815

Add SECURITY.md file

JDK-8341057

Add 2 SSL.com TLS roots

JDK-8341059

Change Entrust TLS distrust date to November 12, 2024

JDK-8342822

jdk8u432-b06 does not compile on AIX

JDK-8342841

[8u] Separate jdk_security_infra tests from jdk_tier1

JDK-8346140

tools/jar/ExtractFilesTest.java and tools/jar/MultipleManifestTest.java fails with jtreg5.1

JDK-8236689

macOS 10.15 Catalina: LCD text renders badly

JDK-8301312

Create implementation of NSAccessibilityButton protocol

JDK-8311806

Class ButtonAccessibility is implemented twice

JDK-8333374

Cannot invoke "com.sun.prism.RTTexture.contentsUseful()" because "this.txt" is null

JDK-8334713

WebKit build failed on LoongArch64 because currentStackPointer is undefined

JDK-8335714

Enhance playing MP3s

JDK-8335715

Improve Direct Show support

JDK-8336941

Update libxslt to 1.1.42

JDK-8340208

Additional WebKit 619.1 fixes from WebKitGTK 2.44.4

JDK-8341920

Intermittent WebKit build failure on Windows generating PDB files in 619.1

JDK-8343630

Pass AccessControlContext to/from WebKit as opaque object