Changelog:
New Features
security-libs/javax.net.ssl
➜ Support for Customization of Default Enabled Cipher Suites via System Properties
The system property jdk.tls.client.cipherSuites can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property jdk.tls.server.cipherSuites can be used for customization on the server side.
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicit setting of enabled cipher suites will override the system properties.
Please refer to the "Java Cryptography Architecture Standard Algorithm Name Documentation" for the standard JSSE cipher suite names, and the "Java Cryptography Architecture Oracle Providers Documentation" for the cipher suite names supported by the SunJSSE provider.
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.
Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
See JDK-8162362
Bug Fixes
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u192 Bug Fixes page.
Security bugs:
CVE-2018-3183
CVE-2018-3209
CVE-2018-3169
CVE-2018-3149
CVE-2018-3211
CVE-2018-3180
CVE-2018-3214
CVE-2018-3157
CVE-2018-3150
CVE-2018-13785
CVE-2018-3136
CVE-2018-3139
Changelog:
Fix following security vulnerabilities:
CVE-2016-0499
CVE-2015-4925
CVE-2016-0472
CVE-2015-4921
CVE-2016-0467
CVE-2016-0461
CVE-2015-4923
Bug fixes:
Bug Id Category Subcategory Description
JDK-8133917 client-libs Please backport X11FontManager refactor to Java 8!
JDK-8130136 client-libs 2d Swing window sometimes fails to repaint partially when it becomes exposed
JDK-8132850 client-libs 2d java.lang.ArrayIndexOutOfBoundsException during text rendering with many fonts installed
JDK-8137106 client-libs 2d EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+
JDK-8065081 client-libs demo Intermittent NPE in Java2Demo applet on Stop/Restart in appletviewer
JDK-8081485 client-libs java.awt EDT auto shutdown is broken in case of new event queue usage
JDK-8081787 client-libs java.awt [macosx] MalformedURLException is thrown during reading data for application/x-java-url;class=java.net.URL flavor
JDK-8086038 client-libs java.awt [macosx] No available data flavors when copying from Microsoft Word for Mac
JDK-8130776 client-libs java.awt Remove EmbeddedFrame.requestFocusToEmbedder() method
JDK-8132382 client-libs java.awt [macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries
JDK-8136763 client-libs java.awt [macosx] java always returns only one value for "text/uri-list" dataflavor even if several files were copied
JDK-8134828 client-libs javax.swing Scrollbar thumb disappears with Nimbus L&F
JDK-8134917 client-libs javax.swing [macosx] JOptionPane doesn't receive mouse events when opened from a drop event
JDK-8134356 core-libs {@code} tag contains < and > sequences
JDK-8134569 core-libs Add tests for prototype callsites
JDK-8134939 core-libs Improve toString method of Dynalink DynamicMethod objects
JDK-8133249 core-libs java.io Occasional SIGSEGV: non thread-safe use of strerr in getLastErrorString
JDK-8073644 core-libs java.lang.invoke Assertion in LambdaFormEditor.bindArgumentType is too strict
JDK-8030785 core-libs java.lang:reflect Missing "since 1.8" javadoc for java.lang.reflect.Method:getParameterCount
JDK-8072466 core-libs java.net Deadlock when initializing MulticastSocket and DatagramSocket
JDK-8087190 core-libs java.net Regression in sun.net.util.IPAddressUtil.isIPv4LiteralAddress(String)
JDK-8133015 core-libs java.net InetAddress.isReachable(tmout) returning wrong value on Windows for IPv6
JDK-8143397 core-libs java.net It looks like InetAddress.isReachable(timeout) works incorrectly
JDK-6857566 core-libs java.nio (bf) DirectByteBuffer garbage creation can outpace reclamation
JDK-8029516 core-libs java.nio (fs) WatchKey cancel unreliable on Windows
JDK-8034057 core-libs java.nio Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win)
JDK-8080115 core-libs java.nio (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads
JDK-8130274 core-libs java.nio java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal
JDK-8133232 core-libs java.nio [fs] Regex has redundant | in the char class
JDK-8133647 core-libs java.nio (ch) Test java/nio/channels/AsynchronousSocketChannel/StressLoopback.java fails for Windows XP
JDK-8137121 core-libs java.nio (fc) Infinite loop FileChannel.truncate
JDK-8138819 core-libs java.nio (se) File descriptor leak when Selector.open fails
JDK-8081794 core-libs java.text ParsePosition getErrorIndex returns 0 for TimeZone parsing problem
JDK-8074032 core-libs java.time Instant.ofEpochMilli(millis).toEpochMilli() can throw arithmetic overflow in toEpochMilli()
JDK-8133022 core-libs java.time Instant.toEpochMilli() silently overflows
JDK-8139107 core-libs java.time DateTimeFormatter with Locale.UK throw a NullPointerException when parsing zone
JDK-6907252 core-libs java.util.jar ZipFileInputStream Not Thread-Safe
JDK-8038502 core-libs java.util.jar Deflater.needsInput() should use synchronization
JDK-8134505 core-libs java.util:i18n Cleanup of "TimeZone_md.c"
JDK-8129957 core-libs javax.naming Deadlock in JNDI LDAP implementation when closing the LDAP context
JDK-8027137 core-libs jdk.nashorn Merge ScriptFunction and ScriptFunctionImpl
JDK-8055917 core-libs jdk.nashorn jdk.nashorn.internal.codegen.CompilationPhase$N should be renamed to proper classes
JDK-8068901 core-libs jdk.nashorn Surprising behavior with more than one functional interface on a class
JDK-8068903 core-libs jdk.nashorn Can't invoke vararg @FunctionalInterface methods
JDK-8073613 core-libs jdk.nashorn Here documents: how to avoid string interpolation?
JDK-8073733 core-libs jdk.nashorn TypeError messages with "call" and "new" could be improved
JDK-8087292 core-libs jdk.nashorn nashorn should have a "fail-fast" option for scripting, analog to bash "set -e"
JDK-8087312 core-libs jdk.nashorn PropertyMapWrapper.equals should compare className
JDK-8114838 core-libs jdk.nashorn Anonymous functions escape to surrounding scope when defined under "with" statement
JDK-8129950 core-libs jdk.nashorn Wrong condition for checking absence of logger in MethodHandleFactory
JDK-8129959 core-libs jdk.nashorn DebugLogger has unnecessary API methods
JDK-8130234 core-libs jdk.nashorn Get rid of JSType.isNegativeZero
JDK-8130307 core-libs jdk.nashorn improve Nashorn Javadoc target
JDK-8130424 core-libs jdk.nashorn if directory specified with --dest-dir does not exist, only .class files are dumped and .js files are not
JDK-8130476 core-libs jdk.nashorn Remove unused methods in Global.java
JDK-8130663 core-libs jdk.nashorn 6 fields can be static fields in Global class
JDK-8130853 core-libs jdk.nashorn Non-extensible global is not handled property
JDK-8131039 core-libs jdk.nashorn after adding a function property to Object.prototype, JSON.parse with reviver function goes into infinite loop
JDK-8131340 core-libs jdk.nashorn Varargs function is recompiled each time it is linked
JDK-8131683 core-libs jdk.nashorn Delete fails over multiple scopes
JDK-8133119 core-libs jdk.nashorn Error message associated with TypeError for call and new should include stringified Node
JDK-8133300 core-libs jdk.nashorn Ensure symbol table immutability in Nashorn AST
JDK-8133785 core-libs jdk.nashorn SharedScopeCall should be enabled for non-optim call sites even with optimistic compilation
JDK-8134150 core-libs jdk.nashorn Make Nashorn Timing class both threadsafe and efficient
JDK-8134484 core-libs jdk.nashorn disallow backquotes as heredoc end marker delimiters
JDK-8134488 core-libs jdk.nashorn0 core-libs jdk.nashorn Dead var statement evacuation incorrectly descends into nested functions
JDK-8134502 core-libs jdk.nashorn introduce abstraction for basic NodeVisitor usage
JDK-8134609 core-libs jdk.nashorn Allow constructors with same prototoype e-libs jdk.nashorn Defer stack trace walking of NashornException for extracting line number and file name
JDK-8134931 core-libs jdk.nashorn jdk.nashorn.internal.codegen.TypeMap should not use Map
JDK-8134973 core-libs jdk.nashorn Control flow exceptions s
JDK-8135075 core-libs jdk.nashorn Reorder short-circuit tests in ApplySpecialization to run cheapest first
JDK-8135190 core-libs jdk.nashorn Method code too large in Babel browser.js script
JDK-8135262 core-libs jdk.nashorn Sanitize CodeInstaller and ComJDK-8135337 core-libs jdk.nashorn NativeDebug.dumpCounters with incorrect scope count
JDK-8136349 core-libs jdk.nashorn Typos patch for nashorn sources submitted on Sep 10, 2015
JDK-8136544 core-libs jdk.nashorn Call site switching to megamorphic causes incorrect property read
JDK-8136694 core-libs jdk.nashorn Megemorphic scope access does not throw ReferenceError when property is missing
JDK-8137258 core-libs jdk.nashorn JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
JDK-8137281 core-libs jdk.nashorn OutOfMemoryError with large numeric keys in JSON.parse
JDK-8137333 core-libs jdk.nashorn Boundless soft caching of property map histories causes high memory pressure
JDK-8138616 core-libs jdk.nashorn invokeFunction fails if function calls a function defined in GLOBAL_SCOPE
JDK-8138632 core-libs jdk.nashorn Sparse array does not handle growth of underlying dense array
JDK-8074696 core-svc debugger Remote debugging session hangs for several minutes when calling findBootType
JDK-8074368 core-svc java.lang.management ThreadMXBean.getThreadInfo() corrupts memory when called with empty array for thread ids
JDK-8133666 core-svc java.lang.management OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux
JDK-8075773 core-svc tools jps running as root fails after the fix of JDK-8050807
JDK-8139613 deploy push of backport of JDK-8081846 broke build
JDK-8138650 deploy packager Packager cannot bundle Mac App Store Apps because JavaFX WebKit uses apple private APIs
JDK-8133985 deploy plugin "Apply" button is permanently disabled in JCP, after roaming profile option is changed
JDK-8134109 deploy plugin Applet2Manager.getMainDeploymentRuleSet ignores jar version.
JDK-8134495 deploy plugin Cannot enable debugging on JNLP applet with java-vm-args params
JDK-7156268 deploy webstart app is stuck when launching with javaagent if there is no jre info in deployment.properties
JDK-8055464 deploy webstart Add a URL scheme handler to reliably launch .jnlp files - java part
JDK-8056013 deploy webstart Web Start looks in currently directory for all classes prior to jars - slow
JDK-8077380 deploy webstart JNLPSigning exception when signed jnlp is launched from local tomcat server
JDK-8081846 deploy webstart Add a URL scheme handler to reliably launch .jnlp files - Windows registration part
JDK-8135115 deploy webstart DRS1.3: App is not blocked when there is a invalid attribute in jnlp-checksum
JDK-8135227 deploy webstart DRS 1.3 enhancements doesn't work as expected when load no href jnlp by "javaws <local_path_of_jnlp_file>"
JDK-8136906 deploy webstart Extreme Application Startup Time due to frequent requests for the jnlp-6.0.dtd
JDK-8139323 deploy webstart JNLPSignedResourcesHelperTest shows regression caused by JDK-8129600
JDK-8140264 deploy webstart create junit test for JDK-8136906
JDK-8140740 deploy webstart Test jnlp_file/applicationDesc/index.html\#args is failing
JDK-8011858 hotspot compiler Use Compile::live_nodes() instead of Compile::unique() in appropriate places
JDK-8058737 hotspot compiler CodeCache::find_blob fails with 'unsafe access to zombie method'
JDK-8075805 hotspot compiler Crash while trying to release CompiledICHolder
JDK-8134031 hotspot compiler Incorrect JIT compilation of complex code with inlining and escape analysis
JDK-8134493 hotspot compiler Cleaning inline caches of unloaded nmethods should be done in sweeper
JDK-8133193 hotspot gc Memory leak in G1 because G1RootProcessor doesn't have desctructor
JDK-8029453 hotspot runtime java/util/concurrent/locks/ReentrantLock/TimeoutLockLoops.java failed by timeout
JDK-8135002 hotspot runtime Fix or remove broken links in objectMonitor.cpp comments
JDK-8139150 hotspot runtime ClassVerifier frees exception message while it's still in use
JDK-8140249 hotspot runtime JVM Crashing During startUp If Flight Recording is enabled
JDK-7194452 security-libs java.security Remove "Reverse" PKIX CertPathBuilder implementation
JDK-8130875 security-libs java.security Ucrypto library leaks memory when null output buffer is specified
JDK-8136534 security-libs java.security Loading JKS keystore using non-null InputStream results in closed stream
JDK-8132551 security-libs javax.crypto:pkcs11 Initialize local variables before returning them in p11_convert.c
JDK-8067422 tools javac Lambda method names are unnecessarily unstable
JDK-8071291 tools javac Compiler crashes trying to cast UnionType to IntersectionClassType
JDK-8073519 xml jaxb schemagen does not report errors while generating xsd files
ryoon
joerg