Release notes for OpenJDK 8.0.322

OpenJDK 8

Red Hat Customer Content Services

Abstract

This document provides an overview of new features in OpenJDK 8 and includes a list of potential known issues and possible workarounds for these issues.

Preface

OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.

Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Support policy

Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.

A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.

OpenJDK 8 is supported on Microsoft Windows and Red Hat Enterprise Linux until May 2026.

Note

RHEL 6 has reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration. 

For more information, see the OpenJDK Life Cycle and Support Policy.

Chapter 2. Differences from upstream OpenJDK 8

OpenJDK in Red Hat Enterprise Linux (RHEL) contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow RHEL updates as closely as possible.

The following list details the most notable Red Hat OpenJDK 8 changes:

  • FIPS support. Red Hat OpenJDK 8 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 8 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Cryptographic policy support. Red Hat OpenJDK 8 obtains the list of enabled cryptographic algorithms and key size constraints from the RHEL system configuration. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Red Hat OpenJDK on RHEL dynamically links against native libraries such as zlib for archive format support and libjpeg-turbo, libpng, and giflib for image support. RHEL also dynamically links against Harfbuzz and Freetype for font rendering and management. This change does not apply to OpenJDK builds for Microsoft Windows.
  • The src.zip file includes the source for all the JAR libraries shipped with OpenJDK.
  • Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
  • Red Hat OpenJDK on RHEL uses system-wide CA certificates.
  • Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
  • Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.

Additional resources

Chapter 3. OpenJDK features

The latest OpenJDK 8 release might include new features. Additionally, this release might enhance, deprecate, or remove features that originated from previous OpenJDK 8 releases.

Note

For all the other changes and security fixes, see OpenJDK 8u322 Released.

3.1. New features and enhancements

Review the following release notes to understand new features and feature enhancements that have been included with the OpenJDK 8.0.272 release:

IANA Time Zone Database

The Internet Assigned Numbers Authority (IANA) updated its Time Zone Database to version 2021c. Red Hat OpenJDK date and time libraries depends on IANA’s Time Zone Database for determining local time for various regions around the world.

Note

The 2021b release of the Time Zone Database updated time zone rules that existed before 1970. For more information about the 2021b release, see 2021b release of tz code and data available on the IANA website.

For more information about IANA’s Time Zone Database, see Time Zone Database on the IANA website.

For more information about IANA’s 2021c Time Zone Database release, see JDK-8274857.

3.2. Deprecated or removed features

Review the following release notes to understand pre-existing features that have been either deprecated or removed in the OpenJDK 8.0.322 release:

IdenTrust root certificate

OpenJDK 8.0.322 removes the following IdenTrust root certificate from the cacerts keystore:

Alias name
identrustdstx3 [jdk]
Distinguished name
CN=DST Root CA X3, O=Digital Signature Trust Co

For more information about this removed IdenTrust root certificate, see JDK-8271434.

Google GlobalSign root certificate

OpenJDK 8.0.322 removes the following root certificate from the cacerts keystore:

Alias name
globalsignr2ca [jdk]
Distinguished name
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

For more information about this removed Google GlobalSign root certificate, see JDK-8272535.

Chapter 4. Known issues

OpenJDK 8 might include known issues. Solutions might exist for some of these known issues.

Debug packages moved to the RHEL 8.5 CodeReady Linux Builder (CRB) repository

Description

RHEL 8.5 moved the java-8-openjdk-slowdebug-debuginfo and java-8-openjdk-fastdebug-debuginfo packages to the CodeReady Linux Builder (CRB) repository, where the java-openjdk-slowdebug and java-openjdk-fastdebug packages are already located. This repository contains developer packages. Red Hat had planned to move these packages to the CRB repository earlier in the lifecycle of RHEL 8.5. However, this movement did not occur.

You might have installed the java-8-openjdk-slowdebug-debuginfo and java-8-openjdk-fastdebug-debuginfo packages when these packages were located in the AppStream repository.

You can check if you installed the java-8-openjdk-slowdebug-debuginfo or java-8-openjdk-fastdebug-debuginfo packages by issuing the following command in your CLI: 

$ rpm -qa | grep java-.*debug-debuginfo

You can continue to use the java-8-openjdk-slowdebug-debuginfo and java-8-openjdk-fastdebug-debuginfo packages for debugging purposes on your Java application, but you must enable the CRB repository to receive updates for these packages.

Workaround

If you installed the java-8-openjdk-slowdebug-debuginfo and java-8-openjdk-fastdebug-debuginfo packages, you must choose one of the following options:

  • Uninstall these packages by issuing the following command in your CLI: 

    $ dnf remove java-8-openjdk-<package-name>

  • Enable the CRB repository by issuing the following command in your CLI: 

    $ dnf config-manager --set-enabled rhel-8-crb-debug-rpms
    Important

    Red Hat does not fully support packages that are contained within the CRB repository. Ensure you understand the potential risks of using any unsupported debug packages on your Java applications.

For more information about the CRB repository on RHEL 8.5, see Package Manifest guide in the Red Hat Enterprise Linux documentation.

Chapter 5. Advisories related to this release

The following advisories have been issued to bugfixes and CVE fixes included in this release:

Legal Notice

Copyright © 2022 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.