Release notes for OpenJDK 8.0.322
Abstract
Preface
OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.
Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Support policy
Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.
A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.
OpenJDK 8 is supported on Microsoft Windows and Red Hat Enterprise Linux until May 2026.
RHEL 6 has reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration.
For more information, see the OpenJDK Life Cycle and Support Policy.
Chapter 2. Differences from upstream OpenJDK 8
OpenJDK in Red Hat Enterprise Linux (RHEL) contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow RHEL updates as closely as possible.
The following list details the most notable Red Hat OpenJDK 8 changes:
- FIPS support. Red Hat OpenJDK 8 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 8 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
- Cryptographic policy support. Red Hat OpenJDK 8 obtains the list of enabled cryptographic algorithms and key size constraints from the RHEL system configuration. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
-
Red Hat OpenJDK on RHEL dynamically links against native libraries such as
zlib
for archive format support andlibjpeg-turbo
,libpng
, andgiflib
for image support. RHEL also dynamically links againstHarfbuzz
andFreetype
for font rendering and management. This change does not apply to OpenJDK builds for Microsoft Windows. -
The
src.zip
file includes the source for all the JAR libraries shipped with OpenJDK. - Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
- Red Hat OpenJDK on RHEL uses system-wide CA certificates.
- Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
- Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.
Additional resources
- For more information about detecting if a system is in FIPS mode, see the Improve system FIPS detection example on the RHEL Planning Jira.
- For more information about cryptographic policies, see Using system-wide cryptographic policies.
Chapter 3. OpenJDK features
The latest OpenJDK 8 release might include new features. Additionally, this release might enhance, deprecate, or remove features that originated from previous OpenJDK 8 releases.
For all the other changes and security fixes, see OpenJDK 8u322 Released.
3.1. New features and enhancements
Review the following release notes to understand new features and feature enhancements that have been included with the OpenJDK 8.0.272 release:
IANA Time Zone Database
The Internet Assigned Numbers Authority (IANA) updated its Time Zone Database to version 2021c. Red Hat OpenJDK date and time libraries depends on IANA’s Time Zone Database for determining local time for various regions around the world.
The 2021b release of the Time Zone Database updated time zone rules that existed before 1970. For more information about the 2021b release, see 2021b release of tz code and data available on the IANA website.
For more information about IANA’s Time Zone Database, see Time Zone Database on the IANA website.
For more information about IANA’s 2021c Time Zone Database release, see JDK-8274857.
3.2. Deprecated or removed features
Review the following release notes to understand pre-existing features that have been either deprecated or removed in the OpenJDK 8.0.322 release:
IdenTrust
root certificate
OpenJDK 8.0.322 removes the following IdenTrust
root certificate from the cacerts
keystore:
- Alias name
- identrustdstx3 [jdk]
- Distinguished name
- CN=DST Root CA X3, O=Digital Signature Trust Co
For more information about this removed IdenTrust
root certificate, see JDK-8271434.
Google GlobalSign root certificate
OpenJDK 8.0.322 removes the following root certificate from the cacerts
keystore:
- Alias name
- globalsignr2ca [jdk]
- Distinguished name
- CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
For more information about this removed Google GlobalSign root certificate, see JDK-8272535.
Chapter 4. Known issues
OpenJDK 8 might include known issues. Solutions might exist for some of these known issues.
Debug packages moved to the RHEL 8.5 CodeReady Linux Builder (CRB) repository
- Description
RHEL 8.5 moved the
java-8-openjdk-slowdebug-debuginfo
andjava-8-openjdk-fastdebug-debuginfo
packages to the CodeReady Linux Builder (CRB) repository, where thejava-openjdk-slowdebug
andjava-openjdk-fastdebug
packages are already located. This repository contains developer packages. Red Hat had planned to move these packages to the CRB repository earlier in the lifecycle of RHEL 8.5. However, this movement did not occur.You might have installed the
java-8-openjdk-slowdebug-debuginfo
andjava-8-openjdk-fastdebug-debuginfo
packages when these packages were located in the AppStream repository.You can check if you installed the
java-8-openjdk-slowdebug-debuginfo
orjava-8-openjdk-fastdebug-debuginfo
packages by issuing the following command in your CLI:$ rpm -qa | grep java-.*debug-debuginfo
You can continue to use the
java-8-openjdk-slowdebug-debuginfo
andjava-8-openjdk-fastdebug-debuginfo
packages for debugging purposes on your Java application, but you must enable the CRB repository to receive updates for these packages.- Workaround
If you installed the
java-8-openjdk-slowdebug-debuginfo
andjava-8-openjdk-fastdebug-debuginfo
packages, you must choose one of the following options:Uninstall these packages by issuing the following command in your CLI:
$ dnf remove java-8-openjdk-<package-name>
Enable the CRB repository by issuing the following command in your CLI:
$ dnf config-manager --set-enabled rhel-8-crb-debug-rpms
ImportantRed Hat does not fully support packages that are contained within the CRB repository. Ensure you understand the potential risks of using any unsupported debug packages on your Java applications.
For more information about the CRB repository on RHEL 8.5, see Package Manifest guide in the Red Hat Enterprise Linux documentation.
Chapter 5. Advisories related to this release
The following advisories have been issued to bugfixes and CVE fixes included in this release: