Release notes for OpenJDK 8.0.332

OpenJDK 8

Red Hat Customer Content Services

Abstract

This document provides an overview of new features in OpenJDK 8 and includes a list of potential known issues and possible workarounds for these issues.

Preface

OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.

Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Support policy

Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.

A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.

OpenJDK 8 is supported on Microsoft Windows and Red Hat Enterprise Linux until May 2026.

Note

RHEL 6 has reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration. 

See, OpenJDK Life Cycle and Support Policy (Red Hat Customer Portal)

Chapter 2. Differences from upstream OpenJDK 8

OpenJDK in Red Hat Enterprise Linux (RHEL) contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow RHEL updates as closely as possible.

The following list details the most notable Red Hat OpenJDK 8 changes:

  • FIPS support. Red Hat OpenJDK 8 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 8 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Cryptographic policy support. Red Hat OpenJDK 8 obtains the list of enabled cryptographic algorithms and key size constraints from the RHEL system configuration. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Red Hat OpenJDK on RHEL dynamically links against native libraries such as zlib for archive format support and libjpeg-turbo, libpng, and giflib for image support. RHEL also dynamically links against Harfbuzz and Freetype for font rendering and management. This change does not apply to OpenJDK builds for Microsoft Windows.
  • The src.zip file includes the source for all the JAR libraries shipped with OpenJDK.
  • Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
  • Red Hat OpenJDK on RHEL uses system-wide CA certificates.
  • Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
  • Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.

Chapter 3. OpenJDK features

The latest OpenJDK 8 release might include new features. Additionally, this release might enhance, deprecate, or remove features that originated from previous OpenJDK 8 releases.

Note

For all the other changes and security fixes, see OpenJDK 8u332 Released.

3.1. New features and enhancements

Review the following release notes to understand new features and feature enhancements that have been included with the OpenJDK 8.0.332 release:

Portable Linux build access to cacerts

Portable Linux builds of Red Hat OpenJDK 8.0.322 attempted to use /etc/pki/java/cacerts as its security certificate database. This was an undesired change in behavior from the OpenJDK 8.0.312 release, where a portable Linux build would use the cacerts database located in its own directory structure.

OpenJDK 8.0.332 fixes this issue by changing the cacerts file location to <java_home>/jre/lib/java.security, which was the default location specified in the OpenJDK 8.0.312 release.

Additionally with the OpenJDK 8.0.332 release, you can configure the cacerts database in the java.security file by using the property security.systemCACerts. You can disable this functionality by passing the -Djava.security.disableSystemCACerts=true argument when you start your JVM.

Alternative Data Streams (ADS) behavior on OpenJDK for Microsoft Windows

The OpenJDK 8 for Microsoft Windows release fixes an issue where some Java applications failed because java.io.FileOutputStream would not open some files containing a colon (:) character. This issue occurred because the default value for jdk.io.File.enableADS was set to false.

This OpenJDK 8 for Microsoft Windows release sets the default value for the jdk.io.File.enableADS to true. By default, OpenJDK can now write to Alternative Data Streams and to special files in Microsoft Windows, such as the NUL: file.

You can disable OpenJDK’s capability to write to ADS by choosing one of the following options:

  • Pass the -Djdk.io.File.enableADS=false parameter to your OpenJDK deployment.
  • Set the JAVA_TOOL_OPTIONS environment variable to JAVA_TOOL_OPTIONS=-Djdk.io.File.enableADS=false.
Important

Implementing one of these settings might cause issues with how your Java applications write data into files for your OpenJDK 8 for Microsoft Windows build.

See JDK-8285445 (JDK Bug System)

Chapter 4. Known issues

OpenJDK 8 might include known issues. Solutions might exist for some of these known issues.

XPath expressions

OpenJDK 8 specifies new default limits for XPath expressions. If you find that your code is exceeding these limits, you can raise them by passing the following parameters to your OpenJDK deployment or by setting the JAVA_TOOL_OPTIONS environment variable to use them:

  • -Djdk.xml.xpathExprGrpLimit, which defaults to 10
  • -Djdk.xml.xpathExprOpLimit, which defaults to 100
  • -Djdk.xml.xpathTotalOpLimit, which defaults to 10,000

These default limits restrict the number of expression groups, the number of operators in a single expression, and the total number of operators.

Chapter 5. Advisories related to this release

The following advisories have been issued to bugfixes and CVE fixes included in this release:

Legal Notice

Copyright © 2022 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.