Release notes for OpenJDK 8.0.332
OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.
Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Support policy
Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.
A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.
OpenJDK 8 is supported on Microsoft Windows and Red Hat Enterprise Linux until May 2026.
RHEL 6 has reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration.
Chapter 2. Differences from upstream OpenJDK 8
OpenJDK in Red Hat Enterprise Linux (RHEL) contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow RHEL updates as closely as possible.
The following list details the most notable Red Hat OpenJDK 8 changes:
- FIPS support. Red Hat OpenJDK 8 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 8 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
- Cryptographic policy support. Red Hat OpenJDK 8 obtains the list of enabled cryptographic algorithms and key size constraints from the RHEL system configuration. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
Red Hat OpenJDK on RHEL dynamically links against native libraries such as
zlibfor archive format support and
giflibfor image support. RHEL also dynamically links against
Freetypefor font rendering and management. This change does not apply to OpenJDK builds for Microsoft Windows.
src.zipfile includes the source for all the JAR libraries shipped with OpenJDK.
- Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
- Red Hat OpenJDK on RHEL uses system-wide CA certificates.
- Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
- Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.
Chapter 3. OpenJDK features
The latest OpenJDK 8 release might include new features. Additionally, this release might enhance, deprecate, or remove features that originated from previous OpenJDK 8 releases.
For all the other changes and security fixes, see OpenJDK 8u332 Released.
3.1. New features and enhancements
Review the following release notes to understand new features and feature enhancements that have been included with the OpenJDK 8.0.332 release:
Portable Linux build access to
Portable Linux builds of Red Hat OpenJDK 8.0.322 attempted to use
/etc/pki/java/cacerts as its security certificate database. This was an undesired change in behavior from the OpenJDK 8.0.312 release, where a portable Linux build would use the
cacerts database located in its own directory structure.
OpenJDK 8.0.332 fixes this issue by changing the
cacerts file location to
<java_home>/jre/lib/java.security, which was the default location specified in the OpenJDK 8.0.312 release.
Additionally with the OpenJDK 8.0.332 release, you can configure the
cacerts database in the
java.security file by using the property
security.systemCACerts. You can disable this functionality by passing the
-Djava.security.disableSystemCACerts=true argument when you start your JVM.
Alternative Data Streams (ADS) behavior on OpenJDK for Microsoft Windows
The OpenJDK 8 for Microsoft Windows release fixes an issue where some Java applications failed because
java.io.FileOutputStream would not open some files containing a colon (
:) character. This issue occurred because the default value for
jdk.io.File.enableADS was set to
This OpenJDK 8 for Microsoft Windows release sets the default value for the
true. By default, OpenJDK can now write to Alternative Data Streams and to special files in Microsoft Windows, such as the
You can disable OpenJDK’s capability to write to ADS by choosing one of the following options:
-Djdk.io.File.enableADS=falseparameter to your OpenJDK deployment.
JAVA_TOOL_OPTIONSenvironment variable to
Implementing one of these settings might cause issues with how your Java applications write data into files for your OpenJDK 8 for Microsoft Windows build.
Chapter 4. Known issues
OpenJDK 8 might include known issues. Solutions might exist for some of these known issues.
OpenJDK 8 specifies new default limits for
XPath expressions. If you find that your code is exceeding these limits, you can raise them by passing the following parameters to your OpenJDK deployment or by setting the
JAVA_TOOL_OPTIONS environment variable to use them:
- -Djdk.xml.xpathExprGrpLimit, which defaults to 10
- -Djdk.xml.xpathExprOpLimit, which defaults to 100
- -Djdk.xml.xpathTotalOpLimit, which defaults to 10,000
These default limits restrict the number of expression groups, the number of operators in a single expression, and the total number of operators.
Chapter 5. Advisories related to this release
The following advisories have been issued to bugfixes and CVE fixes included in this release: