Eclipse Temurin 8.0.362 release notes

Red Hat will support select major versions of Eclipse Temurin in its products. For consistency, these are the same versions that Oracle designates as long-term support (LTS) for the Oracle JDK.

A major version of Eclipse Temurin will be supported for a minimum of six years from the time that version is first introduced. For more information, see the Eclipse Temurin Life Cycle and Support Policy.

Eclipse Temurin does not contain structural changes from the upstream distribution of OpenJDK.

For the list of changes and security fixes included in the latest OpenJDK 8 release of Eclipse Temurin, see OpenJDK 8u362 Released.

New features and enhancements

Review the following release notes to understand new features and feature enhancements included with the Eclipse Temurin 8.0.362 release:

Improved CORBA communications

By default, the CORBA implementation in OpenJDK 8.0.362 refuses to deserialize any objects that do not contain the IOR: prefix.

If you want to revert to the previous behavior, you can set the new com.sun.CORBA.ORBAllowDeserializeObject property to true.

See JDK-8285021 (JDK Bug System).

Enhanced BMP bounds

By default, OpenJDK 8.0.362 disables loading a linked International Color Consortium (ICC) profile in a BMP image. You can enable this functionality by setting the new sun.imageio.bmp.enabledLinkedProfiles property to true. This property replaces the old sun.imageio.plugins.bmp.disableLinkedProfiles property

See JDK-8295687 (JDK Bug System).

Improved banking of sounds

Previously, the SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, downloaded a JAR soundbank from a URL. For OpenJDK 8.0.362, this behavior is now disabled by default. To re-enable the behavior, set the new system property jdk.sound.jarsoundbank to true.

See JDK-8293742 (JDK Bug System).

OpenJDK support for Microsoft Windows 11

OpenJDK 8.0.362 can now recogize the Microsoft Windows 11 operating system, and can set the os.name property to Windows 11.

See JDK-8274840 (JDK Bug System).

SHA-1 Signed JARs

With the OpenJDK 8.0.362 release, JARs signed with SHA-1 algorithms are restricted by default and treated as if they were unsigned. These restrictions apply to the following algorithms:

Additionally, the restrictions apply to signed Java Cryptography Extension (JCE) providers.

To reduce the compatibility risk for JARs that have been previously timestamped, the restriction does not apply to any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019. This exception might be removed in a future OpenJDK release.

To determine if your JAR file is impacted by the restriction, you can issue the following command in your CLI:

$ jarsigner -verify -verbose -certs

From the output of the previous command, search for instance of SHA1 , SHA-1, or disabled. Additionally, search for any warning messages that indicate that the JAR will be treated as unsigned. For example:

Signed by "CN="Signer""
Digest algorithm: SHA-1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 2048-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01

Consider replacing or re-signing any JARs affected by the new restrictions with stronger algorithms.

If your JAR file is impacted by this restriction, you can remove the algorithm and re-sign the file with a stronger algorithm, such as SHA-256. If you want to remove the restriction on SHA-1 signed JARs for OpenJDK 8.0.362, and you accept the security risks, you can complete the following actions:

See JDK-8269039 (JDK Bug System).

Revised on 2024-05-10 09:06:58 UTC