Chapter 2. Eclipse Temurin features

Review the following release notes to understand new features and feature enhancements that the Eclipse Temurin 8.0.392 release provides:

Improved communication in CORBA

The Common Object Request Broker Architecture (CORBA) implementation in OpenJDK now provides the option to limit serialization in stub objects to objects containing the IOR: prefix.

Consider the following information:

JDK bug system reference ID: JDK-8303384.

Default native GSS-API library added on Windows

OpenJDK 8.0.392 adds a native Generic Security Service Application Programming Interface (GSS-API) library, sspi_bridge.dll, on the Windows platform. Similar to the provision of native GSS-API libraries on other operating systems, OpenJDK loads the sspi_bridge.dll library only when the sun.security.jgss.native system property is set to true. Alternatively, you can still instruct the JDK to load a third-party native GSS-API library by setting the sun.security.jgss.lib system property to the appropriate path.

The sspi_bridge.dll library is for client-side use only and uses the default credentials. Because native GSS support automatically uses cached credentials from the underlying operating system, ensure that you set the javax.security.auth.useSubjectCredsOnly system property to false.

Also, because com.sun.security.auth.module.Krb5LoginModule does not call the native Java GSS (JGSS), avoid using Krb5LoginModule in your Java Authentication and Authorization Service (JAAS) configuration.

See JDK-6722928 (JDK Bug System).

Certigna root CA certificate added

In OpenJDK 8.0.392, the cacerts truststore includes the following Certigna root certificate:

See JDK-8314960 (JDK Bug System).

Arrays cloned in several JAAS callback classes

In previous releases, in the ChoiceCallback and ConfirmationCallback JAAS classes, when arrays were passed into a constructor or returned, these arrays were not cloned. This behavior allowed an external program to gain access to the internal fields of these classes.

In OpenJDK 8.0.392, the JAAS classes return cloned arrays.

See JDK-8242330 (JDK Bug System).

Review the following release notes to understand pre-existing features that have been either deprecated or removed in Eclipse Temurin 8.0.392:

3DES and RC4 disabled in Kerberos

OpenJDK 8.0.392 deprecates and disables the des3-hmac-sha1 and rc4-hmac Kerberos encryption types by default.

If you want to re-enable these encryption types, complete either of the following actions:

See JDK-8139348 (JDK Bug System).

SECOM Trust Systems root CA1 certificate removed

From OpenJDK 8.0.392 onward, the cacerts truststore no longer includes the SECOM Trust Systems root certificate:

See JDK-8295894 (JDK Bug System).

Revised on 2024-05-10 09:07:32 UTC