SUSE-CU-2025:7792-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-attestation
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:24:13 UTC 2025
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7792-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1.8.9.2 , suse/multi-linux-manager/5.1/x86_64/server-attestation:latest
Container Release : 8.9.2
Severity : important
Type : security
References : 1201684 1201685 1201692 1201694 1203476 1204468 1204472 1204473
1204475 1204480 1205916 1205916 1206549 1207246 1207248 1207922
1209333 1210392 1210628 1210631 1210632 1210634 1210635 1210636
1210637 1211259 1211679 1213470 1213473 1213474 1213475 1213479
1213481 1213482 1214790 1216339 1216374 1218903 1218905 1218907
1218908 1218909 1218911 1219662 1221107 1222979 1222983 1222986
1222987 1227298 1228046 1228047 1228048 1228051 1228052 1229825
1230262 1230959 1231702 1231711 1231716 1231719 1231748 1232326
1232526 1236278 1237442 1238491 1239566 1239938 1240058 1240788
1240882 1241274 1241275 1241276 1241549 1241880 1243331 1243486
1243611 1243704 1243991 1244027 1244050 1244127 1244219 1244424
1244552 1245099 1245120 1245199 1245573 1245702 1246068 1246197
1246277 1246320 1246421 1246428 1246553 1246575 1246584 1246595
1246597 1246598 1246654 1246663 1246789 1246882 1246906 1246934
1246965 1247144 1247148 1247688 1247836 1248085 1248252 1248252
1248804 1249059 1249191 1249348 1249367 1249434 1250232 1250911
1251263 1251278 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549
CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-34169
CVE-2022-39399 CVE-2023-21835 CVE-2023-21843 CVE-2023-21930 CVE-2023-21937
CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
CVE-2023-22006 CVE-2023-22025 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044
CVE-2023-22045 CVE-2023-22049 CVE-2023-22081 CVE-2023-25193 CVE-2024-20918
CVE-2024-20919 CVE-2024-20921 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952
CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 CVE-2024-21131
CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-21208
CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVE-2024-2236 CVE-2025-10148
CVE-2025-21502 CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 CVE-2025-30749
CVE-2025-30754 CVE-2025-50059 CVE-2025-50106 CVE-2025-53192 CVE-2025-53192
CVE-2025-53880 CVE-2025-6297 CVE-2025-6965 CVE-2025-8058 CVE-2025-9086
CVE-2025-9187 CVE-2025-9230
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-attestation was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2660-1
Released: Wed Aug 3 21:06:01 2022
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1201684,1201685,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.4+8 (July 2022 CPU)
- CVE-2022-21540: Improve class compilation (bsc#1201694)
- CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692)
- CVE-2022-34169: Improve Xalan supports (bsc#1201684)
- CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4079-1
Released: Fri Nov 18 15:36:28 2022
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399
This update for java-17-openjdk fixes the following issues:
- Update to jdk-17.0.5+8 (October 2022 CPU)
- CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
- CVE-2022-21628: Better HttpServer service (bsc#1204472)
- CVE-2022-21624: Enhance icon presentations (bsc#1204475)
- CVE-2022-21619: Improve NTLM support (bsc#1204473)
- CVE-2022-21618: Wider MultiByte (bsc#1204468)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:297-1
Released: Tue Feb 7 13:17:47 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1205916
This update for java-17-openjdk fixes the following issues:
- Modified patches:
Revert fips patch to a version used with 17.0.4.0 (bsc#1205916)
Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context.
- Fix jconsole.desktop icon
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:435-1
Released: Thu Feb 16 11:06:29 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843
This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.6.0+10:
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
Bugfixes:
- Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1632-1
Released: Tue Mar 28 12:53:57 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: important
References: 1206549
This update for java-17-openjdk fixes the following issues:
- Remove the accessibility RPM sub-package because it causes problems (bsc#1206549)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2110-1
Released: Fri May 5 14:10:21 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1209333,1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968
This update for java-17-openjdk fixes the following issues:
Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU)
Security fixes:
- CVE-2023-21930: Fixed AES support (bsc#1210628).
- CVE-2023-21937: Fixed String platform support (bsc#1210631).
- CVE-2023-21938: Fixed runtime support (bsc#1210632).
- CVE-2023-21939: Fixed Swing platform support (bsc#1210634).
- CVE-2023-21954: Fixed object reclamation process (bsc#1210635).
- CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636).
- CVE-2023-21968: Fixed path handling (bsc#1210637).
Other fixes:
- Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2340-1
Released: Thu Jun 1 09:46:52 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1210392,1211259
This update for java-17-openjdk fixes the following issues:
- In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather
than 127 (SG#65673, bsc#1210392)
- Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically
- Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2825-1
Released: Fri Jul 14 11:21:46 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1211679
This update for java-17-openjdk fixes the following issues:
- Bring back our nss.fips.cfg file, as the variable expansion
in the upstream file does not work (bsc#1211679)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3023-1
Released: Fri Jul 28 21:59:48 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193
This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.8+7 (July 2023 CPU):
- CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).
- CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).
- CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).
- CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).
- CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).
- CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).
- CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).
- JDK-8294323: Improve Shared Class Data
- JDK-8296565: Enhanced archival support
- JDK-8298676, JDK-8300891: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304460: Improve array usages
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
Bugfixes:
- JDK-8178806: Better exception logging in crypto code
- JDK-8201516: DebugNonSafepoints generates incorrect
information
- JDK-8224768: Test ActalisCA.java fails
- JDK-8227060: Optimize safepoint cleanup subtask order
- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
fails with AssertionError
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
- JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java
doesn' initialize eName
- JDK-8245877: assert(_value != __null) failed: resolving NULL
_value in JvmtiExport::post_compiled_method_load
- JDK-8248001: javadoc generates invalid HTML pages whose
ftp:// links are broken
- JDK-8252990: Intrinsify Unsafe.storeStoreFence
- JDK-8254711: Add java.security.Provider.getService JFR Event
- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
version updates
- JDK-8261495: Shenandoah: reconsider update references memory
ordering
- JDK-8268288: jdk/jfr/api/consumer/streaming/
/TestOutOfProcessMigration.java fails with 'Error:
ShouldNotReachHere()'
- JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java
fails: unexpected log message
- JDK-8268582: javadoc throws NPE with --ignore-source-errors
option
- JDK-8269821: Remove is-queue-active check in inner loop of
write_ref_array_pre_work
- JDK-8270434: JDI+UT: Unexpected event in JDI tests
- JDK-8270859: Post JEP 411 refactoring: client libs with
maximum covering > 10K
- JDK-8270869: G1ServiceThread may not terminate
- JDK-8271519: java/awt/event/SequencedEvent/
/MultipleContextsFunctionalTest.java failed with 'Total [200]
- Expected [400]'
- JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can
still fail with 'ERROR: new event is not ThreadStartEvent'
- JDK-8274243: Implement fast-path for ASCII-compatible
CharsetEncoders on aarch64
- JDK-8274615: Support relaxed atomic add for linux-aarch64
- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
- JDK-8275233: Incorrect line number reported in exception
stack trace thrown from a lambda expression
- JDK-8275287: Relax memory ordering constraints on updating
instance class and array class counters
- JDK-8275721: Name of UTC timezone in a locale changes
depending on previous code
- JDK-8275735: [linux] Remove deprecated Metrics api (kernel
memory limit)
- JDK-8276058: Some swing test fails on specific CI macos system
- JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/
/bug6276188.java fails to compile after JDK-8276058
- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
add 4357905
- JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly
identify it as pause
- JDK-8278434: timeouts in test java/time/test/java/time/
/format/TestZoneTextPrinterParser.java
- JDK-8278834: Error 'Cannot read field 'sym' because
'this.lvar[od]' is null' when compiling
- JDK-8282077: PKCS11 provider C_sign() impl should handle
CKR_BUFFER_TOO_SMALL error
- JDK-8282201: Consider removal of expiry check in
VerifyCACerts.java test
- JDK-8282227: Locale information for nb is not working properly
- JDK-8282704: runtime/Thread/StopAtExit.java may leak memory
- JDK-8283057: Update GCC to version 11.2.0 for Oracle builds
on Linux
- JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2
- JDK-8283520: JFR: Memory leak in dcmd_arena
- JDK-8283566: G1: Improve G1BarrierSet::enqueue performance
- JDK-8284331: Add sanity check for signal handler modification
warning.
- JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java
failed with Default Button not pressed for L&F:
com.sun.java.swing.plaf.motif.MotifLookAndFeel
- JDK-8285987: executing shell scripts without #! fails on
Alpine linux
- JDK-8286191: misc tests fail due to JDK-8285987
- JDK-8286287: Reading file as UTF-16 causes Error which
'shouldn't happen'
- JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator
- JDK-8286346: 3-parameter version of AllocateHeap should not
ignore AllocFailType
- JDK-8286398: Address possibly lossy conversions in
jdk.internal.le
- JDK-8287007: [cgroups] Consistently use stringStream
throughout parsing code
- JDK-8287246: DSAKeyValue should check for missing params
instead of relying on KeyFactory provider
- JDK-8287541: Files.writeString fails to throw IOException for
charset 'windows-1252'
- JDK-8287854: Dangling reference in ClassVerifier::verify_class
- JDK-8287876: The recently de-problemlisted
TestTitledBorderLeak test is unstable
- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md
with information on 4th party dependencies
- JDK-8288589: Files.readString ignores encoding errors for
UTF-16
- JDK-8289509: Improve test coverage for XPath Axes:
descendant, descendant-or-self, following, following-sibling
- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
- JDK-8289949: Improve test coverage for XPath: operators
- JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is
subject to undefined behavior
- JDK-8291226: Create Test Cases to cover scenarios for
JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not
followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection
immediately
- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()
is lower than expected
- JDK-8292301: [REDO v2] C2 crash when allocating array of size
too large
- JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests
resilience under spurious failures
- JDK-8292713: Unsafe.allocateInstance should be intrinsified
without UseUnalignedAccesses
- JDK-8292755: Non-default method in interface leads to a stack
overflow in JShell
- JDK-8292990: Improve test coverage for XPath Axes: parent
- JDK-8293295: Add type check asserts to
java_lang_ref_Reference accessors
- JDK-8293492: ShenandoahControlThread missing from hs-err log
and thread dump
- JDK-8293858: Change PKCS7 code to use default SecureRandom
impl instead of SHA1PRNG
- JDK-8293887: AArch64 build failure with GCC 12 due to
maybe-uninitialized warning in libfdlibm k_rem_pio2.c
- JDK-8294183: AArch64: Wrong macro check in
SharedRuntime::generate_deopt_blob
- JDK-8294281: Allow warnings to be disabled on a per-file basis
- JDK-8294673: JFR: Add SecurityProviderService#threshold to
TestActiveSettingEvent.java
- JDK-8294717: (bf) DirectByteBuffer constructor will leak if
allocating Deallocator or Cleaner fails with OOME
- JDK-8294906: Memory leak in PKCS11 NSS TLS server
- JDK-8295564: Norwegian Nynorsk Locale is missing formatting
- JDK-8295974: jni_FatalError and Xcheck:jni warnings should
print the native stack when there are no Java frames
- JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java
fails intermittently on a VM
- JDK-8296318: use-def assert: special case undetected loops
nested in infinite loops
- JDK-8296343: CPVE thrown on missing content-length in OCSP
response
- JDK-8296412: Special case infinite loops with unmerged
backedges in IdealLoopTree::check_safepts
- JDK-8296545: C2 Blackholes should allow load optimizations
- JDK-8296934: Write a test to verify whether Undecorated Frame
can be iconified or not
- JDK-8297000: [jib] Add more friendly warning for proxy issues
- JDK-8297154: Improve safepoint cleanup logging
- JDK-8297450: ScaledTextFieldBorderTest.java fails when run
with -show parameter
- JDK-8297587: Upgrade JLine to 3.22.0
- JDK-8297730: C2: Arraycopy intrinsic throws incorrect
exception
- JDK-8297955: LDAP CertStore should use LdapName and not
String for DNs
- JDK-8298488: [macos13] tools/jpackage tests failing with
'Exit code: 137' on macOS
- JDK-8298887: On the latest macOS+XCode the Robot API may
report wrong colors
- JDK-8299179: ArrayFill with store on backedge needs to reduce
length by 1
- JDK-8299259: C2: Div/Mod nodes without zero check could be
split through iv phi of loop resulting in SIGFPE
- JDK-8299544: Improve performance of CRC32C intrinsics
(non-AVX-512) for small inputs
- JDK-8299570: [JVMCI] Insufficient error handling when
CodeBuffer is exhausted
- JDK-8299959: C2: CmpU::Value must filter overflow computation
against local sub computation
- JDK-8300042: Improve CPU related JFR events descriptions
- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy
due to constant NULL src argument
- JDK-8300823: UB: Compile::_phase_optimize_finished is
initialized too late
- JDK-8300939: sun/security/provider/certpath/OCSP/
/OCSPNoContentLength.java fails due to network errors
- JDK-8301050: Detect Xen Virtualization on Linux aarch64
- JDK-8301119: Support for GB18030-2022
- JDK-8301123: Enable Symbol refcounting underflow checks in
PRODUCT
- JDK-8301190: [vectorapi] The typeChar of LaneType is
incorrect when default locale is tr
- JDK-8301216: ForkJoinPool invokeAll() ignores timeout
- JDK-8301338: Identical branch conditions in
CompileBroker::print_heapinfo
- JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic
called with negative character argument
- JDK-8301637: ThreadLocalRandom.current().doubles().parallel()
contention
- JDK-8301661: Enhance os::pd_print_cpu_info on macOS and
Windows
- JDK-8302151: BMPImageReader throws an exception reading BMP
images
- JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined
must respect ForceInline
- JDK-8302320: AsyncGetCallTrace obtains too few frames in
sanity test
- JDK-8302491: NoClassDefFoundError omits the original cause of
an error
- JDK-8302508: Add timestamp to the output TraceCompilerThreads
- JDK-8302594: use-after-free in Node::destruct
- JDK-8302595: use-after-free related to GraphKit::clone_map
- JDK-8302791: Add specific ClassLoader object to Proxy
IllegalArgumentException message
- JDK-8302849: SurfaceManager might expose partially
constructed object
- JDK-8303069: Memory leak in CompilerOracle::parse_from_line
- JDK-8303102: jcmd: ManagementAgent.status truncates the text
longer than O_BUFLEN
- JDK-8303130: Document required Accessibility permissions on
macOS
- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m
needs CFRelease call in early potential CHECK_NULL return
- JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8
- JDK-8303440: The 'ZonedDateTime.parse' may not accept the
'UTC+XX' zone id
- JDK-8303465: KeyStore of type KeychainStore, provider Apple
does not show all trusted certificates
- JDK-8303476: Add the runtime version in the release file of a
JDK image
- JDK-8303482: Update LCMS to 2.15
- JDK-8303508: Vector.lane() gets wrong value on x86
- JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during
unrolling
- JDK-8303564: C2: 'Bad graph detected in build_loop_late'
after a CMove is wrongly split thru phi
- JDK-8303575: adjust Xen handling on Linux aarch64
- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs
CFRelease call in early potential CHECK_NULL return
- JDK-8303588: [JVMCI] make JVMCI source directories conform
with standard layout
- JDK-8303809: Dispose context in SPNEGO NegotiatorImpl
- JDK-8303822: gtestMain should give more helpful output
- JDK-8303861: Error handling step timeouts should never be
blocked by OnError and others
- JDK-8303937: Corrupted heap dumps due to missing retries for
os::write()
- JDK-8303949: gcc10 warning Linux ppc64le - note: the layout
of aggregates containing vectors with 8-byte alignment has
changed in GCC 5
- JDK-8304054: Linux: NullPointerException from
FontConfiguration.getVersion in case no fonts are installed
- JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java
fails when checking LD_LIBRARY_PATH
- JDK-8304134: jib bootstrapper fails to quote filename when
checking download filetype
- JDK-8304291: [AIX] Broken build after JDK-8301998
- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
- JDK-8304350: Font.getStringBounds calculates wrong width for
TextAttribute.TRACKING other than 0.0
- JDK-8304671: javac regression: Compilation with --release 8
fails on underscore in enum identifiers
- JDK-8304683: Memory leak in WB_IsMethodCompatible
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8304867: Explicitly disable dtrace for ppc builds
- JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with
ZGC
- JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic
- JDK-8305113: (tz) Update Timezone Data to 2023c
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305403: Shenandoah evacuation workers may deadlock
- JDK-8305481: gtest is_first_C_frame failing on ARM
- JDK-8305690: [X86] Do not emit two REX prefixes in
Assembler::prefix
- JDK-8305711: Arm: C2 always enters slowpath for monitorexit
- JDK-8305721: add `make compile-commands` artifacts to
.gitignore
- JDK-8305975: Add TWCA Global Root CA
- JDK-8305993: Add handleSocketErrorWithMessage to extend nio
Net.c exception message
- JDK-8305994: Guarantee eventual async monitor deflation
- JDK-8306072: Open source several AWT MouseInfo related tests
- JDK-8306133: Open source few AWT Drag & Drop related tests
- JDK-8306409: Open source AWT KeyBoardFocusManger,
LightWeightComponent related tests
- JDK-8306432: Open source several AWT Text Component related
tests
- JDK-8306466: Open source more AWT Drag & Drop related tests
- JDK-8306489: Open source AWT List related tests
- JDK-8306543: GHA: MSVC installation is failing
- JDK-8306640: Open source several AWT TextArea related tests
- JDK-8306652: Open source AWT MenuItem related tests
- JDK-8306658: GHA: MSVC installation could be optional since
it might already be pre-installed
- JDK-8306664: GHA: Update MSVC version to latest stepping
- JDK-8306681: Open source more AWT DnD related tests
- JDK-8306683: Open source several clipboard and color AWT tests
- JDK-8306752: Open source several container and component AWT
tests
- JDK-8306753: Open source several container AWT tests
- JDK-8306755: Open source few Swing JComponent and
AbstractButton tests
- JDK-8306768: CodeCache Analytics reports wrong threshold
- JDK-8306774: Make runtime/Monitor/
/GuaranteedAsyncDeflationIntervalTest.java more reliable
- JDK-8306825: Monitor deflation might be accidentally disabled
by zero intervals
- JDK-8306850: Open source AWT Modal related tests
- JDK-8306871: Open source more AWT Drag & Drop tests
- JDK-8306883: Thread stacksize is reported with wrong units in
os::create_thread logging
- JDK-8306941: Open source several datatransfer and dnd AWT
tests
- JDK-8306943: Open source several dnd AWT tests
- JDK-8306954: Open source five Focus related tests
- JDK-8306955: Open source several JComboBox jtreg tests
- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
- JDK-8306996: Open source Swing MenuItem related tests
- JDK-8307080: Open source some more JComboBox jtreg tests
- JDK-8307128: Open source some drag and drop tests 4
- JDK-8307130: Open source few Swing JMenu tests
- JDK-8307133: Open source some JTable jtreg tests
- JDK-8307134: Add GTS root CAs
- JDK-8307135: java/awt/dnd/NotReallySerializableTest/
/NotReallySerializableTest.java failed
- JDK-8307331: Correctly update line maps when class redefine
rewrites bytecodes
- JDK-8307346: Add missing gc+phases logging for
ObjectCount(AfterGC) JFR event collection code
- JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could
leave files owned by root on macOS
- JDK-8307378: Allow collectors to provide specific values for
GC notifications' actions
- JDK-8307381: Open Source JFrame, JIF related Swing Tests
- JDK-8307425: Socket input stream read burns CPU cycles with
back-to-back poll(0) calls
- JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has
invalid jtreg `@requires` clause
- JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not
removed from ExternalEditorTest
- JDK-8308880: [17u] micro bench ZoneStrings missed in backport
of 8278434
- JDK-8308884: [17u/11u] Backout JDK-8297951
- JDK-8311467: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3649-1
Released: Mon Sep 18 15:45:04 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: important
References:
This update for java-17-openjdk fixes the following issues:
- Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4289-1
Released: Tue Oct 31 09:15:08 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081
This update for java-17-openjdk fixes the following issues:
- Updated to JDK 17.0.9+9 (October 2023 CPU):
- CVE-2023-22081: Fixed a partial denial of service issue that could
be triggered via HTTPS (bsc#1216374).
- CVE-2023-22025: Fixed a memory corruption issue in applications
using AVX-512 (bsc#1216339).
Please visit the Oracle Release Notes page for the full changelog:
https://www.oracle.com/java/technologies/javase/17all-relnotes.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:325-1
Released: Mon Feb 5 11:39:10 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1218903,1218905,1218907,1218908,1218909,1218911,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20932,CVE-2024-20945,CVE-2024-20952
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.10 (January 2024 CPU):
- CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
due to a missing bounds check (bsc#1218907).
- CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
file verifier (bsc#1218903).
- CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
that could lead to corruption of JVM memory (bsc#1218905).
- CVE-2024-20932: Fixed an incorrect handling of ZIP files with
duplicate entries (bsc#1218908).
- CVE-2024-20945: Fixed a potential private key leak through debug
logs (bsc#1218909).
- CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
attack against TLS (bsc#1218911).
Find the full release notes at:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:948-1
Released: Wed Mar 20 15:36:58 2024
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1219662
This update for java-17-openjdk fixes the following issues:
- Recommend mozilla-nss-sysinit in order to have available the /etc/pki/nssdb directory and its content, required in
fips mode (bsc#1219662).
- Do not install our crafted nss.fips.cfg file, but use the one that the build produces with our fips.patch applied.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1499-1
Released: Mon May 6 09:44:56 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: low
References: 1213470,1222979,1222983,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21094
This update for java-17-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Other changes
+ JDK-6928542: Chinese characters in RTF are not decoded
+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/
/bug4517214.java fails on MacOS
+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the
combobox popup does not appear.
+ JDK-7167356: (javac) investigate failing tests in
JavacParserTest
+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking
+ JDK-8054572: [macosx] JComboBox paints the border incorrectly
+ JDK-8169475: WheelModifier.java fails by timeout
+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost`
accesses `int InetAddress.preferIPv6Address` as a boolean
+ JDK-8209595: MonitorVmStartTerminate.java timed out
+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to
plain java tests
+ JDK-8261404: Class.getReflectionFactory() is not thread-safe
+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from
+ JDK-8263256: Test java/net/Inet6Address/serialize/
/Inet6AddressSerializationTest.java fails due to dynamic
reconfigurations of network interface during test
+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java
failed with connection timeout
+ JDK-8271118: C2: StressGCM should have higher priority than
frequency-based policy
+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse
contains info on final result
+ JDK-8272811: Document the effects of building with
_GNU_SOURCE in os_posix.hpp
+ JDK-8272853: improve `JavadocTester.runTests`
+ JDK-8273454: C2: Transform (-a)*(-b) into a*b
+ JDK-8274060: C2: Incorrect computation after JDK-8273454
+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
fails in Windows 11
+ JDK-8274621: NullPointerException because listenAddress[0] is
null
+ JDK-8274632: Possible pointer overflow in PretouchTask chunk
claiming
+ JDK-8274634: Use String.equals instead of String.compareTo in
java.desktop
+ JDK-8276125: RunThese24H.java SIGSEGV in
JfrThreadGroup::thread_group_id
+ JDK-8278028: [test-library] Warnings cleanup of the test
library
+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for
localhost IP addresses
+ JDK-8278363: Create extented container test groups
+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in
IPv6 only Windows env
+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from
problemlist.
+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp
+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc
+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect
JRadioButton value change
+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4
+ JDK-8283994: Make Xerces DatatypeException stackless
+ JDK-8286312: Stop mixing signed and unsigned types in bit
operations
+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64
+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java
failed with 'Expected two batches of Active Setting events'
+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only
a partially disabled state
+ JDK-8288846: misc tests fail 'assert(ms < 1000) failed:
Un-interruptable sleep, short time use only'
+ JDK-8289764: gc/lock tests failed with 'OutOfMemoryError:
Java heap space: failed reallocation of scalar replaced
objects'
+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent
+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/
/capability/CM03/cm03t001/TestDescription.java on linux-all
+ JDK-8290399: [macos] Aqua LAF does not fire an action event
if combo box menu is displayed
+ JDK-8292458: Atomic operations on scoped enums don't build
with clang
+ JDK-8292946: GC lock/jni/jnilock001 test failed
'assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row'
+ JDK-8293117: Add atomic bitset functions
+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64
atomics
+ JDK-8294158: HTML formatting for PassFailJFrame instructions
+ JDK-8294254: [macOS] javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java failure
+ JDK-8294535: Add screen capture functionality to
PassFailJFrame
+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests
+ JDK-8295124: Atomic::add to pointer type may return wrong
value
+ JDK-8295274: HelidonAppTest.java fails
'assert(event->should_commit()) failed: invariant' from
compiled frame'
+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+ JDK-8297968: Crash in PrintOptoAssembly
+ JDK-8298087: XML Schema Validation reports an required
attribute twice via ErrorHandler
+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java
failed: ExceptionInInitializerError: target class not found
+ JDK-8300269: The selected item in an editable JComboBox with
titled border is not visible in Aqua LAF
+ JDK-8301306: java/net/httpclient/* fail with -Xcomp
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing
after JDK-8301306
+ JDK-8301846: Invalid TargetDataLine after screen lock when
using JFileChooser or COM library
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/
/TestAMEnotNPE.java
+ JDK-8303605: Memory leaks in Metaspace gtests
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8304696: Duplicate class names in dynamicArchive tests
can lead to test failure
+ JDK-8305356: Fix ignored bad CompileCommands in tests
+ JDK-8305900: Use loopback IP addresses in security policy
files of httpclient tests
+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address
+ JDK-8305962: update jcstress to 0.16
+ JDK-8305972: Update XML Security for Java to 3.0.2
+ JDK-8306014: Update javax.net.ssl TLS tests to use
SSLContextTemplate or SSLEngineTemplate
+ JDK-8306408: Fix the format of several tables in building.md
+ JDK-8307185: pkcs11 native libraries make JNI calls into java
code while holding GC lock
+ JDK-8307926: Support byte-sized atomic bitset operations
+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of
PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs'
+ JDK-8307990: jspawnhelper must close its writing side of a
pipe before reading from it
+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC
while allocating
+ JDK-8308245: Add -proc:full to describe current default
annotation processing policy
+ JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use
+ JDK-8309302: java/net/Socket/Timeouts.java fails with
AssertionError on test temporal post condition
+ JDK-8309305: sun/security/ssl/SSLSocketImpl/
/BlockedAsyncClose.java fails with jtreg test timeout
+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while
loop
+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect
announcements of JRadioButton
+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing
+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers
+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails
+ JDK-8310380: Handle problems in core-related tests on macOS
when codesign tool does not work
+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is
spuriously passing
+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8310838: Correct range notations in MethodTypeDesc
specification
+ JDK-8310844: [AArch64] C1 compilation fails because monitor
offset in OSR buffer is too large for immediate
+ JDK-8310923: Refactor Currency tests to use JUnit
+ JDK-8311081: KeytoolReaderP12Test.java fail on localized
Windows platform
+ JDK-8311160: [macOS, Accessibility] VoiceOver: No
announcements on JRadioButtonMenuItem and JCheckBoxMenuItem
+ JDK-8311581: Remove obsolete code and comments in TestLVT.java
+ JDK-8311645: Memory leak in jspawnhelper spawnChild after
JDK-8307990
+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for
ShenandoahGC
+ JDK-8312428: PKCS11 tests fail with NSS 3.91
+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with
'can't seal package nu.xom'
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in
makefiles
+ JDK-8313206: PKCS11 tests silently skip execution
+ JDK-8313575: Refactor PKCS11Test tests
+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/
/TestFloatingDecimal should use RandomFactory
+ JDK-8313643: Update HarfBuzz to 8.2.2
+ JDK-8313816: Accessing jmethodID might lead to spurious
crashes
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314220: Configurable InlineCacheBuffer size
+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM
flags
+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315594: Open source few headless Swing misc tests
+ JDK-8315600: Open source few more headless Swing misc tests
+ JDK-8315602: Open source swing security manager test
+ JDK-8315611: Open source swing text/html and tree test
+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
run with -Xbatch
+ JDK-8315731: Open source several Swing Text related tests
+ JDK-8315761: Open source few swing JList and JMenuBar tests
+ JDK-8315920: C2: 'control input must dominate current
control' assert failure
+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
/bug4654927.java: component must be showing on the screen to
determine its location
+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
createTestJvm
+ JDK-8316028: Update FreeType to 2.13.2
+ JDK-8316030: Update Libpng to 1.6.40
+ JDK-8316106: Open source few swing JInternalFrame and
JMenuBar tests
+ JDK-8316304: (fs) Add support for BasicFileAttributes
.creationTime() for Linux
+ JDK-8316392: compiler/interpreter/
/TestVerifyStackAfterDeopt.java failed with SIGBUS in
PcDescContainer::find_pc_desc_internal
+ JDK-8316414: C2: large byte array clone triggers 'failed:
malformed control flow' assertion failure on linux-x86
+ JDK-8316415: Parallelize
sun/security/rsa/SignedObjectChain.java subtests
+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java
get OOM killed with Parallel GC
+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/
/CheckOrigin.java as vm.flagless
+ JDK-8316679: C2 SuperWord: wrong result, load should not be
moved before store if not comparable
+ JDK-8316693: Simplify at-requires checkDockerSupport()
+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full
GC need to cleanup old OopMapCache entries
+ JDK-8316947: Write a test to check textArea triggers
MouseEntered/MouseExited events properly
+ JDK-8317039: Enable specifying the JDK used to run jtreg
+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/
/ClientJSSEServerJSSE.java on Linux ppc64le
+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException:
Connection timed out: no further information
+ JDK-8317603: Improve exception messages thrown by
sun.nio.ch.Net native methods (win)
+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard
freezes the application in macOS 14 Sonoma
+ JDK-8317807: JAVA_FLAGS removed from jtreg running in
JDK-8317039
+ JDK-8317960: [17u] Excessive CPU usage on
AbstractQueuedSynchronized.isEnqueued
+ JDK-8318154: Improve stability of WheelModifier.java test
+ JDK-8318183: C2: VM may crash after hitting node limit
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+ JDK-8318490: Increase timeout for JDK tests that are close to
the limit when run with libgraal
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
tests
+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests
+ JDK-8318689: jtreg is confused when folder name is the same
as the test name
+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with
'transport error 202: bind failed: Address already in use'
+ JDK-8318951: Additional negative value check in JPEG decoding
+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to
early return
+ JDK-8318957: Enhance agentlib:jdwp help output by info about
allow option
+ JDK-8318961: increase javacserver connection timeout values
and max retry attempts
+ JDK-8318971: Better Error Handling for Jar Tool When
Processing Non-existent Files
+ JDK-8318983: Fix comment typo in PKCS12Passwd.java
+ JDK-8319124: Update XML Security for Java to 3.0.3
+ JDK-8319213: Compatibility.java reads both stdout and stderr
of JdkUtils
+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is
null and interface not visible from class loader
+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
Initiated GC' not in the valid causes
+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21
+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks
+ JDK-8320001: javac crashes while adding type annotations to
the return type of a constructor
+ JDK-8320168: handle setsocktopt return values
+ JDK-8320208: Update Public Suffix List to b5bf572
+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases
+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks
wrong, missed optimization opportunity
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8320798: Console read line with zero out should zero out
underlying buffer
+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11
+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs
+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321215: Incorrect x86 instruction encoding for VSIB
addressing mode
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8321599: Data loss in AVX3 Base64 decoding
+ JDK-8321815: Shenandoah: gc state should be synchronized to
java threads only once per safepoint
+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java
timeout on linux-riscv64 platform
+ JDK-8322098: os::Linux::print_system_memory_info enhance the
THP output with
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322583: RISC-V: Enable fast class initialization checks
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output
+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests
+ JDK-8323008: filter out harmful -std* flags added by autoconf
from CXX
+ JDK-8323021: Shenandoah: Encountered reference count always
attributed to first worker thread
+ JDK-8323086: Shenandoah: Heap could be corrupted by oom
during evacuation
+ JDK-8323243: JNI invocation of an abstract instance method
corrupts the stack
+ JDK-8323331: fix typo hpage_pdm_size
+ JDK-8323428: Shenandoah: Unused memory in regions compacted
during a full GC should be mangled
+ JDK-8323515: Create test alias 'all' for all test roots
+ JDK-8323637: Capture hotspot replay files in GHA
+ JDK-8323640: [TESTBUG]testMemoryFailCount in
jdk/internal/platform/docker/TestDockerMemoryMetrics.java
always fail because OOM killed
+ JDK-8323806: [17u] VS2017 build fails with warning after
8293117.
+ JDK-8324184: Windows VS2010 build failed with 'error C2275:
'int64_t''
+ JDK-8324280: RISC-V: Incorrect implementation in
VM_Version::parse_satp_mode
+ JDK-8324347: Enable 'maybe-uninitialized' warning for
FreeType 2.13.1
+ JDK-8324514: ClassLoaderData::print_on should print address
of class loader
+ JDK-8324647: Invalid test group of lib-test after JDK-8323515
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8324937: GHA: Avoid multiple test suites per job
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8325585: Remove no longer necessary calls to
set/unset-in-asgct flag in JDK 17
+ JDK-8326000: Remove obsolete comments for class
sun.security.ssl.SunJSSE
+ JDK-8327036: [macosx-aarch64] SIGBUS in
MarkActivationClosure::do_code_blob reached from
Unsafe_CopySwapMemory0
+ JDK-8327391: Add SipHash attribution file
+ JDK-8329836: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11
- Removed the possibility to use the system timezone-java (bsc#1213470).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2628-1
Released: Tue Jul 30 09:09:07 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.12+7 (July 2024 CPU):
- CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
- CVE-2024-21138: Fixed an infinite loop due to excessive symbol
length (bsc#1228047).
- CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check
Elimination (bsc#1228048).
- CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
(bsc#1228052).
- CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
(bsc#1228051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3963-1
Released: Sat Nov 9 17:39:08 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235
This update for java-17-openjdk fixes the following issues:
- Update to upstream tag jdk-17.0.13+11 (October 2024 CPU)
* Security fixes
+ JDK-8307383: Enhance DTLS connections
+ JDK-8290367, JDK-8332643: Update default value and extend the
scope of com.sun.jndi.ldap.object.trustSerialData system property
+ JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
+ JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support
+ JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations
+ JDK-8335713: Enhance vectorization analysis
* Other changes
+ JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/
/ReadLongZipFileName.java leaks files if it fails
+ JDK-7026262: HttpServer: improve handling of finished HTTP exchanges
+ JDK-7124313: [macosx] Swing Popups should overlap taskbar
+ JDK-8005885: enhance PrintCodeCache to print more data
+ JDK-8051959: Add thread and timestamp options to
java.security.debug system property
+ JDK-8170817: G1: Returning MinTLABSize from
unsafe_max_tlab_alloc causes TLAB flapping
+ JDK-8183227: read/write APIs in class os shall return ssize_t
+ JDK-8193547: Regression automated test '/open/test/jdk/java/
/awt/Toolkit/DesktopProperties/rfe4758438.java' fails
+ JDK-8222884: ConcurrentClassDescLookup.java times out intermittently
+ JDK-8233725: ProcessTools.startProcess() has output issues
when using an OutputAnalyzer at the same time
+ JDK-8238169: BasicDirectoryModel getDirectories and
DoChangeContents.run can deadlock
+ JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due
to 'BindException: Address already in use'
+ JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
/FilenameFilterTest.java fails on Mac OS
+ JDK-8256291: RunThese30M fails 'assert(_class_unload ? true :
((((JfrTraceIdBits::load(class_loader_klass)) &
((1 << 4) << 8)) != 0))) failed: invariant'
+ JDK-8257540: javax/swing/JFileChooser/8041694/bug8041694.java
failed with 'RuntimeException: The selected directory name is
not the expected 'd ' but 'D '.'
+ JDK-8259866: two java.util tests failed with 'IOException:
There is not enough space on the disk'
+ JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
/MouseEventAfterStartDragTest.html test failed
+ JDK-8261433: Better pkcs11 performance for
libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
+ JDK-8263031: HttpClient throws Exception if it receives a
Push Promise that is too large
+ JDK-8265919: RunThese30M fails
'assert((!(((((JfrTraceIdBits::load(value)) & ((1 << 4) << 8))
!= 0))))) failed: invariant'
+ JDK-8269428: java/util/concurrent/ConcurrentHashMap/
/ToArray.java timed out
+ JDK-8269657: Test java/nio/channels/DatagramChannel/
/Loopback.java failed: Unexpected message
+ JDK-8272232: javax/swing/JTable/4275046/bug4275046.java
failed with 'Expected value in the cell: 'rededited' but found
'redEDITED'.'
+ JDK-8272558: IR Test Framework README misses some flags
+ JDK-8272777: Clean up remaining AccessController warnings in test library
+ JDK-8273216: JCMD does not work across container boundaries with Podman
+ JDK-8273430: Suspicious duplicate condition in
java.util.regex.Grapheme#isExcludedSpacingMark
+ JDK-8273541: Cleaner Thread creates with normal priority
instead of MAX_PRIORITY - 2
+ JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
/JComponent/6683775/bug6683775.java
+ JDK-8276660: Scalability bottleneck in
java.security.Provider.getService()
+ JDK-8277042: add test for 8276036 to compiler/codecache
+ JDK-8279068: IGV: Update to work with JDK 16 and 17
+ JDK-8279164: Disable TLS_ECDH_* cipher suites
+ JDK-8279222: Incorrect legacyMap.get in
java.security.Provider after JDK-8276660
+ JDK-8279337: The MToolkit is still referenced in a few places
+ JDK-8279641: Create manual JTReg tests for Swing accessibility
+ JDK-8279878: java/awt/font/JNICheck/JNICheck.sh test fails on Ubuntu 21.10
+ JDK-8280034: ProblemList jdk/jfr/api/consumer/recordingstream/
/TestOnEvent.java on linux-x64
+ JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
/NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.'
+ JDK-8280970: Cleanup dead code in java.security.Provider
+ JDK-8280982: [Wayland] [XWayland] java.awt.Robot taking screenshots
+ JDK-8280988: [XWayland] Click on title to request focus test failures
+ JDK-8280990: [XWayland] XTest emulated mouse click does not
bring window to front
+ JDK-8280993: [XWayland] Popup is not closed on click outside
of area controlled by XWayland
+ JDK-8280994: [XWayland] Drag and Drop does not work in java
-> wayland app direction
+ JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS
+ JDK-8282354: Remove dependancy of TestHttpServer,
HttpTransaction, HttpCallback from open/test/jdk/ tests
+ JDK-8282526: Default icon is not painted properly
+ JDK-8283728: jdk.hotspot.agent: Wrong location for
RISCV64ThreadContext.java
+ JDK-8284316: Support accessibility ManualTestFrame.java for
non SwingSet tests
+ JDK-8284585: PushPromiseContinuation test fails
intermittently in timeout
+ JDK-8285497: Add system property for Java SE specification
maintenance version
+ JDK-8288568: Reduce runtime of java.security microbenchmarks
+ JDK-8289182: NMT: MemTracker::baseline should return void
+ JDK-8290966: G1: Record number of PLAB filled and number of
direct allocations
+ JDK-8291760: PipelineLeaksFD.java still fails: More or fewer
pipes than expected
+ JDK-8292044: HttpClient doesn't handle 102 or 103 properly
+ JDK-8292739: Invalid legacy entries may be returned by
Provider.getServices() call
+ JDK-8292948: JEditorPane ignores font-size styles in external
linked css-file
+ JDK-8293862: javax/swing/JFileChooser/8046391/bug8046391.java
failed with 'Cannot invoke
'java.awt.Image.getWidth(java.awt.image.ImageObserver)'
because 'retVal' is null'
+ JDK-8293872: Make runtime/Thread/ThreadCountLimit.java more robust
+ JDK-8294148: Support JSplitPane for instructions and test UI
+ JDK-8294691: dynamicArchive/RelativePath.java is running
other test case
+ JDK-8294994: Update Jarsigner and Keytool i18n tests to
validate i18n compliance
+ JDK-8295111: dpkg appears to have problems resolving
symbolically linked native libraries
+ JDK-8296410: HttpClient throws java.io.IOException: no
statuscode in response for HTTP2
+ JDK-8296812: sprintf is deprecated in Xcode 14
+ JDK-8297878: KEM: Implementation
+ JDK-8298381: Improve handling of session tickets for multiple SSLContexts
+ JDK-8298596: vmTestbase/nsk/sysdict/vm/stress/chain/chain008/
/chain008.java fails with 'NoClassDefFoundError: Could not
initialize class java.util.concurrent.ThreadLocalRandom'
+ JDK-8298809: Clean up vm/compiler/InterfaceCalls JMH
+ JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
when connection is idle
+ JDK-8299254: Support dealing with standard assert macro
+ JDK-8299378: sprintf is deprecated in Xcode 14
+ JDK-8299395: Remove metaprogramming/removeCV.hpp
+ JDK-8299396: Remove metaprogramming/removeExtent.hpp
+ JDK-8299397: Remove metaprogramming/isFloatingPoint.hpp
+ JDK-8299398: Remove metaprogramming/isConst.hpp
+ JDK-8299399: Remove metaprogramming/isArray.hpp
+ JDK-8299402: Remove metaprogramming/isVolatile.hpp
+ JDK-8299479: Remove metaprogramming/decay.hpp
+ JDK-8299481: Remove metaprogramming/removePointer.hpp
+ JDK-8299482: Remove metaprogramming/isIntegral.hpp
+ JDK-8299487: Test java/net/httpclient/whitebox/
/SSLTubeTestDriver.java timed out
+ JDK-8299635: Hotspot update for deprecated sprintf in Xcode 14
+ JDK-8299779: Test tools/jpackage/share/jdk/jpackage/tests/
/MainClassTest.java timed out
+ JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java
fails with jtreg test timeout due to lost datagram
+ JDK-8299971: Remove metaprogramming/conditional.hpp
+ JDK-8299972: Remove metaprogramming/removeReference.hpp
+ JDK-8300169: Build failure with clang-15
+ JDK-8300260: Remove metaprogramming/isSame.hpp
+ JDK-8300264: Remove metaprogramming/isPointer.hpp
+ JDK-8300265: Remove metaprogramming/isSigned.hpp
+ JDK-8300806: Update googletest to v1.13.0
+ JDK-8300910: Remove metaprogramming/integralConstant.hpp
+ JDK-8301132: Test update for deprecated sprintf in Xcode 14
+ JDK-8301200: Don't scale timeout stress with timeout factor
+ JDK-8301274: update for deprecated sprintf for security components
+ JDK-8301279: update for deprecated sprintf for management components
+ JDK-8301686: TLS 1.3 handshake fails if server_name doesn't
match resuming session
+ JDK-8301704: Shorten the number of GCs in UnloadingTest.java
to verify a class loader not being unloaded
+ JDK-8302495: update for deprecated sprintf for java.desktop
+ JDK-8302800: Augment NaN handling tests of FDLIBM methods
+ JDK-8303216: Prefer ArrayList to LinkedList in
sun.net.httpserver.ServerImpl
+ JDK-8303466: C2: failed: malformed control flow. Limit type
made precise with MaxL/MinL
+ JDK-8303527: update for deprecated sprintf for
jdk.hotspot.agent
+ JDK-8303617: update for deprecated sprintf for jdk.jdwp.agent
+ JDK-8303830: update for deprecated sprintf for
jdk.accessibility
+ JDK-8303891: Speed up Zip64SizeTest using a small ZIP64 file
+ JDK-8303920: Avoid calling out to python in
DataDescriptorSignatureMissing test
+ JDK-8303942: os::write should write completely
+ JDK-8303965: java.net.http.HttpClient should reset the stream
if response headers contain malformed header fields
+ JDK-8304375: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with 'Expected at least some events to be out of order!
Reuse = false'
+ JDK-8304962: sun/net/www/http/KeepAliveCache/B5045306.java:
java.lang.RuntimeException: Failed: Initial Keep Alive
Connection is not being reused
+ JDK-8304963: HttpServer closes connection after processing
HEAD after JDK-7026262
+ JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
+ JDK-8305079: Remove finalize() from compiler/c2/Test719030
+ JDK-8305081: Remove finalize() from
test/hotspot/jtreg/compiler/runtime/Test8168712
+ JDK-8305825: getBounds API returns wrong value resulting in
multiple Regression Test Failures on Ubuntu 23.04
+ JDK-8305959: x86: Improve itable_stub
+ JDK-8306583: Add JVM crash check in CDSTestUtils.executeAndLog
+ JDK-8306929: Avoid CleanClassLoaderDataMetaspaces safepoints
when previous versions are shared
+ JDK-8306946: jdk/test/lib/process/
/ProcessToolsStartProcessTest.java fails with 'wrong number of
lines in OutputAnalyzer output'
+ JDK-8307091: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8307193: Several Swing jtreg tests use class.forName on
L&F classes
+ JDK-8307352: AARCH64: Improve itable_stub
+ JDK-8307448: Test RedefineSharedClassJFR fail due to wrong assumption
+ JDK-8307779: Relax the java.awt.Robot specification
+ JDK-8307848: update for deprecated sprintf for jdk.attach
+ JDK-8307850: update for deprecated sprintf for jdk.jdi
+ JDK-8308022: update for deprecated sprintf for java.base
+ JDK-8308144: Uncontrolled memory consumption in
SSLFlowDelegate.Reader
+ JDK-8308184: Launching java with large number of jars in
classpath with java.protocol.handler.pkgs system property set
can lead to StackOverflowError
+ JDK-8308801: update for deprecated sprintf for libnet in java.base
+ JDK-8308891: TestCDSVMCrash.java needs @requires vm.cds
+ JDK-8309241: ClassForNameLeak fails intermittently as the
class loader hasn't been unloaded
+ JDK-8309621: [XWayland][Screencast] screen capture failure
with sun.java2d.uiScale other than 1
+ JDK-8309703: AIX build fails after JDK-8280982
+ JDK-8309756: Occasional crashes with pipewire screen capture on Wayland
+ JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg
+ JDK-8310070: Test:
javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out
+ JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when
EnableJVMCI is specified
+ JDK-8310201: Reduce verbose locale output in -XshowSettings
launcher option
+ JDK-8310334: [XWayland][Screencast] screen capture error
message in debug
+ JDK-8310628: GcInfoBuilder.c missing JNI Exception checks
+ JDK-8310683: Refactor StandardCharset/standard.java to use JUnit
+ JDK-8311208: Improve CDS Support
+ JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved
+ JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
+ JDK-8312229: Crash involving yield, switch and anonymous classes
+ JDK-8313256: Exclude failing multicast tests on AIX
+ JDK-8313394: Array Elements in OldObjectSample event has the
incorrect description
+ JDK-8313674: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java should test for more block devices
+ JDK-8313697: [XWayland][Screencast] consequent getPixelColor
calls are slow
+ JDK-8313873: java/nio/channels/DatagramChannel/
/SendReceiveMaxSize.java fails on AIX due to small default
RCVBUF size and different IPv6 Header interpretation
+ JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/
/CodeCacheFullCountTest.java fails with
java.lang.VirtualMachineError
+ JDK-8314476: TestJstatdPortAndServer.java failed with
'java.rmi.NoSuchObjectException: no such object in table'
+ JDK-8314614: jdk/jshell/ImportTest.java failed with
'InternalError: Failed remote listen'
+ JDK-8314837: 5 compiled/codecache tests ignore VM flags
+ JDK-8315024: Vector API FP reduction tests should not test
for exact equality
+ JDK-8315362: NMT: summary diff reports threads count incorrectly
+ JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl
+ JDK-8315437: Enable parallelism in
vmTestbase/nsk/monitoring/stress/classload tests
+ JDK-8315442: Enable parallelism in
vmTestbase/nsk/monitoring/stress/thread tests
+ JDK-8315559: Delay TempSymbol cleanup to avoid symbol table churn
+ JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java
fails after JDK-8314837
+ JDK-8315651: Stop hiding AIX specific multicast socket errors
via NetworkConfiguration (aix)
+ JDK-8315684: Parallelize
sun/security/util/math/TestIntegerModuloP.java
+ JDK-8315774: Enable parallelism in vmTestbase/gc/g1/unloading tests
+ JDK-8315804: Open source several Swing JTabbedPane JTextArea
JTextField tests
+ JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
+ JDK-8315965: Open source various AWT applet tests
+ JDK-8316104: Open source several Swing SplitPane and
RadioButton related tests
+ JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
java.lang.Exception: Could not find leak
+ JDK-8316211: Open source several manual applet tests
+ JDK-8316240: Open source several add/remove MenuBar manual tests
+ JDK-8316285: Opensource JButton manual tests
+ JDK-8316306: Open source and convert manual Swing test
+ JDK-8316328: Test jdk/jfr/event/oldobject/
/TestSanityDefault.java times out for some heap sizes
+ JDK-8316387: Exclude more failing multicast tests on AIX
after JDK-8315651
+ JDK-8316389: Open source few AWT applet tests
+ JDK-8316468: os::write incorrectly handles partial write
+ JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+ JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java
+ JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+ JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
Press on the outside area didn't cause ungrab
+ JDK-8317316: G1: Make TestG1PercentageOptions use
createTestJvm
+ JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+ JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+ JDK-8317360: Missing null checks in JfrCheckpointManager and
JfrStringPool initialization routines
+ JDK-8317372: Refactor some NumberFormat tests to use JUnit
+ JDK-8317635: Improve GetClassFields test to verify
correctness of field order
+ JDK-8317831: compiler/codecache/CheckLargePages.java fails on
OL 8.8 with unexpected memory string
+ JDK-8318039: GHA: Bump macOS and Xcode versions
+ JDK-8318089: Class space not marked as such with NMT when CDS is off
+ JDK-8318474: Fix memory reporter for thread_count
+ JDK-8318479: [jmh] the test security.CacheBench failed for
multiple threads run
+ JDK-8318605: Enable parallelism in
vmTestbase/nsk/stress/stack tests
+ JDK-8318696: Do not use LFS64 symbols on Linux
+ JDK-8318986: Improve GenericWaitBarrier performance
+ JDK-8319103: Popups that request focus are not shown on Linux with Wayland
+ JDK-8319197: Exclude hb-subset and hb-style from compilation
+ JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates
+ JDK-8319713: Parallel: Remove
PSAdaptiveSizePolicy::should_full_GC
+ JDK-8320079: The ArabicBox.java test has no control buttons
+ JDK-8320379: C2: Sort spilling/unspilling sequence for better
ld/st merging into ldp/stp on AArch64
+ JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
+ JDK-8320608: Many jtreg printing tests are missing the
@printer keyword
+ JDK-8320655: awt screencast robot spin and sync issues with
native libpipewire api
+ JDK-8320692: Null icon returned for .exe without custom icon
+ JDK-8320945: problemlist tests failing on latest Windows 11 update
+ JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2
+ JDK-8321176: [Screencast] make a second attempt on screencast failure
+ JDK-8321220: JFR: RecordedClass reports incorrect modifiers
+ JDK-8322008: Exclude some CDS tests from running with -Xshare:off
+ JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC
+ JDK-8322726: C2: Unloaded signature class kills argument value
+ JDK-8322971: KEM.getInstance() should check if a 3rd-party
security provider is signed
+ JDK-8323122: AArch64: Increase itable stub size estimate
+ JDK-8323584: AArch64: Unnecessary ResourceMark in
NativeCall::set_destination_mt_safe
+ JDK-8323670: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8323801: <s> tag doesn't strikethrough the text
+ JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max
limit on macOS >= 10.6 for RLIMIT_NOFILE
+ JDK-8324646: Avoid Class.forName in SecureRandom constructor
+ JDK-8324648: Avoid NoSuchMethodError when instantiating NativePRNG
+ JDK-8324668: JDWP process management needs more efficient
file descriptor handling
+ JDK-8324753: [AIX] adjust os_posix after JDK-8318696
+ JDK-8324755: Enable parallelism in
vmTestbase/gc/gctests/LargeObjects tests
+ JDK-8324933: ConcurrentHashTable::statistics_calculate
synchronization is expensive
+ JDK-8325022: Incorrect error message on client authentication
+ JDK-8325179: Race in BasicDirectoryModel.validateFileCache
+ JDK-8325194: GHA: Add macOS M1 testing
+ JDK-8325384: sun/security/ssl/SSLSessionImpl/
/ResumptionUpdateBoundValues.java failing intermittently when
main thread is a virtual thread
+ JDK-8325444: GHA: JDK-8325194 causes a regression
+ JDK-8325567: jspawnhelper without args fails with segfault
+ JDK-8325620: HTMLReader uses ConvertAction instead of
specified CharacterAction for <b>, <i>, <u>
+ JDK-8325621: Improve jspawnhelper version checks
+ JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes
survive minor garbage collections
+ JDK-8326106: Write and clear stack trace table outside of safepoint
+ JDK-8326332: Unclosed inline tags cause misalignment in
summary tables
+ JDK-8326446: The User and System of jdk.CPULoad on Apple M1 are inaccurate
+ JDK-8326734: text-decoration applied to <span> lost when
mixed with <u> or <s>
+ JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
+ JDK-8327137: Add test for ConcurrentModificationException in
BasicDirectoryModel
+ JDK-8327312: [17u] Problem list
ReflectionCallerCacheTest.java due to 8324978
+ JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java
on all platforms with ZGC
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8327787: Convert javax/swing/border/Test4129681.java
applet test to main
+ JDK-8327840: Automate javax/swing/border/Test4129681.java
+ JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
/GetBoundsResizeTest.java applet test to main
+ JDK-8328075: Shenandoah: Avoid forwarding when objects don't
move in full-GC
+ JDK-8328110: Allow simultaneous use of PassFailJFrame with
split UI and additional windows
+ JDK-8328115: Convert java/awt/font/TextLayout/
/TestJustification.html applet test to main
+ JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
to automatic main test
+ JDK-8328218: Delete test
java/awt/Window/FindOwner/FindOwner.html
+ JDK-8328234: Remove unused nativeUtils files
+ JDK-8328238: Convert few closed manual applet tests to main
+ JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful
+ JDK-8328273: sun/management/jmxremote/bootstrap/
/RmiRegistrySslTest.java failed with
java.rmi.server.ExportException: Port already in use
+ JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
/ClickDuringKeypress.java imports Applet
+ JDK-8328561: test java/awt/Robot/ManualInstructions/
/ManualInstructions.java isn't used
+ JDK-8328642: Convert applet test
MouseDraggedOutCauseScrollingTest.html to main
+ JDK-8328647: TestGarbageCollectorMXBean.java fails with
C1-only and -Xcomp
+ JDK-8328896: Fontmetrics for large Fonts has zero width
+ JDK-8328953: JEditorPane.read throws ChangedCharSetException
+ JDK-8328999: Update GIFlib to 5.2.2
+ JDK-8329004: Update Libpng to 1.6.43
+ JDK-8329103: assert(!thread->in_asgct()) failed during
multi-mode profiling
+ JDK-8329109: Threads::print_on() tries to print CPU time for
terminated GC threads
+ JDK-8329126: No native wrappers generated anymore with
-XX:-TieredCompilation after JDK-8251462
+ JDK-8329134: Reconsider TLAB zapping
+ JDK-8329510: Update ProblemList for
JFileChooser/8194044/FileSystemRootTest.java
+ JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
because The End and Start buttons are not placed correctly and
Tab focus does not move as expected
+ JDK-8329605: hs errfile generic events - move memory
protections and nmethod flushes to separate sections
+ JDK-8329663: hs_err file event log entry for thread
adding/removing should print current thread
+ JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771
+ JDK-8329995: Restricted access to `/proc` can cause JFR
initialization to crash
+ JDK-8330063: Upgrade jQuery to 3.7.1
+ JDK-8330524: Linux ppc64le compile warning with clang in os_linux_ppc.cpp
+ JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512)
+ JDK-8330615: avoid signed integer overflows in zip_util.c
readCen / hashN
+ JDK-8331011: [XWayland] TokenStorage fails under Security Manager
+ JDK-8331063: Some HttpClient tests don't report leaks
+ JDK-8331077: nroff man page update for jar tool
+ JDK-8331164: createJMHBundle.sh download jars fail when url
needed to be redirected
+ JDK-8331265: Bump update version for OpenJDK: jdk-17.0.13
+ JDK-8331331: :tier1 target explanation in doc/testing.md is incorrect
+ JDK-8331466: Problemlist serviceability/dcmd/gc/
/RunFinalizationTest.java on generic-all
+ JDK-8331605:
jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure
+ JDK-8331746: Create a test to verify that the cmm id is not ignored
+ JDK-8331798: Remove unused arg of checkErgonomics() in
TestMaxHeapSizeTools.java
+ JDK-8331885: C2: meet between unloaded and speculative types
is not symmetric
+ JDK-8332008: Enable issuestitle check
+ JDK-8332113: Update nsk.share.Log to be always verbose
+ JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in
ff_Adlm.xml
+ JDK-8332248: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java failed with RuntimeException
+ JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16
+ JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13'
+ JDK-8332898: failure_handler: log directory of commands
+ JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
/TestDescription.java fails with no GC's recorded
+ JDK-8333270: HandlersOnComplexResetUpdate and
HandlersOnComplexUpdate tests fail with 'Unexpected reference'
if timeoutFactor is less than 1/3
+ JDK-8333353: Delete extra empty line in CodeBlob.java
+ JDK-8333398: Uncomment the commented test in test/jdk/java/
/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java
+ JDK-8333477: Delete extra empty spaces in Makefiles
+ JDK-8333698: [17u] TestJstatdRmiPort fails after JDK-8333667
+ JDK-8333716: Shenandoah: Check for disarmed method before
taking the nmethod lock
+ JDK-8333724: Problem list security/infra/java/security/cert/
/CertPathValidator/certification/CAInterop.java
#teliasonerarootcav1
+ JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
an exception with 0 failures
+ JDK-8334166: Enable binary check
+ JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java
should not depend on SecurityManager
+ JDK-8334332: TestIOException.java fails if run by root
+ JDK-8334333: MissingResourceCauseTestRun.java fails if run by root
+ JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
includes elements of JDK-8163327
+ JDK-8334339: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java fails on alinux3
+ JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14
+ JDK-8334482: Shenandoah: Deadlock when safepoint is pending
during nmethods iteration
+ JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java
fails on linux-aarch64
+ JDK-8334653: ISO 4217 Amendment 177 Update
+ JDK-8334769: Shenandoah: Move CodeCache_lock close to its use
in ShenandoahConcurrentNMethodIterator
+ JDK-8335536: Fix assertion failure in IdealGraphPrinter when
append is true
+ JDK-8335775: Remove extraneous 's' in comment of
rawmonitor.cpp test file
+ JDK-8335808: update for deprecated sprintf for jfrTypeSetUtils
+ JDK-8335918: update for deprecated sprintf for jvmti
+ JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags
+ JDK-8336301: test/jdk/java/nio/channels/
/AsyncCloseAndInterrupt.java leaves around a FIFO file upon
test completion
+ JDK-8336928: GHA: Bundle artifacts removal broken
+ JDK-8337038: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java shoud set as /native
+ JDK-8337283: configure.log is truncated when build dir is on
different filesystem
+ JDK-8337664: Distrust TLS server certificates issued after
Oct 2024 and anchored by Entrust Root CAs
+ JDK-8337669: [17u] Backport of JDK-8284047 missed to delete a file
+ JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
are inconsistent with their setVerbose methods
+ JDK-8338696: (fs) BasicFileAttributes.creationTime() falls
back to epoch if birth time is unavailable (Linux)
+ JDK-8339869: [21u] Test CreationTime.java fails with
UnsatisfiedLinkError after 8334339
+ JDK-8341057: Add 2 SSL.com TLS roots
+ JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
+ JDK-8341673: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.13
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:339-1
Released: Mon Feb 3 16:14:14 2025
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1236278,CVE-2025-21502
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.14+7 (January 2025 CPU):
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8071693: Introspector ignores default interface methods
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails
- JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with 'RuntimeException: Could not find class leak'
- JDK-8268364: jmethod clearing should be done during unloading
- JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee
- JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN
- JDK-8271456: Avoid looking up standard charsets in 'java.desktop' module
- JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags
- JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags
- JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs
- JDK-8272746: ZipFile can't open big file (NegativeArraySizeException)
- JDK-8273914: Indy string concat changes order of operations
- JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution
- JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop
- JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with 'SocketTimeoutException: Read timed out'
- JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test
- JDK-8280131: jcmd reports 'Module jdk.jfr not found.' when 'jdk.management.jfr' is missing
- JDK-8281379: Assign package declarations to all jtreg test cases under gc
- JDK-8282578: AIOOBE in javax.sound.sampled.Clip
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts
- JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11
- JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem
- JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable
- JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer
- JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around
- JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with 'Test failed: should be unloaded'
- JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests
- JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023
- JDK-8292309: Fix 'java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java' test
- JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes
- JDK-8293877: Rewrite MineField test
- JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory
- JDK-8294726: Update URLs in minefield tests
- JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher
- JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java
- JDK-8295859: Update Manual Test Groups
- JDK-8296709: WARNING: JNI call made without checking exceptions
- JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker
- JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones
- JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated
- JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP
- JDK-8303697: ProcessTools doesn't print last line of process output
- JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java
- JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally
- JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose
- JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out
- JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate
- JDK-8307297: Move some DnD tests to open
- JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM
- JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1
- JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options
- JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI
- JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK-
- JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests
- JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313638: Add test for dump of resolved references
- JDK-8313854: Some tests in serviceability area fail on localized Windows platform
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..)
- JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags
- JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags
- JDK-8314831: NMT tests ignore vm flags
- JDK-8315097: Rename createJavaProcessBuilder
- JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags
- JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm
- JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm
- JDK-8316446: 4 sun/management/jdp tests ignore VM flags
- JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags
- JDK-8316464: 3 sun/tools tests ignore VM flags
- JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829
- JDK-8316581: Improve performance of Symbol::print_value_on()
- JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm
- JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm
- JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm
- JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic'
- JDK-8318964: Fix build failures caused by 8315097
- JDK-8319574: Exec/process tests should be marked as flagless
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319651: Several network tests ignore vm flags when start java process
- JDK-8319817: Charset constructor should make defensive copy of aliases
- JDK-8320586: update manual test/jdk/TEST.groups
- JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
- JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions
- JDK-8320675: PrinterJob/SecurityDialogTest.java hangs
- JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed
- JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading
- JDK-8321470: ThreadLocal.nextHashCode can be static final
- JDK-8321543: Update NSS to version 3.96
- JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
- JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException
- JDK-8322766: Micro bench SSLHandshake should use default algorithms
- JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order
- JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
- JDK-8323562: SaslInputStream.read() may return wrong value
- JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop()
- JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3
- JDK-8324841: PKCS11 tests still skip execution
- JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages
- JDK-8325525: Create jtreg test case for JDK-8325203
- JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM
- JDK-8325610: CTW: Add StressIncrementalInlining to stress options
- JDK-8325616: JFR ZGC Allocation Stall events should record stack traces
- JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
- JDK-8325851: Hide PassFailJFrame.Builder constructor
- JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut
- JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless.
- JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
- JDK-8326898: NSK tests should listen on loopback addresses only
- JDK-8326948: Force English locale for timeout formatting
- JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug
- JDK-8327474: Review use of java.io.tmpdir in jdk tests
- JDK-8327924: Simplify TrayIconScalingTest.java
- JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8328303: 3 JDI tests timed out with UT enabled
- JDK-8328379: Convert URLDragTest.html applet test to main
- JDK-8328402: Implement pausing functionality for the PassFailJFrame
- JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use
- JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization
- JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket
- JDK-8328957: Update PKCS11Test.java to not use hardcoded path
- JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
- JDK-8330464: hserr generic events - add entry for the before_exit calls
- JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
- JDK-8330814: Cleanups for KeepAliveCache tests
- JDK-8331142: Add test for number of loader threads in BasicDirectoryModel
- JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options
- JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS
- JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock
- JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only
- JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer
- JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool'
- JDK-8331863: DUIterator_Fast used before it is constructed
- JDK-8331864: Update Public Suffix List to 1cbd6e7
- JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI
- JDK-8332340: Add JavacBench as a test case for CDS
- JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null
- JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null
- JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array'
- JDK-8332724: x86 MacroAssembler may over-align code
- JDK-8332777: Update JCStress test suite
- JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null
- JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
- JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS
- JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool'
- JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int'
- JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries
- JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature
- JDK-8333824: Unused ClassValue in VarHandles
- JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
- JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect
- JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test
- JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
- JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp
- JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
- JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile
- JDK-8335428: Enhanced Building of Processes
- JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ...
- JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs
- JDK-8335530: Java file extension missing in AuthenticatorTest
- JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
- JDK-8335904: Fix invalid comment in ShenandoahLock
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException
- JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name
- JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive
- JDK-8336342: Fix known X11 library locations in sysroot
- JDK-8336343: Add more known sysroot library locations for ALSA
- JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout
- JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result
- JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
- JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags
- JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
- JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows
- JDK-8337851: Some tests have name which confuse jtreg
- JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
- JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
- JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058
- JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList
- JDK-8338286: GHA: Demote x86_32 to hotspot build only
- JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813
- JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
- JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
- JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
- JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs
- JDK-8339470: [17u] More defensive fix for 8163921
- JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message
- JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings
- JDK-8339741: RISC-V: C ABI breakage for integer on stack
- JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
- JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java
- JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
- JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
- JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
- JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity
- JDK-8340306: Add border around instructions in PassFailJFrame
- JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions
- JDK-8340365: Position the first window of a window list
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
- JDK-8340461: Amend description for logArea
- JDK-8340466: Add description for PassFailJFrame constructors
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
- JDK-8340657: [PPC64] SA determines wrong unextendedSP
- JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage
- JDK-8340785: Update description of PassFailJFrame and samples
- JDK-8340799: Add border inside instruction frame in PassFailJFrame
- JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe
- JDK-8340815: Add SECURITY.md file
- JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
- JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter
- JDK-8341235: Improve default instruction frame title in PassFailJFrame
- JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code
- JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags
- JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code
- JDK-8341806: Gcc version detection failure on Alinux3
- JDK-8341927: Replace hardcoded security providers with new test.provider.name system property
- JDK-8341997: Tests create files in src tree instead of scratch dir
- JDK-8342181: Update tests to use stronger Key and Salt size
- JDK-8342183: Update tests to use stronger algorithms and keys
- JDK-8342188: Update tests to use stronger key parameters and certificates
- JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
- JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
- JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097
- JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option
- JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
- JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
- JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
- JDK-8343474: [updates] Customize README.md to specifics of update project
- JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8
- JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
- JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted
- JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
- JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1490-1
Released: Tue May 6 13:48:24 2025
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1241274,1241275,1241276,CVE-2025-21587,CVE-2025-30691,CVE-2025-30698
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.15+6 (April 2025 CPU)
CVEs:
+ CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274)
+ CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275)
+ CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276)
Changes:
+ JDK-6355567: AdobeMarkerSegment causes failure to read
valid JPEG
+ JDK-8065099: [macos] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java fails: no background shine
through
+ JDK-8179502: Enhance OCSP, CRL and Certificate Fetch
Timeouts
+ JDK-8198237: [macos] Test java/awt/Frame/
/ExceptionOnSetExtendedStateTest/
/ExceptionOnSetExtendedStateTest.java fails
+ JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac
+ JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java throws NPE
+ JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or
RGB tab in JColorChooser
+ JDK-8226938: [TEST_BUG]GTK L&F: There is no Details
button in FileChooser Dialog
+ JDK-8266435: WBMPImageReader.read() should not truncate
the input stream
+ JDK-8267893: Improve jtreg test failure handler do get
native/mixed stack traces for cores and live processes
+ JDK-8270961: [TESTBUG] Move GotWrongOOMEException into
vm.share.gc package
+ JDK-8274893: Update java.desktop classes to use
try-with-resources
+ JDK-8276202: LogFileOutput.invalid_file_vm asserts when
being executed from a read only working directory
+ JDK-8277240: java/awt/Graphics2D/ScaledTransform/
/ScaledTransform.java dialog does not get disposed
+ JDK-8281234: The -protected option is not always checked
in keytool and jarsigner
+ JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may
leak memory
+ JDK-8283387: [macos] a11y : Screen magnifier does not
show selected Tab
+ JDK-8283404: [macos] a11y : Screen magnifier does not
show JMenu name
+ JDK-8283664: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/PrintTextTest.java
+ JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent
always returns 'true'
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8290400: Must run exe installers in jpackage jtreg
tests without UI
+ JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/
/MultiScreenLocationTest.java: Robot.mouseMove test failed on
Screen #0
+ JDK-8292704: sun/security/tools/jarsigner/compatibility/
/Compatibility.java use wrong key size for EC
+ JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8
with hard-coded isOel7
+ JDK-8293345: SunPKCS11 provider checks on PKCS11
Mechanism are problematic
+ JDK-8293412: Remove unnecessary java.security.egd
overrides
+ JDK-8294067: [macOS] javax/swing/JComboBox/6559152/
/bug6559152.java Cannot select an item from popup with the
ENTER key.
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8295087: Manual Test to Automated Test Conversion
+ JDK-8295176: some langtools test pollutes source tree
+ JDK-8296591: Signature benchmark
+ JDK-8296818: Enhance JMH tests
java/security/Signatures.java
+ JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea
provides no visual indication of keyboard focus
+ JDK-8299127: [REDO] JDK-8194048 Regression automated test
'/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/
/HidingSelectionTest.java' fails
+ JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/
/DefaultCaret/HidingSelection/MultiSelectionTest.java fails
+ JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java
can fail with java.lang.NullPointerException
+ JDK-8299994: java/security/Policy/Root/Root.java fails
when home directory is read-only
+ JDK-8301989: new
javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE
+ JDK-8302111: Serialization considerations
+ JDK-8305853: java/text/Format/DateFormat/
/DateFormatRegression.java fails with 'Uncaught exception
thrown in test method Test4089106'
+ JDK-8306711: Improve diagnosis of `IntlTest` framework
+ JDK-8308341: JNI_GetCreatedJavaVMs returns a partially
initialized JVM
+ JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java fails
after JDK-8308341
+ JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java
+ JDK-8309740: Expand timeout windows for tests in
JDK-8179502
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8310234: Refactor Locale tests to use JUnit
+ JDK-8310629: java/security/cert/CertPathValidator/OCSP/
/OCSPTimeout.java fails with RuntimeException: Server not ready
+ JDK-8311306: Test com/sun/management/ThreadMXBean/
/ThreadCpuTimeArray.java failed: out of expected range
+ JDK-8311546: Certificate name constraints improperly
validated with leading period
+ JDK-8311663: Additional refactoring of Locale tests to
JUnit
+ JDK-8312416: Tests in Locale should have more descriptive
names
+ JDK-8312518: [macos13] setFullScreenWindow() shows black
screen on macOS 13 & above
+ JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/
/NextDropActionTest.java fails with
java.lang.RuntimeException: wrong next drop action!
+ JDK-8313710: jcmd: typo in the documentation of JFR.start
and JFR.dump
+ JDK-8314225: SIGSEGV in JavaThread::is_lock_owned
+ JDK-8314610: hotspot can't compile with the latest of
gtest because of <iomanip>
+ JDK-8314752: Use google test string comparison macros
+ JDK-8314909: tools/jpackage/windows/Win8282351Test.java
fails with java.lang.AssertionError: Expected [0]. Actual
[1618]:
+ JDK-8314975: JavadocTester should set source path if not
specified
+ JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/
/ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java
timed out
+ JDK-8315825: Open some swing tests
+ JDK-8315882: Open some swing tests 2
+ JDK-8315883: Open source several Swing JToolbar tests
+ JDK-8315952: Open source several Swing JToolbar JTooltip
JTree tests
+ JDK-8316056: Open source several Swing JTree tests
+ JDK-8316146: Open some swing tests 4
+ JDK-8316149: Open source several Swing JTree JViewport
KeyboardManager tests
+ JDK-8316218: Open some swing tests 5
+ JDK-8316371: Open some swing tests 6
+ JDK-8316559: Refactor some util/Calendar tests to JUnit
+ JDK-8316627: JViewport Test headless failure
+ JDK-8316696: Remove the testing base classes: IntlTest
and CollatorTest
+ JDK-8317631: Refactor ChoiceFormat tests to use JUnit
+ JDK-8317636: Improve heap walking API tests to verify
correctness of field indexes
+ JDK-8318442: java/net/httpclient/ManyRequests2.java fails
intermittently on Linux
+ JDK-8319567: Update java/lang/invoke tests to support vm
flags
+ JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/
/CallerAccessTest.java to accept vm flags
+ JDK-8319569: Several java/util tests should be updated to
accept VM flags
+ JDK-8319647: Few java/lang/System/LoggerFinder/modules
tests ignore vm flags
+ JDK-8319648: java/lang/SecurityManager tests ignore vm
flags
+ JDK-8319672: Several classloader tests ignore VM flags
+ JDK-8319673: Few security tests ignore VM flags
+ JDK-8319676: A couple of jdk/modules/incubator/ tests
ignore VM flags
+ JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java
should be marked as flagless
+ JDK-8319818: Address GCC 13.2.0 warnings
(stringop-overflow and dangling-pointer)
+ JDK-8320372: test/jdk/sun/security/x509/DNSName/
/LeadingPeriod.java validity check failed
+ JDK-8320676: Manual printer tests have no Pass/Fail
buttons, instructions close set 1
+ JDK-8320691: Timeout handler on Windows takes 2 hours to
complete
+ JDK-8320714: java/util/Locale/LocaleProvidersRun.java and
java/util/ResourceBundle/modules/visibility/
/VisibilityTest.java timeout after passing
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with 'OutOfMemoryError: GC overhead limit exceeded'
+ JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java
failed with 'Cannot read the array length because '<local4>'
is null'
+ JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with 'Events are not ordered! Reuse = false'
+ JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java
now() to be more robust
+ JDK-8324807: Manual printer tests have no Pass/Fail
buttons, instructions close set 2
+ JDK-8325024: java/security/cert/CertPathValidator/OCSP(
/OCSPTimeout.java incorrect comment information
+ JDK-8325042: Remove unused JVMDITools test files
+ JDK-8325529: Remove unused imports from `ModuleGenerator`
test file
+ JDK-8325659: Normalize Random usage by incubator vector
tests
+ JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/
/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
+ JDK-8325908: Finish removal of IntlTest and CollatorTest
+ JDK-8325937: runtime/handshake/HandshakeDirectTest.java
causes 'monitor end should be strictly below the frame pointer'
assertion failure on AArch64
+ JDK-8326421: Add jtreg test for large arrayCopy disjoint
case.
+ JDK-8326525: com/sun/tools/attach/BasicTests.java does
not verify AgentLoadException case
+ JDK-8327098: GTest needs larger combination limit
+ JDK-8327476: Upgrade JLine to 3.26.1
+ JDK-8327505: Test com/sun/jmx/remote/
/NotificationMarshalVersions/TestSerializationMismatch.java
fails
+ JDK-8327857: Remove applet usage from JColorChooser tests
Test4222508
+ JDK-8327859: Remove applet usage from JColorChooser tests
Test4319113
+ JDK-8327986: ASAN reports use-after-free in
DirectivesParserTest.empty_object_vm
+ JDK-8328005: Convert java/awt/im/JTextFieldTest.java
applet test to main
+ JDK-8328085: C2: Use after free in
PhaseChaitin::Register_Allocate()
+ JDK-8328121: Remove applet usage from JColorChooser tests
Test4759306
+ JDK-8328130: Remove applet usage from JColorChooser tests
Test4759934
+ JDK-8328185: Convert java/awt/image/MemoryLeakTest/
/MemoryLeakTest.java applet test to main
+ JDK-8328227: Remove applet usage from JColorChooser tests
Test4887836
+ JDK-8328368: Convert java/awt/image/multiresolution/
/MultiDisplayTest/MultiDisplayTest.java applet test to main
+ JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java
applet test to main
+ JDK-8328380: Remove applet usage from JColorChooser tests
Test6348456
+ JDK-8328387: Convert java/awt/Frame/FrameStateTest/
/FrameStateTest.html applet test to main
+ JDK-8328403: Remove applet usage from JColorChooser tests
Test6977726
+ JDK-8328553: Get rid of JApplet in
test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java
+ JDK-8328558: Convert javax/swing/JCheckBox/8032667/
/bug8032667.java applet test to main
+ JDK-8328717: Convert javax/swing/JColorChooser/8065098/
/bug8065098.java applet test to main
+ JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html
applet test to main
+ JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html
applet test to main
+ JDK-8328753: Open source few Undecorated Frame tests
+ JDK-8328819: Remove applet usage from JFileChooser tests
bug6698013
+ JDK-8328827: Convert java/awt/print/PrinterJob/
/PrinterDialogsModalityTest/PrinterDialogsModalityTest.html
applet test to main
+ JDK-8329210: Delete Redundant Printer Dialog Modality Test
+ JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java
test
+ JDK-8329322: Convert PageFormat/Orient.java to use
PassFailJFrame
+ JDK-8329692: Add more details to FrameStateTest.java test
instructions
+ JDK-8330702: Update failure handler to don't generate
Error message if cores actions are empty
+ JDK-8331153: JFR: Improve logging of
jdk/jfr/api/consumer/filestream/TestOrdered.java
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8331959: Update PKCS#11 Cryptographic Token Interface
to v3.1
+ JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/
/EnterExitEvents/ResizingFrameTest.java
+ JDK-8332917: failure_handler should execute gdb 'info
threads' command on linux
+ JDK-8333360: PrintNullString.java doesn't use float
arguments
+ JDK-8333391: Test com/sun/jdi/InterruptHangTest.java
failed: Thread was never interrupted during sleep
+ JDK-8333403: Write a test to check various components
events are triggered properly
+ JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java
is failing on Japanese Windows
+ JDK-8334305: Remove all code for nsk.share.Log verbose
mode
+ JDK-8334490: Normalize string with locale invariant
`toLowerCase()`
+ JDK-8334777: Test javax/management/remote/mandatory/notif/
/NotifReconnectDeadlockTest.java failed with
NullPointerException
+ JDK-8335150: Test LogGeneratedClassesTest.java fails on
rpmbuild mock enviroment
+ JDK-8335172: Add manual steps to run security/auth/callback/
/TextCallbackHandler/Password.java test
+ JDK-8335789: [TESTBUG] XparColor.java test fails with
Error. Parse Exception: Invalid or unrecognized bugid: @
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8336498: [macos] [build]: install-file macro may run
into permission denied error
+ JDK-8336692: Redo fix for JDK-8284620
+ JDK-8336942: Improve test coverage for class loading
elements with annotations of different retentions
+ JDK-8337222: gc/TestDisableExplicitGC.java fails due to
unexpected CodeCache GC
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8337826: Improve logging in OCSPTimeout and
SimpleOCSPResponder to help diagnose JDK-8309754
+ JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java
fails in OEL due to a slight color difference
+ JDK-8337951: Test sun/security/validator/samedn.sh
CertificateNotYetValidException: NotBefore validation
+ JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca)))
failed: control must not be back in the loop
+ JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java
failed
+ JDK-8338430: Improve compiler transformations
+ JDK-8338571: [TestBug] DefaultCloseOperation.java test
not working as expected wrt instruction after JDK-8325851 fix
+ JDK-8338595: Add more linesize for MIME decoder in macro
bench test Base64Decode
+ JDK-8338668: Test javax/swing/JFileChooser/8080628/
/bug8080628.java doesn't test for GTK L&F
+ JDK-8339154: Cleanups and JUnit conversion of
test/jdk/java/util/zip/Available.java
+ JDK-8339261: Logs truncated in test
javax/net/ssl/DTLS/DTLSRehandshakeTest.java
+ JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java
failed with java.net.SocketException: An established
connection was aborted by the software in your host machine
+ JDK-8339524: Clean up a few ExtendedRobot tests
+ JDK-8339687: Rearrange reachabilityFence()s in
jdk.test.lib.util.ForceGC
+ JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
getKeyChar method of the AccessBridge class
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339883: Open source several AWT/2D related tests
+ JDK-8339902: Open source couple TextField related tests
+ JDK-8339943: Frame not disposed in
java/awt/dnd/DropActionChangeTest.java
+ JDK-8340078: Open source several 2D tests
+ JDK-8340116: test/jdk/sun/security/tools/jarsigner/
/PreserveRawManifestEntryAndDigest.java can fail due to regex
+ JDK-8340411: open source several 2D imaging tests
+ JDK-8340480: Bad copyright notices in changes from
JDK-8339902
+ JDK-8340687: Open source closed frame tests #1
+ JDK-8340719: Open source AWT List tests
+ JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java
should be marked as flagless
+ JDK-8341037: Use standard layouts in
DefaultFrameIconTest.java and MenuCrash.java
+ JDK-8341111: open source several AWT tests including menu
shortcut tests
+ JDK-8341316: [macos] javax/swing/ProgressMonitor/
/ProgressMonitorEscapeKeyPress.java fails sometimes in macos
+ JDK-8341412: Various test failures after JDK-8334305
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8341453: java/awt/a11y/AccessibleJTableTest.java
fails in some cases where the test tables are not visible
+ JDK-8341722: Fix some warnings as errors when building on
Linux with toolchain clang
+ JDK-8341881: [REDO] java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java#tmp fails on alinux3
+ JDK-8341978: Improve JButton/bug4490179.java
+ JDK-8341982: Simplify JButton/bug4323121.java
+ JDK-8342098: Write a test to compare the images
+ JDK-8342145: File libCreationTimeHelper.c compile fails
on Alpine
+ JDK-8342270: Test sun/security/pkcs11/Provider/
/RequiredMechCheck.java needs write access to src tree
+ JDK-8342498: Add test for Allocation elimination after
use as alignment reference by SuperWord
+ JDK-8342508: Use latch in BasicMenuUI/bug4983388.java
instead of delay
+ JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java
from running on macOS
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342602: Remove JButton/PressedButtonRightClickTest
test
+ JDK-8342607: Enhance register printing on x86_64 platforms
+ JDK-8342609: jpackage test helper function incorrectly
removes a directory instead of its contents only
+ JDK-8342634: javax/imageio/plugins/wbmp/
/WBMPStreamTruncateTest.java creates temp file in src dir
+ JDK-8342635: javax/swing/JFileChooser/FileSystemView/
/WindowsDefaultIconSizeTest.java creates tmp file in src dir
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java
failed: Unexpected connection count: 5
+ JDK-8342858: Make target mac-jdk-bundle fails on chmod
command
+ JDK-8342988: GHA: Build JTReg in single step
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343100: Consolidate EmptyFolderTest and
EmptyFolderPackageTest jpackage tests into single java file
+ JDK-8343101: Rework BasicTest.testTemp test cases
+ JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/
/PrintCheckboxManualTest.java fails with Error. Can't find
HTML file PrintCheckboxManualTest.html
+ JDK-8343128: PassFailJFrame.java test result: Error. Bad
action for script: build}
+ JDK-8343129: Disable unstable check of
ThreadsListHandle.sanity_vm ThreadList values
+ JDK-8343178: Test BasicTest.java javac compile fails
cannot find symbol
+ JDK-8343378: Exceptions in javax/management
DeadLockTest.java do not cause test failure
+ JDK-8343491: javax/management/remote/mandatory/connection/
/DeadLockTest.java failing with NoSuchObjectException: no such
object in table
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343724: [PPC64] Disallow OptoScheduling
+ JDK-8343882: BasicAnnoTests doesn't handle multiple
annotations at the same position
+ JDK-8344581: [TESTBUG] java/awt/Robot/
/ScreenCaptureRobotTest.java failing on macOS
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8344646: The libjsig deprecation warning should go to
stderr not stdout
+ JDK-8345296: AArch64: VM crashes with SIGILL when prctl
is disallowed
+ JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java
fails on Windows Server 2025
+ JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15
+ JDK-8345375: Improve debuggability of
test/jdk/java/net/Socket/CloseAvailable.java
+ JDK-8345414: Google CAInterop test failures
+ JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/
/bug4865918.java fails in ubuntu22.04
+ JDK-8346055: javax/swing/text/StyledEditorKit/4506788/
/bug4506788.java fails in ubuntu22.04
+ JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java
fails in CI
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8346671: java/nio/file/Files/probeContentType/Basic.java
fails on Windows 2025
+ JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java
still fails in CI
+ JDK-8346887: DrawFocusRect() may cause an assertion failure
+ JDK-8346908: Update JDK 17 javadoc man page
+ JDK-8346972: Test java/nio/channels/FileChannel/
/LoopingTruncate.java fails sometimes with IOException: There
is not enough space on the disk
+ JDK-8347424: Fix and rewrite
sun/security/x509/DNSName/LeadingPeriod.java test
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java
failing
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old
java.awt.headless behavior on Windows
+ JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8353905: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released: Fri Aug 1 17:35:01 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:
- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2667-1
Released: Mon Aug 4 14:37:23 2025
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106
This update for java-17-openjdk fixes the following issues:
Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU):
- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598)
- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)
Changelog:
+ JDK-4850101: Setting mnemonic to VK_F4 underlines the letter
S in a button.
+ JDK-5074006: Swing JOptionPane shows </html> tag as a string
after newline
+ JDK-6956385: URLConnection.getLastModified() leaks file
handles for jar:file and file: URLs
+ JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't
move selection on next cell in JTable on Aqua L&F
+ JDK-8042134: JOptionPane bungles HTML messages
+ JDK-8051591: Test
javax/swing/JTabbedPane/8007563/Test8007563.java fails
+ JDK-8077371: Binary files in JAXP test should be removed
+ JDK-8183348: Better cleanup for
jdk/test/sun/security/pkcs12/P12SecretKey.java
+ JDK-8196465:
javax/swing/JComboBox/8182031/ComboPopupTest.java fails on
Linux
+ JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/
jdk/test/lib/compiler/InMemoryJavaCompiler
+ JDK-8211400: nsk.share.gc.Memory::getArrayLength returns
wrong value
+ JDK-8218474: JComboBox display issue with GTKLookAndFeel
+ JDK-8224267: JOptionPane message string with 5000+ newlines
produces StackOverflowError
+ JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/
/NonUniqueAliases.java is marked with @ignore
+ JDK-8251505: Use of types in compiler shared code should be
consistent.
+ JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java
failed with 'Didn't find enough line numbers'
+ JDK-8254786: java/net/httpclient/CancelRequestTest.java
failing intermittently
+ JDK-8256211: assert fired in
java/net/httpclient/DependentPromiseActionsTest (infrequent)
+ JDK-8258483: [TESTBUG] gtest
CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
too small
+ JDK-8269516: AArch64: Assembler cleanups
+ JDK-8271419: Refactor test code for modifying CDS archive
contents
+ JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC
+ JDK-8277983: Remove unused fields from
sun.net.www.protocol.jar.JarURLConnection
+ JDK-8279884: Use better file for cygwin source permission
check
+ JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java
timeouts on Windows 11
+ JDK-8280468: Crashes in getConfigColormap,
getConfigVisualId, XVisualIDFromVisual on Linux
+ JDK-8280820: Clean up bug8033699 and bug8075609.java tests:
regtesthelpers aren't used
+ JDK-8280991: [XWayland] No displayChanged event after
setDisplayMode call
+ JDK-8281511: java/net/ipv6tests/UdpTest.java fails with
checkTime failed
+ JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/
/FullscreenWindowProps.java fails on Windows 10 with HiDPI
screen
+ JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads
the spinner value 10 as 1 when user iterates to 10 for the
first time on macOS
+ JDK-8286789: Test forceEarlyReturn002.java timed out
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8286925: Move JSON parser used in JFR tests to test
library
+ JDK-8287352: DockerTestUtils::execute shows incorrect
elapsed time
+ JDK-8287801: Fix test-bugs related to stress flags
+ JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java:
setFloating does not work correctly
+ JDK-8290162: Reset recursion counter missed in fix of
JDK-8224267
+ JDK-8292064: Convert java/lang/management/MemoryMXBean shell
tests to java version
+ JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java
#Epsilon-64 failed assertGreaterThanOrEqual:
expected MMM >= NNN
+ JDK-8294038: Remove 'Classpath' exception from javax/swing
tests
+ JDK-8294155: Exception thrown before awaitAndCheck hangs
PassFailJFrame
+ JDK-8295470: Update openjdk.java.net => openjdk.org URLs in
test code
+ JDK-8295670: Remove duplication in
java/util/Formatter/Basic*.java
+ JDK-8295804:
javax/swing/JFileChooser/JFileChooserSetLocationTest.java
failed with 'setLocation() is not working properly'
+ JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode
should write into DerOutputStream
+ JDK-8296167: test/langtools/tools/jdeps/jdkinternals/
/ShowReplacement.java failing after JDK-8296072
+ JDK-8296920: Regression Test DialogOrient.java fails on MacOS
+ JDK-8297173: usageTicks and totalTicks should be volatile to
ensure that different threads get the latest ticks
+ JDK-8297242: Use-after-free during library unloading on Linux
+ JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/
/btree012.java failed with 'fatal error: refcount has gone to
zero'
+ JDK-8298147: Clang warns about pointless comparisons
+ JDK-8298248: Limit sscanf output width in cgroup file parsers
+ JDK-8298709: Fix typos in src/java.desktop/ and various test
classes of client component
+ JDK-8298730: Refactor subsystem_file_line_contents and add
docs and tests
+ JDK-8300645: Handle julong values in logging of
GET_CONTAINER_INFO macros
+ JDK-8300658: memory_and_swap_limit() reporting wrong values
on systems with swapaccount=0
+ JDK-8302226: failure_handler native.core should wait for
coredump to finish
+ JDK-8303549: [AIX] TestNativeStack.java is failing with exit
value 1
+ JDK-8303770: Remove Baltimore root certificate expiring in
May 2025
+ JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/
/SP05/sp05t003/TestDescription.java timed out: thread not
suspended
+ JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in
remote X11 sessions
+ JDK-8306997: C2: 'malformed control flow' assert due to
missing safepoint on backedge with a switch
+ JDK-8307318: Test
serviceability/sa/ClhsdbCDSJstackPrintAll.java failed:
ArrayIndexOutOfBoundsException
+ JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/
/GetScreenInsetsCustomGC.java failed with 'Cannot invoke
'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is
null'
+ JDK-8309841: Jarsigner should print a warning if an entry is
removed
+ JDK-8310525: DynamicLauncher for JDP test needs to try
harder to find a free port
+ JDK-8312246: NPE when HSDB visits bad oop
+ JDK-8314120: Add tests for FileDescriptor.sync
+ JDK-8314236: Overflow in Collections.rotate
+ JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java
fails intermittently on Linux
+ JDK-8314320: Mark runtime/CommandLine/ tests as flagless
+ JDK-8314828: Mark 3 jcmd command-line options test as
vm.flagless
+ JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java
timed out
+ JDK-8315669: Open source several Swing PopupMenu related
tests
+ JDK-8315721: CloseRace.java#id0 fails transiently on libgraal
+ JDK-8315742: Open source several Swing Scroll related tests
+ JDK-8315871: Opensource five more Swing regression tests
+ JDK-8315876: Open source several Swing CSS related tests
+ JDK-8315951: Open source several Swing HTMLEditorKit related
tests
+ JDK-8315981: Opensource five more random Swing tests
+ JDK-8316061: Open source several Swing RootPane and Slider
related tests
+ JDK-8316156: ByteArrayInputStream.transferTo causes
MaxDirectMemorySize overflow
+ JDK-8316228: jcmd tests are broken by 8314828
+ JDK-8316324: Opensource five miscellaneous Swing tests
+ JDK-8316388: Opensource five Swing component related
regression tests
+ JDK-8316451: 6 java/lang/instrument/PremainClass tests
ignore VM flags
+ JDK-8316452: java/lang/instrument/modules/
/AppendToClassPathModuleTest.java ignores VM flags
+ JDK-8316460: 4 javax/management tests ignore VM flags
+ JDK-8316497: ColorConvertOp - typo for non-ICC conversions
needs one-line fix
+ JDK-8316629: j.text.DateFormatSymbols setZoneStrings()
exception is unhelpful
+ JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM
path
+ JDK-8318915: Enhance checks in BigDecimal.toPlainString()
+ JDK-8318962: Update ProcessTools javadoc with suggestions in
8315097
+ JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java
ignores VM flags
+ JDK-8319578: Few java/lang/instrument ignore test.java.opts
and accept test.vm.opts only
+ JDK-8319690: [AArch64] C2 compilation hits
offset_ok_for_immed: assert 'c2 compiler bug'
+ JDK-8320682: [AArch64] C1 compilation fails with 'Field too
big for insn'
+ JDK-8320687: sun.jvmstat.monitor.MonitoredHost
.getMonitoredHost() throws unexpected exceptions when invoked
concurrently
+ JDK-8321204: C2: assert(false) failed: node should be in
igvn hash table
+ JDK-8321479: java -D-D crashes
+ JDK-8321509: False positive in get_trampoline fast path
causes crash
+ JDK-8321713: Harmonize executeTestJvm with
create[Limited]TestJavaProcessBuilder
+ JDK-8321718: ProcessTools.executeProcess calls waitFor
before logging
+ JDK-8321931: memory_swap_current_in_bytes reports 0 as
'unlimited'
+ JDK-8325435: [macos] Menu or JPopupMenu not closed when main
window is resized
+ JDK-8325680: Uninitialised memory in deleteGSSCB of
GSSLibStub.c:179
+ JDK-8325682: Rename nsk_strace.h
+ JDK-8326389: [test] improve assertEquals failure output
+ JDK-8328301: Convert Applet test
ManualHTMLDataFlavorTest.java to main program
+ JDK-8328482: Convert and Open source few manual applet test
to main based
+ JDK-8328484: Convert and Opensource few JFileChooser applet
test to main
+ JDK-8328648: Remove applet usage from JFileChooser tests
bug4150029
+ JDK-8328670: Automate and open source few closed manual
applet test
+ JDK-8328673: Convert closed text/html/CSS manual applet test
to main
+ JDK-8329261: G1: interpreter post-barrier x86 code asserts
index size of wrong buffer
+ JDK-8330534: Update nsk/jdwp tests to use driver instead of
othervm
+ JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails
with java.util.MissingFormatArgumentException: Format
specifier '%s'
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8333117: Remove support of remote and manual debuggee
launchers
+ JDK-8333680: com/sun/tools/attach/BasicTests.java fails with
'SocketException: Permission denied: connect'
+ JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched
does not copy all fields
+ JDK-8334644: Automate
javax/print/attribute/PageRangesException.java
+ JDK-8334780: Crash: assert(h_array_list.not_null()) failed:
invariant
+ JDK-8334895: OpenJDK fails to configure on linux aarch64
when CDS is disabled after JDK-8331942
+ JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits))
failed: Field too big for insn
+ JDK-8335684: Test ThreadCpuTime.java should pause like
ThreadCpuTimeArray.java
+ JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/
/AllowedFunctions.java fails with unexpected exit code: 112
+ JDK-8336587: failure_handler lldb command times out on
macosx-aarch64 core file
+ JDK-8337221: CompileFramework: test library to conveniently
compile java and jasm sources for fuzzing
+ JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/
/stop_at002.java failure goes undetected
+ JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in
gtest framework
+ JDK-8339148: Make os::Linux::active_processor_count() public
+ JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
gtest fails on ppc64 based platforms
+ JDK-8339639: Opensource few AWT PopupMenu tests
+ JDK-8339678: Update runtime/condy tests to be executed with
VM flags
+ JDK-8339727: Open source several AWT focus tests - series 1
+ JDK-8339794: Open source closed choice tests #1
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339836: Open source several AWT Mouse tests - Batch 1
+ JDK-8339842: Open source several AWT focus tests - series 2
+ JDK-8339895: Open source several AWT focus tests - series 3
+ JDK-8339906: Open source several AWT focus tests - series 4
+ JDK-8339935: Open source several AWT focus tests - series 5
+ JDK-8339982: Open source several AWT Mouse tests - Batch 2
+ JDK-8339984: Open source AWT MenuItem related tests
+ JDK-8339995: Open source several AWT focus tests - series 6
+ JDK-8340077: Open source few Checkbox tests - Set2
+ JDK-8340084: Open source AWT Frame related tests
+ JDK-8340143: Open source several Java2D rendering loop tests.
+ JDK-8340164: Open source few Component tests - Set1
+ JDK-8340173: Open source some Component/Panel/EventQueue
tests - Set2
+ JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in
test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java
+ JDK-8340193: Open source several AWT Dialog tests - Batch 1
+ JDK-8340228: Open source couple more miscellaneous AWT tests
+ JDK-8340271: Open source several AWT Robot tests
+ JDK-8340279: Open source several AWT Dialog tests - Batch 2
+ JDK-8340332: Open source mixed AWT tests - Set3
+ JDK-8340366: Open source several AWT Dialog tests - Batch 3
+ JDK-8340367: Opensource few AWT image tests
+ JDK-8340393: Open source closed choice tests #2
+ JDK-8340407: Open source a few more Component related tests
+ JDK-8340417: Open source some MenuBar tests - Set1
+ JDK-8340432: Open source some MenuBar tests - Set2
+ JDK-8340433: Open source closed choice tests #3
+ JDK-8340437: Open source few more AWT Frame related tests
+ JDK-8340458: Open source additional Component tests (part 2)
+ JDK-8340555: Open source DnD tests - Set4
+ JDK-8340560: Open Source several AWT/2D font and rendering
tests
+ JDK-8340605: Open source several AWT PopupMenu tests
+ JDK-8340621: Open source several AWT List tests
+ JDK-8340625: Open source additional Component tests (part 3)
+ JDK-8340639: Open source few more AWT List tests
+ JDK-8340713: Open source DnD tests - Set5
+ JDK-8340784: Remove PassFailJFrame constructor with
screenshots
+ JDK-8340790: Open source several AWT Dialog tests - Batch 4
+ JDK-8340809: Open source few more AWT PopupMenu tests
+ JDK-8340874: Open source some of the AWT Geometry/Button
tests
+ JDK-8340907: Open source closed frame tests # 2
+ JDK-8340966: Open source few Checkbox and Cursor tests - Set1
+ JDK-8340967: Open source few Cursor tests - Set2
+ JDK-8340978: Open source few DnD tests - Set6
+ JDK-8340985: Open source some Desktop related tests
+ JDK-8341000: Open source some of the AWT Window tests
+ JDK-8341004: Open source AWT FileDialog related tests
+ JDK-8341072: Open source several AWT Canvas and Rectangle
related tests
+ JDK-8341128: open source some 2d graphics tests
+ JDK-8341148: Open source several Choice related tests
+ JDK-8341162: Open source some of the AWT window test
+ JDK-8341170: Open source several Choice related tests (part
2)
+ JDK-8341177: Opensource few List and a Window test
+ JDK-8341191: Open source few more AWT FileDialog tests
+ JDK-8341239: Open source closed frame tests # 3
+ JDK-8341257: Open source few DND tests - Set1
+ JDK-8341258: Open source few various AWT tests - Set1
+ JDK-8341278: Open source few TrayIcon tests - Set7
+ JDK-8341298: Open source more AWT window tests
+ JDK-8341373: Open source closed frame tests # 4
+ JDK-8341378: Open source few TrayIcon tests - Set8
+ JDK-8341447: Open source closed frame tests # 5
+ JDK-8341535: sun/awt/font/TestDevTransform.java fails with
RuntimeException: Different rendering
+ JDK-8341637: java/net/Socket/UdpSocket.java fails with
'java.net.BindException: Address already in use'
(macos-aarch64)
+ JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java
timed out after JDK-8341257
+ JDK-8342376: More reliable OOM handling in
ExceptionDuringDumpAtObjectsInitPhase test
+ JDK-8342524: Use latch in AbstractButton/bug6298940.java
instead of delay
+ JDK-8342633: javax/management/security/
/HashedPasswordFileTest.java creates tmp file in src dir
+ JDK-8343037: Missing @since tag on JColorChooser.showDialog
overload
+ JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/
/scenarios/sampling/SP05/sp05t003/TestDescription.java
+ JDK-8343124: Tests fails with
java.lang.IllegalAccessException: class
com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot
access
+ JDK-8343170: java/awt/Cursor/JPanelCursorTest/
/JPanelCursorTest.java does not show the default cursor
+ JDK-8343205: CompileBroker::possibly_add_compiler_threads
excessively polls available memory
+ JDK-8343529: serviceability/sa/ClhsdbWhere.java fails
AssertionFailure: Corrupted constant pool
+ JDK-8343891: Test javax/swing/JTabbedPane/
/TestJTabbedPaneBackgroundColor.java failed
+ JDK-8343936: Adjust timeout in test
javax/management/monitor/DerivedGaugeMonitorTest.java
+ JDK-8344316: security/auth/callback/TextCallbackHandler/
/Password.java make runnable with JTReg and add the UI
+ JDK-8344361: Restore null return for invalid services from
legacy providers
+ JDK-8345133: Test sun/security/tools/jarsigner/
/TsacertOptionTest.java failed: Warning found in stdout
+ JDK-8345134: Test sun/security/tools/jarsigner/
/ConciseJarsigner.java failed: unable to find valid
certification path to requested target
+ JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/
/bug8033699.java fails in ubuntu22.04
+ JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/
/bug4529206.java fails in ubuntu22.04
+ JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/
/4278839/bug4278839.java fails in ubuntu22.04
+ JDK-8345598: Upgrade NSS binaries for interop tests
+ JDK-8345625: Better HTTP connections
+ JDK-8345728: [Accessibility,macOS,Screen Magnifier]:
JCheckbox unchecked state does not magnify but works for
checked tate
+ JDK-8345838: Remove the
appcds/javaldr/AnonVmClassesDuringDump.java test
+ JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java
warnings
+ JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in
CI on Linux
+ JDK-8347000: Bug in
com/sun/net/httpserver/bugs/B6361557.java test
+ JDK-8347019: Test javax/swing/JRadioButton/8033699/
/bug8033699.java still fails: Focus is not on Radio Button
Single as Expected
+ JDK-8347083: Incomplete logging in
nsk/jvmti/ResourceExhausted/resexhausted00* tests
+ JDK-8347126: gc/stress/TestStressG1Uncommit.java gets
OOM-killed
+ JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime
error: division by zero
+ JDK-8347286: (fs) Remove some extensions from
java/nio/file/Files/probeContentType/Basic.java
+ JDK-8347576: Error output in libjsound has non matching
format strings
+ JDK-8347629: Test FailOverDirectExecutionControlTest.java
fails with -Xcomp
+ JDK-8347911: Limit the length of inflated text chunks
+ JDK-8347995: Race condition in jdk/java/net/httpclient/
/offline/FixedResponseHttpClient.java
+ JDK-8348107: test/jdk/java/net/httpclient/
/HttpsTunnelAuthTest.java fails intermittently
+ JDK-8348110: Update LCMS to 2.17
+ JDK-8348299: Update List/ItemEventTest/ItemEventTest.java
+ JDK-8348596: Update FreeType to 2.13.3
+ JDK-8348597: Update HarfBuzz to 10.4.0
+ JDK-8348598: Update Libpng to 1.6.47
+ JDK-8348600: Update PipeWire to 1.3.81
+ JDK-8348865: JButton/bug4796987.java never runs because
Windows XP is unavailable
+ JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver
doesn't announce untick on toggling the checkbox with 'space'
key on macOS
+ JDK-8348989: Better Glyph drawing
+ JDK-8349039: Adjust exception No type named <ThreadType> in
database
+ JDK-8349111: Enhance Swing supports
+ JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark
fails
+ JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh
to run fully in java
+ JDK-8349492: Update sun/security/pkcs12/
/KeytoolOpensslInteropTest.java to use a recent Openssl
version
+ JDK-8349501: Relocate supporting classes in
security/testlibrary to test/lib/jdk tree
+ JDK-8349594: Enhance TLS protocol support
+ JDK-8349751: AIX build failure after upgrade pipewire to
1.3.81
+ JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails
java.lang.NoClassDefFoundError
+ JDK-8350211: CTW: Attempt to preload all classes in constant
pool
+ JDK-8350224: Test javax/swing/JComboBox/
/TestComboBoxComponentRendering.java fails in ubuntu 23.x and
later
+ JDK-8350260: Improve HTML instruction formatting in
PassFailJFrame
+ JDK-8350383: Test: add more test case for string compare (UL
case)
+ JDK-8350386: Test TestCodeCacheFull.java fails with option
-XX:-UseCodeCacheFlushing
+ JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to
incorrect traces in JFR
+ JDK-8350498: Remove two Camerfirma root CA certificates
+ JDK-8350540: [17u,11u] B8312065.java fails Network is
unreachable
+ JDK-8350546: Several java/net/InetAddress tests fails
UnknownHostException
+ JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug
builds
+ JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16
+ JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails
+ JDK-8350991: Improve HTTP client header handling
+ JDK-8351086: (fc) Make
java/nio/channels/FileChannel/BlockDeviceSize.java test manual
+ JDK-8352076: [21u] Problem list tests that fail in 21 and
would be fixed by 8309622
+ JDK-8352109: java/awt/Desktop/MailTest.java fails in
platforms where Action.MAIL is not supported
+ JDK-8352302: Test
sun/security/tools/jarsigner/TimestampCheck.java is failing
+ JDK-8352649: [17u] guarantee(is_result_safe ||
is_in_asgct()) failed inside AsyncGetCallTrace
+ JDK-8352676: Opensource JMenu tests - series1
+ JDK-8352680: Opensource few misc swing tests
+ JDK-8352684: Opensource JInternalFrame tests - series1
+ JDK-8352706: httpclient HeadTest does not run on HTTP2
+ JDK-8352716: (tz) Update Timezone Data to 2025b
+ JDK-8352908: Open source several swing tests batch1
+ JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java
fails with 32-bit build
+ JDK-8353070: Clean up and open source couple AWT Graphics
related tests (Part 1)
+ JDK-8353138: Screen capture for test
TaskbarPositionTest.java, failure case
+ JDK-8353320: Open source more Swing text tests
+ JDK-8353446: Open source several AWT Menu tests - Batch 2
+ JDK-8353475: Open source two Swing DefaultCaret tests
+ JDK-8353685: Open some JComboBox bugs 4
+ JDK-8353709: Debug symbols bundle should contain full debug
files when building --with-external-symbols-in-bundles=public
+ JDK-8353714: [17u] Backport of 8347740 incomplete
+ JDK-8353942: Open source Swing Tests - Set 5
+ JDK-8354554: Open source several clipboard tests batch1
+ JDK-8356053: Test java/awt/Toolkit/Headless/
/HeadlessToolkit.java fails by timeout
+ JDK-8356096: ISO 4217 Amendment 179 Update
+ JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
+ JDK-8357105: C2: compilation fails with 'assert(false)
failed: empty program detected during loop optimization'
+ JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c:
enum type mismatch during build
+ JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+ JDK-8360147: Better Glyph drawing redux
+ JDK-8361674: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released: Thu Aug 7 05:38:32 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2874-1
Released: Tue Aug 19 06:07:47 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increase limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3285-1
Released: Sun Sep 21 11:18:05 2025
Summary: Security update for mybatis, ognl
Type: security
Severity: important
References: 1248252,CVE-2025-53192
This update for mybatis, ognl fixes the following issues:
Version update to 3.5.7:
* Bug fixes:
+ Improved performance under JDK 8. #2223
Version update to 3.5.8:
* List of changes:
+ Avoid NullPointerException when mapping an empty string to
java.lang.Character. #2368
+ Fixed an incorrect argument when initializing static object.
This resolves a compatibility issue with quarkus-mybatis.
#2284
+ Performance improvements. #2297 #2335 #2340
Version update to 3.5.9:
* List of changes:
+ Add nullable to <foreach />. If enabled, it skips the
iteration when the collection is null instead of throwing an
exception. To enable this feature globally, set
nullableOnForEach=true in the config. #1883
Version update to 3.5.10:
* Bug fixes:
+ Unexpected illegal reflective access warning (or
InaccessibleObjectException on Java 16+) when calling method
in OGNL expression. #2392
+ IllegalAccessException when auto-mapping Records (JEP-359)
#2195
+ 'interrupted' status is not set when
PooledConnection#getConnection() is interrupted. #2503
* Enhancements:
+ A new option argNameBasedConstructorAutoMapping is added. If
enabled, constructor argument names are used to look up
columns when auto-mapping. #2192
+ Added a new property skipSetAutoCommitOnClose to
JdbcTransactionFactory. Skipping setAutoCommit() call could
improve performance with some drivers. #2426
+ <idArg /> can now be listed after <arg /> in <constructor />.
#2541
Version update to 3.5.11:
* Bug fixes:
+ OGNL could throw IllegalArgumentException when invoking
inherited method. #2609
+ returnInstanceForEmptyRow is not applied to constructor
auto-mapping. #2665
Version update to 3.5.12
* User impactful changes
+ #2703 Referencing collection parameter by name fails fixing
#2693
+ #2709 Fix a race condition caused by other threads calling
mapper methods while mapped tables are being constructed
+ #2727 Enable ability to provide custom configuration to
XMLConfigBuilder
+ #2731 Adding mapper could fail under JPMS
+ #2741 Add 'affectedData' attribute to @select,
@SelectProvider, and <select />
+ #2767 Resolve resultType by namespace and id when not
provided resultType and resultMap
+ #2804 Search readable property when resolving constructor arg
type by name
+ Minor correction: 'boolean' can never be null (primative)
+ General library updates
+ Uses parameters option for compiler now (needed by spring boot
3) (for reflection needs)
* Code cleanup
+ #2816 Use open rewrite to partially cleanup java code
+ #2817 Add private constructors per open rewrite
+ #2819 Add final where appropriate per open rewrite
+ #2825 Cleanup if statement breaks / return logic
+ #2826 Eclipse based cleanup
* Build
+ #2820 Remove test ci group profile in favor of more direct
usage on GH-Actions and update deprecated surefire along in
overview in README.md
+ Adjustments to build so shaded ognl and javassist no longer
throw warnings
+ Build with jdk 21-ea as well now
+ Various test cleanup, updates, and additions
+ Turn on auto formatting of all java code including note to
contributors on readme to skip formatting when necessary in
code blocks
+ Tests may use jdk 11 now while retaining jdk 8 runtime
+ Pom cleanup / better clarification on parameters
* Documentation
+ Various documentation updates
Version update to 3.5.13:
* Bug fix:
+ Unable to resolve result type when the target property has
a getter with different return type #2834
Version update to 3.5.14:
* Bug fixes:
+ Registered type handler is not used for anonymous enums #2956
+ Discriminator does not work in constructor mapping #2913
Version update to 3.5.15:
* Changes
+ XNode#toString() should output all child nodes. See #3001 and
associated tickets on this issue
+ Fix performance of mappedColumnNames.contains by using 'set'
rather than 'list'. See #3023
+ Fix osgi issue with javassist. See #3031
+ Updated shaded OGNL to 3.4.2. See #3035
+ Add support method for generating dynamic sql on SQL class.
See #2887
+ General library updates
+ General document updates
* Build
+ We now show builds from java 11, 17, 21, and 22 on Github
Actions. Code is still java 8 compatible at this time.
+ Update vulnerable hsqldb to 2.7.2 fixing our tests that now
work due to newer support. Note, users were never affected by
this but at least one user pull request was attempted opened
in addition to both renovate and dependabot and various
reporting on it.
+ Now using more properties to define versions in pom to lower
the frequency of pull requests from renovate
Version update to 3.5.16:
* Security:
+ Prevent Invocation from being used by vulnerable applications.
#3115
* Bugs:
+ When database ID resolution is failed, invalid bound statement
is used. #3040
* Enhancements:
+ It is now possible to write a custom map wrapper to customize
how to map column name with dots or brackets. #13 #3062
* Performance:
+ Improved compatibility with Virtual Threads introduced by
Loom.
+ Reduced memory footprint when performing the default (i.e.
order based) constructor auto-mapping. #3113
* Build:
+ Include the shaded libraries (OGNL and Javassist) in the
sources.jar.
Version update to 3.5.17:
* Bugs:
+ VendorDatabaseIdProvider#getDatabaseId() should return product
name when properties is empty #3297
+ Update NClobTypeHandler to use methods for national character
set #3298
* Enhancements:
+ Allow DefaultSqlSessionFactory to provide a custom
SqlSession #3128
Version update to 3.5.18:
* Regressions
+ Fixed issue in 3.5.17 #3334
* New
+ Ignore empty xnode per #3349
+ Share expression validator #3339
+ Throw helpful error instead of IndexOutOfBoundsException
(automapping) #3327
+ Optimize mapper builder #3252
* Tests
+ Add TransactionFactory, Transaction test cases #3277
* Build
+ Reworked pom to match current java 17 build usage
+ Moved all tests to newer java standards
+ Cleaned up github actions
+ Run 'site' branch only on release commits
Version update to 3.5.19:
* Revert Regression introduced by #3349.
- Initial packaging with version 3.4.7
ognl replaces the EOLed apache-commons-ognl that has an unpatched
security bug (bsc#1248252, CVE-2025-53192)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3546-1
Released: Sat Oct 11 03:21:33 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3804-1
Released: Mon Oct 27 12:35:04 2025
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1251263,CVE-2025-9187
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3839-1
Released: Tue Oct 28 15:41:20 2025
Summary: Maintenance update for Multi-Linux Manager 5.1.1
Type: security
Severity: important
References: 1229825,1240882,1241880,1243331,1243486,1243611,1243704,1244027,1244127,1244219,1244424,1244552,1245099,1245120,1245702,1246068,1246277,1246320,1246421,1246553,1246654,1246663,1246789,1246882,1246906,1247688,1247836,1248085,1248252,1248804,1249059,1249434,1250911,1251278,CVE-2025-53192,CVE-2025-53880
Maintenance update for Multi-Linux Manager 5.1.1: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- glibc-2.38-150600.14.37.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libopenssl3-3.2.3-150700.5.21.1 updated
- libgcrypt20-1.11.0-150700.5.7.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated
- libreadline7-7.0-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- openssl-3-3.2.3-150700.5.21.1 updated
- bash-4.4-150400.27.6.1 updated
- libfreebl3-3.112.2-150400.3.60.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- libsystemd0-254.27-150600.4.43.3 updated
- mozilla-nss-certs-3.112.2-150400.3.60.1 updated
- mozilla-nss-3.112.2-150400.3.60.1 updated
- libsoftokn3-3.112.2-150400.3.60.1 updated
- java-17-openjdk-headless-17.0.16.0-150400.3.57.1 added
- ognl-3.4.7-150200.5.3.1 added
- mybatis-3.5.19-150200.5.9.1 updated
- uyuni-java-common-5.1.5-150700.3.5.2 updated
- uyuni-coco-attestation-core-5.1.5-150700.3.5.2 updated
- uyuni-coco-attestation-module-snpguest-5.1.5-150700.3.5.2 updated
- uyuni-coco-attestation-module-secureboot-5.1.5-150700.3.5.2 updated
- container:bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated
- apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 removed
- java-11-openjdk-headless-11.0.27.0-150000.3.125.1 removed
- libglib-2_0-0-2.78.6-150600.4.16.1 removed
- libgraphite2-3-1.3.14-150600.1.5 removed
- libharfbuzz0-8.3.0-150600.1.3 removed
More information about the sle-container-updates
mailing list