OpenJDK 8u312 Security Update for Fedora 33

FEDORA-2021-1cc8ffd122 created by ahughes a year ago for Fedora 33

New in release OpenJDK 8u312 (2021-10-19):

Live versions of these release notes can be found at:

Security fixes

  • JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
  • JDK-8161016: Strange behavior of URLConnection with proxy
  • JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
  • JDK-8254967, CVE-2021-35565: spins on TLS session close
  • JDK-8263314: Enhance XML Dsig modes
  • JDK-8265167, CVE-2021-35556: Richer Text Editors
  • JDK-8265574: Improve handling of sheets
  • JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
  • JDK-8265776: Improve Stream handling for SSL
  • JDK-8266097, CVE-2021-35561: Better hashing support
  • JDK-8266103: Better specified spec values
  • JDK-8266109: More Resilient Classloading
  • JDK-8266115: More Manifest Jar Loading
  • JDK-8266137, CVE-2021-35564: Improve Keystore integrity
  • JDK-8266689, CVE-2021-35567: More Constrained Delegation
  • JDK-8267086: ArrayIndexOutOfBoundsException in
  • JDK-8267712: Better LDAP reference processing
  • JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
  • JDK-8267735, CVE-2021-35586: Better BMP support
  • JDK-8268193: Improve requests of certificates
  • JDK-8268199: Correct certificate requests
  • JDK-8268506: More Manifest Digests
  • JDK-8269618, CVE-2021-35603: Better session identification
  • JDK-8269624: Enhance method selection support
  • JDK-8270398: Enhance canonicalization
  • JDK-8270404: Better canonicalization

Major Changes

  • JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
  • JDK-8219551: Updated the Default Enabled Cipher Suites Preference

FIPS Mode Changes

  • FIPS mode detection now takes place via a call to the NSS library
  • The SunPKCS11 provider in FIPS mode will now eagerly login to the NSS software token on initialisation
  • keytool in FIPS mode now supports importing plain private keys by the provider adding them to the NSS database. This can be disabled using -Dcom.redhat.fips.plainKeySupport=false.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-1cc8ffd122

This update has been submitted for testing by ahughes.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

ahughes edited this update.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago
User Icon jvanek provided feedback a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
7 days
a year ago
in testing
a year ago
in stable
a year ago
a year ago

Automated Test Results