This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition . - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition . - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE . - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition . - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise . - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition . - CVE-2022-21549: Fixed exponentials issue . - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic . - CVE-2022-34169; Fixed an integer truncation issue in Xalan . - CVE-2022-21540: Fixed a class compilation issue . - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with "kill -3" SIGQUIT signal freezes Java process