JDK 17.0.1 Release Notes

Java™ SE Development Kit 17.0.1 (JDK 17.0.1)

October 19, 2021

The full version string for this update release is 17.0.1+12 (where "+" means "build"). The version number is 17.0.1.

IANA TZ Data 2021a

For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.1 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
17 17.0.1+12
11 11.0.13+10
8 8u311-b11
7 7u321-b08


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.1) be used after the next critical patch update scheduled for January 18, 2022.

Removed Features and Options

 Removed IdenTrust Root Certificate

The following root certificate from IdenTrust has been removed from the cacerts keystore:

+ alias name "identrustdstx3 [jdk]"

  Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.

Other Notes

 Release Doesn't Correctly Recognize Windows 11

This release doesn't correctly identify Windows 11. The property is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

 System Property to Control Reconstruction of Reference Address Objects by JDK's Built-in JNDI LDAP Implementation

The scope of the com.sun.jndi.ldap.object.trustSerialData system property has been extended to control the deserialization of java objects from the javaReferenceAddress LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData and javaReferenceAddress LDAP attributes.

To prevent deserialization of java objects from these attributes, the system property can be set to false. By default, the deserialization of java objects from javaSerializedData and javaReferenceAddress attributes is allowed.

JDK-8267712 (not public)

 Release Doesn't Correctly Recognize Windows Server 2022

This release doesn't correctly identify Windows Server 2022. The property is set to Windows Server 2019 on Windows Server 2022. In HotSpot error logs the OS is identified as Windows Server 2019; however, the HotSpot error log does show the Build number. Windows Server 2022 has Build 20348, or above.

 OperatingSystemMXBean.getProcessCpuLoad Is Now Container Aware

For JVMs running in a container, OperatingSystemMXBean.getProcessCpuLoad now considers only the CPU resources available to the container when calculating CPU load. Prior to this change, the calculation included all CPUs on a host. After this change, management agents may report higher CPU usage by JVMs in containers that are constrained to a limited set of CPUs.


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.1:

# JBS Component Subcomponent Sumary
1 JDK-8262731 client-libs 2d [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
2 JDK-8273358 client-libs 2d macOS Monterey does not have the font Times needed by Serif
3 JDK-8272602 client-libs java.awt [macos] not all KEY_PRESSED events sent when control modifier is used
4 JDK-8272806 client-libs java.awt [macOS] "Apple AWT Internal Exception" when input method is changed
5 JDK-8267666 core-svc tools Add option to jcmd GC.heap_dump to use existing file
6 JDK-8271925 hotspot compiler ZGC: Arraycopy stub passes invalid oop to load barrier
7 JDK-8271589 hotspot compiler fatal error with variable shift count integer rotate operation.
8 JDK-8271203 hotspot compiler C2: assert(iff->Opcode() == Op_If || iff->Opcode() == Op_CountedLoopEnd || iff->Opcode() == Op_RangeCheck) failed: Check this code when new subtype is added
9 JDK-8270098 hotspot compiler ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert
10 JDK-8272131 hotspot compiler PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
11 JDK-8271276 hotspot compiler C2: Wrong JVM state used for receiver null check
12 JDK-8268019 hotspot compiler C2: assert(no_dead_loop) failed: dead loop detected
13 JDK-8268261 hotspot compiler C2: assert(n != __null) failed: Bad immediate dominator info.
14 JDK-8269574 hotspot compiler C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
15 JDK-8272124 hotspot runtime Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
16 JDK-8269934 hotspot runtime failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
17 JDK-8225082 security-libs Remove IdenTrust certificate that is expiring in September 2021
18 JDK-8268427 security-libs Improve AlgorithmConstraints:checkAlgorithm performance
19 JDK-8225083 security-libs Remove Google certificate that is expiring in December 2021
20 JDK-8273150 security-libs Revert "8225083: Remove Google certificate that is expiring in December 2021"
21 JDK-8270344 security-libs Session resumption errors