October 19, 2021
The full version string for this update release is 17.0.1+12 (where "+" means "build"). The version number is 17.0.1.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.1 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
17 | 17.0.1+12 |
11 | 11.0.13+10 |
8 | 8u311-b11 |
7 | 7u321-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.1) be used after the next critical patch update scheduled for January 18, 2022.
The following root certificate from IdenTrust has been removed from the cacerts
keystore:
+ alias name "identrustdstx3 [jdk]"
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
This release doesn't correctly identify Windows 11. The property os.name
is set to Windows 10
on Windows 11. In HotSpot error logs, the OS is identified as Windows 10
; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.
The scope of the com.sun.jndi.ldap.object.trustSerialData
system property has been extended to control the deserialization of java objects from the javaReferenceAddress
LDAP attribute. This system property now controls the deserialization of java objects from the javaSerializedData
and javaReferenceAddress
LDAP attributes.
To prevent deserialization of java objects from these attributes, the system property can be set to false
. By default, the deserialization of java objects from javaSerializedData
and javaReferenceAddress
attributes is allowed.
This release doesn't correctly identify Windows Server 2022. The property os.name
is set to Windows Server 2019
on Windows Server 2022. In HotSpot error logs the OS is identified as Windows Server 2019
; however, the HotSpot error log does show the Build number. Windows Server 2022 has Build 20348, or above.
For JVMs running in a container, OperatingSystemMXBean.getProcessCpuLoad
now considers only the CPU resources available to the container when calculating CPU load. Prior to this change, the calculation included all CPUs on a host. After this change, management agents may report higher CPU usage by JVMs in containers that are constrained to a limited set of CPUs.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.1:
# | JBS | Component | Subcomponent | Sumary |
---|---|---|---|---|
1 | JDK-8262731 | client-libs | 2d | [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" |
2 | JDK-8273358 | client-libs | 2d | macOS Monterey does not have the font Times needed by Serif |
3 | JDK-8272602 | client-libs | java.awt | [macos] not all KEY_PRESSED events sent when control modifier is used |
4 | JDK-8272806 | client-libs | java.awt | [macOS] "Apple AWT Internal Exception" when input method is changed |
5 | JDK-8267666 | core-svc | tools | Add option to jcmd GC.heap_dump to use existing file |
6 | JDK-8271925 | hotspot | compiler | ZGC: Arraycopy stub passes invalid oop to load barrier |
7 | JDK-8271589 | hotspot | compiler | fatal error with variable shift count integer rotate operation. |
8 | JDK-8271203 | hotspot | compiler | C2: assert(iff->Opcode() == Op_If || iff->Opcode() == Op_CountedLoopEnd || iff->Opcode() == Op_RangeCheck) failed: Check this code when new subtype is added |
9 | JDK-8270098 | hotspot | compiler | ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert |
10 | JDK-8272131 | hotspot | compiler | PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj |
11 | JDK-8271276 | hotspot | compiler | C2: Wrong JVM state used for receiver null check |
12 | JDK-8268019 | hotspot | compiler | C2: assert(no_dead_loop) failed: dead loop detected |
13 | JDK-8268261 | hotspot | compiler | C2: assert(n != __null) failed: Bad immediate dominator info. |
14 | JDK-8269574 | hotspot | compiler | C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events |
15 | JDK-8272124 | hotspot | runtime | Cgroup v1 initialization causes NullPointerException when cgroup path contains colon |
16 | JDK-8269934 | hotspot | runtime | RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status |
17 | JDK-8225082 | security-libs | java.security | Remove IdenTrust certificate that is expiring in September 2021 |
18 | JDK-8268427 | security-libs | java.security | Improve AlgorithmConstraints:checkAlgorithm performance |
19 | JDK-8225083 | security-libs | java.security | Remove Google certificate that is expiring in December 2021 |
20 | JDK-8273150 | security-libs | java.security | Revert "8225083: Remove Google certificate that is expiring in December 2021" |
21 | JDK-8270344 | security-libs | javax.net.ssl | Session resumption errors |