JDK 17.0.10 Release Notes

Java SE 17.0.10 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.10 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.


Changes in Java SE

Bug Fixes

January 16, 2024

Fixes from the prior BPR are included in this version.

Java™ SE Development Kit 17, Update 17.0.10 (JDK 17.0.10)

January 16, 2024

The full version string for this update release is 17.0.10+11 (where "+" means "build"). The version number is 17.0.10.


IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 17.0.10 are specified in the following table:

Java Family Version Security Baseline (Full Version String)


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.10) be used after the next critical patch update scheduled for April 16, 2024.

Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider using Java Management Service (JMS).


New Features

 New System Property to Toggle XML Signature Secure Validation Mode (JDK-8301260)

A new system property named has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the XMLCryptoContext property value.

By default, secure validation mode is enabled. Disabling secure validation mode is done at your own risk.


Known Issues

 Potential Performance Regression Due to Limited Range Check Elimination (JDK-8314468 (not public))

When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.

This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine or -XX:TieredStopAtLevel=[1,2,3].


Other Notes

 Increase Default Value of the System Property jdk.jar.maxSignatureFileSize (JDK-8312489)

The system property, jdk.jar.maxSignatureFileSize, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).

 Added Four Root Certificates from DigiCert, Inc. (JDK-8318759)

The following root certificates have been added to the cacerts truststore:

+ DigiCert, Inc.

  + digicertcseccrootg5
    DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicertcsrsarootg5
    DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlseccrootg5
    DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlsrsarootg5
    DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US

 Added Three Root Certificates from eMudhra Technologies Limited (JDK-8319187)

The following root certificates have been added to the cacerts truststore:

+ eMudhra Technologies Limited

  + emsignrootcag1
    DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsigneccrootcag3
    DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsignrootcag2
    DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

 Added Telia Root CA v2 Certificate (JDK-8317373)

The following root certificate has been added to the cacerts truststore:

+ Telia Root CA v2

  + teliarootcav2
    DN: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI

 Added ISRG Root X2 CA Certificate from Let's Encrypt (JDK-8317374)

The following root certificate has been added to the cacerts truststore:

+ Let's Encrypt

  + letsencryptisrgx2
    DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US

 Call X509KeyManager.chooseClientAlias Once for All Key Types (JDK-8262186)

The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias() only once during handshaking for client authentication, even if there are multiple algorithms requested .


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.10:

# JBS Component Summary
1JDK-8238436client-libs/java.awtjava/awt/Frame/FrameLocationTest/ fails
2JDK-8294427client-libs/javax.swingCheck boxes and radio buttons have rendering issues on Windows in High DPI env
3JDK-8282444core-libs/java.lang.moduleModule finder incorrectly assumes default file system path-separator character
4JDK-8293659core-libs/java.lang:class_loadingImprove UnsatisfiedLinkError error message to include dlopen error details
5JDK-8299015core-libs/java.netEnsure that HttpResponse.BodySubscribers.ofFile writes all bytes
6JDK-8274562core-libs/java.nio(fs) UserDefinedFileAttributeView doesn't correctly determine if supported when using OverlayFS
7JDK-8273162core-libs/java.utilAbstractSplittableWithBrineGenerator does not create a random salt
8JDK-8301637core-libs/java.util.concurrentThreadLocalRandom.current().doubles().parallel() contention
9JDK-8314263core-libs/java.util.loggingSigned jars triggering Logger finder recursion and StackOverflowError
10JDK-8303440core-libs/java.util:i18nThe "ZonedDateTime.parse" may not accept the "UTC+XX" zone id
11JDK-8313657core-libs/javax.namingcom.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors
12JDK-8314063core-libs/javax.namingThe socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
13JDK-8299658hotspot/compilerC1 compilation crashes in LinearScan::resolve_exception_edge
14JDK-8301489hotspot/compilerC1: ShortLoopOptimizer might lift instructions before their inputs
15JDK-8313626hotspot/compilerC2 crash due to unexpected exception control flow
16JDK-8313402hotspot/compilerC1: Incorrect LoadIndexed value numbering
17JDK-8312909hotspot/compilerC1 should not inline through interface calls with non-subtype receiver
18JDK-8303279hotspot/compilerC2: crash in SubTypeCheckNode::sub() at IGVN split if
19JDK-8304954hotspot/compilerSegmentedCodeCache fails when using large pages
20JDK-8316178hotspot/compilerBetter diagnostic header for CodeBlobs
21JDK-8315377hotspot/compilerC2: assert(u->find_out_with(Op_AddP) == nullptr) failed: more than 2 chained AddP nodes?
22JDK-8316514hotspot/compilerBetter diagnostic header for VtableStub
23JDK-8314024hotspot/compilerSIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info
24JDK-8313262hotspot/compilerC2: Sinking node may cause required cast to be dropped
25JDK-8312440hotspot/compilerassert(cast != nullptr) failed: must have added a cast to pin the node
26JDK-8313756hotspot/compiler[BACKOUT] 8308682: Enhance AES performance
27JDK-8313760hotspot/compiler[REDO] Enhance AES performance
28JDK-8308103hotspot/compilerMassive (up to ~30x) increase in C2 compilation time since JDK 17
29JDK-8309119hotspot/compiler[17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication
30JDK-8307683hotspot/compilerLoop Predication should not hoist range checks with trap on success projection by negating their condition
31JDK-8275333hotspot/gcPrint count in "Too many recored phases?" assert
32JDK-8316906hotspot/gcClarify TLABWasteTargetPercent flag
33JDK-8270894hotspot/runtimeUse acquire semantics in ObjectSynchronizer::read_stable_mark()
34JDK-8305994hotspot/runtimeGuarantee eventual async monitor deflation
35JDK-8309228hotspot/runtimeClarify EXPERIMENTAL flags comment in hotspot/share/runtime/globals.hpp
36JDK-8306825hotspot/runtimeMonitor deflation might be accidentally disabled by zero intervals
37JDK-8279545hotspot/runtimeBuffer overrun in reverse_words of sharedRuntime_x86_64.cpp:3517
38JDK-8283326hotspot/runtimeImplement SafeFetch statically
39JDK-8314679hotspot/svc-agentSA fails to properly attach to JVM after having just detached from a different JVM
40JDK-8320597security-libs/java.securityRSA signature verification fails on signed data that does not encode params correctly
41JDK-8302017security-libs/java.securityAllocate BadPaddingException only if it will be thrown
42JDK-8311592security-libs/javax.cryptoECKeySizeParameterSpec causes too many exceptions on third party providers
43JDK-8313742security-libs/javax.cryptoZipFile.getManifestName fails during jar verification for Spring Boot
44JDK-8291154tools/javacCreate a non static nested class without enclosing class throws VerifyError
45JDK-8301247tools/jpackageJPackage app-image exe launches multiple exe's in JDK 17+
46JDK-8313792tools/jshellVerify 4th party information in src/jdk.internal.le/share/legal/