java

JDK 17.0.3 Release Notes

Java SE 17.0.3.1 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.3 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

Changes in Java SE 17.0.3.1.1

Fixes from the prior BPR are included in this version.


Java™ SE Development Kit 17, Patch 17.0.3.1 (JDK 17.0.3.1)

May 2, 2022

The full version string for this update release is 17.0.3.1+2 (where "+" means "build"). The version number is 17.0.3.1.

 

IANA TZ Data 2022a

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines are unchanged from the release of JDK 17.0.3.

JRE Family Version JRE Security Baseline (Full Version String)
17 17.0.3+8
11 11.0.15+8
8 8u331-b09
7 7u341-b08

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.3.1) be used after the next critical patch update scheduled for July 19, 2022.

 

Changes

 

core-libs/java.io
 New System Property to Disable Windows Alternate Data Stream Support in java.io.File

The Windows implementation of java.io.File allows access to NTFS Alternate Data Streams (ADS) by default. Such streams have a structure like “filename:streamname”. A system property jdk.io.File.enableADS has been added to control this behavior. To disable ADS support in java.io.File, the system property jdk.io.File.enableADS should be set to false (case ignored). Stricter path checking however prevents the use of special devices such as NUL:

See JDK-8285445

 

Bug Fixes

This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:

JBS Component Subcomponent Sumary
JDK-8284920 xml javax.xml.path Incorrect Token type causes XPath expression to return incorrect results
JDK-8284548 xml jaxp Invalid XPath expression causes StringIndexOutOfBoundsException


Java SE 17.0.3 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.3 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

 

Changes in Java SE 17.0.3.0.1

Bug Fixes

BugId Category Subcategory Description
JDK-8281181 hotspot runtime Do not use CPU Shares to compute active processor count
JDK-8282583 xml jaxp Update BCEL md to include the copyright notice
JDK-8283350 core-libs java.time (tz) Update Timezone Data to 2022a

Java™ SE Development Kit 17.0.3 (JDK 17.0.3)

April 19, 2022

The full version string for this update release is 17.0.3+8 (where "+" means "build"). The version number is 17.0.3.

 

IANA TZ Data 2021e

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.3 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
17 17.0.3+8
11 11.0.15+8
8 8u331-b09
7 7u341-b08

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.3) be used after the next critical patch update scheduled for July 19, 2022.

 

New Features

xml/jaxp
 New XML Processing Limits

Three processing limits have been added to the XML libraries. These are:

  • jdk.xml.xpathExprGrpLimit

Description: Limits the number of groups an XPath expression can contain.

Type: integer

Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10.

  • jdk.xml.xpathExprOpLimit

Description: Limits the number of operators an XPath expression can contain.

Type: integer

Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 100.

  • jdk.xml.xpathTotalOpLimit

Description: Limits the total number of XPath operators in an XSL Stylesheet.

Type: integer

Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, a NumberFormatException is thrown. Default 10000.

Supported processors

  • jdk.xml.xpathExprGrpLimit and jdk.xml.xpathExprOpLimit are supported by the XPath processor.

  • All three limits are supported by the XSLT processor.

Setting properties

For the XSLT processor, the properties can be changed through the TransformerFactory. For example,

        TransformerFactory factory = TransformerFactory.newInstance();

        factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");

For both the XPath and XSLT processors, the properties can be set through the system property and jaxp.properties configuration file located in the conf directory of the Java installation. For example,

        System.setProperty("jdk.xml.xpathExprGrpLimit", "20");

or in the jaxp.properties file,

        jdk.xml.xpathExprGrpLimit=20

 

There are two known issues:

  1. An XPath expression that contains a short form of the parent axis ".." can return incorrect results. See JDK-8284920 for details.
  2. An invalid XPath expression that ends with a relational operator such as ‘<’ ‘>’ and ‘=’ will cause the processor to erroneously throw StringIndexOutOfBoundsException instead of XPathExpressionException. See JDK-8284548 for details.
JDK-8270504 (not public)

Other Notes

security-libs/java.security
 Only Expose Certificates With Proper Trust Settings as Trusted Certificate Entries in macOS KeychainStore

On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling the KeyStore::setCertificateEntry method or the keytool -importcert command on a KeychainStore keystore now fails with a KeyStoreException. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.

JDK-8278449 (not public)

core-libs/javax.naming
 Parsing of URL Strings in Built-in JNDI Providers Is More Strict

The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers has been made more strict. The strength of the parsing can be controlled by system properties:

  -Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict"    (to control "ldap:" URLs)

  -Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict"     (to control "dns:" URLs)
  -Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict"     (to control "rmi:" URLs)

 

The default value is "compat" for all of the three providers.

  • The "legacy" mode turns the new validation off.
  • The "compat" mode limits incompatibilities.
  • The "strict" mode is stricter and may cause regression by rejecting URLs that an application might consider as valid.

In "compat" and "strict" mode, more validation is performed. As an example, in the URL authority component, the new parsing only accepts brackets around IPv6 literal addresses. Developers are encouraged to use java.net.URI constructors or its factory method to build URLs rather than handcrafting URL strings.

If an illegal URL string is found, a java.lang.IllegalArgumentException or a javax.naming.NamingException (or a subclass of it) is raised.

JDK-8278972 (not public)

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.3:

# JBS Component Subcomponent Sumary
1 JDK-8270874 client-libs 2d JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
2 JDK-8275650 core-libs java.io Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
3 JDK-8279833 core-libs java.lang Loop optimization issue in String.encodeUTF8_UTF16
4 JDK-8274658 core-libs java.util:i18n ISO 4217 Amendment 170 Update
5 JDK-8277795 core-libs javax.naming LDAP connection timeout not honoured under contention
6 JDK-8277777 hotspot compiler [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad
7 JDK-8277441 hotspot compiler CompileQueue::add fails with assert(_last->next() == __null) failed: not last
8 JDK-8275610 hotspot compiler C2: Object field load floats above its null check resulting in a segfault
9 JDK-8275326 hotspot compiler C2: assert(no_dead_loop) failed: dead loop detected
10 JDK-8262134 hotspot compiler compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt"
11 JDK-8277447 hotspot compiler Hotspot C1 compiler crashes on Kotlin suspend fun with loop
12 JDK-8273277 hotspot compiler C2: Move conditional negation into rc_predicate
13 JDK-8271202 hotspot compiler C1: assert(false) failed: live_in set of first block must be empty
14 JDK-8275645 hotspot compiler [JVMCI] avoid unaligned volatile reads on AArch64
15 JDK-8271056 hotspot compiler C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity
16 JDK-8275643 hotspot compiler C2's unaryOp vector intrinsic does not properly handle LongVector.neg
17 JDK-8275847 hotspot compiler Scheduling fails with "too many D-U pinch points" on small method
18 JDK-8275874 hotspot compiler [JVMCI] only support aligned reads in c2v_readFieldValue
19 JDK-8279076 hotspot compiler C2: Bad AD file when matching SqrtF with UseSSE=0
20 JDK-8275330 hotspot compiler C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
21 JDK-8276314 hotspot compiler [JVMCI] check alignment of call displacement during code installation
22 JDK-8279225 hotspot compiler [arm32] C1 longs comparison operation destroys argument registers
23 JDK-8279412 hotspot compiler [JVMCI] failed speculations list must outlive any nmethod that refers to it
24 JDK-8278871 hotspot compiler [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
25 JDK-8278824 hotspot gc Uneven work distribution when scanning heap roots in G1
26 JDK-8276177 hotspot jvmti nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
27 JDK-8275800 hotspot jvmti Redefinition leaks MethodData::_extra_data_lock
28 JDK-8278239 hotspot jvmti vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d
29 JDK-8276184 hotspot runtime Exclude lambda proxy class from the CDS archive if its caller class is excluded
30 JDK-8274714 hotspot runtime Incorrect verifier protected access error message
31 JDK-8277342 hotspot runtime vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
32 JDK-8276662 hotspot runtime Scalability bottleneck in SymbolTable::lookup_common()
33 JDK-8266490 hotspot runtime Extend the OSContainer API to support the pids controller of cgroups
34 JDK-8278020 hotspot runtime ~13% variation in Renaissance-Scrabble
35 JDK-8278384 hotspot runtime Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
36 JDK-8273967 hotspot runtime gtest os.dll_address_to_function_and_library_name_vm fails on macOS12
37 JDK-8274753 hotspot runtime ZGC: SEGV in MetaspaceShared::link_shared_classes
38 JDK-8274944 hotspot runtime AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info
39 JDK-8273526 hotspot runtime Extend the OSContainer API pids controller with pids.current
40 JDK-8274935 hotspot runtime dumptime_table has stale entry
41 JDK-8278309 hotspot runtime [windows] use of uninitialized OSThread::_state
42 JDK-8273341 hotspot runtime Update Siphash to version 1.0
43 JDK-8278951 hotspot runtime containers/cgroup/PlainRead.java fails on Ubuntu 21.10
44 JDK-8265150 hotspot svc AsyncGetCallTrace crashes on ResourceMark
45 JDK-8269849 hotspot test vmTestbase/gc/gctests/PhantomReference/phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects"
46 JDK-8273682 tools jshell Upgrade Jline to 3.20.0
47 JDK-8276141 xml jaxp XPathFactory set/getProperty method
48 JDK-8282761 xml jaxp XPathFactoryImpl remove setProperty and getProperty methods