The following sections summarize changes made in all Java SE 17.0.4.1 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
August 18, 2022
The full version string for this update release is 17.0.4.1+1 (where "+" means "build"). The version number is 17.0.4.1.
The security baselines are unchanged from the release of JDK 17.0.4.
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
17 | 17.0.4+11 |
11 | 11.0.16+11 |
8 | 8u341-b10 |
7 | 7u351-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.4.1) be used after the next critical patch update scheduled for October 18, 2022.
Oracle recommends that all JDK 17 users, even those that have already updated to 17.0.4, uptake the 17.0.4.1 patch release.
Fixes a regression in the C2 JIT compiler which caused the Java Runtime to crash unpredictably.
The following sections summarize changes made in all Java SE 17.0.4 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8255439 | client-libs | java.awt | System Tray icons get corrupted when windows scaling changes |
July 19, 2022
The full version string for this update release is 17.0.4+11 (where "+" means "build"). The version number is 17.0.4.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.4 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
17 | 17.0.4+11 |
11 | 11.0.16+11 |
8 | 8u341-b10 |
7 | 7u351-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.4) be used after the next critical patch update scheduled for October 18, 2022.
Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security which can mitigate certain kinds of socially engineered, man in the middle (MITM) attacks. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property jdk.https.negotiate.cbt
which is described fully in the Networking Properties page.
The java.net.InetAddress
class has been updated to strictly accept IPv4 address literals in decimal quad notation. The InetAddress
class methods are updated to throw an java.net.UnknownHostException
for invalid IPv4 address literals. To disable this check, the new "jdk.net.allowAmbiguousIPAddressLiterals" system property can be set to "true".
DeflaterOutputStream.close()
and GZIPOutputStream.finish()
methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry()
method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.
Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.
Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares
command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.4:
# | JBS | Component | Subcomponent | Sumary |
---|---|---|---|---|
1 | JDK-8283217 | client-libs | 2d | Leak FcObjectSet in getFontConfigLocations() in fontpath.c |
2 | JDK-8278604 | client-libs | demo | SwingSet2 table demo does not have accessible description set for images |
3 | JDK-8274751 | client-libs | java.awt | Drag And Drop hangs on Windows |
4 | JDK-8278526 | client-libs | javax.accessibility | [macos] Screen reader reads SwingSet2 JTable row selection as null, dimmed row for last column |
5 | JDK-8279586 | client-libs | javax.accessibility | [macos] custom JCheckBox and JRadioBox with custom icon set: focus is still displayed after unchecking |
6 | JDK-8277922 | client-libs | javax.accessibility | Unable to click JCheckBox in JTable through Java Access Bridge |
7 | JDK-8274735 | client-libs | javax.imageio | javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image |
8 | JDK-8279842 | core-libs | java.net | HTTPS Channel Binding support for Java GSS/Kerberos |
9 | JDK-8282293 | core-libs | java.net | Domain value for system property jdk.https.negotiate.cbt should be case-insensitive |
10 | JDK-8282929 | core-libs | java.text | Localized monetary symbols are not reflected in `toLocalizedPattern` return value |
11 | JDK-8280543 | docs | hotspot | Update the "java" and "jcmd" tool specification for CDS |
12 | JDK-8279219 | hotspot | compiler | [REDO] C2 crash when allocating array of size too large |
13 | JDK-8278796 | hotspot | compiler | Incorrect behavior of FloatVector.withLane on X86 |
14 | JDK-8277906 | hotspot | compiler | Incorrect type for IV phi of long counted loops after CCP |
15 | JDK-8268231 | hotspot | compiler | Aarch64: Use Ldp in intrinsics for String.compareTo |
16 | JDK-8273139 | hotspot | compiler | C2: assert(f <= 1 && f >= 0) failed: Incorrect frequency |
17 | JDK-8280799 | hotspot | compiler | С2: assert(false) failed: cyclic dependency prevents range check elimination |
18 | JDK-8265317 | hotspot | compiler | [vector] assert(payload->is_object()) failed: expected 'object' value for scalar-replaced boxed vector but got: NULL |
19 | JDK-8283451 | hotspot | compiler | C2: assert(_base == Long) failed: Not a Long |
20 | JDK-8282592 | hotspot | compiler | C2: assert(false) failed: graph should be schedulable |
21 | JDK-8282590 | hotspot | compiler | C2: assert(addp->is_AddP() && addp->outcnt() > 0) failed: Don't process dead nodes |
22 | JDK-8282312 | hotspot | compiler | Minor corrections to evbroadcasti32x4 intrinsic on x86 |
23 | JDK-8281811 | hotspot | compiler | assert(_base == Tuple) failed: Not a Tuple after JDK-8280799 |
24 | JDK-8275854 | hotspot | compiler | C2: assert(stride_con != 0) failed: missed some peephole opt |
25 | JDK-8275638 | hotspot | compiler | GraphKit::combine_exception_states fails with "matching stack sizes" assert |
26 | JDK-8256368 | hotspot | compiler | Avoid repeated upcalls into Java to re-resolve MH/VH linkers/invokers |
27 | JDK-8283641 | hotspot | compiler | Large value for CompileThresholdScaling causes assert |
28 | JDK-8283408 | hotspot | compiler | Fix a C2 crash when filling arrays with unsafe |
29 | JDK-8280867 | hotspot | compiler | Cpuid1Ecx feature parsing is incorrect for AMD CPUs |
30 | JDK-8280600 | hotspot | compiler | C2: assert(!had_error) failed: bad dominance |
31 | JDK-8279837 | hotspot | compiler | C2: assert(is_Loop()) failed: invalid node class: Region |
32 | JDK-8279668 | hotspot | compiler | x86: AVX2 versions of vpxor should be asserted |
33 | JDK-8275337 | hotspot | compiler | C1: assert(false) failed: live_in set of first block must be empty |
34 | JDK-8274983 | hotspot | compiler | C1 optimizes the invocation of private interface methods |
35 | JDK-8280901 | hotspot | compiler | MethodHandle::linkToNative stub is missing w/ -Xint |
36 | JDK-8280526 | hotspot | compiler | x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1} |
37 | JDK-8279356 | hotspot | compiler | Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist! |
38 | JDK-8278948 | hotspot | compiler | compiler/vectorapi/reshape/TestVectorCastAVX1.java crashes in assembler |
39 | JDK-8277180 | hotspot | compiler | Intrinsify recursive ObjectMonitor locking for C2 x64 and A64 |
40 | JDK-8282874 | hotspot | compiler | Bad performance on gather/scatter API caused by different IntSpecies of indexMap |
41 | JDK-8281266 | hotspot | compiler | [JVMCI] MetaUtil.toInternalName() doesn't handle hidden classes correctly |
42 | JDK-8279515 | hotspot | compiler | C1: No inlining through invokedynamic and invokestatic call sites when resolved class is not linked |
43 | JDK-8279822 | hotspot | compiler | CI: Constant pool entries in error state are not supported |
44 | JDK-8279560 | hotspot | compiler | AArch64: generate_compare_long_string_same_encoding and LARGE_LOOP_PREFETCH alignment |
45 | JDK-8279437 | hotspot | compiler | [JVMCI] exception in HotSpotJVMCIRuntime.translate can exit the VM |
46 | JDK-8275830 | hotspot | compiler | C2: Receiver downcast is missing when inlining through method handle linkers |
47 | JDK-8282231 | hotspot | compiler | x86-32: runtime call to SharedRuntime::ldiv corrupts registers |
48 | JDK-8282295 | hotspot | runtime | SymbolPropertyEntry::set_method_type fails with assert |
49 | JDK-8281274 | hotspot | runtime | deal with ActiveProcessorCount in os::Linux::print_container_info |
50 | JDK-8281275 | hotspot | runtime | Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths |
51 | JDK-8281181 | hotspot | runtime | Do not use CPU Shares to compute active processor count |
52 | JDK-8278553 | hotspot | test | RunThese30M.java failed due to errors in JckStressModule.out |
53 | JDK-8281517 | install | install | Improve the error message shown when a user tries to install the aarch64 bundle on an intel mac |
54 | JDK-8278851 | security-libs | java.security | Correct signer logic for jars signed with multiple digest algorithms |
55 | JDK-8255266 | security-libs | java.security | Update Public Suffix List to 3c213aa |
56 | JDK-8274524 | security-libs | javax.net.ssl | SSLSocket.close() hangs if it is called during the ssl handshake |
57 | JDK-8275082 | security-libs | javax.xml.crypto | Update XML Security for Java to 2.3.0 |
58 | JDK-8279520 | security-libs | org.ietf.jgss | SPNEGO has not passed channel binding info into the underlying mechanism |
59 | JDK-8277165 | tools | jdeps --multi-release --print-module-deps fails if module-info.class in different versioned directories | |
60 | JDK-8225559 | tools | javac | assertion error at TransTypes.visitApply |