JDK 17.0.7 Release Notes

Java SE 17.0.7 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.7 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.


Changes in Java SE

Bug Fixes

BugId Category Subcategory Description
JDK-8308884 hotspot compiler [17u/11u] Backout JDK-8297951

Java™ SE Development Kit 17, Update 17.0.7 (JDK 17.0.7)

April 18, 2023

The full version string for this update release is 17.0.7+8 (where "+" means "build"). The version number is 17.0.7.


IANA TZ Data 2022g

JDK 17.0.7 contains IANA time zone data 2022g which contains the following changes:

  • The northern edge of Chihuahua changes to US timekeeping.
  • Much of Greenland stops changing clocks after March 2023.
  • Fix some pre-1996 timestamps in northern Canada.
  • C89 is now deprecated; please use C99 or later.
  • Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.
  • In C code, use more C23 features if available.
  • C23 timegm now supported by default.
  • Fixes for unlikely integer overflows.

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.7 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 17.0.7) after the next critical patch update release, scheduled for July 18, 2023.


New Features

 New JFR Event: jdk.InitialSecurityProperty (JDK-8292177)

A new Java Flight Recorder (JFR) event has been added to record details of initial security properties when loaded via the class.

The new event name is jdk.InitialSecurityProperty and contains the following fields:

Field name Field Description
key Security Property Key
value Corresponding Security Property Value

This new JFR event is enabled by default. The system property will also now print initial security properties to the standard error stream. With this new event and the already available jdk.SecurityPropertyModification event (when enabled since it is not enabled by default), a JFR recording can now monitor the initial settings of all security properties and any subsequent changes.


Other Notes

 System Property to Handle HTML ObjectView Creation (JDK-8296832 (Not Public))

Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true.

 Added Certigna(Dhimyotis) CA Certificate (JDK-8245654)

The following root certificate has been added to the cacerts truststore:

+ Certigna (Dhimyotis)
   + certignaca
      DN: CN=Certigna, O=Dhimyotis, C=FR

 File::listRoots Changed to Return All Available Drives on Windows (JDK-8208077)

The behavior of the method on Microsoft Windows has changed in this release so that the returned array includes a File object for all available disk drives. This differs from the behavior in JDK 10 to JDK 20, where this method filtered out disk drives that were not accessible or did not have media present. This change avoids performance issues observed in these releases and also ensures that the method is consistent with the root directories in the iteration returned by FileSystem.getDefault().getRootDirectories().

 Throw Error If Default File Fails to Load (JDK-8155246)

A behavioral change has been made in the case where the default conf/security/ security configuration file fails to load. In such a scenario, the JDK will now throw an InternalError.

Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded.

 Crypto-J Exception for Diffie-Hellman and DSA AlgorithmParameters Requests (JDK-8278027)

Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:

Exception in thread "main" Could not decode parameters. at Source) at

Dell BSAFE Crypto-J version has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.7:

# JBS Component Summary
1JDK-8282577client-libs/2dICC_Profile.setData(int, byte[]) invalidates the profile
2JDK-8285399client-libs/2dJNI exception pending in awt_GraphicsEnv.c:1432
3JDK-8284023client-libs/java.awtjava.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
4JDK-8296496client-libs/java.awtOverzealous check in sizecalc.h prevents large memory allocation
5JDK-8279614client-libs/java.awtThe left line of the TitledBorder is not painted on 150 scale factor
6JDK-8288332client-libs/java.awtTier1 validate-source fails after 8279614
7JDK-8295685client-libs/java.awtUpdate Libpng to 1.6.38
8JDK-8292948client-libs/javax.swingJEditorPane ignores font-size styles in external linked css-file
9JDK-8282958client-libs/javax.swingRendering Issues with Borders on Windows High-DPI systems
10JDK-8294378core-libs/java.netURLPermission constructor exception when using tr locale
11JDK-8297569core-libs/java.netURLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
12JDK-8299439core-libs/java.textjava/text/Format/NumberFormat/ fails for hr_HR
13JDK-8295530core-libs/java.util.jarUpdate Zlib Data Compression Library to Version 1.2.13
14JDK-8287180core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-08-08
15JDK-8267038core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-03-02
16JDK-8296239core-libs/java.util:i18nISO 4217 Amendment 174 Update
17JDK-8292778core-svc/java.lang.instrumentEncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free
18JDK-8292541core-svc/[Metrics] Reported memory limit may exceed physical machine memory
19JDK-8297656performance/hotspotAArch64: Enable AES/GCM Intrinsics
20JDK-8268276hotspot/compilerBase64 Decoding optimization for x86 using AVX-512
21JDK-8269404hotspot/compilerBase64 Encoding optimization enhancements for x86 using AVX-512
22JDK-8273108hotspot/compilerRunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276
23JDK-8273459hotspot/compilerUpdate code segment alignment to 64 bytes
24JDK-8296958hotspot/compiler[JVMCI] add API for retrieving ConstantValue attributes
25JDK-8296961hotspot/compiler[JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField
26JDK-8296960hotspot/compiler[JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool
27JDK-8296967hotspot/compiler[JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod
28JDK-8282528hotspot/compilerAArch64: Incorrect replicate2L_zero rule
29JDK-8277137hotspot/compilerSet OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1
30JDK-8294902hotspot/compilerUndefined Behavior in C2 regalloc with null references
31JDK-8290322hotspot/compilerOptimize Vector.rearrange over byte vectors for AVX512BW targets.
32JDK-8295066hotspot/compilerFolding of loads is broken in C2 after JDK-8242115
33JDK-8296912hotspot/compilerC2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1
34JDK-8294538hotspot/compilermissing is_unloading() check in SharedRuntime::fixup_callers_callsite()
35JDK-8292602hotspot/compilerZGC: C2 late barrier analysis uses invalid dominator information
36JDK-8292660hotspot/compilerC2: blocks made unreachable by NeverBranch-to-Goto conversion are removed incorrectly
37JDK-8292285hotspot/compilerC2: remove unreachable block after NeverBranch-to-Goto conversion
38JDK-8290964hotspot/compilerC2 compilation fails with assert "non-reduction loop contains reduction nodes"
39JDK-8281122hotspot/compiler[IR Framework] Cleanup IR matching code in preparation for JDK-8280378
40JDK-8276064hotspot/compilerCheckCastPP with raw oop input floats below a safepoint
41JDK-8296924hotspot/compilerC2: assert(is_valid_AArch64_address( failed: bad address
42JDK-8290850hotspot/compilerC2: create_new_if_for_predicate() does not clone pinned phi input nodes resulting in a broken graph
43JDK-8297431hotspot/compiler[JVMCI] HotSpotJVMCIRuntime.encodeThrowable should not throw an exception
44JDK-8285835hotspot/compilerSIGSEGV in PhaseIdealLoop::build_loop_late_post_work
45JDK-8295788hotspot/compilerC2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node"
46JDK-8297951hotspot/compilerC2: Create skeleton predicates for all If nodes in loop predication
47JDK-8297264hotspot/compilerC2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top
48JDK-8295116hotspot/compilerC2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead
49JDK-8242115hotspot/compilerC2 SATB barriers are not safepoint-safe
50JDK-8292301hotspot/compiler[REDO v2] C2 crash when allocating array of size too large
51JDK-8296136hotspot/compilerUse correct register in aarch64_enc_fast_unlock()
52JDK-8296389hotspot/compilerC2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors
53JDK-8272985hotspot/gcReference discovery is confused about atomicity and degree of parallelism
54JDK-8296733hotspot/jfrJFR: File Read event for RandomAccessFile::write(byte[]) is incorrect
55JDK-8283199hotspot/runtimeLinux os::cpu_microcode_revision() stalls cold startup
56JDK-8271506hotspot/runtimeAdd ResourceHashtable support for deleting selected entries
57JDK-8294160hotspot/runtimemisc crash dump improvements
58JDK-8048190hotspot/runtimeNoClassDefFoundError omits original ExceptionInInitializerError
59JDK-8293472hotspot/runtimeIncorrect container resource limit detection if manual cgroup fs mounts present
60JDK-8287011hotspot/runtimeImprove container information
61JDK-8286030hotspot/runtimeAvoid JVM crash when containers share the same /tmp dir
62JDK-8262386hotspot/svc-agentresourcehogs/serviceability/sa/ timed out
63JDK-8297918infrastructureRemove platform dependency in corelibs-atr and langtools-atr task definition files
64JDK-8298349install/install/usr/java/latest points to wrong JDK
65JDK-8298330install/install/usr/java/latest is missing after one of JDK rpms is uninstalled
66JDK-8280890security-libs/java.securityCannot use '-Djava.system.class.loader' with class loader in signed JAR
67JDK-8292297security-libs/java.securityFix up loading of override properties file
68JDK-8293701core-svc/toolsjdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present
69JDK-8296619tools/javadoc(tool)Upgrade jQuery to 3.6.1