The following sections summarize changes made in all Java SE 17.0.7 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8308884 | hotspot | compiler | [17u/11u] Backout JDK-8297951 |
The full version string for this update release is 17.0.7+8 (where "+" means "build"). The version number is 17.0.7.
JDK 17.0.7 contains IANA time zone data 2022g which contains the following changes:
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.7 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
17 | 17.0.7+8 |
11 | 11.0.19+9 |
8 | 8u371-b11 |
Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 17.0.7) after the next critical patch update release, scheduled for July 18, 2023.
A new Java Flight Recorder (JFR) event has been added to record details of initial security properties when loaded via the java.security.Security
class.
The new event name is jdk.InitialSecurityProperty
and contains the following fields:
Field name | Field Description |
---|---|
key | Security Property Key |
value | Corresponding Security Property Value |
This new JFR event is enabled by default. The java.security.debug=properties
system property will also now print initial security properties to the standard error stream. With this new event and the already available jdk.SecurityPropertyModification
event (when enabled since it is not enabled by default), a JFR recording can now monitor the initial settings of all security properties and any subsequent changes.
Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object>
tag which allows for subclasses of java.awt.Component
to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true
.
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignaca
DN: CN=Certigna, O=Dhimyotis, C=FR
The behavior of the method java.io.File.listRoots()
on Microsoft Windows has changed in this release so that the returned array includes a File
object for all available disk drives. This differs from the behavior in JDK 10 to JDK 20, where this method filtered out disk drives that were not accessible or did not have media present. This change avoids performance issues observed in these releases and also ensures that the method is consistent with the root directories in the iteration returned by FileSystem.getDefault().getRootDirectories()
.
A behavioral change has been made in the case where the default conf/security/java.security
security configuration file fails to load. In such a scenario, the JDK will now throw an InternalError
.
Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded.
Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:
Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.7:
# | JBS | Component | Summary |
---|---|---|---|
1 | JDK-8282577 | client-libs/2d | ICC_Profile.setData(int, byte[]) invalidates the profile |
2 | JDK-8285399 | client-libs/2d | JNI exception pending in awt_GraphicsEnv.c:1432 |
3 | JDK-8284023 | client-libs/java.awt | java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo |
4 | JDK-8296496 | client-libs/java.awt | Overzealous check in sizecalc.h prevents large memory allocation |
5 | JDK-8279614 | client-libs/java.awt | The left line of the TitledBorder is not painted on 150 scale factor |
6 | JDK-8288332 | client-libs/java.awt | Tier1 validate-source fails after 8279614 |
7 | JDK-8295685 | client-libs/java.awt | Update Libpng to 1.6.38 |
8 | JDK-8292948 | client-libs/javax.swing | JEditorPane ignores font-size styles in external linked css-file |
9 | JDK-8282958 | client-libs/javax.swing | Rendering Issues with Borders on Windows High-DPI systems |
10 | JDK-8294378 | core-libs/java.net | URLPermission constructor exception when using tr locale |
11 | JDK-8297569 | core-libs/java.net | URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 |
12 | JDK-8299439 | core-libs/java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
13 | JDK-8295530 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.2.13 |
14 | JDK-8287180 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-08-08 |
15 | JDK-8267038 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-03-02 |
16 | JDK-8296239 | core-libs/java.util:i18n | ISO 4217 Amendment 174 Update |
17 | JDK-8292778 | core-svc/java.lang.instrument | EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free |
18 | JDK-8292541 | core-svc/java.lang.management | [Metrics] Reported memory limit may exceed physical machine memory |
19 | JDK-8297656 | performance/hotspot | AArch64: Enable AES/GCM Intrinsics |
20 | JDK-8268276 | hotspot/compiler | Base64 Decoding optimization for x86 using AVX-512 |
21 | JDK-8269404 | hotspot/compiler | Base64 Encoding optimization enhancements for x86 using AVX-512 |
22 | JDK-8273108 | hotspot/compiler | RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276 |
23 | JDK-8273459 | hotspot/compiler | Update code segment alignment to 64 bytes |
24 | JDK-8296958 | hotspot/compiler | [JVMCI] add API for retrieving ConstantValue attributes |
25 | JDK-8296961 | hotspot/compiler | [JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField |
26 | JDK-8296960 | hotspot/compiler | [JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool |
27 | JDK-8296967 | hotspot/compiler | [JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod |
28 | JDK-8282528 | hotspot/compiler | AArch64: Incorrect replicate2L_zero rule |
29 | JDK-8277137 | hotspot/compiler | Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1 |
30 | JDK-8294902 | hotspot/compiler | Undefined Behavior in C2 regalloc with null references |
31 | JDK-8290322 | hotspot/compiler | Optimize Vector.rearrange over byte vectors for AVX512BW targets. |
32 | JDK-8295066 | hotspot/compiler | Folding of loads is broken in C2 after JDK-8242115 |
33 | JDK-8296912 | hotspot/compiler | C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 |
34 | JDK-8294538 | hotspot/compiler | missing is_unloading() check in SharedRuntime::fixup_callers_callsite() |
35 | JDK-8292602 | hotspot/compiler | ZGC: C2 late barrier analysis uses invalid dominator information |
36 | JDK-8292660 | hotspot/compiler | C2: blocks made unreachable by NeverBranch-to-Goto conversion are removed incorrectly |
37 | JDK-8292285 | hotspot/compiler | C2: remove unreachable block after NeverBranch-to-Goto conversion |
38 | JDK-8290964 | hotspot/compiler | C2 compilation fails with assert "non-reduction loop contains reduction nodes" |
39 | JDK-8281122 | hotspot/compiler | [IR Framework] Cleanup IR matching code in preparation for JDK-8280378 |
40 | JDK-8276064 | hotspot/compiler | CheckCastPP with raw oop input floats below a safepoint |
41 | JDK-8296924 | hotspot/compiler | C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address |
42 | JDK-8290850 | hotspot/compiler | C2: create_new_if_for_predicate() does not clone pinned phi input nodes resulting in a broken graph |
43 | JDK-8297431 | hotspot/compiler | [JVMCI] HotSpotJVMCIRuntime.encodeThrowable should not throw an exception |
44 | JDK-8285835 | hotspot/compiler | SIGSEGV in PhaseIdealLoop::build_loop_late_post_work |
45 | JDK-8295788 | hotspot/compiler | C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" |
46 | JDK-8297951 | hotspot/compiler | C2: Create skeleton predicates for all If nodes in loop predication |
47 | JDK-8297264 | hotspot/compiler | C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top |
48 | JDK-8295116 | hotspot/compiler | C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead |
49 | JDK-8242115 | hotspot/compiler | C2 SATB barriers are not safepoint-safe |
50 | JDK-8292301 | hotspot/compiler | [REDO v2] C2 crash when allocating array of size too large |
51 | JDK-8296136 | hotspot/compiler | Use correct register in aarch64_enc_fast_unlock() |
52 | JDK-8296389 | hotspot/compiler | C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors |
53 | JDK-8272985 | hotspot/gc | Reference discovery is confused about atomicity and degree of parallelism |
54 | JDK-8296733 | hotspot/jfr | JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect |
55 | JDK-8283199 | hotspot/runtime | Linux os::cpu_microcode_revision() stalls cold startup |
56 | JDK-8271506 | hotspot/runtime | Add ResourceHashtable support for deleting selected entries |
57 | JDK-8294160 | hotspot/runtime | misc crash dump improvements |
58 | JDK-8048190 | hotspot/runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
59 | JDK-8293472 | hotspot/runtime | Incorrect container resource limit detection if manual cgroup fs mounts present |
60 | JDK-8287011 | hotspot/runtime | Improve container information |
61 | JDK-8286030 | hotspot/runtime | Avoid JVM crash when containers share the same /tmp dir |
62 | JDK-8262386 | hotspot/svc-agent | resourcehogs/serviceability/sa/TestHeapDumpForLargeArray.java timed out |
63 | JDK-8297918 | infrastructure | Remove platform dependency in corelibs-atr and langtools-atr task definition files |
64 | JDK-8298349 | install/install | /usr/java/latest points to wrong JDK |
65 | JDK-8298330 | install/install | /usr/java/latest is missing after one of JDK rpms is uninstalled |
66 | JDK-8280890 | security-libs/java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
67 | JDK-8292297 | security-libs/java.security | Fix up loading of override java.security properties file |
68 | JDK-8293701 | core-svc/tools | jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present |
69 | JDK-8296619 | tools/javadoc(tool) | Upgrade jQuery to 3.6.1 |