The following sections summarize changes made in all Java SE 17.0.9 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8054022 | core-libs | java.net | HttpURLConnection timeouts with Expect: 100-Continue and no chunking |
JDK-8313742 | security-libs | javax.crypto | ZipFile.getManifestName fails during jar verification for Spring Boot |
jdk.jar.maxSignatureFileSize
(JDK-8312489)
The system property, jdk.jar.maxSignatureFileSize
, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8312489 | security-libs | java.security | Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar |
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8309489 (not public) | install | install | 17.0.7/11.0.19 and later fail to run jar file via UNC path when using .exe files under javapath |
JDK-8317121 (not public) | hotspot | compiler | vector_masked_load instruction is moved too early after JDK-8286941 |
The full version string for this update release is 17.0.9+11 (where "+" means "build"). The version number is 17.0.9.
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.9 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
17 | 17.0.9+11 |
11 | 11.0.21+9 |
8 | 8u391-b13 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.9) be used after the next critical patch update scheduled for January 16, 2024.
-XshowSettings:locale
Output Now Includes Tzdata Version
(JDK-8305950)
The -XshowSettings
launcher option has been enhanced to print the tzdata version configured with the JDK. The tzdata version is displayed as part of the locale
showSettings option.
Example output using -X:showSettings:locale
:
.....
Locale settings:
default locale = English
default display locale = English
default format locale = English
tzdata version = 2023c
.....
The following root certificate from SECOM Trust System has been removed from the cacerts
keystore:
+ alias name "secomscrootca1 [jdk]"
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignarootca
DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.
As a workaround, users can revert to the previous size by setting the jdk.tls.ephemeralDHKeySize
system property to 1024 (at their own risk).
This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.9:
# | JBS | Component | Summary |
---|---|---|---|
1 | JDK-8298887 | client-libs | On the latest macOS+XCode the Robot API may report wrong colors |
2 | JDK-8306881 | client-libs/2d | Update FreeType to 2.13.0 |
3 | JDK-8307301 | client-libs/2d | Update HarfBuzz to 7.2.0 |
4 | JDK-8312555 | client-libs/2d | Ideographic characters aren't stretched by AffineTransform.scale(2, 1) |
5 | JDK-8304054 | client-libs/java.awt | Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed |
6 | JDK-8311689 | client-libs/java.awt | Wrong visible amount in Adjustable of ScrollPane |
7 | JDK-8310054 | client-libs/java.awt | ScrollPane insets are incorrect |
8 | JDK-8297923 | client-libs/java.awt | java.awt.ScrollPane broken after multiple scroll up/down |
9 | JDK-8305815 | client-libs/java.awt | Update Libpng to 1.6.39 |
10 | JDK-6176679 | client-libs/java.awt | Application freezes when copying an animated gif image to the system clipboard |
11 | JDK-8286481 | client-libs/java.awt | Exception printed to stdout on Windows when storing transparent image in clipboard |
12 | JDK-8288589 | core-libs/java.lang | Files.readString ignores encoding errors for UTF-16 |
13 | JDK-8287541 | core-libs/java.lang | Files.writeString fails to throw IOException for charset "windows-1252" |
14 | JDK-8300098 | core-libs/java.util.concurrent | java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3 |
15 | JDK-8313765 | core-libs/java.util.jar | Invalid CEN header (invalid zip64 extra data field size) |
16 | JDK-8281560 | core-libs/java.util.regex | Matcher.hitEnd returns unexpected results in presence of CANON_EQ flag. |
17 | JDK-8300659 | core-svc/java.lang.management | Refactor TestMemoryAwareness to use WhiteBox api for host values |
18 | JDK-8303937 | core-svc/tools | Corrupted heap dumps due to missing retries for os::write() |
19 | JDK-8274243 | hotspot/compiler | Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 |
20 | JDK-8299544 | hotspot/compiler | Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs |
21 | JDK-8153837 | hotspot/compiler | AArch64: Handle special cases for MaxINode & MinINode |
22 | JDK-8272586 | hotspot/compiler | emit abstract machine code in hs-err logs |
23 | JDK-8308192 | hotspot/compiler | Error in parsing replay file when staticfield is an array of single dimension |
24 | JDK-8309266 | hotspot/compiler | C2: assert(final_con == (jlong)final_int) failed: final value should be integer |
25 | JDK-8300584 | hotspot/compiler | Accelerate AVX-512 CRC32C for small buffers |
26 | JDK-8274986 | hotspot/compiler | max code printed in hs-err logs should be configurable |
27 | JDK-8310126 | hotspot/compiler | C1: Missing receiver null check in Reference::get intrinsic |
28 | JDK-8284760 | hotspot/compiler | Correct type/array element offset in LibraryCallKit::get_state_from_digest_object() |
29 | JDK-8299158 | hotspot/compiler | Improve MD5 intrinsic on AArch64 |
30 | JDK-8303154 | hotspot/compiler | Investigate and improve instruction cache flushing during compilation |
31 | JDK-8252990 | hotspot/compiler | Intrinsify Unsafe.storeStoreFence |
32 | JDK-8305088 | hotspot/compiler | SIGSEGV in Method::is_method_handle_intrinsic |
33 | JDK-8296545 | hotspot/compiler | C2 Blackholes should allow load optimizations |
34 | JDK-8292713 | hotspot/compiler | Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses |
35 | JDK-8302736 | hotspot/compiler | Major performance regression in Math.log on aarch64 |
36 | JDK-8307572 | hotspot/compiler | AArch64: Vector registers are clobbered by some macroassemblers |
37 | JDK-8280396 | hotspot/gc | G1: Full gc mark stack draining should prefer to make work available to other threads |
38 | JDK-8308643 | hotspot/gc | Incorrect value of 'used' jvmstat counter |
39 | JDK-8284532 | hotspot/jfr | Memory leak in BitSet::BitMapFragmentTable in JFR leak profiler |
40 | JDK-8283520 | hotspot/jfr | JFR: Memory leak in dcmd_arena |
41 | JDK-8307526 | hotspot/jfr | [JFR] Better handling of tampered JFR repository |
42 | JDK-8309862 | hotspot/jfr | Unsafe list operations in JfrStringPool |
43 | JDK-8307331 | hotspot/jvmti | Correctly update line maps when class redefine rewrites bytecodes |
44 | JDK-8306428 | hotspot/runtime | RunThese30M.java crashed with assert(early->flag() == current->flag() || early->flag() == mtNone) |
45 | JDK-8297887 | hotspot/runtime | Update Siphash |
46 | JDK-8305425 | hotspot/runtime | Thread.isAlive0 doesn't need to call into the VM |
47 | JDK-8269466 | hotspot/runtime | Factor out the common code for initializing and starting internal VM JavaThreads |
48 | JDK-8287854 | hotspot/runtime | Dangling reference in ClassVerifier::verify_class |
49 | JDK-8303215 | hotspot/runtime | Make thread stacks not use huge pages |
50 | JDK-8290067 | hotspot/runtime | Show stack dimensions in UL logging when attaching threads |
51 | JDK-8283849 | hotspot/svc | AsyncGetCallTrace may crash JVM on guarantee |
52 | JDK-8301170 | hotspot/svc | perfMemory_windows.cpp add free_security_attr to early returns |
53 | JDK-8295657 | hotspot/svc-agent | SA: Allow larger object alignments |
54 | JDK-8304671 | tools/javac | javac regression: Compilation with --release 8 fails on underscore in enum identifiers |
55 | JDK-8275233 | tools/javac | Incorrect line number reported in exception stack trace thrown from a lambda expression |
56 | JDK-8268582 | tools/javadoc(tool) | javadoc throws NPE with --ignore-source-errors option |