JDK 17.0.9 Release Notes

Java SE 17.0.9 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.9 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.


Changes in Java SE

Bug Fixes

December 8, 2023
BugId Category Subcategory Description
JDK-8054022 core-libs HttpURLConnection timeouts with Expect: 100-Continue and no chunking
JDK-8313742 security-libs javax.crypto ZipFile.getManifestName fails during jar verification for Spring Boot


Changes in Java SE

November 13, 2023

 Increase Default Value of the System Property jdk.jar.maxSignatureFileSize (JDK-8312489)

The system property, jdk.jar.maxSignatureFileSize, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).

Bug Fixes

BugId Category Subcategory Description
JDK-8312489 security-libs Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar


Changes in Java SE

Bug Fixes

October 17, 2023
BugId Category Subcategory Description
JDK-8309489 (not public) install install 17.0.7/11.0.19 and later fail to run jar file via UNC path when using .exe files under javapath
JDK-8317121 (not public) hotspot compiler vector_masked_load instruction is moved too early after JDK-8286941

Java™ SE Development Kit 17, Update 17.0.9 (JDK 17.0.9)

October 17, 2023

The full version string for this update release is 17.0.9+11 (where "+" means "build"). The version number is 17.0.9.


IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.9 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)


Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.9) be used after the next critical patch update scheduled for January 16, 2024.


New Features

 -XshowSettings:locale Output Now Includes Tzdata Version (JDK-8305950)

The -XshowSettings launcher option has been enhanced to print the tzdata version configured with the JDK. The tzdata version is displayed as part of the locale showSettings option.

Example output using -X:showSettings:locale:


Locale settings:
    default locale = English
    default display locale = English
    default format locale = English
    tzdata version = 2023c


Removed Features and Options

 Removed SECOM Trust System's RootCA1 Root Certificate (JDK-8295894)

The following root certificate from SECOM Trust System has been removed from the cacerts keystore:

+ alias name "secomscrootca1 [jdk]"

  Distinguished Name: OU=Security Communication RootCA1, O=SECOM, C=JP


Other Notes

 Added Certigna Root CA Certificate (JDK-8314960)

The following root certificate has been added to the cacerts truststore:

+ Certigna (Dhimyotis)

  + certignarootca
    DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR

 The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit (JDK-8301700)

The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.

As a workaround, users can revert to the previous size by setting the jdk.tls.ephemeralDHKeySize system property to 1024 (at their own risk).

This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.9:

# JBS Component Summary
1JDK-8298887client-libsOn the latest macOS+XCode the Robot API may report wrong colors
2JDK-8306881client-libs/2dUpdate FreeType to 2.13.0
3JDK-8307301client-libs/2dUpdate HarfBuzz to 7.2.0
4JDK-8312555client-libs/2dIdeographic characters aren't stretched by AffineTransform.scale(2, 1)
5JDK-8304054client-libs/java.awtLinux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed
6JDK-8311689client-libs/java.awtWrong visible amount in Adjustable of ScrollPane
7JDK-8310054client-libs/java.awtScrollPane insets are incorrect
8JDK-8297923client-libs/java.awtjava.awt.ScrollPane broken after multiple scroll up/down
9JDK-8305815client-libs/java.awtUpdate Libpng to 1.6.39
10JDK-6176679client-libs/java.awtApplication freezes when copying an animated gif image to the system clipboard
11JDK-8286481client-libs/java.awtException printed to stdout on Windows when storing transparent image in clipboard
12JDK-8288589core-libs/java.langFiles.readString ignores encoding errors for UTF-16
13JDK-8287541core-libs/java.langFiles.writeString fails to throw IOException for charset "windows-1252"
14JDK-8300098core-libs/java.util.concurrentjava/util/concurrent/ConcurrentHashMap/ fails with internal timeout when executed with TieredCompilation1/3
15JDK-8313765core-libs/java.util.jarInvalid CEN header (invalid zip64 extra data field size)
16JDK-8281560core-libs/java.util.regexMatcher.hitEnd returns unexpected results in presence of CANON_EQ flag.
17JDK-8300659core-svc/java.lang.managementRefactor TestMemoryAwareness to use WhiteBox api for host values
18JDK-8303937core-svc/toolsCorrupted heap dumps due to missing retries for os::write()
19JDK-8274243hotspot/compilerImplement fast-path for ASCII-compatible CharsetEncoders on aarch64
20JDK-8299544hotspot/compilerImprove performance of CRC32C intrinsics (non-AVX-512) for small inputs
21JDK-8153837hotspot/compilerAArch64: Handle special cases for MaxINode & MinINode
22JDK-8272586hotspot/compileremit abstract machine code in hs-err logs
23JDK-8308192hotspot/compilerError in parsing replay file when staticfield is an array of single dimension
24JDK-8309266hotspot/compilerC2: assert(final_con == (jlong)final_int) failed: final value should be integer
25JDK-8300584hotspot/compilerAccelerate AVX-512 CRC32C for small buffers
26JDK-8274986hotspot/compilermax code printed in hs-err logs should be configurable
27JDK-8310126hotspot/compilerC1: Missing receiver null check in Reference::get intrinsic
28JDK-8284760hotspot/compilerCorrect type/array element offset in LibraryCallKit::get_state_from_digest_object()
29JDK-8299158hotspot/compilerImprove MD5 intrinsic on AArch64
30JDK-8303154hotspot/compilerInvestigate and improve instruction cache flushing during compilation
31JDK-8252990hotspot/compilerIntrinsify Unsafe.storeStoreFence
32JDK-8305088hotspot/compilerSIGSEGV in Method::is_method_handle_intrinsic
33JDK-8296545hotspot/compilerC2 Blackholes should allow load optimizations
34JDK-8292713hotspot/compilerUnsafe.allocateInstance should be intrinsified without UseUnalignedAccesses
35JDK-8302736hotspot/compilerMajor performance regression in Math.log on aarch64
36JDK-8307572hotspot/compilerAArch64: Vector registers are clobbered by some macroassemblers
37JDK-8280396hotspot/gcG1: Full gc mark stack draining should prefer to make work available to other threads
38JDK-8308643hotspot/gcIncorrect value of 'used' jvmstat counter
39JDK-8284532hotspot/jfrMemory leak in BitSet::BitMapFragmentTable in JFR leak profiler
40JDK-8283520hotspot/jfrJFR: Memory leak in dcmd_arena
41JDK-8307526hotspot/jfr[JFR] Better handling of tampered JFR repository
42JDK-8309862hotspot/jfrUnsafe list operations in JfrStringPool
43JDK-8307331hotspot/jvmtiCorrectly update line maps when class redefine rewrites bytecodes
44JDK-8306428hotspot/ crashed with assert(early->flag() == current->flag() || early->flag() == mtNone)
45JDK-8297887hotspot/runtimeUpdate Siphash
46JDK-8305425hotspot/runtimeThread.isAlive0 doesn't need to call into the VM
47JDK-8269466hotspot/runtimeFactor out the common code for initializing and starting internal VM JavaThreads
48JDK-8287854hotspot/runtimeDangling reference in ClassVerifier::verify_class
49JDK-8303215hotspot/runtimeMake thread stacks not use huge pages
50JDK-8290067hotspot/runtimeShow stack dimensions in UL logging when attaching threads
51JDK-8283849hotspot/svcAsyncGetCallTrace may crash JVM on guarantee
52JDK-8301170hotspot/svcperfMemory_windows.cpp add free_security_attr to early returns
53JDK-8295657hotspot/svc-agentSA: Allow larger object alignments
54JDK-8304671tools/javacjavac regression: Compilation with --release 8 fails on underscore in enum identifiers
55JDK-8275233tools/javacIncorrect line number reported in exception stack trace thrown from a lambda expression
56JDK-8268582tools/javadoc(tool)javadoc throws NPE with --ignore-source-errors option