java

JDK 20.0.2 Release Notes

Java™ SE Development Kit 20.0.2 (JDK 20.0.2)

July 18, 2023

The full version string for this update release is 20.0.2+9 (where "+" means "build"). The version number is 20.0.2.

 

IANA TZ Data 2023c

JDK 20.0.2 contains IANA time zone data 2023c which contains the following changes:

  • Egypt now uses DST again, from April through October.
  • This year Morocco springs forward April 23, not April 30.
  • Palestine delays the start of DST this year.
  • Much of Greenland still uses DST from 2024 on.
  • America/Yellowknife now links to America/Edmonton.
  • tzselect can now use current time to help infer timezone.
  • The code now defaults to C99 or later.
  • Fix use of C23 attributes.
  • This release's code and data are identical to 2023a.

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 20.0.2 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
2020.0.2+9
1717.0.8+9
1111.0.20+9
88u381-b09

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 20.0.2) be used after the next critical patch update scheduled for October 17, 2023.

 

New Features

core-libs/java.nio.charsets
 Support for GB18030-2022 (JDK-8307229)

The China National Standard body (CESI) has recently published GB18030-2022, which is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The Charset implementation for this new standard has now replaced the prior 2000 standard. However, this new standard has some incompatible changes from the prior implementation. For those who need to use the old mappings, a new system property, jdk.charset.GB18030, is introduced. By setting its value to 2000, the previous JDK releases' mappings for the GB18030 Charset are used, which are based on the 2000 standard.

 

Known Issues

install
 Problem Upgrading JDK on Windows if System User Is Using Shared Files (JDK-8310932 (not public))

Installing into the same, shared jdk-(family) directory is the default behavior for the JDK starting with the July 2023 CPU. It could lead to FilesInUse issues if JDK files are locked by the "System User". We recommend shutting down any apps using the JDK as the "System User" before upgrading.

 

Other Notes

install/install
 Missing /usr/java/default Symlink on Linux Restored (JDK-8306690)

A regression where the /usr/java/default symlink is not created by RPM installers on Linux platforms has been fixed. Installers will create the /usr/java/default symlink if it doesn't exist, targeting the /usr/java/latest symlink.

install/install
 Installation of JDK RPM Corrupts Alternatives (JDK-8308244)

The JDK RPM installer will remove incorrectly constructed entries of "java" and "javac" groups registered by older Oracle JDK RPM installers from the alternatives before registering new "java" and "javac" entries.

An incorrectly constructed entry of the "java" group contains commands that are supposed to belong to the "javac" group.

An incorrectly constructed entry of the "javac" group contains commands that are supposed to belong to the "java" group.

All incorrectly constructed entries belonging to Oracle JDK RPM packages will be removed from the alternatives to avoid corruption of the alternatives internal data.

The removal has a potential side effect for users who have installed multiple JDK versions that are not updated to the latest release. Commands from a removed "java" or "javac" group are now unavailable for system Java switch, which potentially changes the current system Java without a warning. For example, if there is an out-of-date JDK RPM from an 11+ release, say 11.0.17, with an incorrectly constructed single "java" group installed and 8u381 RPM with this patch is installed, it will remove an entry from the "java" group belonging to the 11.0.17 RPM and thus will switch the current system Java from 11.0.17 to 8u381. The side effect will only happen when you install a lower JDK family with the fix, such as 8u381, and there is an out-of-date JDK from a higher family, such as 11.0.17, installed on the system. In that case, 8u381 will replace the older 11.0.17 as the latest. The remedy for the user is to install the latest JDK 11.

security-libs/java.security
 Added TWCA Root CA Certificate (JDK-8305975)

The following root certificate has been added to the cacerts truststore:

+ TWCA

  + twcaglobalrootca
    DN: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW

security-libs/java.security
 Added 4 GTS Root CA Certificates (JDK-8307134)

The following root certificates have been added to the cacerts truststore:

+ Google Trust Services LLC

 + gtsrootcar1
  DN: CN=GTS Root R1, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootcar2
  DN: CN=GTS Root R2, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootecccar3
  DN: CN=GTS Root R3, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootecccar4
  DN: CN=GTS Root R4, O=Google Trust Services LLC, C=US

security-libs/java.security
 Added Microsoft Corporation's 2 TLS Root CA Certificates (JDK-8304760)

The following root certificates have been added to the cacerts truststore:

+ Microsoft Corporation

  + microsoftecc2017
    DN: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US

+ Microsoft Corporation
  + microsoftrsa2017
    DN: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US

hotspot/runtime
 ASLR Support for CDS Archive (JDK-8294323 (not public))

Starting with the July 2023 CPU, on operating systems where ASLR (Address Space Layout Randomization) is enabled, the CDS archive will be placed at a random address picked by the operating system.

This change may have a minor performance impact: (a) Start-up time may increase because the JVM needs to patch pointers inside the CDS archive. (b) Memory usage may increase because the memory used by the CDS archive is no longer shareable across processes. We expect the impact to be small because such increases should be only a small fraction of the overall application usage.

In the unlikely event that you must disable ASLR for CDS, you can use the JVM flags -XX:+UnlockDiagnosticVMOptions -XX:ArchiveRelocationMode=0. The usage of such flags is not recommended.

security-libs/java.security
 New System Property to Control the Maximum Size of Signature Files (JDK-8300596 (not public))

A new system property, jdk.jar.maxSignatureFileSize, has been added to allow applications to control the maximum size of signature files in a signed JAR. The value of the system property is the desired size in bytes. The default value is 8000000 bytes.

core-libs/java.util.jar
 Improved ZIP64 Extra Field Validation (JDK-8302483 (not public))

java.util.zip.ZipFile has been updated to provide additional validation of ZIP64 extra fields when opening a ZIP file. This validation may be disabled by setting the system property jdk.util.zip.disableZip64ExtraFieldValidation to true.

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 20.0.2:
# JBS Component/Subcomponent Summary
1JDK-8298887client-libsOn the latest macOS+XCode the Robot API may report wrong colors
2JDK-8301998client-libs/2dUpdate HarfBuzz to 7.0.1
3JDK-8305352client-libs/java.awtupdateIconImages may lead to deadlock after JDK-8276849
4JDK-8227257client-libs/javax.swingjavax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError
5JDK-8301119core-libs/java.nio.charsetsSupport for GB18030-2022
6JDK-8307466core-libs/java.timejava.time.Instant calculation bug in until and between methods
7JDK-8303440core-libs/java.util:i18nThe "ZonedDateTime.parse" may not accept the "UTC+XX" zone id
8JDK-8303937core-svc/toolsCorrupted heap dumps due to missing retries for os::write()
9JDK-8299179hotspot/compilerArrayFill with store on backedge needs to reduce length by 1
10JDK-8302976hotspot/compilerC2 Intrinsification of Float.floatToFloat16 and Float.float16ToFloat Yields Different Result than the Interpreter
11JDK-8302595hotspot/compileruse-after-free related to GraphKit::clone_map
12JDK-8299959hotspot/compilerC2: CmpU::Value must filter overflow computation against local sub computation
13JDK-8303564hotspot/compilerC2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi
14JDK-8303508hotspot/compilerVector.lane() gets wrong value on x86
15JDK-8299570hotspot/compiler[JVMCI] Insufficient error handling when CodeBuffer is exhausted
16JDK-8300079hotspot/compilerSIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument
17JDK-8299259hotspot/compilerC2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE
18JDK-8296389hotspot/compilerC2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors
19JDK-8296318hotspot/compileruse-def assert: special case undetected loops nested in infinite loops
20JDK-8296412hotspot/compilerSpecial case infinite loops with unmerged backedges in IdealLoopTree::check_safepts
21JDK-8297730hotspot/compilerC2: Arraycopy intrinsic throws incorrect exception
22JDK-8301491hotspot/compilerC2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument
23JDK-8201516hotspot/compilerDebugNonSafepoints generates incorrect information
24JDK-8289748hotspot/compilerC2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM
25JDK-8303511hotspot/compilerC2: assert(get_ctrl(n) == cle_out) during unrolling
26JDK-8307346hotspot/gcAdd missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code
27JDK-8302191hotspot/runtimePerformance degradation for float/double modulo on Linux
28JDK-8305994hotspot/runtimeGuarantee eventual async monitor deflation
29JDK-8306825hotspot/runtimeMonitor deflation might be accidentally disabled by zero intervals
30JDK-8304671tools/javacjavac regression: Compilation with --release 8 fails on underscore in enum identifiers
31JDK-8304878tools/javadoc(tool)ConcurrentModificationException in javadoc tool
32JDK-8297587tools/jshellUpgrade JLine to 3.22.0
33JDK-8301269xml/jaxpUpdate Commons BCEL to Version 6.7.0