java

JDK 21.0.1 Release Notes

Java™ SE Development Kit 21.0.1 (JDK 21.0.1)

October 17, 2023

The full version string for this update release is 21.0.1+12 (where "+" means "build"). The version number is 21.0.1.

 

IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 21.0.1 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
2121.0.1+12
1717.0.9+11
1111.0.21+9
88u391-b13

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 21.0.1) be used after the next critical patch update scheduled for January 16, 2024.

 

Known Issues

security-libs/java.security
 RSA Signature Verification Fails on Signed Data that Does Not Encode Parameters Correctly (JDK-8313793)

The fix for JDK-8302017 updated the RSA signature verification algorithm for compliance with RFC 8017. However, this modification introduced a regression: signatures not strictly conforming to RFC 8017 may fail verification. This issue will be addressed in a forthcoming update. For further information, refer to JDK-8320597.

 

Other Notes

security-libs/java.security
 Added Certigna Root CA Certificate (JDK-8314960)

The following root certificate has been added to the cacerts truststore:

+ Certigna (Dhimyotis)

  + certignarootca
    DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR

security-libs/java.security
 Increase Default Value of the System Property jdk.jar.maxSignatureFileSize (JDK-8312489)

The system property, jdk.jar.maxSignatureFileSize, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 21.0.1:
# JBS Component/Subcomponent Summary
1JDK-8312555client-libs/2dIdeographic characters aren't stretched by AffineTransform.scale(2, 1)
2JDK-8311160client-libs/javax.accessibility[macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem
3JDK-8312535client-libs/javax.soundMidiSystem.getSoundbank() throws unexpected SecurityException
4JDK-8308609core-libs/java.langjava/lang/ScopedValue/StressStackOverflow.java fails with "-XX:-VMContinuations"
5JDK-8309591core-libs/java.netSocket.setOption(TCP_QUICKACK) uses wrong level
6JDK-8313765core-libs/java.util.jarInvalid CEN header (invalid zip64 extra data field size)
7JDK-8312976core-libs/java.util.regexMatchResult produces StringIndexOutOfBoundsException for groups outside match
8JDK-8313657core-libs/javax.namingcom.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors
9JDK-8314063core-libs/javax.namingThe socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
10JDK-8313248hotspot/compilerC2: setScopedValueCache intrinsic exposes nullptr pre-values to store barriers
11JDK-8313262hotspot/compilerC2: Sinking node may cause required cast to be dropped
12JDK-8313402hotspot/compilerC1: Incorrect LoadIndexed value numbering
13JDK-8304954hotspot/compilerSegmentedCodeCache fails when using large pages
14JDK-8314024hotspot/compilerSIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info
15JDK-8299658hotspot/compilerC1 compilation crashes in LinearScan::resolve_exception_edge
16JDK-8312909hotspot/compilerC1 should not inline through interface calls with non-subtype receiver
17JDK-8313626hotspot/compilerC2 crash due to unexpected exception control flow
18JDK-8311249hotspot/gcRemove unused MemAllocator::obj_memory_range
19JDK-8293114hotspot/gcJVM should trim the native heap
20JDK-8307766hotspot/runtimeLinux: Provide the option to override the timer slack
21JDK-8312182hotspot/runtimeTHPs cause huge RSS due to thread start timing issue
22JDK-8312394hotspot/runtime[linux] SIGSEGV if kernel was built without hugepage support
23JDK-8314020hotspot/runtimePrint instruction blocks in byte units
24JDK-8312620hotspot/runtimeWSL Linux build crashes after JDK-8310233
25JDK-8312585hotspot/runtimeRename DisableTHPStackMitigation flag to THPStackMitigation
26JDK-8312401hotspot/runtimeSymbolTable::do_add_if_needed hangs when called in InstanceKlass::add_initialization_error path with requesting length exceeds max_symbol_length
27JDK-8314850hotspot/runtimeSharedRuntime::handle_wrong_method() gets called too often when resolving Continuation.enter
28JDK-8314679hotspot/svc-agentSA fails to properly attach to JVM after having just detached from a different JVM
29JDK-8313312other-libsAdd missing classpath exception copyright header
30JDK-8308474security-libs/java.securityDSA does not reset SecureRandom when initSign is called again
31JDK-8302017security-libs/java.securityAllocate BadPaddingException only if it will be thrown
32JDK-8311592security-libs/javax.cryptoECKeySizeParameterSpec causes too many exceptions on third party providers
33JDK-8309214security-libs/javax.crypto:pkcs11sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154
34JDK-8314216tools/javacCase enumConstant, pattern compilation fails
35JDK-8314423tools/javacMultiple patterns without unnamed variables
36JDK-8312619tools/javacStrange error message when switching over long
37JDK-8315534tools/javacIncorrect warnings about implicit annotation processing
38JDK-8313323tools/javacjavac -g on a java file which uses unnamed variable leads to ClassFormatError when launching that class
39JDK-8240567tools/jlinkMethodTooLargeException thrown while creating a jlink image
40JDK-8308042tools/jpackage[macOS] Developer ID Application Certificate not picked up by jpackage if it contains UNICODE characters