java

JDK 21.0.2 Release Notes

Java™ SE Development Kit 21.0.2 (JDK 21.0.2)

January 16, 2024

The full version string for this update release is 21.0.2+13 (where "+" means "build"). The version number is 21.0.2.

 

IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the Java Runtime.

 

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 21.0.2 are specified in the following table:

Java Family Version Security Baseline (Full Version String)
2121.0.2+13
1717.0.10+11
1111.0.22+9
88u401-b10

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 21.0.2) be used after the next critical patch update scheduled for April 16, 2024.

Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider using Java Management Service (JMS).

 

New Features

core-libs/java.net
 TCP_KEEPxxxx Extended Socket Options Are Now Supported on the Windows Platform (JDK-8308593)

The java.net.ExtendedSocketOptions TCP_KEEPIDLE and TCP_KEEPINTERVAL are supported on Windows platforms starting from Windows 10 version 1709 and onwards. TCP_KEEPCOUNT is supported starting from Windows 10 version 1703 and onwards.

core-libs/java.nio
 BasicFileAttributes.creationTime Returns Birth Time on Linux (JDK-8316304)

On Linux (kernel version 4.11 or newer, glibc version 2.28 or newer), BasicFileAttributes.creationTime now returns the creation or birth time of the file through the stx_btime element of struct statx. In previous JDK releases, the last modified time was returned. If the birth time is supported by the platform but not by the file system, then the epoch 1970-01-01T00:00:00Z is returned.

 

Known Issues

hotspot/compiler
 Potential Performance Regression Due to Limited Range Check Elimination (JDK-8314468 (not public))

When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.

This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine or -XX:TieredStopAtLevel=[1,2,3].

 

Issues Fixed

hotspot/compiler
 ZGC: Reintroduced Support for Non-Default ObjectAlignmentInBytes (JDK-8315082)

The JDK 21 issue that could potentially lead to JVM crashes or incorrect execution when running the JVM with -XX:+UseZGC and non-default value of -XX:ObjectAlignmentInBytes has been resolved, and it is possible again to use this combination of JVM options.

 

Other Notes

security-libs/java.security
 Added Four Root Certificates from DigiCert, Inc. (JDK-8318759)

The following root certificates have been added to the cacerts truststore:

+ DigiCert, Inc.

  + digicertcseccrootg5
    DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicertcsrsarootg5
    DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlseccrootg5
    DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlsrsarootg5
    DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US

security-libs/java.security
 Added Three Root Certificates from eMudhra Technologies Limited (JDK-8319187)

The following root certificates have been added to the cacerts truststore:

+ eMudhra Technologies Limited

  + emsignrootcag1
    DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsigneccrootcag3
    DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsignrootcag2
    DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

security-libs/java.security
 Added Telia Root CA v2 Certificate (JDK-8317373)

The following root certificate has been added to the cacerts truststore:

+ Telia Root CA v2

  + teliarootcav2
    DN: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI

security-libs/java.security
 Added ISRG Root X2 CA Certificate from Let's Encrypt (JDK-8317374)

The following root certificate has been added to the cacerts truststore:

+ Let's Encrypt

  + letsencryptisrgx2
    DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US

hotspot/runtime
 NMT: Make Peak Values Available in Release Builds (JDK-8317772)

NMT reports will now show peak values for all categories. Peak values contain the highest value for committed memory in a given NMT category over the lifetime of the JVM process.

If the committed memory for an NMT category is currently at peak, NMT prints "at peak"; otherwise, it prints the peak value.

For example:


- Compiler (reserved=230KB, committed=230KB)
                            (malloc=34KB #64) (peak=49KB #71)
                            (arena=196KB #4) (peak=6126KB #16)
							

This shows Compiler arena memory peaked at a bit more than 6MB, whereas it now hovers around 200 KB.

hotspot/runtime
 Add User Facing Warning If THPs Are Enabled but Cannot Be Used (JDK-8313782)

On Linux, if the JVM is started with +UseTransparentHugePages but the system does not support Transparent Huge Pages, a warning will now be printed to stdout:

UseTransparentHugePages disabled; transparent huge pages are not supported by the operating system.

hotspot/runtime
 Hotspot hs_err Files Now Print the Lock Stack (JDK-8316735)

A section containing the thread local lock stack has been added to hs_err report files. It only gets printed when the new lightweight locking mode is enabled (-XX:LockingMode=2).

An example is given here with details about the locked objects omitted:

Lock stack of current Java thread (top to bottom):

LockStack[1]: nsk.share.jdi.EventHandler 
...
LockStack[0]: java.util.Collections$SynchronizedRandomAccessList
...

It lists objects which are lightweight locked, through synchronized methods or statements, by the Java thread which is being analyzed. The object which has been locked most recently is printed first. Objects which are not lightweight locked are not displayed in this section.

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 21.0.2:
# JBS Component/Subcomponent Summary
1JDK-8294158client-libsHTML formatting for PassFailJFrame instructions
2JDK-8312612client-libsHandle WideCharToMultiByte return values
3JDK-8316741client-libs/2dBasicStroke.createStrokedShape miter-limits failing on small shapes
4JDK-8312191client-libs/2dColorConvertOp.filter for the default destination is too slow
5JDK-8318951client-libs/2dAdditional negative value check in JPEG decoding
6JDK-8313643client-libs/2dUpdate HarfBuzz to 8.2.2
7JDK-8313164client-libs/java.awtsrc/java.desktop/windows/native/libawt/windows/awt_Robot.cpp GetRGBPixels adjust releasing of resources
8JDK-8316030client-libs/java.awtUpdate Libpng to 1.6.40
9JDK-8301846client-libs/javax.soundInvalid TargetDataLine after screen lock when using JFileChooser or COM library
10JDK-8294535client-libs/javax.swingAdd screen capture functionality to PassFailJFrame
11JDK-8294427client-libs/javax.swingCheck boxes and radio buttons have rendering issues on Windows in High DPI env
12JDK-8319922core-libslibCreationTimeHelper.so fails to link in JDK 21
13JDK-8309545core-libs/java.langThread.interrupted from virtual thread needlessly resets interrupt status
14JDK-8308452core-libs/java.langExtend internal Architecture enum with byte order and address size
15JDK-8316879core-libs/java.langRegionMatches1Tests fails if CompactStrings are disabled after JDK-8302163
16JDK-8318415core-libs/java.langAdjust describing comment of os_getChildren after 8315026
17JDK-8267509core-libs/java.lang.invokeImprove IllegalAccessException message to include the cause of the exception
18JDK-8319436core-libs/java.lang:reflectProxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader
19JDK-8317736core-libs/java.netStream::handleReset locks twice
20JDK-8316337core-libs/java.nio(bf) Concurrency issue in DirectByteBuffer.Deallocator
21JDK-8312166core-libs/java.nio(dc) DatagramChannel's socket adaptor does not release carrier thread when blocking in receive
22JDK-8316304core-libs/java.nio(fs) Add support for BasicFileAttributes.creationTime() for Linux
23JDK-8317603core-libs/java.nioImprove exception messages thrown by sun.nio.ch.Net native methods (win)
24JDK-8267502core-libs/java.util.concurrentJDK-8246677 caused 16x performance regression in SynchronousQueue
25JDK-8314263core-libs/java.util.loggingSigned jars triggering Logger finder recursion and StackOverflowError
26JDK-8318957core-svc/debuggerEnhance agentlib:jdwp help output by info about allow option
27JDK-8301489hotspot/compilerC1: ShortLoopOptimizer might lift instructions before their inputs
28JDK-8316178hotspot/compilerBetter diagnostic header for CodeBlobs
29JDK-8315088hotspot/compilerC2: assert(wq.size() - before == EMPTY_LOOP_SIZE) failed: expect the EMPTY_LOOP_SIZE nodes of this body if empty
30JDK-8315377hotspot/compilerC2: assert(u->find_out_with(Op_AddP) == nullptr) failed: more than 2 chained AddP nodes?
31JDK-8316514hotspot/compilerBetter diagnostic header for VtableStub
32JDK-8295555hotspot/compilerPrimitive wrapper caches could be `@Stable`
33JDK-8315545hotspot/compilerC1: x86 cmove can use short branches
34JDK-8316179hotspot/compilerUse consistent naming for lightweight locking in MacroAssembler
35JDK-8303737hotspot/compilerC2: Load can bypass subtype check that enforces it's from the right object type
36JDK-8316130hotspot/compilerIncorrect control in LibraryCallKit::inline_native_notify_jvmti_funcs
37JDK-8312440hotspot/compilerassert(cast != nullptr) failed: must have added a cast to pin the node
38JDK-8316181hotspot/compilerMove the fast locking implementation out of the .ad files
39JDK-8313756hotspot/compiler[BACKOUT] 8308682: Enhance AES performance
40JDK-8313760hotspot/compiler[REDO] Enhance AES performance
41JDK-8320209hotspot/compilerVectorMaskGen clobbers rflags on x86_64
42JDK-8317507hotspot/compilerC2 compilation fails with "Exceeded _node_regs array"
43JDK-8308103hotspot/compilerMassive (up to ~30x) increase in C2 compilation time since JDK 17
44JDK-8316679hotspot/compilerC2 SuperWord: wrong result, load should not be moved before store if not comparable
45JDK-8315920hotspot/compilerC2: "control input must dominate current control" assert failure
46JDK-8318889hotspot/compilerC2: add bailout after assert Bad graph detected in build_loop_late
47JDK-8316414hotspot/compilerC2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86
48JDK-8314191hotspot/compilerC2 compilation fails with "bad AD file"
49JDK-8316719hotspot/compilerC2 compilation still fails with "bad AD file"
50JDK-8316906hotspot/gcClarify TLABWasteTargetPercent flag
51JDK-8315869hotspot/runtimeUseHeavyMonitors not used
52JDK-8319828hotspot/runtimeruntime/NMT/VirtualAllocCommitMerge.java may fail if mixing interpreted and compiled native invocations
53JDK-8316967hotspot/runtimeCorrect the scope of vmtimer in UnregisteredClasses::load_class
54JDK-8316581hotspot/runtimeImprove performance of Symbol::print_value_on()
55JDK-8318895hotspot/runtimeDeoptimization results in incorrect lightweight locking stack
56JDK-8316436hotspot/runtimeContinuationWrapper uses unhandled nullptr oop
57JDK-8310596hotspot/runtimeUtilize existing method frame::interpreter_frame_monitor_size_in_bytes()
58JDK-8306561hotspot/runtimePossible out of bounds access in print_pointer_information
59JDK-8313782hotspot/runtimeAdd user-facing warning if THPs are enabled but cannot be used
60JDK-8316735hotspot/runtimePrint LockStack in hs_err files
61JDK-8316468hotspot/runtimeos::write incorrectly handles partial write
62JDK-8320597security-libs/java.securityRSA signature verification fails on signed data that does not encode params correctly
63JDK-8314045security-libs/javax.cryptoArithmeticException in GaloisCounterMode
64JDK-8313742security-libs/javax.cryptoZipFile.getManifestName fails during jar verification for Spring Boot
65JDK-8315452tools/javacErroneous AST missing modifiers for partial input
66JDK-8318144tools/javacMatch on enum constants with body compiles but fails with MatchException
67JDK-8225377tools/javactype annotations are not visible to javac plugins across compilation boundaries
68JDK-8320001tools/javacjavac crashes while adding type annotations to the return type of a constructor
69JDK-8322883tools/javac[BACKOUT] 8225377: type annotations are not visible to javac plugins across compilation boundaries
70JDK-8315942tools/jlinkSort platform enums and definitions after JDK-8304913 follow-ups
71JDK-8315383tools/jlinkjlink SystemModulesPlugin incorrectly parses the options
72JDK-8301247tools/jpackageJPackage app-image exe launches multiple exe's in JDK 17+
73JDK-8313792tools/jshellVerify 4th party information in src/jdk.internal.le/share/legal/jline.md