java

JDK 22.0.2 Release Notes

Java™ SE Development Kit 22.0.2 (JDK 22.0.2)

Release date: July 16, 2024

The full version string for this update release is 22.0.2+9 (where "+" means "build"). The version number is 22.0.2.

 

IANA TZ Data 2024a

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 22.0.2 are specified in the following table:

Java Family Version Security Baseline (Full Version String)
2222.0.2+9
2121.0.4+8
1717.0.12+8
1111.0.24+7
88u421-b09

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 22.0.2) be used after the next critical patch update scheduled for October 15, 2024.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

 

Notable Issues Resolved

tools/jpackage
 jpackage May Produce an Inaccurate List of Required Packages on Debian Linux Distros (JDK-8295111)

Fixed an issue on Debian Linux distros where jpackage could not always build an accurate list of required packages from shared libraries with symbolic links in their paths, causing installations to fail due to missing shared libraries.

 

Removed Features and Options

install/install
 Remove Obsolete Desktop Integration from Linux Installers (JDK-8322234 (not public))

Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons, /usr/share/mime, and /usr/share/applications subtrees.

 

Other Notes

security-libs/java.security
 Added GlobalSign R46 and E46 Root CA Certificates (JDK-8316138)

The following root certificates have been added to the cacerts truststore:

+ GlobalSign

  + globalsignr46
    DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE

+ GlobalSign
  + globalsigne46
    DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE

infrastructure/build
 Native Executables and Libraries on Linux Use RPATH Instead of RUNPATH (JDK-8326891)

Native executables and libraries on Linux have switched to using RPATH instead of RUNPATH in this release.

JDK native executables and libraries use embedded runtime search paths to locate other internal JDK native libraries. On Linux these can be defined as either RPATH or RUNPATH. The main difference is that the dynamic linker considers RPATH before the LD_LIBRARY_PATH environment variable, while RUNPATH is only considered after LD_LIBRARY_PATH.

By making the change to using RPATH, it is no longer possible to replace JDK internal native libraries using LD_LIBRARY_PATH.

install/install
 Install DEB and RPM Java Packages in Version Directory (JDK-8325265 (not public))

The installation directory name of the Oracle JDK in RPM and DEB packages has changed from /usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH} to /usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}.

Every update release will be installed in a separate directory on Linux platform.

Installers will create a /usr/java/jdk-${FEATURE}-oracle-${ARCH} link pointing to the installation directory to allow programs to find the latest JDK version in the ${FEATURE} release train.

security-libs/javax.security
 Fallback Option For POST-only OCSP Requests (JDK-8328638)

JDK 17 introduced a performance improvement that made OCSP clients unconditionally use GET requests for small requests, while doing POST requests for everything else. This is explicitly allowed and recommended by RFC 5019 and RFC 6960. However, we have seen OCSP responders that, despite RFC requirements, are not working well with GET requests.

This release introduces a new JDK system property to allow clients to fallback to POST-only behavior. This unblocks interactions with those OCSP responders through the use of -Dcom.sun.security.ocsp.useget={false,true}. This amends the original change that introduced GET OCSP requests (JDK-8179503). The default behavior is not changed; the option defaults to true. Set the option to false to disable GET OCSP requests. Any value other than false (case-insensitive) defaults to true.

This option is non-standard, and might go away once problematic OCSP responders get upgraded.

 

Updates to Third Party Libraries

Library New Version Module JBS
Zlib Data Compression Library 1.3.1 java.base JDK-8324632

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 22.0.2:
# JBS Component/Subcomponent Summary
1JDK-8185862client-libs/java.awtAWT Assertion Failure in ::GetDIBits(hBMDC, hBM, 0, 1, 0, gpBitmapInfo, 0) 'awt_Win32GraphicsDevice.cpp', at line 185
2JDK-8187759client-libs/javax.swingBackground not refreshed when painting over a transparent JFrame
3JDK-8320692client-libs/javax.swingNull icon returned for .exe without custom icon
4JDK-8328953client-libs/javax.swingJEditorPane.read throws ChangedCharSetException
5JDK-8323801client-libs/javax.swing<s> tag doesn't strikethrough the text
6JDK-8325179client-libs/javax.swingRace in BasicDirectoryModel.validateFileCache
7JDK-8330748core-libs/java.ioByteArrayOutputStream.writeTo(OutputStream) pins carrier
8JDK-8325621core-libs/java.langImprove jspawnhelper version checks
9JDK-8325028core-libs/java.nio(ch) Pipe channels should lazily set socket to non-blocking mode on first use by virtual thread
10JDK-8328366core-libs/java.util.concurrentThread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501
11JDK-8327631core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2024-03-07
12JDK-8325579core-libs/javax.namingInconsistent behavior in com.sun.jndi.ldap.Connection::createSocket
13JDK-8328165hotspot/compilerimprove assert(idx < _maxlrg) failed: oob
14JDK-8325432hotspot/compilerenhance assert message "relocation addr must be in this section"
15JDK-8328702hotspot/compilerC2: Crash during parsing because sub type check is not folded
16JDK-8328822hotspot/compilerC2: "negative trip count?" assert failure in profile predicate code
17JDK-8324121hotspot/compilerSIGFPE in PhaseIdealLoop::extract_long_range_checks
18JDK-8322484hotspot/gc22-b26 Regression in J2dBench-bimg_misc-G1 (and more) on Windows-x64 and macOS-x64
19JDK-8329570hotspot/gcG1: Excessive is_obj_dead_cond calls in verification
20JDK-8328166hotspot/gcEpsilon: 'EpsilonHeap::allocate_work' misuses the parameter 'size' as size in bytes
21JDK-8328168hotspot/gcEpsilon: Premature OOM when allocating object larger than uncommitted heap size
22JDK-8329223hotspot/gcParallel: Parallel GC resizes heap even if -Xms = -Xmx
23JDK-8329109hotspot/gcThreads::print_on() tries to print CPU time for terminated GC threads
24JDK-8329528hotspot/gcG1 does not update TAMS correctly when dropping retained regions during Concurrent Start pause
25JDK-8328744hotspot/gcParallel: Parallel GC throws OOM before heap is fully expanded
26JDK-8330275hotspot/gcCrash in XMark::follow_array
27JDK-8329134hotspot/gcReconsider TLAB zapping
28JDK-8326446hotspot/jfrThe User and System of jdk.CPULoad on Apple M1 are inaccurate
29JDK-8326106hotspot/jfrWrite and clear stack trace table outside of safepoint
30JDK-8327059hotspot/runtimeos::Linux::print_proc_sys_info add swappiness information
31JDK-8328589hotspot/runtimeunify os::breakpoint among posix platforms
32JDK-8328997hotspot/runtimeRemove unnecessary template parameter lists in GrowableArray
33JDK-8331942hotspot/runtimeOn Linux aarch64, CDS archives should be using 64K alignment by default
34JDK-8329656hotspot/runtimeassertion failed in MAP_ARCHIVE_MMAP_FAILURE path: Invalid immediate -5 0
35JDK-8329605hotspot/runtimehs errfile generic events - move memory protections and nmethod flushes to separate sections
36JDK-8330464hotspot/runtimehserr generic events - add entry for the before_exit calls
37JDK-8324933hotspot/runtimeConcurrentHashTable::statistics_calculate synchronization is expensive
38JDK-8331714hotspot/runtimeMake OopMapCache installation lock-free
39JDK-8324646security-libs/java.securityAvoid Class.forName in SecureRandom constructor
40JDK-8324648security-libs/java.securityAvoid NoSuchMethodError when instantiating NativePRNG
41JDK-8326643security-libs/java.securityJDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message
42JDK-8261433security-libs/javax.crypto:pkcs11Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
43JDK-8312383security-libs/javax.net.sslLog X509ExtendedKeyManager implementation class name in TLS/SSL connection
44JDK-8329213security-libs/javax.securityBetter validation for com.sun.security.ocsp.useget option