Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release OpenJDK 21.0.1 (2023-10-17): =========================================== * CVEs - CVE-2023-22081 - CVE-2023-22025 * Security fixes - JDK-8286503, JDK-8312367: Enhance security classes - JDK-8296581: Better system proxy support - JDK-8297856: Improve handling of Bidi characters - JDK-8309966: Enhanced TLS connections - JDK-8312248: Enhanced archival support redux - JDK-8314649: Enhanced archival support redux - JDK-8317121: vector_masked_load instruction is moved too early after JDK-8286941 * Other changes - JDK-8240567: MethodTooLargeException thrown while creating a jlink image - JDK-8284772: GHA: Use GCC Major Version Dependencies Only - JDK-8293114: JVM should trim the native heap - JDK-8299658: C1 compilation crashes in LinearScan::resolve_exception_edge - JDK-8302017: Allocate BadPaddingException only if it will be thrown - JDK-8303815: Improve Metaspace test speed - JDK-8304954: SegmentedCodeCache fails when using large pages - JDK-8307766: Linux: Provide the option to override the timer slack - JDK-8308042: [macos] Developer ID Application Certificate not picked up by jpackage if it contains UNICODE characters - JDK-8308047: java/util/concurrent/ScheduledThreadPoolExecutor/BasicCancelTest.java timed out and also had jcmd pipe errors - JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError - JDK-8308474: DSA does not reset SecureRandom when initSign is called again - JDK-8308609: java/lang/ScopedValue/StressStackOverflow.java fails with "-XX:-VMContinuations" - JDK-8309032: jpackage does not work for module projects unless --module-path is specified - JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails - JDK-8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154 - JDK-8309475: Test java/foreign/TestByteBuffer.java fails: a problem with msync (aix) - JDK-8309502: RISC-V: String.indexOf intrinsic may produce misaligned memory loads - JDK-8309591: Socket.setOption(TCP_QUICKACK) uses wrong level - JDK-8309746: Reconfigure check should include make/conf/version-numbers.conf - JDK-8309889: [s390] Missing return statement after calling jump_to_native_invoker method in generate_method_handle_dispatch. - JDK-8310106: sun.security.ssl.SSLHandshake.getHandshakeProducer() incorrectly checks handshakeConsumers - JDK-8310171: Bump version numbers for 21.0.1 - JDK-8310211: serviceability/jvmti/thread/GetStackTrace/getstacktr03/getstacktr03.java failing - JDK-8310233: Fix THP detection on Linux - JDK-8310268: RISC-V: misaligned memory access in String.Compare intrinsic - JDK-8310321: make JDKOPT_CHECK_CODESIGN_PARAMS more verbose - JDK-8310586: ProblemList java/lang/ScopedValue/StressStackOverflow.java#default with virtual threads on linux-all - JDK-8310687: JDK-8303215 is incomplete - JDK-8310873: Re-enable locked_create_entry symbol check in runtime/NMT/CheckForProperDetailStackTrace.java for RISC-V - JDK-8311026: Some G1 specific tests do not set -XX:+UseG1GC - JDK-8311033: [macos] PrinterJob does not take into account Sides attribute - JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem - JDK-8311249: Remove unused MemAllocator::obj_memory_range - JDK-8311285: report some fontconfig related environment variables in hs_err file - JDK-8311511: Improve description of NativeLibrary JFR event - JDK-8311592: ECKeySizeParameterSpec causes too many exceptions on third party providers - JDK-8311682: Change milestone to fcs for all releases - JDK-8311862: RISC-V: small improvements to shift immediate instructions - JDK-8311917: MAP_FAILED definition seems to be obsolete in src/java.desktop/unix/native/common/awt/fontpath.c - JDK-8311921: Inform about MaxExpectedDataSegmentSize in case of pthread_create failures on AIX - JDK-8311923: TestIRMatching.java fails on RISC-V - JDK-8311926: java/lang/ScopedValue/StressStackOverflow.java takes 9mins in tier1 - JDK-8311955: c++filt is now ibm-llvm-cxxfilt when using xlc17 / clang on AIX - JDK-8311981: Test gc/stringdedup/TestStringDeduplicationAgeThreshold.java#ZGenerational timed out - JDK-8312127: FileDescriptor.sync should temporarily increase parallelism - JDK-8312180: (bf) MappedMemoryUtils passes incorrect arguments to msync (aix) - JDK-8312182: THPs cause huge RSS due to thread start timing issue - JDK-8312394: [linux] SIGSEGV if kernel was built without hugepage support - JDK-8312395: Improve assertions in growableArray - JDK-8312401: SymbolTable::do_add_if_needed hangs when called in InstanceKlass::add_initialization_error path with requesting length exceeds max_symbol_length - JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar - JDK-8312525: New test runtime/os/TestTrimNative.java#trimNative is failing: did not see the expected RSS reduction - JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException - JDK-8312555: Ideographic characters aren't stretched by AffineTransform.scale(2, 1) - JDK-8312573: Failure during CompileOnly parsing leads to ShouldNotReachHere - JDK-8312585: Rename DisableTHPStackMitigation flag to THPStackMitigation - JDK-8312591: GCC 6 build failure after JDK-8280982 - JDK-8312619: Strange error message when switching over long - JDK-8312620: WSL Linux build crashes after JDK-8310233 - JDK-8312625: Test serviceability/dcmd/vm/TrimLibcHeapTest.java failed: RSS use increased - JDK-8312909: C1 should not inline through interface calls with non-subtype receiver - JDK-8312976: MatchResult produces StringIndexOutOfBoundsException for groups outside match - JDK-8312984: javac may crash on a record pattern with too few components - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 - JDK-8313248: C2: setScopedValueCache intrinsic exposes nullptr pre-values to store barriers - JDK-8313262: C2: Sinking node may cause required cast to be dropped - JDK-8313307: java/util/Formatter/Padding.java fails on some Locales - JDK-8313312: Add missing classpath exception copyright header - JDK-8313323: javac -g on a java file which uses unnamed variable leads to ClassFormatError when launching that class - JDK-8313402: C1: Incorrect LoadIndexed value numbering - JDK-8313428: GHA: Bump GCC versions for July 2023 updates - JDK-8313576: GCC 7 reports compiler warning in bundled freetype 2.13.0 - JDK-8313602: increase timeout for jdk/classfile/CorpusTest.java - JDK-8313626: C2 crash due to unexpected exception control flow - JDK-8313657: com.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors - JDK-8313676: Amend TestLoadIndexedMismatch test to target intrinsic directly - JDK-8313678: SymbolTable can leak Symbols during cleanup - JDK-8313691: use close after failing os::fdopen in vmError and ciEnv - JDK-8313701: GHA: RISC-V should use the official repository for bootstrap - JDK-8313707: GHA: Bootstrap sysroots with --variant=minbase - JDK-8313752: InstanceKlassFlags::print_on doesn't print the flag names - JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) - JDK-8313796: AsyncGetCallTrace crash on unreadable interpreter method pointer - JDK-8313874: JNI NewWeakGlobalRef throws exception for null arg - JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/CodeCacheFullCountTest.java fails with java.lang.VirtualMachineError - JDK-8313904: [macos] All signing tests which verifies unsigned app images are failing - JDK-8314020: Print instruction blocks in byte units - JDK-8314024: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info - JDK-8314063: The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection - JDK-8314117: RISC-V: Incorrect VMReg encoding in RISCV64Frame.java - JDK-8314118: Update JMH devkit to 1.37 - JDK-8314139: TEST_BUG: runtime/os/THPsInThreadStackPreventionTest.java could fail on machine with large number of cores - JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp - JDK-8314216: Case enumConstant, pattern compilation fails - JDK-8314262: GHA: Cut down cross-compilation sysroots deeper - JDK-8314423: Multiple patterns without unnamed variables - JDK-8314426: runtime/os/TestTrimNative.java is failing on slow machines - JDK-8314501: Shenandoah: sun/tools/jhsdb/heapconfig/JMapHeapConfigTest.java fails - JDK-8314517: some tests fail in case ipv6 is disabled on the machine - JDK-8314618: RISC-V: -XX:MaxVectorSize does not work as expected - JDK-8314656: GHA: No need for Debian ports keyring installation after JDK-8313701 - JDK-8314679: SA fails to properly attach to JVM after having just detached from a different JVM - JDK-8314730: GHA: Drop libfreetype6-dev transitional package in favor of libfreetype-dev - JDK-8314850: SharedRuntime::handle_wrong_method() gets called too often when resolving Continuation.enter - JDK-8314960: Add Certigna Root CA - 2 - JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. - JDK-8315051: jdk/jfr/jvm/TestGetEventWriter.java fails with non-JVMCI GCs - JDK-8315534: Incorrect warnings about implicit annotation processing Notes on individual issues: =========================== core-libs/java.util.jar: JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) ===================================================================== Additional validity checks in the handling of Zip64 files, JDK-8302483, introduced in 21.0.0, caused the use of some valid zip files to now fail with the error, `Invalid CEN header (invalid zip64 extra data field size)` This release, 21.0.1, allows for zero length headers and additional padding produced by some Zip64 creation tools. The following third party tools have also released patches to better adhere to the ZIP File Format Specification: * Apache Commons Compress fix for Empty CEN Zip64 Extra Headers fixed in Commons Compress release 1.11 * Apache Ant fix for Empty CEN Zip64 Extra Headers fixed in Ant 1.10.14 * BND issue with writing invalid Extra Headers fixed in BND 5.3 The maven-bundle-plugin 5.1.5 includes the BND 5.3 patch. If these improved validation checks cause issues for deployed zip or jar files, check how the file was created and whether patches are available from the generating software to resolve the issue. With both JDK releases, the checks can be disabled by setting the new system property, `jdk.util.zip.disableZip64ExtraFieldValidation` to `true`. hotspot/runtime: JDK-8311981: JVM May Hang When Using Generational ZGC if a VM Handshake Stalls on Memory ======================================================================================== The JVM can hang under an uncommon condition that involves the JVM running out of heap memory, the GC just starting a relocation phase to reclaim memory, and a JVM thread-local Handshake asking to relocate an object. This potential deadlock should now be avoided in this release. core-libs/java.util.regex: JDK-8312976: `java.util.regex.MatchResult` Might Throw `StringIndexOutOfBoundsException` on Regex Patterns Containing Lookaheads and Lookbehinds ================================================================================================================================================ JDK-8132995 introduced an unintended regression when using instances returned by `java.util.regex.Matcher.toMatchResult()`. This regression happens with a `java.util.regex.Pattern`s containing lookaheads and lookbehinds that, in turn, contain groups. If these are located outside the match, a `StringIndexOutOfBoundsException` is thrown when accessing these groups. See JDK-8312976 for an example. The issue is resolved in this release by calculating a minimum start location as part of the match result and using this in constructing String objects, rather than the location of the first match. JDK-8314960: Added Certigna Root CA Certificate =============================================== The following root certificate has been added to the cacerts truststore: Name: Certigna (Dhimyotis) Alias Name: certignarootca Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR JDK-8312489: Increase Default Value of the System Property `jdk.jar.maxSignatureFileSize` ========================================================================================= A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 21.0.0 release of OpenJDK by JDK-8300596 to control the maximum size of signature files in a signed JAR. The default value of 8MB proved to be too small for some JAR files. This release, 21.0.1, increases it to 16MB. New in release OpenJDK 21.0.0 (2023-09-XX): =========================================== Major changes are listed below. Some changes may have been backported to earlier releases following their first appearance in OpenJDK 18 through to 21. NEW FEATURES ============ Language Features ================= Pattern Matching for switch =========================== https://openjdk.org/jeps/406 https://openjdk.org/jeps/420 https://openjdk.org/jeps/427 https://openjdk.org/jeps/433 https://openjdk.org/jeps/441 Enhance the Java programming language with pattern matching for `switch` expressions and statements, along with extensions to the language of patterns. Extending pattern matching to `switch` allows an expression to be tested against a number of patterns, each with a specific action, so that complex data-oriented queries can be expressed concisely and safely. This was a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 17 (JEP 406), which saw a second preview in OpenJDK 18 (JEP 420), a third in OpenJDK 19 (JEP 427) and a fourth (JEP 427) in OpenJDK 20. It became final with OpenJDK 21 (JEP 441). Record Patterns =============== https://openjdk.org/jeps/405 https://openjdk.org/jeps/432 https://openjdk.org/jeps/440 Enhance the Java programming language with record patterns to deconstruct record values. Record patterns and type patterns can be nested to enable a powerful, declarative, and composable form of data navigation and processing. This was a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 19 (JEP 405) with a second preview (JEP 432) in OpenJDK 20. It became final with OpenJDK 21 (JEP 440). String Templates ================ https://openjdk.org/jeps/430 Enhance the Java programming language with string templates. String templates complement Java's existing string literals and text blocks by coupling literal text with embedded expressions and template processors to produce specialized results. This is a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 21 (JEP 430). Unnamed Patterns and Variables ============================== https://openjdk.org/jeps/443 Enhance the Java language with unnamed patterns, which match a record component without stating the component's name or type, and unnamed variables, which can be initialized but not used. Both are denoted by an underscore character, _. This is a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 21 (JEP 443). Unnamed Classes and Instance Main Methods (Preview) =================================================== https://openjdk.org/jeps/445 Evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs. Far from using a separate dialect of Java, students can write streamlined declarations for single-class programs and then seamlessly expand their programs to use more advanced features as their skills grow. This is a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 21 (JEP 445). Library Features ================ UTF-8 by Default ================ https://openjdk.org/jeps/400 Specify UTF-8 as the default charset of the standard Java APIs. With this change, APIs that depend upon the default charset will behave consistently across all implementations, operating systems, locales, and configurations. Reimplement Core Reflection with Method Handles =============================================== https://openjdk.org/jeps/416 Reimplement java.lang.reflect.Method, Constructor, and Field on top of java.lang.invoke method handles. Making method handles the underlying mechanism for reflection will reduce the maintenance and development cost of both the java.lang.reflect and java.lang.invoke APIs. Vector API ========== https://openjdk.org/jeps/338 https://openjdk.org/jeps/414 https://openjdk.org/jeps/417 https://openjdk.org/jeps/426 https://openjdk.org/jeps/438 https://openjdk.org/jeps/448 Introduce an API to express vector computations that reliably compile at runtime to optimal vector hardware instructions on supported CPU architectures and thus achieve superior performance to equivalent scalar computations. This is an incubation feature (https://openjdk.java.net/jeps/11) introduced in OpenJDK 16 (JEP 338). A second round of incubation took place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third, OpenJDK 19 a fourth (JEP 426), OpenJDK 20 (JEP 438) a fifth and OpenJDK 21 a sixth (JEP 448). Internet-Address Resolution SPI =============================== https://openjdk.org/jeps/418 Define a service-provider interface (SPI) for host name and address resolution, so that java.net.InetAddress can make use of resolvers other than the platform's built-in resolver. Foreign Function & Memory API ============================= https://openjdk.org/jeps/412 https://openjdk.org/jeps/419 https://openjdk.org/jeps/424 https://openjdk.org/jeps/434 https://openjdk.org/jeps/442 Introduce an API by which Java programs can interoperate with code and data outside of the Java runtime. By efficiently invoking foreign functions (i.e., code outside the JVM), and by safely accessing foreign memory (i.e., memory not managed by the JVM), the API enables Java programs to call native libraries and process native data without the brittleness and danger of JNI. This API is now a preview feature (http://openjdk.java.net/jeps/12). It was first introduced in incubation (https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and Foreign Linker API (OpenJDK 16) (see release notes for java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP 419) before its inclusion as a preview in OpenJDK 19 (JEP 424) and a second in OpenJDK 20 (JEP 434). It reaches a third preview in OpenJDK 21 (JEP 442). Virtual Threads =============== https://openjdk.org/jeps/425 https://openjdk.org/jeps/436 https://openjdk.org/jeps/444 Introduce virtual threads to the Java Platform. Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. This was a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20 (JEP 436). It became final with OpenJDK 21 (JEP 444). Structured Concurrency ====================== https://openjdk.org/jeps/428 https://openjdk.org/jeps/437 https://openjdk.org/jeps/453 Simplify multithreaded programming by introducing an API for structured concurrency. Structured concurrency treats multiple tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability. This API is now a preview feature (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP 453). It was first introduced in incubation (https://openjdk.java.net/jeps/11) in OpenJDK 19 (JEP 428) and had a second round of incubation in OpenJDK 20 (JEP 437). Scoped Values ============= https://openjdk.org/jeps/429 Introduce scoped values, which enable the sharing of immutable data within and across threads. They are preferred to thread-local variables, especially when using large numbers of virtual threads. This API is now a preview feature (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP 429). It was first introduced in incubation (https://openjdk.java.net/jeps/11) in OpenJDK 20 (JEP 429). Sequenced Collections ===================== https://openjdk.org/jeps/431 Introduce new interfaces to represent collections with a defined encounter order. Each such collection has a well-defined first element, second element, and so forth, up to the last element. It also provides uniform APIs for accessing its first and last elements, and for processing its elements in reverse order. Key Encapsulation Mechanism API =============================== https://openjdk.org/jeps/452 Introduce an API for key encapsulation mechanisms (KEMs), an encryption technique for securing symmetric keys using public key cryptography. Virtual Machine Enhancements ============================ Generational ZGC ================ https://openjdk.org/jeps/439 Improve application performance by extending the Z Garbage Collector (ZGC) to maintain separate generations for young and old objects. This will allow ZGC to collect young objects — which tend to die young — more frequently. Tools ===== Simple Web Server ================= https://openjdk.org/jeps/408 Provide a command-line tool, `jwebserver`, to start a minimal web server that serves static files only. No CGI or servlet-like functionality is available. This tool will be useful for prototyping, ad-hoc coding, and testing purposes, particularly in educational contexts. Code Snippets in Java API Documentation ======================================= https://openjdk.org/jeps/413 Introduce an @snippet tag for JavaDoc's Standard Doclet, to simplify the inclusion of example source code in API documentation. Ports ===== Linux/RISC-V Port ================= https://openjdk.org/jeps/422 RISC-V is a free and open-source RISC instruction set architecture (ISA) designed originally at the University of California, Berkeley, and now developed collaboratively under the sponsorship of RISC-V International. It is already supported by a wide range of language toolchains. With the increasing availability of RISC-V hardware, a port of the JDK would be valuable. DEPRECATIONS ============ Deprecate Finalization for Removal ================================== https://openjdk.org/jeps/421 Deprecate finalization for removal in a future release. Finalization remains enabled by default for now, but can be disabled to facilitate early testing. In a future release it will be disabled by default, and in a later release it will be removed. Maintainers of libraries and applications that rely upon finalization should consider migrating to other resource management techniques such as the try-with-resources statement and cleaners. Deprecate the Windows 32-bit x86 Port for Removal ================================================= https://openjdk.org/jeps/449 Deprecate the Windows 32-bit x86 port, with the intent to remove it in a future release. Prepare to Disallow the Dynamic Loading of Agents ================================================= https://openjdk.org/jeps/451 Issue warnings when agents are loaded dynamically into a running JVM. These warnings aim to prepare users for a future release which disallows the dynamic loading of agents by default in order to improve integrity by default. Serviceability tools that load agents at startup will not cause warnings to be issued in any release.