Key:

JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release OpenJDK 18.0.1.1 (2022-04-22):
=============================================
* Other changes
  - JDK-8283350: (tz) Update Timezone Data to 2022a
  - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
  - JDK-8284920: Incorrect Token type causes XPath expression to return incorrect results
  - JDK-8285391: Update the release version for respin April CPU22_04 for release jdk18.0.1.1
  - JDK-8285445: cannot open file "NUL:"
  - JDK-8285454: Update the JBS version for respin of April CPU22_04

Notes on individual issues:
===========================

core-libs/java.io:

JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File
=================================================================================================
The Windows implementation of `java.io.File` allows access to NTFS
Alternate Data Streams (ADS) by default. Such streams have a structure
like “filename:streamname”. A system property `jdk.io.File.enableADS`
has been added to control this behavior. To disable ADS support in
`java.io.File`, the system property `jdk.io.File.enableADS` should be
set to `false` (case ignored). Stricter path checking however prevents
the use of special devices such as `NUL:`

New in release OpenJDK 18.0.1 (2022-04-19):
===========================================
Live versions of these release notes can be found at:
  * https://builds.shipilev.net/backports-monitor/release-notes-18.0.1.txt

* Security fixes
  - JDK-8269938: Enhance XML processing passes redux
  - JDK-8270504, CVE-2022-21426: Better XPath expression handling
  - JDK-8272255: Completely handle MIDI files
  - JDK-8272261: Improve JFR recording file processing
  - JDK-8272588: Enhanced recording parsing
  - JDK-8272594: Better record of recordings
  - JDK-8274221: More definite BER encodings
  - JDK-8275151, CVE-2022-21443: Improved Object Identification
  - JDK-8277227: Better identification of OIDs
  - JDK-8277233, CVE-2022-21449: Improve ECDSA signature support
  - JDK-8277672, CVE-2022-21434: Better invocation handler handling
  - JDK-8278356: Improve file creation
  - JDK-8278449: Improve keychain support
  - JDK-8278798: Improve supported intrinsic
  - JDK-8278805: Enhance BMP image loading
  - JDK-8278972, CVE-2022-21496: Improve URL supports
  - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
* Other changes
  - JDK-8258814: Compilation logging crashes for thread suspension / debugging tests
  - JDK-8267341: macos attempt_reserve_memory_at(arg1, arg2, true) failure
  - JDK-8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled
  - JDK-8273139: C2: assert(f <= 1 && f >= 0) failed: Incorrect frequency
  - JDK-8274751: Drag And Drop hangs on Windows
  - JDK-8276819: javax/print/PrintServiceLookup/FlushCustomClassLoader.java fails to free
  - JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations
  - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
  - JDK-8277795: ldap connection timeout not honoured under contention
  - JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method
  - JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
  - JDK-8278472: Invalid value set to CANDIDATEFORM structure
  - JDK-8278851: Correct signer logic for jars signed with multiple digestalgs
  - JDK-8278869: Bump version numbers for OPENJDK 18.0.1
  - JDK-8279223: Define version in .jcheck/conf
  - JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
  - JDK-8279412: [JVMCI] failed speculations list must outlive any nmethod that refers to it
  - JDK-8279437: [JVMCI] exception in HotSpotJVMCIRuntime.translate can exit the VM
  - JDK-8279445: Update JMH devkit to 1.34
  - JDK-8280123: C2: Infinite loop in CMoveINode::Ideal during IGVN
  - JDK-8280414: Memory leak in DefaultProxySelector
  - JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
  - JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound
  - JDK-8280785: change milestone to fcs for releases: jdk-11.0.15, jdk-17.0.3, jdk-18.0.1
  - JDK-8280910: Update openjdk project in jcheck to "jdk-updates" for jdk18u
  - JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
  - JDK-8281093: Violating Attribute-Value Normalization in the XML specification 1.0
  - JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
  - JDK-8281262: Windows builds in different directories are not fully reproducible
  - JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths
  - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
  - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character

New in release OpenJDK 18.0.0 (2022-03-22):
===========================================
Major changes are listed below.  Some changes may have been backported
to earlier releases following their first appearance in OpenJDK 18.

The full list of changes in 18u can be found at:
-  * https://builds.shipilev.net/backports-monitor/release-notes-18.txt

NEW FEATURES
============

Language Features
=================

Pattern Matching for switch
===========================
https://openjdk.org/jeps/406
https://openjdk.org/jeps/420

Enhance the Java programming language with pattern matching for
`switch` expressions and statements, along with extensions to the
language of patterns. Extending pattern matching to `switch` allows an
expression to be tested against a number of patterns, each with a
specific action, so that complex data-oriented queries can be
expressed concisely and safely.

This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 17 (JEP 406) and sees a second preview in OpenJDK 18 (JEP
420).

Library Features
================

UTF-8 by Default
================
https://openjdk.org/jeps/400

Specify UTF-8 as the default charset of the standard Java APIs. With
this change, APIs that depend upon the default charset will behave
consistently across all implementations, operating systems, locales,
and configurations.

Reimplement Core Reflection with Method Handles
===============================================
https://openjdk.org/jeps/416

Reimplement java.lang.reflect.Method, Constructor, and Field on top of
java.lang.invoke method handles. Making method handles the underlying
mechanism for reflection will reduce the maintenance and development
cost of both the java.lang.reflect and java.lang.invoke APIs.

Vector API
==========
https://openjdk.org/jeps/338
https://openjdk.org/jeps/414
https://openjdk.org/jeps/417

Provide an initial iteration of an incubator module,
`jdk.incubator.vector`, to express vector computations that reliably
compile at runtime to optimal vector hardware instructions on
supported CPU architectures and thus achieve superior performance to
equivalent scalar computations.

This is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 16 (JEP 338). A second round of incubation took
place in OpenJDK 17 (JEP 414) and OpenJDK 18 (JEP 417) sees a third.

Internet-Address Resolution SPI
===============================
https://openjdk.org/jeps/418

Define a service-provider interface (SPI) for host name and address
resolution, so that java.net.InetAddress can make use of resolvers
other than the platform's built-in resolver.

Foreign Function & Memory API
=============================
https://openjdk.org/jeps/412
https://openjdk.org/jeps/419

Introduce an API by which Java programs can interoperate with code and
data outside of the Java runtime. By efficiently invoking foreign
functions (i.e., code outside the JVM), and by safely accessing
foreign memory (i.e., memory not managed by the JVM), the API enables
Java programs to call native libraries and process native data without
the brittleness and danger of JNI.

This API is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 17 (JEP 412), and is an evolution of the Foreign
Memory Access API (OpenJDK 14 through 16) and Foreign Linker API
(OpenJDK 16) (see release notes for java-17-openjdk). OpenJDK 18 sees
a second round of incubation (JEP 419).

Tools
=====

Simple Web Server
=================
https://openjdk.org/jeps/408

Provide a command-line tool, `jwebserver`, to start a minimal web
server that serves static files only. No CGI or servlet-like
functionality is available. This tool will be useful for prototyping,
ad-hoc coding, and testing purposes, particularly in educational
contexts.

Code Snippets in Java API Documentation
=======================================
https://openjdk.org/jeps/413

Introduce an @snippet tag for JavaDoc's Standard Doclet, to simplify
the inclusion of example source code in API documentation.

DEPRECATIONS
============

Deprecate Finalization for Removal
==================================
https://openjdk.org/jeps/421

Deprecate finalization for removal in a future release. Finalization
remains enabled by default for now, but can be disabled to facilitate
early testing. In a future release it will be disabled by default, and
in a later release it will be removed. Maintainers of libraries and
applications that rely upon finalization should consider migrating to
other resource management techniques such as the try-with-resources
statement and cleaners.