JDK 17.0.12 Release Notes
Java SE 17.0.12 - Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 17.0.12 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Changes in Java SE 17.0.12.0.2
Bug Fixes
Release date: August 16, 2024| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8336107 (not public) | install | JDK rpm upgrade from 11.0.23 to 11.0.25 leaves "orphan" alternatives entry |
Changes in Java SE 17.0.12.0.1
Bug Fixes
July 16, 2024Fixes from the prior BPR are included in this version.
Java™ SE Development Kit 17, Update 17.0.12 (JDK 17.0.12)
Release date: July 16, 2024The full version string for this update release is 17.0.12+8 (where "+" means "build"). The version number is 17.0.12.
IANA TZ Data 2024a
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime at the time of the release of JDK 17.0.12 are specified in the following table:
| Java Family Version | Security Baseline (Full Version String) |
|---|---|
| 17 | 17.0.12+8 |
| 11 | 11.0.24+7 |
| 8 | 8u421-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.12) be used after the next critical patch update scheduled for October 15, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
Availability of Oracle JDK 17 under NFTC
Oracle JDK 17 LTS, released in September 2021, has been permissively licensed under the free Java license and will continue to be so until one year after the subsequent LTS release. Oracle designated Oracle JDK 21, released in September of 2023, as a Long Term Support (LTS) release. Therefore, update releases of Oracle JDK 17 after September of 2024 will switch to the Java SE OTN license, the same license under which we offer updates to Java 8 and 11. Users wishing to receive updates of the Oracle JDK under the free Java license should migrate to Oracle JDK 21.
New Features
-XshowSettings Launcher Option
(JDK-8281658)
The -XshowSettings launcher has a new security category. Settings from security properties, security providers and TLS related settings are displayed with this option. A security sub-category can be passed as an argument to the security category option. See the output from java -X:
-XshowSettings:security
show all security settings and continue
-XshowSettings:security:*sub-category*
show settings for the specified security sub-category and continue. Possible *sub-category* arguments for this option include:
all: show all security settings and continue
properties: show security properties and continue
providers: show static security provider settings and continue
tls: show TLS related security settings and continue
Third party security provider details will be reported if they are included in the application class path or module path and such providers are configured in the java.security file.
Notable Issues Fixed
jpackage May Produce an Inaccurate List of Required Packages on Debian Linux Distros
(JDK-8295111)
Fixed an issue on Debian Linux distros where jpackage could not always build an accurate list of required packages from shared libraries with symbolic links in their paths, causing installations to fail due to missing shared libraries.
Removed Features and Options
Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons, /usr/share/mime, and /usr/share/applications subtrees.
Other Notes
The following root certificates have been added to the cacerts truststore:
+ GlobalSign
+ globalsignr46
DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
+ GlobalSign
+ globalsigne46
DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
DTLS 1.0 has been disabled by default, by adding "DTLSv1.0" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. Any attempts to use DTLSv1.0 will fail with an SSLHandshakeException. Users can, at their own risk, re-enable the version by removing "DTLSv1.0" from the jdk.tls.disabledAlgorithms security property.
RPATH Instead of RUNPATH
(JDK-8326891)
Native executables and libraries on Linux have switched to using RPATH instead of RUNPATH in this release.
JDK native executables and libraries use embedded runtime search paths to locate other internal JDK native libraries. On Linux these can be defined as either RPATH or RUNPATH. The main difference is that the dynamic linker considers RPATH before the LD_LIBRARY_PATH environment variable, while RUNPATH is only considered after LD_LIBRARY_PATH.
By making the change to using RPATH, it is no longer possible to replace JDK internal native libraries using LD_LIBRARY_PATH.
The installation directory name of the Oracle JDK in RPM and DEB packages has changed from /usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH} to /usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}.
Every update release will be installed in a separate directory on Linux platform.
Installers will create a /usr/java/jdk-${FEATURE}-oracle-${ARCH} link pointing to the installation directory to allow programs to find the latest JDK version in the ${FEATURE} release train.
Updates to Third Party Libraries
| Library | New Version | Module | JBS |
|---|---|---|---|
| LCMS | 2.16 | java.desktop | JDK-8321489 |
| Zlib Data Compression Library | 1.3.1 | java.base | JDK-8324632 |
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.12:
| # | JBS | Component | Summary |
|---|---|---|---|
| 1 | JDK-8318854 | client-libs/java.awt | [macos14] Running any AWT app prints Secure coding warning |
| 2 | JDK-8317771 | client-libs/javax.accessibility | [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma |
| 3 | JDK-8296878 | client-libs/javax.swing | Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters |
| 4 | JDK-8322239 | client-libs/javax.swing | [macos] a11y : java.lang.NullPointerException is thrown when focus is moved on the JTabbedPane |
| 5 | JDK-8187759 | client-libs/javax.swing | Background not refreshed when painting over a transparent JFrame |
| 6 | JDK-8320570 | core-libs/java.lang | NegativeArraySizeException decoding >1G UTF8 bytes with non-ascii characters |
| 7 | JDK-8302791 | core-libs/java.lang:class_loading | Add specific ClassLoader object to Proxy IllegalArgumentException message |
| 8 | JDK-8319436 | core-libs/java.lang:reflect | Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader |
| 9 | JDK-8306040 | core-libs/java.net | HttpResponseInputStream.available() returns 1 on empty stream |
| 10 | JDK-8318599 | core-libs/java.net | HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809 |
| 11 | JDK-8292044 | core-libs/java.net | HttpClient doesn't handle 102 or 103 properly |
| 12 | JDK-8263940 | core-libs/java.nio | NPE when creating default file system when default file system provider is packaged as JAR file on class path |
| 13 | JDK-8280113 | core-libs/java.nio | (dc) DatagramSocket.receive does not always throw when the channel is closed |
| 14 | JDK-8318322 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-10-16 |
| 15/td> | JDK-8304761 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-03-22 |
| 16 | JDK-8302512 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-02-14 |
| 17 | JDK-8306031 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-04-13 |
| 18 | JDK-8308021 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-05-11 |
| 19 | JDK-8327631 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2024-03-07 |
| 20 | JDK-8313702 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-08-02 |
| 21 | JDK-8321599 | hotspot/compiler | Data loss in AVX3 Base64 decoding |
| 22 | JDK-8310844 | hotspot/compiler | [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate |
| 23 | JDK-8324050 | hotspot/compiler | Issue store-store barrier after re-materializing objects during deoptimization |
| 24 | JDK-8326638 | hotspot/compiler | Crash in PhaseIdealLoop::remix_address_expressions due to unexpected Region instead of Loop |
| 25 | JDK-8319372 | hotspot/compiler | C2 compilation fails with "Bad immediate dominator info" |
| 26 | JDK-8282414 | hotspot/compiler | x86: Enhance the assembler to generate more compact instructions |
| 27 | JDK-8298129 | hotspot/jfr | Let checkpoint event sizes grow beyond u4 limit |
| 28 | JDK-8298649 | hotspot/jfr | JFR: RemoteRecordingStream support for checkpoint event sizes beyond u4 |
| 29 | JDK-8286740 | hotspot/jfr | JFR: Active Setting event emitted incorrectly |
| 30 | JDK-8326106 | hotspot/jfr | Write and clear stack trace table outside of safepoint |
| 31 | JDK-8298472 | hotspot/runtime | AArch64: Detect Ampere-1 and Ampere-1A CPUs and set default options |
| 32 | JDK-8278241 | hotspot/runtime | Implement JVM SpinPause on linux-aarch64 |
| 33 | JDK-8296437 | hotspot/runtime | NMT incurs costs if disabled |
| 34 | JDK-8327036 | hotspot/runtime | [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 |
| 35 | JDK-8319048 | hotspot/runtime | Monitor deflation unlink phase prolongs time to safepoint |
| 36 | JDK-8324933 | hotspot/runtime | ConcurrentHashTable::statistics_calculate synchronization is expensive |
| 37 | JDK-8296343 | security-libs/java.security | CPVE thrown on missing content-length in OCSP response |
| 38 | JDK-8326643 | security-libs/java.security | JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message |
| 39 | JDK-8312383 | security-libs/javax.net.ssl | Log X509ExtendedKeyManager implementation class name in TLS/SSL connection |
| 40 | JDK-8303809 | security-libs/org.ietf.jgss | Dispose context in SPNEGO NegotiatorImpl |
| 41 | JDK-8294699 | tools/jpackage | Launcher causes lingering busy cursor |
| 42 | JDK-8325203 | tools/jpackage | System.exit(0) kills the launched 3rd party application |