java

JDK 17.0.14 Release Notes

Java Development Kit 17 Release Notes

Java SE 17.0.14 - Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 17.0.14 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

 

Changes in Java SE 17.0.14.0.1

Bug Fixes

Release date: January 21, 2025

Fixes from the prior BPR are included in this version.

Java™ SE Development Kit 17, Update 17.0.14 (JDK 17.0.14)

January 21, 2025

The full version string for this update release is 17.0.14+8 (where "+" means "build"). The version number is 17.0.14. This JDK conforms to version 17.1 of the Java SE Specification (JSR 392 MR 1 2024-07-02).

 

IANA TZ Data 2024b

JDK 17.0.14 contains IANA time zone data 2024b which contains the following changes:

  • Improve historical data for Mexico, Mongolia, and Portugal.
  • System V names are now obsolescent.
  • The main data form now uses %z.
  • The code now conforms to RFC 8536 for early timestamps.
  • Support POSIX.1-2024, which removes asctime_r and ctime_r.

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 17.0.14 are specified in the following table:

Java Family Version Security Baseline (Full Version String)
1717.0.14+8
1111.0.26+7
81.8.0_441-b07

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.14) be used after the next critical patch update scheduled for April 15, 2025.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

 

Other Notes

tools/javac
 Indy String Concat Changes Order of Operations (JDK-8273914)

String concatenation has been changed to evaluate each argument and eagerly convert it to a string, in left-to-right order. This fixes a bug in the invokedynamic-based string concatentation strategies introduced in JEP 280.

For example, the following now prints "foofoobar", not "foobarfoobar":

    StringBuilder builder = new StringBuilder("foo");

    System.err.println("" + builder + builder.append("bar"));

core-libs/java.lang
 ProcessBuilder on Windows Quotes Argument Strings Containing Any Space Character (JDK-8335428 (not public))

On Windows, the ProcessBuilder has expanded the quoting of argument strings when starting a process to ensure they are recognized by the application as a single command argument. The set of space characters has been expanded from space (0x20) to include all space characters as defined by java.lang.Character.isSpaceChar, which includes all Unicode space separator characters, such as EN-SPACE (0x2002), and line separator and paragraph separator characters.

core-libs/java.time
 Support for Time Zone Database 2024b (JDK-8339637)

IANA Time Zone Database has been upgraded to 2024b. This version mainly includes changes to improve historical data for Mexico, Mongolia, and Portugal. It also changes one timestamp abbreviation, for the time zone 'MET'. Also Asia/Choibalsan is now an alias for Asia/Ulaanbaatar.

The new tzdata changes also impact some legacy time zone IDs. As per 2024b changes "EST" links to "America/Panama", "HST" links to "Pacific/Honolulu" and "MST" links to "America/Phoenix". To maintain compatibility with the Java SE specification, the java.time.ZoneId.SHORT_IDS Map has not changed. Further details are available at JDK-8342331

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 17.0.14:

# JBS Component Summary
1JDK-8280132client-libs/java.beansIncorrect comparator com.sun.beans.introspect.MethodInfo.MethodOrder
2JDK-8308152client-libs/java.beansPropertyDescriptor should work with overridden generic getter method
3JDK-8329667client-libs/javax.accessibility[macos] Issue with JTree related fix for JDK-8317771
4JDK-8282578client-libs/javax.soundAIOOBE in javax.sound.sampled.Clip
5JDK-8340812core-libs/java.lang.invokeLambdaForm customization via MethodHandle::updateForm is not thread safe
6JDK-8337066hotspot/compilerRepeated call of StringBuffer.reverse with double byte string returns wrong result
7JDK-8335709hotspot/compilerC2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
8JDK-8315988hotspot/gcParallel: Make TestAggressiveHeap use createTestJvm
9JDK-8338389hotspot/jfr[JFR] Long strings should be added to the string pool
10JDK-8319818hotspot/runtimeAddress GCC 13.2.0 warnings (stringop-overflow and dangling-pointer)
11JDK-8340387hotspot/runtimeUpdate OS detection code to recognize Windows Server 2025
12JDK-8337410hotspot/testThe makefiles should set problemlist and adjust timeout basing on the given VM flags
13JDK-8308872security-libsenhance logging and some exception in krb5/Config.java
14JDK-8328723security-libs/java.securityIP Address error when client enables HTTPS endpoint check on server socket
15JDK-8331864security-libs/java.securityUpdate Public Suffix List to 1cbd6e7
16JDK-8322809tools/jlinkSystemModulesMap::classNames and moduleNames arrays do not match the order