JDK 17.0.5 Release Notes
Java SE 17.0.5 - Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 17.0.5 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Changes in Java SE 17.0.5.0.1
Bug Fixes
| BugId | Category | Subcategory | Description |
|---|---|---|---|
| JDK-8291973 | install | install | Java RPMs Are Built with Older RPM and Thus Do Not Contain Some Necessary Hash |
| JDK-8294357 | core-libs | java.time | (tz) Update Timezone Data to 2022d |
Java™ SE Development Kit 17.0.5 (JDK 17.0.5)
October 18, 2022
The full version string for this update release is 17.0.5+9 (where "+" means "build"). The version number is 17.0.5.
IANA TZ Data 2022b, 2022c
JDK 17.0.5 contains IANA time zone data 2022b, 2022c.
- Chile's DST is delayed by a week in September 2022.
- Iran no longer observes DST after 2022.
- Rename Europe/Kiev to Europe/Kyiv.
- New zic -R option
- Vanguard form now uses %z.
- Finish moving duplicate-since-1970 zones to 'backzone'.
- New build option PACKRATLIST.
- New tailored_tarballs target, replacing rearguard_tarballs.
- Work around awk bug in FreeBSD, macOS, etc.
- Improve tzselect on intercontinental Zones.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.5 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 17 | 17.0.5+9 |
| 11 | 11.0.17+10 |
| 8 | 8u351-b10 |
| 7 | 7u361-b08 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.5) be used after the next critical patch update scheduled for January 17, 2023.
Other Notes
JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked. These restrictions also apply to signed JCE providers.
To reduce the compatibility risk for JARs that have been previously timestamped, there is one exception to this policy:
- Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.
This exception may be removed in a future JDK release. To determine if your signed JARs are affected by this change, run jarsigner -verify -verbose -certs on the signed JAR, and look for instances of "SHA1" or "SHA-1" and "disabled" and a warning that the JAR will be treated as unsigned in the output.
For example:
- Signed by "CN="Signer""
Digest algorithm: SHA-1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 2048-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
JARs affected by these new restrictions should be replaced or re-signed with stronger algorithms.
Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or override it by using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.
Two system properties have been added which control the keep alive behavior of HttpURLConnection in the case where the server does not specify a keep alive time. Two properties are defined for controlling connections to servers and proxies separately. They are http.keepAlive.time.server and http.keepAlive.time.proxy respectively. More information about them can be found in Networking Properties.
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone data. All time zone IDs remain the same but the merged time zones will point to a shared zone data.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b.
A new system property named jdk.httpserver.maxConnections has been introduced to allow users to configure the com.sun.net.httpserver.HttpServer to limit the maximum number of open connections to the server at any given time. This system property takes an integer value and can be configured to be a positive integer. If the property is absent, set to 0, or a negative value, the server will not limit the number of open connections. By default, this system property is not set.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 17.0.5:
| # | JBS | Component | Summary |
|---|---|---|---|
| 1 | JDK-8285686 | client-libs/2d | Update FreeType to 2.12.0 |
| 2 | JDK-8264666 | client-libs/2d | Change implementation of safeAdd/safeMult in the LCMSImageLayout class |
| 3 | JDK-8289853 | client-libs/2d | Update HarfBuzz to 4.4.1 |
| 4 | JDK-8290334 | client-libs/2d | Update FreeType to 2.12.1 |
| 5 | JDK-8274939 | client-libs/java.awt | Incorrect size of the pixel storage is used by the robot on macOS |
| 6 | JDK-8273506 | client-libs/java.awt | java Robot API did the 'm' keypress and caused /awt/event/KeyEvent/KeyCharTest/KeyCharTest.html is timing out on macOS 12 |
| 7 | JDK-8255439 | client-libs/java.awt | System Tray icons get corrupted when Windows scaling changes |
| 8 | JDK-8287740 | client-libs/javax.accessibility | NSAccessibilityShowMenuAction not working for text editors |
| 9 | JDK-8284690 | client-libs/javax.accessibility | [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox |
| 10 | JDK-8284014 | client-libs/javax.accessibility | Menu items with submenus in JPopupMenu are not spoken on macOS |
| 11 | JDK-8277497 | client-libs/javax.accessibility | Last column cell in the JTable row is read as empty cell |
| 12 | JDK-8278609 | client-libs/javax.accessibility | [macos] accessibility frame is misplaced on a secondary monitor on macOS |
| 13 | JDK-8283383 | client-libs/javax.accessibility | [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name |
| 14 | JDK-8286266 | client-libs/javax.accessibility | [macos] VoiceOver : Moving JTable column to be the first column JVM crashes |
| 15 | JDK-8287917 | core-libs/java.lang:class_loading | System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier |
| 16 | JDK-8281183 | core-libs/java.util | RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950 |
| 17 | JDK-8280950 | core-libs/java.util | RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix |
| 18 | JDK-8288769 | core-libs/java.util.jar | Revert unintentional change to deflate.c |
| 19 | JDK-8283277 | core-libs/java.util:i18n | ISO 4217 Amendment 171 Update |
| 20 | JDK-8289549 | core-libs/java.util:i18n | ISO 4217 Amendment 172 Update |
| 21 | JDK-8276990 | core-svc/debugger | Memory leak in invoker.c fillInvokeRequest() during JDI operations |
| 22 | JDK-8281615 | core-svc/debugger | Deadlock caused by jdwp agent |
| 23 | JDK-8284094 | core-svc/debugger | Memory leak in invoker_completeInvokeRequest() |
| 24 | JDK-8284848 | hotspot/compiler | C2: Compiler blackhole arguments should be treated as globally escaping |
| 25 | JDK-8282467 | hotspot/compiler | add extra diagnostics for JDK-8268184 |
| 26 | JDK-8284883 | hotspot/compiler | JVM crash: guarantee(sect->end() <= sect->limit()) failed: sanity on AVX512 |
| 27 | JDK-8285923 | hotspot/compiler | [REDO] JDK-8285802 AArch64: Consistently handle offsets in MacroAssembler as 64-bit quantities |
| 28 | JDK-8282555 | hotspot/compiler | Missing memory edge when spilling MoveF2I, MoveD2L etc |
| 29 | JDK-8286638 | hotspot/compiler | C2: CmpU needs to do more precise over/underflow analysis |
| 30 | JDK-8288303 | hotspot/compiler | C1: Miscompilation due to broken Class.getModifiers intrinsic |
| 31 | JDK-8270090 | hotspot/compiler | C2: LCM may prioritize CheckCastPP nodes over projections |
| 32 | JDK-8280696 | hotspot/compiler | C2 compilation hits assert(is_dominator(c, n_ctrl)) failed |
| 33 | JDK-8285820 | hotspot/compiler | C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090 |
| 34 | JDK-8287091 | hotspot/compiler | aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn |
| 35 | JDK-8287396 | hotspot/compiler | LIR_Opr::vreg_number() and data() can return negative number |
| 36 | JDK-8286625 | hotspot/compiler | C2 fails with assert(!n->is_Store() && !n->is_LoadStore()) failed: no node with a side effect |
| 37 | JDK-8288467 | hotspot/compiler | remove memory_operand assert for spilled instructions |
| 38 | JDK-8276546 | hotspot/compiler | [IR Framework] Whitelist and ignore CompileThreshold |
| 39 | JDK-8279622 | hotspot/compiler | C2: miscompilation of map pattern as a vector reduction |
| 40 | JDK-8286177 | hotspot/compiler | C2: "failed: non-reduction loop contains reduction nodes" assert failure |
| 41 | JDK-8284944 | hotspot/compiler | assert(cnt++ < 40) failed: infinite cycle in loop optimization |
| 42 | JDK-8287223 | hotspot/compiler | C1: Inlining attempt through MH::invokeBasic() with null receiver |
| 43 | JDK-8272736 | hotspot/compiler | [JVMCI] Add API for reading and writing JVMCI thread locals |
| 44 | JDK-8284358 | hotspot/compiler | Unreachable loop is not removed from C2 IR, leading to a broken graph |
| 45 | JDK-8288360 | hotspot/compiler | CI: ciInstanceKlass::implementor() is not consistent for well-known classes |
| 46 | JDK-8288781 | hotspot/compiler | C1: LIR_OpVisitState::maxNumberOfOperands too small |
| 47 | JDK-8287432 | hotspot/compiler | C2: assert(tn->in(0) != __null) failed: must have live top node |
| 48 | JDK-8283441 | hotspot/compiler | C2: segmentation fault in ciMethodBlocks::make_block_at(int) |
| 49 | JDK-8289127 | hotspot/compiler | Apache Lucene triggers: DEBUG MESSAGE: duplicated predicate failed which is impossible |
| 50 | JDK-8286314 | hotspot/compiler | Trampoline not created for far runtime targets outside small CodeCache |
| 51 | JDK-8281297 | hotspot/gc | TestStressG1Humongous fails with guarantee(is_range_uncommitted) |
| 52 | JDK-8283597 | hotspot/jvmti | [REDO] Invalid generic signature for redefined classes |
| 53 | JDK-8278753 | hotspot/runtime | Runtime crashes with access violation during JNI_CreateJavaVM call |
| 54 | JDK-8283469 | hotspot/runtime | Don't use memset to initialize members in FileMapInfo and fix memory leak |
| 55 | JDK-8268773 | hotspot/runtime | Improvements related to: Failed to start thread - pthread_create failed (EAGAIN) |
| 56 | JDK-8289477 | hotspot/runtime | Memory corruption with CPU_ALLOC, CPU_FREE on muslc |
| 57 | JDK-8289799 | hotspot/runtime | Build warning in methodData.cpp memset zero-length parameter |
| 58 | JDK-8290417 | hotspot/runtime | CDS cannot archive lamda proxy with useImplMethodHandle |
| 59 | JDK-8287107 | hotspot/runtime | CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller |
| 60 | JDK-8287741 | hotspot/runtime | Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete |
| 61 | JDK-8283723 | infrastructure | Update Visual Studio 2022 to version 17.1.0 for Oracle builds on Windows |
| 62 | JDK-8275887 | security-libs/java.security | jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled |
| 63 | JDK-8281628 | security-libs/javax.crypto | KeyAgreement : generateSecret intermittently not resetting |
| 64 | JDK-8284694 | security-libs/javax.net.ssl | Avoid evaluating SSLAlgorithmConstraints twice |
| 65 | JDK-8286211 | security-libs/javax.smartcardio | Update PCSC-Lite for SUSE Linux to 1.9.5 |
| 66 | JDK-8285398 | security-libs/jdk.security | Cache the results of constraint checks |
| 67 | JDK-8155701 | tools/javac | The compiler fails with an AssertionError: typeSig ERROR |
| 68 | JDK-8281316 | tools/javac | javac performance issues with large number of jars on classpath |
| 69 | JDK-8282214 | tools/javadoc(tool) | Upgrade JQuery to version 3.6.0 |
| 70 | JDK-8284367 | tools/javadoc(tool) | JQuery UI upgrade from 1.12.1 to 1.13.1 |
| 71 | JDK-8277494 | tools/jpackage | [BACKOUT] JDK-8276150 Quarantined jpackage apps are labeled as "damaged" |
| 72 | JDK-8284675 | tools/jpackage | "jpackage.exe" creates application launcher without Windows Application Manfiest |
| 73 | JDK-8276837 | tools/jpackage | [macos]: Error when signing the additional launcher |
| 74 | JDK-8278311 | tools/jpackage | Debian packaging doesn't work |
| 75 | JDK-8279370 | tools/jpackage | jdk.jpackage/share/native/applauncher/JvmLauncher.cpp fails to build with GCC 6.3.0 |
| 76 | JDK-8284067 | tools/jpackage | jpackage'd launcher reports non-zero exit codes with error prompt |
| 77 | JDK-8289486 | xml/jaxp | Improve XSLT XPath operators count efficiency |