Release date: January 21, 2025
The full version string for this update release is 23.0.2+7 (where "+" means "build"). The version number is 23.0.2. This JDK conforms to version 23 of the Java SE Specification (JSR 398 2024-09-17).
JDK 23.0.2 contains IANA time zone data 2024b which contains the following changes:
For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime at the time of the release of JDK 23.0.2 are specified in the following table:
Java Family Version | Security Baseline (Full Version String) |
---|---|
23 | 23.0.2+7 |
21 | 21.0.6+8 |
17 | 17.0.14+8 |
11 | 11.0.26+7 |
8 | 1.8.0_441-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 23.0.2) be used after the next critical patch update scheduled for April 15, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
ProcessBuilder
on Windows Quotes Argument Strings Containing Any Space Character
(JDK-8335428 (not public))
On Windows, the ProcessBuilder
has expanded the quoting of argument strings when starting a process to ensure they are recognized by the application as a single command argument. The set of space characters has been expanded from space (0x20) to include all space characters as defined by java.lang.Character.isSpaceChar
, which includes all Unicode space separator characters, such as EN-SPACE (0x2002), and line separator and paragraph separator characters.
IANA Time Zone Database has been upgraded to 2024b. This version mainly includes changes to improve historical data for Mexico, Mongolia, and Portugal. It also changes one timestamp abbreviation, for the time zone 'MET'. Also Asia/Choibalsan is now an alias for Asia/Ulaanbaatar.
The new tzdata changes also impact some legacy time zone IDs. As per 2024b changes "EST" links to "America/Panama", "HST" links to "Pacific/Honolulu" and "MST" links to "America/Phoenix". To maintain compatibility with the Java SE specification, the java.time.ZoneId.SHORT_IDS
Map has not changed. Further details are available at JDK-8342331
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 23.0.2:# | JBS | Component/Subcomponent | Summary |
---|---|---|---|
1 | JDK-8337753 | core-libs/java.lang.foreign | Target class of upcall stub may be unloaded |
2 | JDK-8341127 | core-libs/java.lang.foreign | Extra call to MethodHandle::asType from memory segment var handles fails to inline |
3 | JDK-8340812 | core-libs/java.lang.invoke | LambdaForm customization via MethodHandle::updateForm is not thread safe |
4 | JDK-8342145 | core-libs/java.nio | File libCreationTimeHelper.c compile fails on Alpine |
5 | JDK-8341881 | core-libs/java.nio | [REDO] java/nio/file/attribute/BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 |
6 | JDK-8340073 | core-libs/java.util:i18n | Support "%z" time zone abbreviation format in TZ files |
7 | JDK-8321509 | hotspot/compiler | False positive in get_trampoline fast path causes crash |
8 | JDK-8333791 | hotspot/compiler | Fix memory barriers for @Stable fields |
9 | JDK-8335709 | hotspot/compiler | C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop |
10 | JDK-8342496 | hotspot/compiler | C2/Shenandoah: SEGV in compiled code when running jcstress |
11 | JDK-8340313 | hotspot/compiler | Crash due to invalid oop in nmethod after C1 patching |
12 | JDK-8340214 | hotspot/compiler | C2 compilation asserts with "no node with a side effect" in PhaseIdealLoop::try_sink_out_of_loop |
13 | JDK-8337066 | hotspot/compiler | Repeated call of StringBuffer.reverse with double byte string returns wrong result |
14 | JDK-8340824 | hotspot/compiler | C2: Memory for TypeInterfaces not reclaimed by hashcons() |
15 | JDK-8342681 | hotspot/gc | TestLoadBypassesNullCheck.java fails improperly specified VM option |
16 | JDK-8339648 | hotspot/gc | ZGC: Division by zero in rule_major_allocation_rate |
17 | JDK-8340586 | hotspot/gc | JdkJfrEvent::get_all_klasses stores non-strong oops in JNI handles |
18 | JDK-8338389 | hotspot/jfr | [JFR] Long strings should be added to the string pool |
19 | JDK-8337331 | hotspot/jvmti | crash: pinned virtual thread will lead to jvm crash when running with the javaagent option |
20 | JDK-8339725 | hotspot/jvmti | Concurrent GC crashed due to GetMethodDeclaringClass |
21 | JDK-8335283 | hotspot/runtime | Build failure due to 'no_sanitize' attribute directive ignored |
22 | JDK-8335007 | hotspot/runtime | Inline OopMapCache table |
23 | JDK-8340383 | hotspot/runtime | VM issues warning failure to find kernel32.dll on Windows nanoserver |
24 | JDK-8338058 | hotspot/runtime | map_or_reserve_memory_aligned Windows enhance remap assertion |
25 | JDK-8338101 | hotspot/runtime | remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 |
26 | JDK-8341688 | hotspot/runtime | Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code |
27 | JDK-8325937 | hotspot/runtime | runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame pointer" assertion failure on AArch64 |
28 | JDK-8337958 | hotspot/runtime | Out-of-bounds array access in secondary_super_cache |
29 | JDK-8340387 | hotspot/runtime | Update OS detection code to recognize Windows Server 2025 |
30 | JDK-8335299 | hotspot/test | Remove hs-atr-ci-genzgc |
31 | JDK-8328723 | security-libs/java.security | IP Address error when client enables HTTPS endpoint check on server socket |
32 | JDK-8337795 | tools/javac | Type annotation attached to incorrect type during class reading |
33 | JDK-8337998 | tools/javac | CompletionFailure in getEnclosingType attaching type annotations |