JDK 17.0.3 Release Notes
Java SE 17.0.3.1 - Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 17.0.3 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Java™ SE Development Kit 17, Patch 17.0.3.1 (JDK 17.0.3.1)
May 2, 2022
The full version string for this update release is 17.0.3.1+2 (where "+" means "build"). The version number is 17.0.3.1.
IANA TZ Data 2022a
For more information, refer toTimezone Data Versions in the JRE Software.
Security Baselines
The security baselines are unchanged from the release of JDK 17.0.3.
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 17 | 17.0.3+8 |
| 11 | 11.0.15+8 |
| 8 | 8u331-b09 |
| 7 | 7u341-b08 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update.In order to determine if a release is the latest, theSecurity Baseline page canbe used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 17.0.3.1) be used after the next critical patch update scheduledfor July 19, 2022.
Changes
The Windows implementation ofjava.io.File allows access to NTFS Alternate Data Streams (ADS) by default. Such streams have a structure like “filename:streamname”. A system propertyjdk.io.File.enableADS has been added to control this behavior. To disable ADS support injava.io.File, the system propertyjdk.io.File.enableADS should be set tofalse (case ignored). Stricter path checking however prevents the use of special devices such asNUL:
Bug Fixes
This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
| JBS | Component | Subcomponent | Sumary |
|---|---|---|---|
| JDK-8284920 | xml | javax.xml.path | Incorrect Token type causes XPath expression to return incorrect results |
| JDK-8284548 | xml | jaxp | Invalid XPath expression causes StringIndexOutOfBoundsException |
Java SE 17.0.3 - Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 17.0.3 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Changes in Java SE 17.0.3.0.1
Bug Fixes
| BugId | Category | Subcategory | Description |
|---|---|---|---|
| JDK-8281181 | hotspot | runtime | Do not use CPU Shares to compute active processor count |
| JDK-8282583 | xml | jaxp | Update BCEL md to include the copyright notice |
| JDK-8283350 | core-libs | java.time | (tz) Update Timezone Data to 2022a |
Java™ SE Development Kit 17.0.3 (JDK 17.0.3)
April 19, 2022
The full version string for this update release is 17.0.3+8 (where "+" means "build"). The version number is 17.0.3.
IANA TZ Data 2021e
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 17.0.3 arespecified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 17 | 17.0.3+8 |
| 11 | 11.0.15+8 |
| 8 | 8u331-b09 |
| 7 | 7u341-b08 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update.In order to determine if a release is the latest, theSecurity Baseline page canbe used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance onCritical Patch Updates, Security Alerts and Bulletins.It is not recommended that this JDK (version 17.0.3) be used after the next critical patch update scheduledfor July 19, 2022.
New Features
Three processing limits have been added to the XML libraries. These are:
jdk.xml.xpathExprGrpLimit
Description: Limits the number of groups an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, aNumberFormatException is thrown. Default 10.
jdk.xml.xpathExprOpLimit
Description: Limits the number of operators an XPath expression can contain.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, aNumberFormatException is thrown. Default 100.
jdk.xml.xpathTotalOpLimit
Description: Limits the total number of XPath operators in an XSL Stylesheet.
Type: integer
Value: A positive integer. A value less than or equal to 0 indicates no limit. If the value is not an integer, aNumberFormatException is thrown. Default 10000.
Supported processors
jdk.xml.xpathExprGrpLimitandjdk.xml.xpathExprOpLimitare supported by the XPath processor.All three limits are supported by the XSLT processor.
Setting properties
For the XSLT processor, the properties can be changed through theTransformerFactory. For example,
TransformerFactory factory = TransformerFactory.newInstance(); factory.setAttribute("jdk.xml.xpathTotalOpLimit", "1000");For both the XPath and XSLT processors, the properties can be set through the system property andjaxp.properties configuration file located in theconf directory of the Java installation. For example,
System.setProperty("jdk.xml.xpathExprGrpLimit", "20");or in thejaxp.properties file,
jdk.xml.xpathExprGrpLimit=20
There are two known issues:
- An XPath expression that contains a short form of the parent axis ".." can return incorrect results. SeeJDK-8284920 for details.
- An invalid XPath expression that ends with a relational operator such as ‘<’ ‘>’ and ‘=’ will cause the processor to erroneously throw StringIndexOutOfBoundsException instead of XPathExpressionException. SeeJDK-8284548 for details.
Other Notes
On macOS, only certificates with proper trust settings in the user keychain will be exposed as trusted certificate entries in the KeychainStore type of keystore. Also, calling theKeyStore::setCertificateEntry method or thekeytool -importcert command on a KeychainStore keystore now fails with aKeyStoreException. Instead, call the macOS "security add-trusted-cert" command to add a trusted certificate into the user keychain.
The parsing of URLs in the LDAP, DNS, and RMI built-in JNDI providers has been made more strict. The strength of the parsing can be controlled by system properties:
-Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control "ldap:" URLs) -Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control "dns:" URLs) -Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control "rmi:" URLs)
The default value is "compat" for all of the three providers.
- The "legacy" mode turns the new validation off.
- The "compat" mode limits incompatibilities.
- The "strict" mode is stricter and may cause regression by rejecting URLs that an application might consider as valid.
In "compat" and "strict" mode, more validation is performed. As an example, in the URL authority component, the new parsing only accepts brackets around IPv6 literal addresses. Developers are encouraged to usejava.net.URI constructors or its factory method to build URLs rather than handcrafting URL strings.
If an illegal URL string is found, ajava.lang.IllegalArgumentException or ajavax.naming.NamingException (or a subclass of it) is raised.
Bug Fixes
This release also contains fixes for security vulnerabilities described in theOracle Critical Patch Update.
➜ Issues fixed in 17.0.3:
| # | JBS | Component | Subcomponent | Sumary |
|---|---|---|---|---|
| 1 | JDK-8270874 | client-libs | 2d | JFrame paint artifacts when dragged from standard monitor to HiDPI monitor |
| 2 | JDK-8275650 | core-libs | java.io | Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 |
| 3 | JDK-8279833 | core-libs | java.lang | Loop optimization issue in String.encodeUTF8_UTF16 |
| 4 | JDK-8274658 | core-libs | java.util:i18n | ISO 4217 Amendment 170 Update |
| 5 | JDK-8277795 | core-libs | javax.naming | LDAP connection timeout not honoured under contention |
| 6 | JDK-8277777 | hotspot | compiler | [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad |
| 7 | JDK-8277441 | hotspot | compiler | CompileQueue::add fails with assert(_last->next() == __null) failed: not last |
| 8 | JDK-8275610 | hotspot | compiler | C2: Object field load floats above its null check resulting in a segfault |
| 9 | JDK-8275326 | hotspot | compiler | C2: assert(no_dead_loop) failed: dead loop detected |
| 10 | JDK-8262134 | hotspot | compiler | compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt" |
| 11 | JDK-8277447 | hotspot | compiler | Hotspot C1 compiler crashes on Kotlin suspend fun with loop |
| 12 | JDK-8273277 | hotspot | compiler | C2: Move conditional negation into rc_predicate |
| 13 | JDK-8271202 | hotspot | compiler | C1: assert(false) failed: live_in set of first block must be empty |
| 14 | JDK-8275645 | hotspot | compiler | [JVMCI] avoid unaligned volatile reads on AArch64 |
| 15 | JDK-8271056 | hotspot | compiler | C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity |
| 16 | JDK-8275643 | hotspot | compiler | C2's unaryOp vector intrinsic does not properly handle LongVector.neg |
| 17 | JDK-8275847 | hotspot | compiler | Scheduling fails with "too many D-U pinch points" on small method |
| 18 | JDK-8275874 | hotspot | compiler | [JVMCI] only support aligned reads in c2v_readFieldValue |
| 19 | JDK-8279076 | hotspot | compiler | C2: Bad AD file when matching SqrtF with UseSSE=0 |
| 20 | JDK-8275330 | hotspot | compiler | C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions |
| 21 | JDK-8276314 | hotspot | compiler | [JVMCI] check alignment of call displacement during code installation |
| 22 | JDK-8279225 | hotspot | compiler | [arm32] C1 longs comparison operation destroys argument registers |
| 23 | JDK-8279412 | hotspot | compiler | [JVMCI] failed speculations list must outlive any nmethod that refers to it |
| 24 | JDK-8278871 | hotspot | compiler | [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob |
| 25 | JDK-8278824 | hotspot | gc | Uneven work distribution when scanning heap roots in G1 |
| 26 | JDK-8276177 | hotspot | jvmti | nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here" |
| 27 | JDK-8275800 | hotspot | jvmti | Redefinition leaks MethodData::_extra_data_lock |
| 28 | JDK-8278239 | hotspot | jvmti | vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d |
| 29 | JDK-8276184 | hotspot | runtime | Exclude lambda proxy class from the CDS archive if its caller class is excluded |
| 30 | JDK-8274714 | hotspot | runtime | Incorrect verifier protected access error message |
| 31 | JDK-8277342 | hotspot | runtime | vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for |
| 32 | JDK-8276662 | hotspot | runtime | Scalability bottleneck in SymbolTable::lookup_common() |
| 33 | JDK-8266490 | hotspot | runtime | Extend the OSContainer API to support the pids controller of cgroups |
| 34 | JDK-8278020 | hotspot | runtime | ~13% variation in Renaissance-Scrabble |
| 35 | JDK-8278384 | hotspot | runtime | Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT |
| 36 | JDK-8273967 | hotspot | runtime | gtest os.dll_address_to_function_and_library_name_vm fails on macOS12 |
| 37 | JDK-8274753 | hotspot | runtime | ZGC: SEGV in MetaspaceShared::link_shared_classes |
| 38 | JDK-8274944 | hotspot | runtime | AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info |
| 39 | JDK-8273526 | hotspot | runtime | Extend the OSContainer API pids controller with pids.current |
| 40 | JDK-8274935 | hotspot | runtime | dumptime_table has stale entry |
| 41 | JDK-8278309 | hotspot | runtime | [windows] use of uninitialized OSThread::_state |
| 42 | JDK-8273341 | hotspot | runtime | Update Siphash to version 1.0 |
| 43 | JDK-8278951 | hotspot | runtime | containers/cgroup/PlainRead.java fails on Ubuntu 21.10 |
| 44 | JDK-8265150 | hotspot | svc | AsyncGetCallTrace crashes on ResourceMark |
| 45 | JDK-8269849 | hotspot | test | vmTestbase/gc/gctests/PhantomReference/phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" |
| 46 | JDK-8273682 | tools | jshell | Upgrade Jline to 3.20.0 |
| 47 | JDK-8276141 | xml | jaxp | XPathFactory set/getProperty method |
| 48 | JDK-8282761 | xml | jaxp | XPathFactoryImpl remove setProperty and getProperty methods |
[8]ページ先頭