Release notes for Eclipse Temurin 17.0.4

Red Hat build of OpenJDK 17

Red Hat Customer Content Services


Review the release notes to understand new features and feature enhancements that have been included with latest build of OpenJDK 17 that is provided by Eclipse Temurin.


Open Java Development Kit (OpenJDK) is a free and open-source implementation of the Java Platform, Standard Edition (Java SE). Eclipse Temurin is available in three LTS versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.

Packages for Eclipse Temurin are made available on Microsoft Windows and on multiple Linux x86 Operating Systems including Red Hat Enterprise Linux and Ubuntu.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Support policy for Eclipse Temurin

Red Hat will support select major versions of Eclipse Temurin in its products. For consistency, these versions remain similar to Oracle JDK versions that Oracle designates as long-term support (LTS).

A major version of Eclipse Temurin will be supported for a minimum of six years from the time that version is first introduced. For more information, see the Eclipse Temurin Life Cycle and Support Policy.


RHEL 6 reached the end of life in November 2020. Because of this, Eclipse Temurin does not support RHEL 6 as a supported configuration.

Chapter 2. Eclipse Temurin features

Eclipse Temurin does not contain structural changes from the upstream distribution of OpenJDK.

For the list of changes and security fixes included in the latest OpenJDK 17 release of Eclipse Temurin, see OpenJDK 17.0.4 Released.

New features and enhancements

Review the following release notes to understand new features and feature enhancements included with the Eclipse Temurin 17.0.4 release:

HTTPS channel binding support for Java Generic Security Services (GSS) or Kerberos

The OpenJDK 17.0.4 release supports TLS channel binding tokens when Negotiate selects Kerberos authentication over HTTPS by using

Channel binding tokens are required, because of man in the middle (MITM) attacks. A channel binding token is an enhanced form of security that can mitigate certain kinds of socially engineered attacks.

A MITM operates by communicating from a client to a server. A client creates a connection between security, such as TLS server certificate, and higher-level authentication credentials, such as a username and a password. The server detects if a MITM has implicated a client, so the server shut downs the connection.

The jdk.https.negotiate.cbt system property controls this feature. See, Misc HTTP URL stream protocol handler properties (Oracle documentation).

See, JDK-8285240 (JDK Bug System).

Incorrect handling of quoted arguments in ProcessBuilder

Before the OpenJDK 17.0.4 release, arguments to ProcessBuilder on Microsoft Windows that contained opening double quotation marks ("), a backslash (\), and closing double quotation marks ("), caused the command to fail. For example, the command prompt on Microsoft Windows would not correctly process the argument "C:\\Program Files\", because the argument contained closing double quotation marks.

The OpenJDK 17.0.4 release resolves this issue by restoring any arguments that contained double quotation marks to ProcessBuilder to an earlier required behavior. ProcessBuilder no longer applies any special treatment to an argument that includes a backslash (\) before the closing double quotation marks.

See, JDK-8283137 (JDK Bug System).

Default JDK compressor closes when IOException is encountered

The OpenJDK 17.0.4 release, modifies the DeflaterOutputStream.close() and GZIPOutputStream.finish() methods. This update closes the associated default JDK compressor before propagating a Throwable class to a stack.

The release also modifies the ZIPOutputStream.closeEntry() method. This update closes the associated default JDK compressor before propagating an IOException message, not of type ZipException, to a stack.

See, JDK-8278386 (JDK Bug System).

New system property to disable Microsoft Windows Alternate Data Stream support in

The Microsoft Windows implementation of provides access to NTFS Alternate Data Streams (ADS) by default. These streams follow the format filename:streamname. The OpenJDK 17.0.4 release adds a system property. With this system property, you can disable ADS support in, by setting the system property to false.


Disabling ADS support in results in stricter path checking that prevents the use of special device files, such as NUL:.

See, JDK-8285660 (JDK Bug System).

Revised on 2023-11-03 09:30:40 UTC

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.