Release notes for Eclipse Temurin 17.0.4
Open Java Development Kit (OpenJDK) is a free and open-source implementation of the Java Platform, Standard Edition (Java SE). Eclipse Temurin is available in three LTS versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.
Packages for Eclipse Temurin are made available on Microsoft Windows and on multiple Linux x86 Operating Systems including Red Hat Enterprise Linux and Ubuntu.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Support policy for Eclipse Temurin
Red Hat will support select major versions of Eclipse Temurin in its products. For consistency, these versions remain similar to Oracle JDK versions that Oracle designates as long-term support (LTS).
A major version of Eclipse Temurin will be supported for a minimum of six years from the time that version is first introduced. For more information, see the Eclipse Temurin Life Cycle and Support Policy.
RHEL 6 reached the end of life in November 2020. Because of this, Eclipse Temurin does not support RHEL 6 as a supported configuration.
Chapter 2. Eclipse Temurin features
Eclipse Temurin does not contain structural changes from the upstream distribution of OpenJDK.
For the list of changes and security fixes included in the latest OpenJDK 17 release of Eclipse Temurin, see OpenJDK 17.0.4 Released.
New features and enhancements
Review the following release notes to understand new features and feature enhancements included with the Eclipse Temurin 17.0.4 release:
HTTPS channel binding support for Java Generic Security Services (GSS) or Kerberos
The OpenJDK 17.0.4 release supports TLS channel binding tokens when Negotiate selects Kerberos authentication over HTTPS by using
Channel binding tokens are required, because of man in the middle (MITM) attacks. A channel binding token is an enhanced form of security that can mitigate certain kinds of socially engineered attacks.
A MITM operates by communicating from a client to a server. A client creates a connection between security, such as TLS server certificate, and higher-level authentication credentials, such as a username and a password. The server detects if a MITM has implicated a client, so the server shut downs the connection.
jdk.https.negotiate.cbt system property controls this feature. See, Misc HTTP URL stream protocol handler properties (Oracle documentation).
Incorrect handling of quoted arguments in
Before the OpenJDK 17.0.4 release, arguments to
ProcessBuilder on Microsoft Windows that contained opening double quotation marks ("), a backslash (\), and closing double quotation marks ("), caused the command to fail. For example, the command prompt on Microsoft Windows would not correctly process the argument
"C:\\Program Files\", because the argument contained closing double quotation marks.
The OpenJDK 17.0.4 release resolves this issue by restoring any arguments that contained double quotation marks to
ProcessBuilder to an earlier required behavior.
ProcessBuilder no longer applies any special treatment to an argument that includes a backslash (\) before the closing double quotation marks.
Default JDK compressor closes when
IOException is encountered
The OpenJDK 17.0.4 release, modifies the
GZIPOutputStream.finish() methods. This update closes the associated default JDK compressor before propagating a
Throwable class to a stack.
The release also modifies the
ZIPOutputStream.closeEntry() method. This update closes the associated default JDK compressor before propagating an
IOException message, not of type
ZipException, to a stack.
New system property to disable Microsoft Windows Alternate Data Stream support in
The Microsoft Windows implementation of
java.io.File provides access to NTFS Alternate Data Streams (ADS) by default. These streams follow the format filename:streamname. The OpenJDK 17.0.4 release adds a system property. With this system property, you can disable ADS support in
java.io.File, by setting the system property
Disabling ADS support in
java.io.File results in stricter path checking that prevents the use of special device files, such as
Revised on 2023-11-03 09:30:40 UTC