Release notes for OpenJDK 17.0.2
Abstract
Preface
OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.
Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. To provide feedback, you can highlight the text in a document and add comments.
This section explains how to submit feedback.
Prerequisites
- You are logged in to the Red Hat Customer Portal.
- In the Red Hat Customer Portal, view the document in Multi-page HTML format.
Procedure
To provide your feedback, perform the following steps:
Click the Feedback button in the top-right corner of the document to see existing feedback.
NoteThe feedback feature is enabled only in the Multi-page HTML format.
- Highlight the section of the document where you want to provide feedback.
Click the Add Feedback pop-up that appears near the highlighted text.
A text box appears in the feedback section on the right side of the page.
Enter your feedback in the text box and click Submit.
A documentation issue is created.
- To view the issue, click the issue tracker link in the feedback view.
Chapter 1. Support policy for OpenJDK
Red Hat supports select major versions of OpenJDK in its products. For consistency, these versions remain similar to Oracle JDK versions that are designated as long-term support (LTS).
Red Hat supports a major version of OpenJDK for a minimum of six years from the time Red Hat first introduces OpenJDK.
OpenJDK 17 is supported on Microsoft Windows and Red Hat Enterprise Linux until November 2027.
RHEL 6 has reached the end of life in November 2020. OpenJDK 17 is not supported on RHEL 6.
Additional resources
For more information, see the OpenJDK Life Cycle and Support Policy.
Chapter 2. Differences from upstream OpenJDK 17
OpenJDK in Red Hat Enterprise Linux contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow Red Hat Enterprise Linux updates as closely as possible.
The following list details the most notable Red Hat OpenJDK 17 changes:
- FIPS support. Red Hat OpenJDK 17 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 17 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
- Cryptographic policy support. Red Hat OpenJDK 17 obtains the list of enabled cryptographic algorithms and key size constraints from the RHEL system configuration. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
-
Red Hat OpenJDK on RHEL dynamically links against native libraries such as
zlibfor archive format support andlibjpeg-turbo,libpng, andgiflibfor image support. RHEL also dynamically links againstHarfbuzzandFreetypefor font rendering and management. This change does not apply to OpenJDK builds for Microsoft Windows. -
The
src.zipfile includes the source for all of the JAR libraries shipped with OpenJDK. - Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
- Red Hat OpenJDK on RHEL uses system-wide CA certificates.
- Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
- Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.
Additional resources
- For more information about detecting if a system is in FIPS mode, see the Improve system FIPS detection example on the Red Hat RHEL Planning Jira.
- For more information about cryptographic policies, see Using system-wide cryptographic policies.
Chapter 3. OpenJDK features
The latest OpenJDK 17 release might include new features. Additionally, the latest release might enhance, deprecate, or remove features that originated from previous OpenJDK 17 releases.
For all the other changes and security fixes, see OpenJDK 17.0.2 Released.
3.1. New features and enhancements
Review the following release notes to understand new features and feature enhancements that have been included with the OpenJDK 17.0.2 release:
IANA Time Zone Database
The Internet Assigned Numbers Authority (IANA) updated its Time Zone Database to version 2021c. Red Hat OpenJDK date and time libraries depends on IANA’s Time Zone Database for determining local time for various regions around the world.
The 2021b release of the Time Zone Database updated time zone rules that existed before 1970. For more information about the 2021b release, see 2021b release of tz code and data available on the IANA website.
For more information about IANA’s 2021c Time Zone Database release, see JDK-8274857.
For more information about IANA’s Time Zone Database, see Time Zone Database on the IANA website.
3.2. OpenJDK enhancements
OpenJDK 17 provides enhancements to features originally created in previous releases of OpenJDK.
OpenJDK’s identification of Microsoft Windows versions
Before the OpenJDK 17 release, the os.name system property that is retrieved from System.getProperty() and the HotSpot error logs would report Windows 10.0 on Microsoft Windows 11 and Windows Server 2019 on Microsoft Windows Server 2022. OpenJDK now identifies the correct version on these systems.
System property behavior change
OpenJDK 17 reverts the behavior of the file.encoding system property to a state identical to OpenJDK 11 on most supported platforms, except for macOS. This change improves how the system property behaves on the Microsoft Windows platform, where the system locales and user locales differ.
For more information about the behavior change to the file.encoding system property, see JDK-8275343.
Vector class update
OpenJDK 17 updates the java.util.Vector class, so that this class now reports any ClassNotFoundException messages that have been generated with the java.io.ObjectInputStream.GetField.get(name, object) method during the deserialization process. These exception messages occur when a vector’s class, wrapped inside an element, is not found.
Before the java.util.Vector class update, the class reported any StreamCorruptedException messages when the previously detailed incident occurred. A StreamCorruptedException message does not provide information about a missing class.
For more information about the update to the java.util.Vector class, see JDK-8277157.
Z Garbage Collector bug fix
Before the OpenJDK 17 update, the Z Garbage Collector (ZGC) experienced lengthy Concurrent Process Non-strong References times that caused latency and throughput issues for Java applications that use ZGC for memory management. You could determine these lengthy times by entering the -Xlog:gc* against a garbage collector (GC) log in your command-line interface.
The OpenJDK 17 release removes the bug that caused these issues, so the ZGC can now achieve shorter Concurrent Process Non-strong References times.
For more information about ZGC bug fix, see JDK-8277533.
3.3. Deprecated and removed features
Review the following release notes to understand pre-existing features that have been either deprecated or removed in the OpenJDK 17.0.2 release:
Google GlobalSign root certificate
OpenJDK 17.0.2 removes the following root certificate from the cacerts keystore:
- Alias name
- globalsignr2ca [jdk]
- Distinguished name
- CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
For more information about this removed Google GlobalSign root certificate, see JDK-8272535.
Chapter 4. Known issues
OpenJDK 17 might include known issues. Solutions might exist for some of these known issues.
Debug packages moved to the RHEL 8.5 CodeReady Linux Builder (CRB) repository
- Description
RHEL 8.5 moved the
java-17-openjdk-slowdebug-debuginfoandjava-17-openjdk-fastdebug-debuginfopackages to the CodeReady Linux Builder (CRB) repository, where thejava-openjdk-slowdebugandjava-openjdk-fastdebugpackages are already located. This repository contains developer packages. Red Hat had planned to move these packages to the CRB repository earlier in the lifecycle of RHEL 8.5. However, this movement did not occur.You might have installed the
java-17-openjdk-slowdebug-debuginfoandjava-17-openjdk-fastdebug-debuginfopackages when these packages were located in the AppStream repository.You can check if you installed the
java-17-openjdk-slowdebug-debuginfoorjava-17-openjdk-fastdebug-debuginfopackages by issuing the following command in your CLI:$ rpm -qa | grep java-.*debug-debuginfo
You can continue to use the
java-17-openjdk-slowdebug-debuginfoandjava-17-openjdk-fastdebug-debuginfopackages for debugging purposes on your Java application, but you must enable the CRB repository to receive updates for these packages.- Workaround
If you installed the
java-17-openjdk-slowdebug-debuginfoandjava-17-openjdk-fastdebug-debuginfopackages, you must choose one of the following options:Uninstall these packages by issuing the following command in your CLI:
$ dnf remove java-17-openjdk-<package-name>
Enable the CRB repository by issuing the following command in your CLI:
$ dnf config-manager --set-enabled rhel-8-crb-debug-rpms
ImportantRed Hat does not fully support packages that are contained within the CRB repository. Ensure you understand the potential risks of using any unsupported debug packages on your Java applications.
For more information about the CRB repository on RHEL 8.5, see Package Manifest guide in the Red Hat Enterprise Linux documentation.
Chapter 5. Advisories related to this release
The following advisories have been issued to bugfixes and to CVE fixes included in this release:
Revised on 2022-02-09 17:20:31 UTC