JDK 16 Early-Access Release Notes

This is a draft of the release notes that will accompany JDK 16. The contents are subject to change until release.

Build 17

Object monitors no longer keep strong references to their associated object (JDK-8247281)

hotspot/runtime

When synchronization is performed on an object, an association is established between the object and the object monitor that implements the synchronization. In the past, the reference from a monitor to its associated object was a strong reference. These strong references would be observable through JVM TI functions that walk the heap (reported as JVMTI_HEAP_ROOT_MONITOR or JVMTI_HEAP_REFERENCE_MONITOR) and in heap dumps (reported as HPROF_GC_ROOT_MONITOR_USED). As of this release, a weak reference is used and these are not observable to JVM TI or heap dumps, and consequently JVMTI_HEAP_ROOT_MONITOR, JVMTI_HEAP_REFERENCE_MONITOR and HPROF_GC_ROOT_MONITOR_USED will no longer be reported.

Build 14

The default HttpClient implementation returns cancelable futures (JDK-8245462)

core-libs/java.net

In this release, the default HttpClient returns cancelable futures.

The default HttpClient is created by a call to HttpClient.newHttpClient(), or by invoking the build method on builders returned by HttpClient.newBuilder(). The implementation of the sendAsync methods in the default HttpClient now return CompletableFuture objects that are cancelable. Invoking cancel(true) on a cancelable future that is not completed, attempts to cancel the HTTP exchange in an effort to release underlying resources as soon as possible. More information can be obtained by reading the API documentation of the HttpClient::sendAsync methods.

Deprecate java.security.cert APIs that represent DNs as Principal or String objects (JDK-8241003)

security-libs/java.security

The following APIs have been deprecated:

java.security.cert.X509Certificate.getIssuerDN()
java.security.cert.X509Certificate.getSubjectDN()
java.security.cert.X509CRL.getIssuerDN()
java.security.cert.X509CertSelector.setIssuer(String)
java.security.cert.X509CertSelector.setSubject(String)
java.security.cert.X509CertSelector.getIssuerAsString()
java.security.cert.X509CertSelector.getSubjectAsString()
java.security.cert.X509CRLSelector.addIssuerName(String)

These APIs either take or return Distinguished Names as Principal or String objects which can cause issues due to loss of encoding information or differences when comparing names across different Principal implementations. All of them have alternative APIs which use X500Principal objects instead.

Build 11

HttpClient.newHttpClient and HttpClient.Builder.build might throw UncheckedIOException (JDK-8248006)

core-libs/java.net

Creation of an instance of java.net.http.HttpClient may fail with UncheckedIOException if the underlying resources required by the implementation cannot be allocated.

Typically, this may happen if the underlying resources required to opening a java.nio.channels.Selector are not available. In this case Selector.open() will throw an IOException which the default implementation of java.net.http.HttpClient will wrap in an UncheckedIOException. The API documentation of HttpClient.newHttpClient() and HttpClient.newBuilder().build() have been updated to specify that UncheckedIOException may be thrown if the underlying resources required by the implementation cannot be allocated. Prior to this change, an undocumented InternalError would have been thrown.

Build 9

Added 3 SSL Corporation Root CA Certificates (JDK-8243320)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ SSL Corporation
  + sslrootrsaca
    DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US

  + sslrootevrsaca
    DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US

  + sslrooteccca
    DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US

Added Entrust Root Certification Authority - G4 certificate (JDK-8243321)

security-libs/java.security

The following root certificate has been added to the cacerts truststore:

+ Entrust
  + entrustrootcag4
    DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

Build 8

Support supplementary characters in String case insensitive operations (JDK-8248655)

core-libs/java.lang

Case insensitive operations in java.lang.String class now correctly do case insensitive comparisons for supplementary characters (characters which have code point values over U+FFFF). For details, see the updates to the methods:

   - compareToIgnoreCase(String other)
   - equalsIgnoreCase(String other)
   - regionMatches(boolean ignoreCase, ...)

For example,

"ud801udc00".equalsIgnoreCase("ud801udc28")

returns true, because '𐐀' ("ud801udc00") and '𐐨' ("ud801udc28") are equal to each other character in case insensitive comparison.

Build 5

jarsigner now preserves POSIX file permission attributes (JDK-8218021)

security-libs/java.security

When signing a file that contains POSIX file permission attributes, jarsigner will now preserve these attributes in the newly signed file but will warn that these attributes are unsigned and not protected by the signature. The same warning will be printed during the jarsigner -verify operation for such files.

Note that the jar tool does not read/write these attributes. This change would be more visible to tools like unzip where these attributes are preserved.

java.util.logging.LogRecord is updated to support long thread ids. (JDK-8245302)

core-libs/java.util.logging

In this release java.util.logging.LogRecord is updated to support long thread ids.

LogRecord::getThreadID and LogRecord::setThreadID are deprecated: new accessors LogRecord::getLongThreadID and LogRecord::setLongThreadID are provided and should be used instead.

The serial field threadID has been deprecated and a new serial field longThreadID that can support long values has been introduced. The deprecated threadID field is kept in the serial form for backward compatibility. Long thread ids that are less than Integer.MAX_VALUE are directly mapped to threadID (and longThreadID has the same value). For longThreadID greater than Integer.MAX_VALUE, a new negative value for the int threadID is synthesized, using a deterministic algorithm based on the longThreadID hash, and such that the resulting value is guaranteed to be a negative value.