JDK 15.0.1 Release Notes
These notes describe important changes, enhancements, removed
APIs and features, deprecated APIs and features, and other
information about JDK 16 and Java SE 16. In some cases, the
descriptions provide links to additional detailed information about
an issue or a change. This page does not duplicate the descriptions
provided by the Java SE 16 ( JSR 391) Platform Specification, which
provides informative background for all specification changes and
might also include the identification of removed or deprecated APIs
and features not described here. The Java SE 16 ( JSR 391)
specification provides links to:
-
Annex 1: The complete Java SE 16 API
Specification.
-
Annex 2: An annotated API specification showing
the exact differences relative to Java SE 16. Informative
background for these changes may be found in the list of approved
Change Specification Requests for this release.
-
Annex 3: Java SE 16 Editions of The Java
Language Specification and The Java Virtual Machine Specification.
The Java SE 16 Editions contain all corrections and clarifications
made since the Java SE 15 Editions, as well as additions for new
features.
You should be aware of the content in that document as well as
the items described in this page.
The descriptions on this Release Note page also identify
potential compatibility issues that you might encounter when
migrating to JDK 16. The Kinds
of Compatibility page on the OpenJDK wiki identifies three
types of potential compatibility issues for Java programs used in
these descriptions:
-
Source: Source compatibility preserves the
ability to compile existing source code without error.
-
Binary: Binary compatibility is defined in The
Java Language Specification as preserving the ability to link
existing class files without error.
-
Behavioral: Behavioral compatibility includes
the semantics of the code that is executed at runtime.
See CSRs Approved for JDK 16 for the list of CSRs closed in JDK
16 and the Compatibility
& Specification Review (CSR) page on the OpenJDK wiki for
general information about compatibility.
Contents
New Features
This section describes some of the enhancements in Java SE 16
and JDK 16. In some cases, the descriptions provide links to
additional detailed information about an issue or a change. The
APIs described here are those that are provided with the Oracle
JDK. It includes a complete implementation of the Java SE 16
Platform and additional Java APIs to support developing, debugging,
and monitoring Java applications. Another source of information
about important enhancements and new features in Java SE 16 and JDK
16 is the Java SE 16 ( JSR 391) Platform Specification, which
documents the changes to the specification made between Java SE 15
and Java SE 16. This document includes descriptions of those new
features and enhancements that are also changes to the
specification. The descriptions also identify potential
compatibility issues that you might encounter when migrating to JDK
16.
Improve Certificate Chain Handling (JDK-8245417)
security-libs/javax.net.ssl
A new system property,
jdk.tls.maxHandshakeMessageSize
, has been added to set
the maximum allowed size for the handshake message in TLS/DTLS
handshaking. The default value of the system property is 32768 (32
kilobytes).
A new system property,
jdk.tls.maxCertificateChainLength
, has been added to
set the maximum allowed length of the certificate chain in TLS/DTLS
handshaking. The default value of the system property is 10.
Removed Features and Options
This section describes the APIs, features, and options that were
removed in Java SE 16 and JDK 16. The APIs described here are those
that are provided with the Oracle JDK. It includes a complete
implementation of the Java SE 16 Platform and additional Java APIs
to support developing, debugging, and monitoring Java applications.
Another source of information about important enhancements and new
features in Java SE 16 and JDK 16 is the Java SE 16 ( JSR 391)
Platform Specification, which documents changes to the
specification made between Java SE 15 and Java SE 16. This document
includes the identification of removed APIs and features not
described here. The descriptions below might also identify
potential compatibility issues that you could encounter when
migrating to JDK 16. See CSRs Approved for JDK 16 for the list of
CSRs closed in JDK 16.
Deprecated Features and Options
Additional sources of information about the APIs, features, and
options deprecated in Java SE 16 and JDK 16 include:
- The Deprecated API page identifies all deprecated APIs
including those deprecated in Java SE 16.
- The Java SE 16 ( JSR 391) specification specification documents
changes to the specification made between Java SE 15 and Java SE 16
that include the identification of deprecated APIs and features not
described here.
- JEP 277: Enhanced
Deprecation provides a detailed description of the deprecation
policy. You should be aware of the updated policy described in this
document.
You should be aware of the contents in those documents as well
as the items described in this release notes page.
The descriptions of deprecated APIs might include references to
the deprecation warnings of forRemoval=true
and
forRemoval=false
. The forRemoval=true
text indicates that a deprecated API might be removed from the next
major release. The forRemoval=false
text indicates
that a deprecated API is not expected to be removed from the next
major release but might be removed in some later release.
The descriptions below also identify potential compatibility
issues that you might encounter when migrating to JDK 16. See CSRs
Approved for JDK 16 for the list of CSRs closed in JDK 16.
Other Notes
The following notes describe additional changes and information
about this release. In some cases, the following descriptions
provide links to additional detailed information about an issue or
a change.
Enhanced Support of Proxy Class (JDK-8236862)
core-libs/java.io:serialization
The deserialization of java.lang.reflect.Proxy
objects can be limited by setting the system property
jdk.serialProxyInterfaceLimit
. The limit is the
maximum number of interfaces allowed per Proxy in the stream.
Setting the limit to zero prevents any Proxies from being
deserialized including Annotations, a limit of less than 2 might
interfere with RMI operations.
Added Property to Control LDAP Authentication Mechanisms
Allowed to Authenticate Over Clear Connections (JDK-8237990)
A new environment property,
jdk.jndi.ldap.mechsAllowedToSendCredentials
, has been
added to control which LDAP authentication mechanisms are allowed
to send credentials over clear
LDAP connections - a
connection not secured with TLS. An encrypted
LDAP
connection is a connection opened by using ldaps
scheme, or a connection opened by using ldap
scheme
and then upgraded to TLS with a STARTTLS extended operation.
The value of the property, which is by default not set, is a
comma separated list of the mechanism names that are permitted to
authenticate over a clear
connection. If a value is
not specified for the property, then all mechanisms are allowed. If
the specified value is an empty list, then no mechanisms are
allowed (except for none
and anonymous
).
The default value for this property is 'null' ( i.e.
System.getProperty("jdk.jndi.ldap.mechsAllowedToSendCredentials")
returns 'null'). To explicitly permit all mechanisms to
authenticate over a clear
connection, the property
value can be set to "all"
. If a connection is
downgraded from encrypted
to clear
, then
only the mechanisms that are explicitly permitted are allowed.
The property can be supplied to the LDAP context environment
map, or set globally as a system property. When both are supplied,
the environment map takes precedence.
Note: none
and anonymous
authentication mechanisms are exempted from these rules and are
always allowed regardless of the property value.
Added Entrust Root Certification Authority - G4 certificate
(JDK-8243321)
security-libs/java.security
The following root certificate has been added to the cacerts
truststore:
+ Entrust
+ entrustrootcag4
DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Added 3 SSL Corporation Root CA Certificates (JDK-8243320)
security-libs/java.security
The following root certificates have been added to the cacerts
truststore:
+ SSL Corporation
+ sslrootrsaca
DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrootevrsaca
DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrooteccca
DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US