These notes describe important changes, enhancements, removed APIs and features, deprecated APIs and features, and other information about JDK 16 and Java SE 16. In some cases, the descriptions provide links to additional detailed information about an issue or a change. This page does not duplicate the descriptions provided by the Java SE 16 ( JSR 391) Platform Specification, which provides informative background for all specification changes and might also include the identification of removed or deprecated APIs and features not described here. The Java SE 16 ( JSR 391) specification provides links to:
Annex 1: The complete Java SE 16 API Specification.
Annex 2: An annotated API specification showing the exact differences relative to Java SE 16. Informative background for these changes may be found in the list of approved Change Specification Requests for this release.
Annex 3: Java SE 16 Editions of The Java Language Specification and The Java Virtual Machine Specification. The Java SE 16 Editions contain all corrections and clarifications made since the Java SE 15 Editions, as well as additions for new features.
You should be aware of the content in that document as well as the items described in this page.
The descriptions on this Release Note page also identify potential compatibility issues that you might encounter when migrating to JDK 16. The Kinds of Compatibility page on the OpenJDK wiki identifies three types of potential compatibility issues for Java programs used in these descriptions:
Source: Source compatibility preserves the ability to compile existing source code without error.
Binary: Binary compatibility is defined in The Java Language Specification as preserving the ability to link existing class files without error.
Behavioral: Behavioral compatibility includes the semantics of the code that is executed at runtime.
See CSRs Approved for JDK 16 for the list of CSRs closed in JDK 16 and the Compatibility & Specification Review (CSR) page on the OpenJDK wiki for general information about compatibility.
This section describes some of the enhancements in Java SE 16 and JDK 16. In some cases, the descriptions provide links to additional detailed information about an issue or a change. The APIs described here are those that are provided with the Oracle JDK. It includes a complete implementation of the Java SE 16 Platform and additional Java APIs to support developing, debugging, and monitoring Java applications. Another source of information about important enhancements and new features in Java SE 16 and JDK 16 is the Java SE 16 ( JSR 391) Platform Specification, which documents the changes to the specification made between Java SE 15 and Java SE 16. This document includes descriptions of those new features and enhancements that are also changes to the specification. The descriptions also identify potential compatibility issues that you might encounter when migrating to JDK 16.
A new system property,
jdk.tls.maxHandshakeMessageSize, has been added to set
the maximum allowed size for the handshake message in TLS/DTLS
handshaking. The default value of the system property is 32768 (32
kilobytes).
A new system property,
jdk.tls.maxCertificateChainLength, has been added to
set the maximum allowed length of the certificate chain in TLS/DTLS
handshaking. The default value of the system property is 10.
This section describes the APIs, features, and options that were removed in Java SE 16 and JDK 16. The APIs described here are those that are provided with the Oracle JDK. It includes a complete implementation of the Java SE 16 Platform and additional Java APIs to support developing, debugging, and monitoring Java applications. Another source of information about important enhancements and new features in Java SE 16 and JDK 16 is the Java SE 16 ( JSR 391) Platform Specification, which documents changes to the specification made between Java SE 15 and Java SE 16. This document includes the identification of removed APIs and features not described here. The descriptions below might also identify potential compatibility issues that you could encounter when migrating to JDK 16. See CSRs Approved for JDK 16 for the list of CSRs closed in JDK 16.
Additional sources of information about the APIs, features, and options deprecated in Java SE 16 and JDK 16 include:
You should be aware of the contents in those documents as well as the items described in this release notes page.
The descriptions of deprecated APIs might include references to
the deprecation warnings of forRemoval=true and
forRemoval=false. The forRemoval=true
text indicates that a deprecated API might be removed from the next
major release. The forRemoval=false text indicates
that a deprecated API is not expected to be removed from the next
major release but might be removed in some later release.
The descriptions below also identify potential compatibility issues that you might encounter when migrating to JDK 16. See CSRs Approved for JDK 16 for the list of CSRs closed in JDK 16.
The following notes describe additional changes and information about this release. In some cases, the following descriptions provide links to additional detailed information about an issue or a change.
The deserialization of java.lang.reflect.Proxy
objects can be limited by setting the system property
jdk.serialProxyInterfaceLimit. The limit is the
maximum number of interfaces allowed per Proxy in the stream.
Setting the limit to zero prevents any Proxies from being
deserialized including Annotations, a limit of less than 2 might
interfere with RMI operations.
A new environment property,
jdk.jndi.ldap.mechsAllowedToSendCredentials, has been
added to control which LDAP authentication mechanisms are allowed
to send credentials over clear LDAP connections - a
connection not secured with TLS. An encrypted LDAP
connection is a connection opened by using ldaps
scheme, or a connection opened by using ldap scheme
and then upgraded to TLS with a STARTTLS extended operation.
The value of the property, which is by default not set, is a
comma separated list of the mechanism names that are permitted to
authenticate over a clear connection. If a value is
not specified for the property, then all mechanisms are allowed. If
the specified value is an empty list, then no mechanisms are
allowed (except for none and anonymous).
The default value for this property is 'null' ( i.e.
System.getProperty("jdk.jndi.ldap.mechsAllowedToSendCredentials")
returns 'null'). To explicitly permit all mechanisms to
authenticate over a clear connection, the property
value can be set to "all". If a connection is
downgraded from encrypted to clear, then
only the mechanisms that are explicitly permitted are allowed.
The property can be supplied to the LDAP context environment map, or set globally as a system property. When both are supplied, the environment map takes precedence.
Note: none and anonymous
authentication mechanisms are exempted from these rules and are
always allowed regardless of the property value.
The following root certificate has been added to the cacerts truststore:
+ Entrust
+ entrustrootcag4
DN: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
The following root certificates have been added to the cacerts truststore:
+ SSL Corporation
+ sslrootrsaca
DN: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrootevrsaca
DN: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+ sslrooteccca
DN: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
