JDK 18 Early-Access Release Notes

This is a draft of the release notes that will accompany JDK 18. The contents are subject to change until release.

Build 19

Release Doesn't Correctly Recognize Windows 11 (JDK-8274840)

core-libs/java.lang

This release doesn't correctly identify Windows 11. The property os.name is set to Windows 10 on Windows 11. In HotSpot error logs, the OS is identified as Windows 10; however, the HotSpot error log does show the Build number. Windows 11 has Build 22000.194 or above.

Removal of the empty finalize() in java.desktop module (JDK-8273102)

client-libs/2d

The "java.desktop" module had a few implementations of the finalize() which did nothing, deprecated since jdk9, and were marked "forRemoval = true" since JDK 16 (JDK-8254798). These methods have been removed in this release. See https://bugs.openjdk.java.net/browse/JDK-8273103 for details.

Update Timezone Data to 2021c (JDK-8274407)

core-libs/java.time

IANA Time Zone Database, on which JDK's Date/Time libraries are based, has been updated to version 2021c. Note that with this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b

Build 18

Extended Delay Before JDK Executable Installer Starts From Network Drive (JDK-8274002)

install/install

On Windows 11 and Windows Server 2022, there can be some slowness with the extraction of temporary installation files when launched from a mapped network drive. The installer will still work, but there can be a temporary delay.

Build 17

New system property to control the default date comment that gets written out by java.util.Properties::store methods (JDK-8231640)

core-libs/java.util

A new system property java.properties.date has been introduced to allow applications to control the default date comment that gets written out by the java.util.Properties::store methods. This system property is expected to be set while launching java and any non-empty value of this system property will result in that value being used as a comment instead of the default date comment. In the absence of this system property or when the value is empty, the Properties::store methods will continue to write the default date comment. An additional change has also been made in the implementation of the Properties::store methods to write out the key/value property pairs in a deterministic order. The implementation of these methods now use the natural sort order of the property keys while writing them out. The implementation of these methods however will continue to use the iteration order if any sub-class of java.util.Properties overrides the entrySet() method to return a different Set than that returned by super.entrySet().

The combination of the deterministic ordering of the properties that get written out, plus the new system property is particularly useful in environments where applications require the contents of the stored properties to be reproducible. In such cases, applications are expected to provide a fixed value of their choice, to this system property.

Build 16

Disable SHA-1 Signed JARs (JDK-8269039)

security-libs/java.security

JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked.

In order to reduce the compatibility risk for applications that have been previously timestamped, there is one exception to this policy:

  • Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.

This exception may be removed in a future JDK release.

Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or overriding it using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.

Build 14

Release Doesn't Correctly Recognize Windows Server 2022 (JDK-8273229)

hotspot/runtime

This release doesn't correctly identify Windows Server 2022. The property os.name is set to Windows Server 2019 on Windows Server 2022. In HotSpot error logs the OS is identified as Windows Server 2019; however, the HotSpot error log does show the Build number. Windows Server 2022 has Build 20348, or above.

Fix Issues With the KW and KWP Modes of SunJCE Provider (JDK-8271745)

security-libs/javax.crypto

Support for AES/KW/NoPadding, AES/KW/PKCS5Padding and AES/KWP/NoPadding ciphers is added to SunJCE provider since jdk 17. The cipher block size for these transformations should be 8 instead of 16. In addition, for KWP mode, only the default IV, i.e. 0xA65959A6, is allowed to ensure maximum interoperability with other implementations. Other IV values will be rejected with exception during Cipher.init(...) calls.

Build 13

Call X509KeyManager.chooseClientAlias once for all key types (JDK-8262186)

security-libs/javax.net.ssl

The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias() only once during handshaking for client authentication, even if there are multiple algorithms requested .

Build 12

SerialGC supports string deduplication (JDK-8272609)

hotspot/gc

The Serial Garbage Collector now supports string deduplication (JEP 192).

ParallelGC supports string deduplication (JDK-8267185)

hotspot/gc

The Parallel Garbage Collector now supports string deduplication (JEP 192).

Build 11

ZGC supports string deduplication (JDK-8267186)

hotspot/gc

The Z Garbage Collector now supports string deduplication (JEP 192).

Removed Google's GlobalSign Root Certificate (JDK-8225083)

security-libs/java.security

The following root certificate from Google has been removed from the cacerts keystore:

+ alias name "globalsignr2ca [jdk]"
  Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Build 9

Removed IdenTrust Root Certificate (JDK-8225082)

security-libs/java.security

The following root certificate from IdenTrust has been removed from the cacerts keystore:

+ alias name "identrustdstx3 [jdk]"
  Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.

Zip File System Provider Throws ZipException when entry name element contains "." or "." (JDK-8251329)

core-libs/java.nio

The ZIP file system provider has been changed to reject existing ZIP files that contain entries with "." or ".." in name elements. ZIP files with these entries can not be used as a file system. Invoking the java.nio.file.FileSystems.newFileSystem(...) methods will throw ZipException if the ZIP file contains these entries.

Build 6

Remove the legacy PlainSocketImpl and PlainDatagramSocketImpl implementation (JDK-8253119)

core-libs/java.net

As of JDK 18, the legacy implementations of java.net.SocketImpl and java.net.DatagramSocketImpl have been removed from the JDK. The legacy implementation of SocketImpl has not been used by default since JDK 13, while the legacy implementation of DatagramSocketImpl has not been used by default since JDK 15. Support for the system properties jdk.net.usePlainSocketImpl and jdk.net.usePlainDatagramSocketImpl, used to select these implementations, has also been removed. Setting these properties will now have no effect.

Build 5

Prohibit Null for Header Keys and Values in com.sun.net.httpserver.Headers (JDK-8268960)

core-libs/java.net

In JDK 18, the handling of header names and values in jdk.httpserver/com.sun.net.httpserver.Headers has been reconciled. This includes the eager and consistent prohibition of null for names and values. The class represents header names and values as a key-value mapping of Map<String, List <String>>. Previously, it was possible to create a headers instance with a null key or value, which would cause undocumented exceptions when passed to the HttpServer. It was also possible to query the instance for a null key and false would be returned. With this change, all methods of the class now throw a NullPointerException if the key or value arguments are null. For more information, see https://bugs.openjdk.java.net/browse/JDK-8269296.

Build 3

Obsolete product options -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries (JDK-8017163)

hotspot/gc

The options -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries have been obsoleted with the change JDK-8017163.

JDK-8017163 implements a completely new remembered set implementation where these options do not apply any more. So both -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries have no function any more and their use will trigger an obsoletion warning.