JDK 18 Early-Access Release Notes

This is a draft of the release notes that will accompany JDK 18. The contents are subject to change until release.

Build 31

Correcting References to Overloaded Methods in Javadoc Documentation (JDK-8278373)


For a reference to a specific overload of an overloaded method, the javadoc tool might have linked to the wrong overload in the generated documentation. This fix resolves that issue, and the specified overload will now be used for the links in the generated documentation.

Build 28

SunPKCS11 Provider Now Supports Some PKCS#11 v3.0 APIs (JDK-8255409)


PKCS#11 v3.0 adds several new APIs that support new function entry points, as well as message-based encryption for AEAD ciphers, etc. For JDK 18, the SunPKCS11 provider has been updated to support some of the new PKCS#11 v3.0 APIs. To be more specific, if the "functionList" attribute in the provider configuration file is not set, the SunPKCS11 provider will first try to locate the new PKCS#11 v3.0 C_GetInterface() method before falling back to the C_GetFunctionList() method to load the function pointers of the native PKCS#11 library. If the loaded PKCS#11 library is v3.0, then the SunPKCS11 provider will cancel crypto operations by trying the new PKCS#11 v3.0 C_SessionCancel() method instead of finishing off remaining operations and discarding the results. Support for other new PKCS#11 v3.0 APIs will be added in later releases.

Build 27

Indicate Invalid Input in Generated Output (JDK-8276964)


When the Standard Doclet encounters content in a documentation comment that it cannot process, it may create an element in the generated output to indicate clearly to the reader that the output at that position is not as the author intended. (This replaces the earlier behavior to show either nothing or the invalid content.) The element will contain a short summary message and may contain additional details. This is in addition to the existing behavior to report diagnostics and to return a suitable exit code.

Deprecate sun.misc.Unsafe methods that return offsets (JDK-8277863)


Developers that use the unsupported sun.misc.Unsafe API should be aware that the methods that return base and field offsets have been deprecated in this release. The methods objectFieldOffset, staticFieldOffset, and staticFieldBase methods are an impediment to future changes. A future release will eventually degrade or remove these methods along with the heap accessor methods.

The java.lang.invoke.VarHandle API (added in Java 9) provides a strongly typed reference to a variable that is safe and a replacement to many cases that use field offsets and the heap accessor methods. It is strongly recommended to migrate to the VarHandle API where possible. Multi-Release JARs can be used by libraries and frameworks that continue to support JDK 8 or older.

KeyStore should have a getAttributes method (JDK-8225181)


A KeyStore::getAttributes method has been added that returns the attributes of an entry without having to retrieve the entry first. This is especially useful for a private key entry that has attributes that are not protected but which previously could only be retrieved with a password.

Build 26

Omit enclosing instance fields from inner classes that don't use it (JDK-8271623)


Prior to JDK 18, when javac compiles an inner class it always generates a private synthetic field with a name starting with this$ to hold a reference to the enclosing instance, even if the inner class does not reference its enclosing instance and the field is unused.

Starting in JDK 18, unused this$ fields are omitted; the field is only generated for inner classes that reference their enclosing instance.

For example, consider the following program:

class T {
    class I {

Prior to JDK 18, the program would be translated as:

class T {
    class I {
        private synthetic T this$0;
        I(T this$0) {
            this.this$0 = this$0;

Starting in JDK 18, the unused this$0 field is omitted:

class T {
    class I {
        I(T this$0) {}

Note that the form of the inner class constructor is not affected by this change.

The change may cause enclosing instances to be garbage collected sooner, if previously they were only reachable from a reference in an inner class. This is typically desirable, since it avoids a source of potential memory leaks when creating inner classes that are intended to outlive their enclosing instance.

Subclasses of java.io.Serializable are not affected by this change.

Terminally deprecate Thread.stop (JDK-8277861)


Thread.stop is terminally deprecated in this release so that it can be degraded in a future release and eventually removed. The method is inherently unsafe and has been deprecated since Java 1.2 (1998).

ObjectInputStream.GetField.get(name, object) now throws ClassNotFoundException (JDK-8276665)


The java.io.ObjectInputStream.GetField.get(String name, Object val) method now throws ClassNotFoundException when the class of the object is not found. Previously, null was returned so it prevented the caller from correctly handling the case where the class is not found. The signature of GetField.get(name, val) is updated to throw ClassNotFoundExceptionand a ClassNotFoundException exception is thrown when the class is not found.

The source compatibility risk is low; the addition of a throws ClassNotFoundException should not cause a source compatibility or a compilation warning; the GetField object and its methods are called within the context of the readObject method and it includes throws ClassNotFoundException.

To revert to the old behavior a system property jdk.serialGetFieldCnfeReturnsNull is added to the implementation. Setting the value to true reverts to the old behavior (returning null); leaving it unset or to any other value results in the throwing of ClassNotFoundException.

Allow store password to be null when saving a PKCS12 KeyStore (JDK-8231107)


Calling keyStore.store(outputStream, null) on a PKCS12 KeyStore will create a password-less PKCS12 file. The certificates inside the file are not encrypted and the file contains no MacData. This file can then be loaded with any password (including null) when calling keyStore.load(inputStream, password).

Build 25

ZGC: Fixed long Process Non-Strong References times (JDK-8277212)


A bug has been fixed that could cause long "Concurrent Process Non-Strong References" times with ZGC. The bug blocked the GC from making significant progress, and caused both latency and throughput issues for the Java application.

The long times could be seen in the GC logs when running with -Xlog:gc*:

[17606.140s][info][gc,phases ] GC(719) Concurrent Process Non-Strong References 25781.928ms 

Configurable card table card size (JDK-8272773)


JDK-8272773 introduces the VM option -XX:GCCardSizeInBytes to set the size of the area a card table entry covers (the "card size") from a previous fixed value of 512 bytes. Permissible values are now 128, 256, 512 bytes for all platforms and 1024 bytes for 64 bit platforms only. The default value stays at 512 bytes.

The card size impacts the amount of work needed to be done when searching for references into the area that is to be evacuated (e.g. young generation) during garbage collection. Smaller card sizes give more precise information about the location of these references, often leading to less work during garbage collection. At the same time, smaller card sizes can lead to more memory usage storing this information. This increase in memory may result in slower performance of maintenance work during the garbage collection.

Default charset for PrintWriter that wraps PrintStream (JDK-8276970)


The java.io.PrintStream, PrintWriter, and OutputStreamWriter constructors that take a java.io.OutputStream and no charset now inherit the charset when the output stream is a PrintStream. This is important for usages such as:

new PrintWriter(System.out)

where it would be problematic if the PrintStream didn't use the same charset as that used by System.out. This change was motivated by JEP 400 where it is possible, especially on Windows, that the encoding of System.out is not UTF-8, in which case it would be very problematic if it were wrapped with a PrintWriter that uses UTF-8.

As part of this change, java.io.PrintStream now defines a charset() method to return the print stream's charset.

Build 24

new options to include script files in generated docs (JDK-8275786)


The Standard Doclet now supports a new --add-script option, to include a reference to an external script file in the file for each page of generated documentation.

Allow G1 heap regions up to 512MB (JDK-8275056)


The JDK-8275056 enhancement extends the maximum allowed heap region size from 32MB to 512MB for the G1 garbage collector. Default ergonomic heap region size selection is still limited to 32MB regions maximum. Heap region sizes beyond that must be selected manually using the -XX:G1HeapRegionSize command line option.

This can be used to mitigate inner and outer fragmentation issues with large objects on large heaps.

On very large heaps using a larger heap region size may also decrease internal region management overhead and increase performance due to larger local allocation buffers.

Build 22

JEP 416: Reimplement Core Reflection with Method Handles (JDK-8271820)


JEP 416 reimplements core reflection with method handles. Code that depends upon highly implementation-specific and undocumented aspects of the existing implementation may be impacted and the issues that might arise include:

  • Code that inspects the internal generated reflection classes (i.e., subclasses of MagicAccessorImpl) no longer works and must be updated.
  • Code that attempts to break the encapsulation and change the value of the private final modifiers field of Method, Field and Constructor class to be different than that of the underlying member may cause a runtime error. Such code must be updated.

To mitigate this compatibility risk, as a workaround you can enable the old implementation via -Djdk.reflect.useDirectMethodHandle=false. We will remove the old core reflection implementation in a future release. The -Djdk.reflect.useDirectMethodHandle=false workaround will stop working at that point.

X509Certificate.get{Subject,Issuer}AlternativeNames and getExtendedKeyUsage do not throw CertificateParsingException if extension is unparseable (JDK-8251468)


The JDK implementation (as supplied by the SUN provider) of X509Certificate::getSubjectAlternativeNames, X509Certificate::getIssuerAlternativeNames and X509Certificate::getExtendedKeyUsage now throws CertificateParsingException instead of returning null when the extension is non-critical and unparseable (badly encoded or contains invalid values). This change in behavior is compliant with the specification of these methods.

Drop support for pre JDK 1.4 DatagramSocketImpl implementations (JDK-8260428)


Support for pre JDK 1.4 DatagramSocketImpl implementations (DatagramSocketImpl implementations that don't support connected datagram sockets, peeking, or joining multicast groups on specific network interface) has been dropped in this release. Old implementations have not have been buildable since JDK 1.4 but implementations compiled with JDK 1.3 or older continued to be usable up to this release.

Trying to call connect or disconnect on a DatagramSocket or MulticastSocket that uses an old implementation will now throw SocketException or UncheckedIOException. Trying to call joinGroup or leaveGroup will result in an AbstractMethodError.

Build 21

Change the default value of the java.security.manager system property to disallow (JDK-8270380)


The default value of the java.security.manager system property has been changed to disallow. Unless the system property is set to allow on the command line, any invocation of System.setSecurityManager(SecurityManager) with a non-null argument will throw an UnsupportedOperationException.

New option -version added to keytool and jarsigner commands (JDK-8272163)


A new -version option has been added to the keytool and jarsigner commands. This option is used to print the program version of keytool and jarsigner.

Charset.forName() taking fallback default value (JDK-8270490)


A new method Charset.forName() that takes fallback charset object has been introduced in java.nio.charset package. The new method returns fallback if charsetName is illegal or the charset object is not available for the name. If fallback is passed as null the caller can check if the named charset was available without having to catch the exceptions thrown by the Charset.forName(name) method.

Build 20

ReadableByteChannel::read no longer throws ReadOnlyBufferException (JDK-8275149)


ReadableByteChannel::read no longer incorrectly throws ReadOnlyBufferException.

The read(ByteBuffer) method of the ReadableByteChannel returned by java.nio.channels.Channel.newChannel(InputStream) was incrrectly throwing ReadOnlyBufferException when its ByteBuffer parameter specified a read-only buffer. ReadableByteChannel::read is however specified to throw an IllegalArgumentException in this case. The implementation is changed for this case to throw an IllegalArgumentException instead of a ReadOnlyBufferException, as dictated by the specification.

JDK Flight Recorder Event for Finalization (JDK-8266936)


A new JDK Flight Recorder Event, jdk.FinalizerStatistics, identifies classes at runtime that use finalizers. The event is enabled by default in the JDK (in the default.jfc and profile.jfc JFR configuration files). When enabled, JFR will emit a jdk.FinalizerStatistics event for each instantiated class with a non-empty finalize() method. The event includes: the class that overrides finalize(), that class's CodeSource, the number of times the class's finalizer has run, and the number of objects still on the heap (not yet finalized). For information about using JFR, see the User Guide.

If finalization has been disabled with the --finalization=disabled option, no jdk.FinalizerStatistics events are emitted.

SunPKCS11 provider now supports AES Cipher with KW and KWP modes if supported by PKCS11 library (JDK-8264849)


SunPKCS11 provider is enhanced to support the following crypto services and algorithms when the underlying PKCS11 library supports the corresponding PKCS#11 mechanisms: AES/KW/NoPadding Cipher <=> CKM_AES_KEY_WRAP mechanism AES/KW/PKCS5Padding Cipher <=> CKM_AES_KEY_WRAP_PAD mechanism AES/KWP/NoPadding Cipher <=> CKM_AES_KEY_WRAP_KWP mechanism

@SuppressWarnings for DocLint messages (JDK-8189591)


You can now use @SuppressWarnings annotations to suppress messages from DocLint about issues in documentation comments, when it is not possible or practical to fix the issues that were found. For more details, see Suppressing Messages in the DocLint section of the javadoc Tool Guide.

Migrate cacerts from JKS to password-less PKCS12 (JDK-8275252)


The cacerts keystore file is now a password-less PKCS #12 file. All certificates inside are not encrypted and there is no MacData for password integrity. Since the PKCS12 and JKS keystore types are interoperable, existing code that is using a JKS KeyStore to load the cacerts file with any password (including null) will continue to behave as expected and be able to view or extract the certificates contained within the keystore.

Build 19

Removal of the empty finalize() in java.desktop module (JDK-8273102)


The "java.desktop" module had a few implementations of the finalize() that did nothing. These methods were deprecated in Java 9 and terminally deprecated in Java 16. These methods have been removed in this release. See https://bugs.openjdk.java.net/browse/JDK-8273103 for details.

Update Timezone Data to 2021c (JDK-8274407)


IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b

Build 18

Extended Delay Before JDK Executable Installer Starts From Network Drive (JDK-8274002)


On Windows 11 and Windows Server 2022, there can be some slowness with the extraction of temporary installation files when launched from a mapped network drive. The installer will still work, but there can be a temporary delay.

Remove "impl.prefix" jdk system property usage from InetAddress (JDK-8274227)


The system property "impl.prefix" has been removed. This undocumented system property dates from early JDK releases where it was possible to add an implementation of the JDK internal and non-public java.net.InetAddressImpl interface to the java.net package, and have it be used by the java.net.InetAddress API.

The InetAddressResolver SPI introduced by JEP 418 provides a standard way to implement a name and address resolver.

Add support for RSASSA-PSS in OCSP Response (JDK-8274471)


An OCSP response signed with the RSASSA-PSS algorithm is now supported.

Remove weak etypes from default krb5 etype list (JDK-8273670)


Weak encryption types based on DES, 3DES, and RC4 are removed from the default encryption types list in Kerberos. These weak encryption types can be enabled (at your own risk) by adding them to the "permitted_enctypes" property (or alternatively, the "default_tkt_enctypes" or "default_tgt_enctypes" properties) and setting "allow_weak_crypto" to "true" in the krb5.conf configuration file.

Build 17

improved navigation on small devices (JDK-8273034)


The pages generated by the Standard Doclet provide improved navigation controls when the pages are viewed on small devices.

Disable JAR index support (JDK-8273401)


"JAR Index" has been disabled in this release. JAR Index was an optimization to postpone downloading of JAR files when loading applets or other classes over the network. JAR Index has many long standing issues and does not interact well with newer features (Multi-Release JARs, modular JARs, ...). If a JAR file contains an INDEX.LIST file then its contents will now be ignored by the application class loader (and any URLClassLoader created by user code).

The system property jdk.net.URLClassPath.enableJarIndex can be used re-enable the feature if required. If set to an empty string or the value "true" then JAR Index will be re-enabled. This system property is temporary, a future release will remove the JAR Index feature and the system property.

The change does not impact the jar -i option. The jar tool will continue to create an index when this option is used.

New system property to control the default date comment that gets written out by java.util.Properties::store methods (JDK-8231640)


A new system property java.properties.date has been introduced to allow applications to control the default date comment that gets written out by the java.util.Properties::store methods. This system property is expected to be set while launching java and any non-empty value of this system property will result in that value being used as a comment instead of the default date comment. In the absence of this system property or when the value is empty, the Properties::store methods will continue to write the default date comment. An additional change has also been made in the implementation of the Properties::store methods to write out the key/value property pairs in a deterministic order. The implementation of these methods now use the natural sort order of the property keys while writing them out. The implementation of these methods however will continue to use the iteration order if any sub-class of java.util.Properties overrides the entrySet() method to return a different Set than that returned by super.entrySet().

The combination of the deterministic ordering of the properties that get written out, plus the new system property is particularly useful in environments where applications require the contents of the stored properties to be reproducible. In such cases, applications are expected to provide a fixed value of their choice, to this system property.

Build 16

Disable SHA-1 Signed JARs (JDK-8269039)


JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned. This applies to the algorithms used to digest, sign, and optionally timestamp the JAR. It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked.

In order to reduce the compatibility risk for applications that have been previously timestamped, there is one exception to this policy:

  • Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will not be restricted.

This exception may be removed in a future JDK release.

Users can, at their own risk, remove these restrictions by modifying the java.security configuration file (or overriding it using the java.security.properties system property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from the jdk.certpath.disabledAlgorithms security property and "SHA1 denyAfter 2019-01-01" from the jdk.jar.disabledAlgorithms security property.

Build 14

Fix Issues With the KW and KWP Modes of SunJCE Provider (JDK-8271745)


Support for AES/KW/NoPadding, AES/KW/PKCS5Padding and AES/KWP/NoPadding ciphers is added to SunJCE provider since jdk 17. The cipher block size for these transformations should be 8 instead of 16. In addition, for KWP mode, only the default IV, i.e. 0xA65959A6, is allowed to ensure maximum interoperability with other implementations. Other IV values will be rejected with exception during Cipher.init(...) calls.

Build 13

Call X509KeyManager.chooseClientAlias once for all key types (JDK-8262186)


The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias() only once during handshaking for client authentication, even if there are multiple algorithms requested .

Build 12

SerialGC supports string deduplication (JDK-8272609)


The Serial Garbage Collector now supports string deduplication (JEP 192).

ParallelGC supports string deduplication (JDK-8267185)


The Parallel Garbage Collector now supports string deduplication (JEP 192).

Build 11

ZGC supports string deduplication (JDK-8267186)


The Z Garbage Collector now supports string deduplication (JEP 192).

Removed Google's GlobalSign Root Certificate (JDK-8225083)


The following root certificate from Google has been removed from the cacerts keystore:

+ alias name "globalsignr2ca [jdk]"
  Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Build 9

Removed IdenTrust Root Certificate (JDK-8225082)


The following root certificate from IdenTrust has been removed from the cacerts keystore:

+ alias name "identrustdstx3 [jdk]"
  Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.

Zip File System Provider Throws ZipException when entry name element contains "." or "." (JDK-8251329)


The ZIP file system provider has been changed to reject existing ZIP files that contain entries with "." or ".." in name elements. ZIP files with these entries can not be used as a file system. Invoking the java.nio.file.FileSystems.newFileSystem(...) methods will throw ZipException if the ZIP file contains these entries.

Build 6

Remove the legacy PlainSocketImpl and PlainDatagramSocketImpl implementation (JDK-8253119)


As of JDK 18, the legacy implementations of java.net.SocketImpl and java.net.DatagramSocketImpl have been removed from the JDK. The legacy implementation of SocketImpl has not been used by default since JDK 13, while the legacy implementation of DatagramSocketImpl has not been used by default since JDK 15. Support for the system properties jdk.net.usePlainSocketImpl and jdk.net.usePlainDatagramSocketImpl, used to select these implementations, has also been removed. Setting these properties will now have no effect.

Build 5

Prohibit Null for Header Keys and Values in com.sun.net.httpserver.Headers (JDK-8268960)


In JDK 18, the handling of header names and values in jdk.httpserver/com.sun.net.httpserver.Headers has been reconciled. This includes the eager and consistent prohibition of null for names and values. The class represents header names and values as a key-value mapping of Map<String, List <String>>. Previously, it was possible to create a headers instance with a null key or value, which would cause undocumented exceptions when passed to the HttpServer. It was also possible to query the instance for a null key and false would be returned. With this change, all methods of the class now throw a NullPointerException if the key or value arguments are null. For more information, see https://bugs.openjdk.java.net/browse/JDK-8269296.

Build 3

Obsolete product options -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries (JDK-8017163)


The options -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries have been obsoleted with the change JDK-8017163.

JDK-8017163 implements a completely new remembered set implementation where these options do not apply any more. So both -XX:G1RSetRegionEntries and -XX:G1RSetSparseRegionEntries have no function any more and their use will trigger an obsoletion warning.


Deprecate Finalization for Removal (JDK-8274609)


The finalization mechanism has been deprecated for removal in a future release. The finalize methods in standard Java APIs, such as Object.finalize() and Enum.finalize(), have also been deprecated for removal in a future release, along with methods related to finalization, such as Runtime.runFinalization() and System.runFinalization().

Finalization remains enabled by default in this release, but can be disabled for testing purposes using a command-line option introduced in this release, --finalization=disabled. Maintainers of libraries and applications that rely upon finalization should migrate to other resource management techniques in their code, such as try-with-resources and cleaners.

See JEP 421 for further information.

JEP 420: Pattern Matching for switch (Second Preview) (JDK-8273326)


Enhance the Java programming language with pattern matching for switch expressions and statements, along with extensions to the language of patterns. Extending pattern matching to switch allows an expression to be tested against a number of patterns, each with a specific action, so that complex data-oriented queries can be expressed concisely and safely.

For further details, see JEP 420.

JEP 413: Code Snippets in Java API Documentation (JDK-8201533)


An @snippet tag for JavaDoc's Standard Doclet has been added, to simplify the inclusion of example source code in API documentation.

For further details, see JEP 413 and A Programmmer's Guide to Snippets.

Improve Compilation Replay (JDK-8254106)


Compilation Replay has been improved to make it more stable and catch up with new JVM features. Enhancements include:

  • Best-effort support for hidden classes, allowing more cases involving invokedynamic, MethodHandles, and lambdas to replay successfully
  • DumpReplay support for C1
  • Incremental inlining support
  • Numerous bug fixes to improve stability

Compilation Replay is a JVM feature of debug builds that is mainly used to reproduce crashes in the C1 or C2 JIT compilers.

JEP 400: UTF-8 by Default (JDK-8187041)


Starting with JDK 18, UTF-8 is the default charset for the Java SE APIs. APIs that depend on the default charset now behave consistently across all JDK implementations and independently of the user’s operating system, locale, and configuration. Specifically, java.nio.charset.Charset#defaultCharset() now returns UTF-8 charset by default. The file.encoding system property is now a part of the implementation specification, which may accept UTF-8 or COMPAT. The latter is a new property value that instructs the runtime to behave as previous releases. This change is significant to users who call APIs that depend on the default charset. They can try whether they'd be affected or not, by specifying -Dfile.encoding=UTF-8 as the command line option with the existing Java runtime environment. Refer to the JEP for more detail: https://openjdk.java.net/jeps/400