JDK 19 Early-Access Release Notes

The actual java thread stack size may differ from the value specified by -Xss command line option; it may be rounded up to a multiple of the system page size when required by the operating system.

jpackaged applications support both system-wide and per-user configuration.

jpackage application launcher will look up the corresponding .cfg file not only in the application installation directory (the system-wide installation location) but also in user-specific locations. User-specific directories for .cfg file look up are:

Linux ~/.local/${PACKAGE_NAME} ~/.${PACKAGE_NAME}

macOS ~/Library/Application Support/${PACKAGE_NAME}

Windows %LocalAppData%%PACKAGE_NAME% %AppData%%PACKAGE_NAME%

where ${PACKAGE_NAME} and %PACKAGE_NAME% refer to jpackaged application name.

The diagnostic flag GCParallelVerificationEnabled has been removed.

There are no known advantages of disabling parallel heap verification, so this flag has never been used except with its default value. This default value enabled multi-threaded verification for a very long time with no issues. Single-threaded heap verification would even be much slower than verification already is.

In order to be compliant to RFC 5758 Section 3.2, the Signature::getParameters method on an ECDSA signature object from the SunEC security provider will always return null, even if an earlier setParameter method has been called on this object.

Three chronologies in java.time.chrono package, namely JapaneseChronology, MinguoChronology, and ThaiBuddhistChronology now support ISO-based fields, such as IsoFields.QUARTER_OF_YEAR. These chronologies implement the new method, isIsoBased() which has been added in the java.time.chrono.Chronology interface. The boolean returned from this method indicates if the implementing chronology is ISO chronology based, which means it has the same year/month structure as IsoChronology.

Here is an example:

JapaneseDate.now().getLong(IsoFields.QUARTER_OF_YEAR)

will return the correct quarter-of-year value, which used to be throwing an UnsupportedTemporalTypeException with prior JDK releases.

The performance of FileChannel.transferFrom() has been improved significantly on Linux kernel version 4.5 and later for the case where the method is used to transfer bytes from one FileChannel to another. This change adds to the preexisting set of scenarios in which the number of bytes actually transferred might be less than the number requested to be transferred. That is to say, the value returned by transferFrom() can be less than the value of the count parameter: a “short transfer.” This is permitted by the specification, but might impact broken code that ignores the returned count or assumes it is always equal to count.

The RC2 and ARCFOUR (RC4) algorithms have been added to the "jdk.security.legacyAlgorithms" security property in the java.security configuration file. The keytool tool issues warnings when a weak RC2 or ARCFOUR algorithm is used for its commands associated with secret key entries in the keystore.

Deserialization of serialized method references to Object methods, which was using an interface as the type on which the method is invoked, can now be deserialized again. Note the classfiles need to be recompiled to allow the deserialization.

The Windows KeyStore support in the SunMSCAPI provider has been expanded to include access to the local machine location. The new keystore types are:

• "Windows-MY-LOCALMACHINE"
• "Windows-ROOT-LOCALMACHINE"

The following keystore types were also added, allowing developers to make it clear they map to the current user:

• "Windows-MY-CURRENTUSER" (same as "Windows-MY")
• "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT")

The finalizer implementation in SSLSocket has been removed, with the underlying native resource releases now done by the Socket implementation. With this update, the TLS close_notify messages will no longer be emitted if SSLSocket is not explicitly closed.

Not closing Sockets properly is an error condition that should be avoided. Applications should always close sockets and not rely on garbage collection.

The JVM Tool Interface (JVM TI) has been updated in this release to support virtual threads. Maintainers of agents that use JVM TI are strongly recommended to read JEP 425 and the JVM TI 19.0 specification. The following is a summary of the JVM TI support for virtual threads:

• Most JVM TI functions that are called with a jthread (i.e., a JNI reference to a Thread object) can be called with a reference to a virtual thread. The functions that are not supported on virtual threads are PopFrame, ForceEarlyReturn, StopThread, AgentStartFunction and GetThreadCpuTime. The SetLocal* functions support setting local variables in the top-most frame of virtual threads that are suspended at a breakpoint or single step event but are allowed to fail with JVMTI_ERROR_OPAQUE_FRAME in other scenarios.

• All JVM TI events, with the exception of those posted during early VM startup or during heap iteration, can have event callbacks invoked in the context of a virtual thread.

• The GetAllThreads and GetAllStackTraces functions are specified to return all platform threads rather than all threads.

• New functions SuspendAllVirtualThreads and ResumeAllVirtualThreads are added to support bulk suspend and resume of virtual threads. New events VirtualThreadStart and VirtualThreadEnd are added to support tracking of virtual threads. A new capability, can_support_virtual_threads is used to enable the use of the new functions and events.

Existing JVM TI agents will mostly work as before, but may encounter errors if they invoke functions that are not supported on virtual threads. These will arise when an agent that is unaware of virtual threads is used with an application that uses virtual threads. The change to GetAllThreads to return an array containing only the platform threads may be an issue for some agents. Existing agents that enable the ThreadStart and ThreadEnd events for all threads may encounter performance issues until they are upgraded to have finer control of these events.

The are a few source-incompatible API changes, and one binary-incompatible change, that may impact code that extends java.lang.Thread.

• Thread defines several new methods in this release. If code in an existing source file extends Thread and a method in the subclass conflicts with any of the new Thread methods then the file will not compile without change.

• Thread.Builder is added as a nested interface. If code in an existing source file extends Thread, imports a class named Builder, and code in the subclass references "Builder" as a simple name, then the file will not compile without change.

• Thread.threadId() is added as a final method to return the thread’s identifier. If code in an existing source file extends Thread and the subclass declares a method named threadId with no parameters then it will not compile. If there is existing compiled code that extends Thread and the subclass defines a method named threadId with a return type of long and no parameters, then IncompatibleClassChangeError will be thrown at run-time if the subclass is loaded.

For further details, see the JEP 425, section java.lang.Thread.

Legacy java.lang.ThreadGroup has been degraded in this release. It is no longer possible to explicitly destroy a thread group. In its place, ThreadGroup is changed to no longer keep a strong reference to subgroups. A thread group is thus eligible to be GC'ed when there are no live threads in the group and nothing else is keeping the thread group alive.

The behavior of several methods, deprecated for removal in prior releases, are changed as follows:

• The destroy method does nothing.

• The isDestroyed method returns false.

• The setDaemon and isDaemon methods set/get a daemon status that is not used for anything.

• The suspend, resume, and stop methods throw UnsupportedOperationException.

For further details, see the JEP 425, section java.lang.ThreadGroup.

Virtual threads have been added to the Java Platform as a preview feature. Virtual threads are lightweight threads that are scheduled by the Java runtime rather than the operating system. Virtual threads reduce the effort of developing, maintaining, and observing high-throughput concurrent applications.

For further details, see JEP 425.

The DES, DESede and MD5 algorithms have been added to the "jdk.security.legacyAlgorithms" security property in the java.security configuration file. The keytool tool issues warnings when a weak DES or DESede algorithm is used for its commands associated with secret key entries in the keystore.

Two new system properties, stdout.encoding and stderr.encoding, have been added. The value of these system properties is the encoding used by the standard output and standard error streams (System.out and System.err).

The default values of these system properties depend on the platform. The values take on the value of the native.encoding property when the platform does not provide streams for the console. The properties can be overridden on the launcher's command line option (with -D) to set them to UTF-8 where required.

It is recommended to construct OAEPParameterSpec explicitly with desired values instead of using the DEFAULT static constant. The DEFAULT static constant uses the default values in the initial version of the PKCS#1 standard and some of these values are no longer recommended due to advances in cryptanalysis.

A new static factory method has been introduced that allows creation of HashMap instances that are preallocated to contain an expected number of mappings. After using this method, the new HashMap can accommodate the expected number of mappings without being resized. Similarly, there are also new static factory methods for LinkedHashMap and WeakHashMap. The methods are:

• HashMap.newHashMap
• LinkedHashMap.newLinkedHashMap
• WeakHashMap.newWeakHashMap

The int-bearing constructors for these classes set the "capacity" (internal table size) which is not the same as the number of mappings that can be accommodated. The capacity is related to the number of mappings by a simple but error-prone calculation. For this reason, programs should use these new static factory methods in preference to the int-bearing constructors.

Previously JDK desktop applications using Swing and Java2D (tm) would render using OpenGL on macOS. As of this release of JDK, they now are rendered using Apple's new Metal accelerated graphics API. This has been available since JDK 17 (JEP 382), but was not automatically enabled. Now it is enabled by default. Applications will not need to take any action, as they will automatically benefit from faster graphics with lower power consumption, and the use of a more modern stable graphics API which will be able to work better on current and future Apple Mac systems. Any user who would prefer to continue to use OpenGL whilst it is still supported can disable rendering with Metal by starting their application with either "java -Dsun.java2d.metal=false" or "java -Dsun.java2d.opengl=true" and it will run with OpenGL as it used to in JDK 17.

Locale data based on Unicode Consortium's CLDR has been upgraded to version 41. For the detailed locale data changes, please refer to the Unicode Consortium's CLDR release notes: https://cldr.unicode.org/index/downloads/cldr-41

It is recommended to construct PSSParameterSpec explicitly with all desired values instead of using the DEFAULT static constant or the single argument constructor which takes the salt length. Both use the default values in the initial version of the PKCS#1 standard and some of these values are no longer recommended due to advances in cryptanalysis.

New Locale.of() factory methods replace deprecated Locale constructors. The factory methods are efficient and reuse existing Locale instances. Locales are also provided by Locale.forLanguageTag() and Locale.Builder.

The MD5 and SHA-1 message digest algorithms have been disabled by default for HTTP Digest authentication. MD5 and SHA-1 are considered insecure and are deprecated generally. Accordingly, they have both been disabled by default for some usages of HTTP Digest authentication with java.net.HttpURLConnection. They can re-enabled on an opt-in basis by setting a new system property. See the following page for more information:

https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html

The following TLS cipher suites that use the obsolete 3DES algorithm have been removed from the default list of enabled cipher suites:

• TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA

Note that cipher suites using 3DES are already disabled by default in the jdk.tls.disabledAlgorithms security property. You may use these suites at your own risk by removing 3DES_EDE_CBC from the jdk.tls.disabledAlgorithms security property and re-enabling the suites via the setEnabledCipherSuites() method of the SSLSocket, SSLServerSocket or SSLEngine classes. Alternatively, if an application is using the HttpsURLConnection class, the https.cipherSuites system property can be used to re-enable the suites.

JDK providers use provider-specific default values if the caller does not specify a key size when using a KeyPairGenerator or KeyGenerator object to generate a key pair or secret key. With this enhancement, the default key sizes for various crypto algorithms have been increased as follows:

• RSA, RSASSA-PSS, DH: from 2048 to 3072
• EC: from 256 to 384
• AES: from 128 to 256 (if permitted by crypto policy), falls back to 128 otherwise.

In addition, the jarsigner tool will now use SHA-384 instead of SHA-256 as the default digest algorithm. The default signature algorithm for the jarsigner tool has also been adjusted accordingly. SHA-384 is used instead of SHA-256 except for longer key sizes whose security strength matches SHA-512. Note that for DSA keys, jarsigner will continue using SHA256withDSA as the default signature algorithm. This ensures maximum interoperability with older JDK releases. For more details, please refer to the keytool and jarsigner documentation.

New Java SE APIs, javax.net.ssl.getSignatureSchemes() and javax.net.ssl.setSignatureSchemes(), have been added to allow applications to customize the signature schemes used in individual TLS or DTLS connections.

Note that the underlying provider may define the default signature schemes for each TLS or DTLS connection. Applications may also use the existing "jdk.tls.client.SignatureSchemes" and/or "jdk.tls.server.SignatureSchemes" system properties to customize the provider-specific default signature schemes. If not null, the signature schemes passed to the setSignatureSchemes() method will override the default signature schemes for the specified TLS or DTLS connections.

Note that a provider may not have been updated to support the new APIs and in that case may ignore the signature schemes that are set. The JDK SunJSSE provider supports this method. It is recommended that 3rd party providers add support for these methods when they add support for JDK 19 or later releases.

The method java.nio.file.Files.copy(Path,Path) has been changed to copy POSIX file attributes from the source file to the destination file when the two files are associated with different file system providers, for example copying a file from the default file system to a zip file system. Both the source and target file systems must support the POSIX file attribute view. The POSIX attributes copied are constrained to the file access permissions; owner and group owner of the file are not copied.

The JDK SunJSSE provider implementation has been enhanced to be fully compliant with RFC 6125. Prior to this release, the implementation was compliant except for one case, which has now been addressed: the implementation will not attempt to match wildcard domains in TLS certificates where the wildcard character comprises a label other than the left-most label.

If necessary, applications can workaround this restriction by implementing their own HostnameVerifier or TrustManager.

Previous JDK releases used an incorrect interpretation of the Linux cgroups parameter "cpu.shares". This might cause the JVM to use fewer CPUs than available, leading to an under utilization of CPU resources when the JVM is used inside a container.

Starting from this JDK release, by default, the JVM no longer considers "cpu.shares" when deciding the number of threads to be used by the various thread pools. The -XX:+UseContainerCpuShares command-line option can be used to revert to the previous behavior. This option is deprecated and may be removed in a future JDK release.

The definition and its implementation of the pattern symbol F in java.time.format.DateTimeFormatter/Builder has been modified. It was tied with ChronoField.ALIGNED_DAY_OF_WEEK_IN_MONTH field, which did not agree with java.text.SimpleDateFormat and Unicode Consortium's LDML. With this release, it represents ChronoField.ALIGNED_WEEK_OF_MONTH field. For example, the number 2 means "the 2nd Wednesday in July."

On Linux and macOS, the system property user.home is set to the home directory provided by the operating system. If the directory name provided is empty or only a single character, the value of the environment variable HOME is used instead.

The directory name and the value of $HOME are usually the same and valid. The fallback to $HOME is unusual and unlikely to occur except in environments such as systemd on Linux or when running in a container such as Docker.

The JDK implementation of X509Certificate::getSubjectAlternativeNames and X509Certificate::getIssuerAlternativeNames has been enhanced to additionally return the type-id and value fields of an otherName. The value field is returned as a String if it is encoded as a character string or otherwise as a byte array, which is helpful as it avoids having to parse the ASN.1 DER encoded form of the name.

Support for PAC-RET protection on the Linux/AArch64 platform has been introduced.

When enabled, OpenJDK will use hardware features from the ARMv8.3 Pointer Authentication Code (PAC) extension to protect against Return Orientated Programming (ROP) attacks. For more information on the PAC extension see "Providing protection for complex software" or the "Pointer authentication in AArch64 state" section in the Arm ARM.

To take advantage of this feature, first OpenJDK must be built with the configuration flag --enable-branch-protection using GCC 9.1.0+ or LLVM 10+ . Then, the runtime flag -XX:UseBranchProtection=standard will enable PAC-RET protection if the system supports it and the java binary was compiled with branch-protection enabled; otherwise the flag is silently ignored. Alternatively, -XX:UseBranchProtection=pac-ret will also enable PAC-RET protection, but in this case if the system does not support it or the java binary was not compiled with branch-protection enabled, then a warning will be printed.

The method java.nio.channels.FileChannel.lock(long position, long size, boolean shared) has been changed such that a size value of zero means to lock all bytes from the specified starting position to the end of the file, regardless of whether the file is subsequently extended or truncated.

Additional date/time formats are now introduced in java.time.format.DateTimeFormatter/DateTimeFormatterBuilder classes. In prior releases, only 4 predefined styles, i.e., FormatStyle.FULL/LONG/MEDIUM/SHORT are available. Now the users can specify their own flexible style with this new DateTimeFormatter.ofLocalizedPattern(String requestedTemplate) method. For example,

DateTimeFormatter.ofLocalizedPattern("yMMM")

produces a formatter, which can format a date in a localized manner, such as "Feb 2022" in the US locale, while "2022年2月" in the Japanese locale. Supporting method DateTimeFormatterBuilder.appendLocalized(String requestedTemplate)is also provided.

A new option -providerPath has been added to jarsigner. One can use this option to specify the class path of an alternate keystore implementation. It can be used together with the -providerClass option.

The JVM option -XX:+AutoCreateSharedArchive can be used to automatically create or update a CDS archive for an application. For example:

java -XX:+AutoCreateSharedArchive -XX:SharedArchiveFile=app.jsa -cp app.jar App

The specified archive will be written if it does not exist, or if it was generated by a different version of the JDK

For further details, see JDK-8261455.

Two new options are added to the ktab command when adding new keytab entries. When ktab -a username password -s altsalt is called, altsalt is used instead of the default salt. When ktab -a username password -f is called, the tool will contact the KDC to fetch the actual salt used.

String concatenation has been changed to evaluate each argument and eagerly convert it to a string, in left-to-right order. This fixes a bug in the invokedynamic-based string concatentation strategies introduced in JEP 280.

For example, the following now prints "foofoobar", not "foobarfoobar":

    StringBuilder builder = new StringBuilder("foo");
    System.err.println("" + builder + builder.append("bar"));

This release upgrades Unicode support to 14.0, which includes the following:

The java.lang.Character class supports Unicode Character Database of 14.0 level, which adds 838 characters, for a total of 144,697 characters. These additions include 5 new scripts, for a total of 159 scripts, as well as 37 new emoji characters. The java.text.Bidi and java.text.Normalizer classes support 14.0 level of Unicode Standard Annexes, #9 and #15, respectively. The java.util.regex package supports Extended Grapheme Clusters based on 14.0 level of Unicode Standard Annex #29 For more detail about Unicode 14.0, refer to the Unicode Consortium's release note.