JDK 20.0.2 Release Notes

Notable Issues Fixed

Missing /usr/java/default Symlink on Linux Restored (JDK-8306690 (not public))

install/install

A regression where the /usr/java/default symlink is not created by RPM installers on Linux platforms has been fixed. Installers will create the /usr/java/default symlink if it doesn't exist, targeting the /usr/java/latest symlink.

Known Issues

Problem Upgrading JDK on Windows if System User Is Using Shared Files (JDK-8310932 (not public))

install

Installing into the same, shared jdk-<family> directory is the default behavior for the JDK starting with the July 2023 CPU. It could lead to FilesInUse issues if JDK files are locked by the "System User". We recommend shutting down any apps using the JDK as the "System User" before upgrading.

Other Notes

Added 4 GTS Root CA Certificates (JDK-8307134)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ Google Trust Services LLC
 + gtsrootcar1
  DN: CN=GTS Root R1, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootcar2
  DN: CN=GTS Root R2, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootecccar3
  DN: CN=GTS Root R3, O=Google Trust Services LLC, C=US

+ Google Trust Services LLC
 + gtsrootecccar4
  DN: CN=GTS Root R4, O=Google Trust Services LLC, C=US

Added Microsoft Corporation's 2 TLS Root CA Certificates (JDK-8304760)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ Microsoft Corporation
  + microsoftecc2017
    DN: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US

+ Microsoft Corporation
  + microsoftrsa2017
    DN: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US

Added TWCA Root CA Certificate (JDK-8305975)

security-libs/java.security

The following root certificate has been added to the cacerts truststore:

+ TWCA
  + twcaglobalrootca
    DN: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW

Improved ZIP64 Extra Field Validation (JDK-8302483 (not public))

core-libs/java.util.jar

java.util.zip.ZipFile has been updated to provide additional validation of ZIP64 extra fields when opening a ZIP file. This validation may be disabled by setting the system property jdk.util.zip.disableZip64ExtraFieldValidation to true.

ASLR Support for CDS Archive (JDK-8294323 (not public))

hotspot/runtime

Starting with the July 2023 CPU, on operating systems where ASLR (Address Space Layout Randomization) is enabled, the CDS archive will be placed at a random address picked by the operating system.

This change may have a minor performance impact: (a) Start-up time may increase because the JVM needs to patch pointers inside the CDS archive; (b) Memory usage may increase because the memory used by the CDS archive is no longer shareable across processes. We expect the impact to be small because such increases should be only a small fraction of the overall application usage.

In the unlikely event that you must disable ASLR for CDS, you can use the JVM flags -XX:+UnlockDiagnosticVMOptions -XX:ArchiveRelocationMode=0. The usage of such flags is not recommended.

New System Property to Control the Maximum Size of Signature Files (JDK-8300596 (not public))

security-libs/java.security

A new system property, jdk.jar.maxSignatureFileSize, has been added to allow applications to control the maximum size of signature files in a signed JAR. The value of the system property is the desired size in bytes. The default value is 8000000 bytes.