JDK 21.0.2 Release Notes

New Features

TCP_KEEPxxxx Extended Socket Options Are Now Supported on the Windows Platform (JDK-8308593)

core-libs/java.net

The java.net.ExtendedSocketOptions TCP_KEEPIDLE and TCP_KEEPINTERVAL are supported on Windows platforms starting from Windows 10 version 1709 and onwards. TCP_KEEPCOUNT is supported starting from Windows 10 version 1703 and onwards.

Notable Issues Fixed

ZGC: Reintroduced Support for Non-Default ObjectAlignmentInBytes (JDK-8315082)

hotspot/compiler

The JDK 21 issue that could potentially lead to JVM crashes or incorrect execution when running the JVM with -XX:+UseZGC and non-default value of -XX:ObjectAlignmentInBytes has been resolved, and it is possible again to use this combination of JVM options.

Known Issues

Potential Performance Regression Due to Limited Range Check Elimination (JDK-8314468 (not public))

hotspot/compiler

When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.

This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine or -XX:TieredStopAtLevel=[1,2,3].

Other Notes

Hotspot hs_err Files Now Print the Lock Stack (JDK-8316735)

hotspot/runtime

A section containing the thread local lock stack has been added to hs_err report files. It only gets printed when the new lightweight locking mode is enabled (-XX:LockingMode=2).

An example is given here with details about the locked objects omitted:

Lock stack of current Java thread (top to bottom):
LockStack[1]: nsk.share.jdi.EventHandler 
...
LockStack[0]: java.util.Collections$SynchronizedRandomAccessList
...

It lists objects which are lightweight locked, through synchronized methods or statements, by the Java thread which is being analyzed. The object which has been locked most recently is printed first. Objects which are not lightweight locked are not displayed in this section.

Add User Facing Warning If THPs Are Enabled but Cannot Be Used (JDK-8313782)

hotspot/runtime

On Linux, if the JVM is started with +UseTransparentHugePages but the system does not support Transparent Huge Pages, a warning will now be printed to stdout:

UseTransparentHugePages disabled; transparent huge pages are not supported by the operating system.

NMT: Make Peak Values Available in Release Builds (JDK-8317772)

hotspot/runtime

NMT reports will now show peak values for all categories. Peak values contain the highest value for committed memory in a given NMT category over the lifetime of the JVM process.

If the committed memory for an NMT category is currently at peak, NMT prints "at peak"; otherwise, it prints the peak value.

For example:

-                  Compiler (reserved=230KB, committed=230KB)
                            (malloc=34KB #64) (peak=49KB #71) 
                            (arena=196KB #4) (peak=6126KB #16)

This shows Compiler arena memory peaked at a bit more than 6MB, whereas it now hovers around 200 KB.

Added Three Root Certificates from eMudhra Technologies Limited (JDK-8319187)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ eMudhra Technologies Limited
  + emsignrootcag1
    DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsigneccrootcag3
    DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsignrootcag2
    DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

Added Four Root Certificates from DigiCert, Inc. (JDK-8318759)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ DigiCert, Inc.
  + digicertcseccrootg5
    DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicertcsrsarootg5
    DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlseccrootg5
    DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlsrsarootg5
    DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US

Added ISRG Root X2 CA Certificate from Let's Encrypt (JDK-8317374)

security-libs/java.security

The following root certificate has been added to the cacerts truststore:

+ Let's Encrypt
  + letsencryptisrgx2
    DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US

Added Telia Root CA v2 Certificate (JDK-8317373)

security-libs/java.security

The following root certificate has been added to the cacerts truststore:

+ Telia Root CA v2
  + teliarootcav2
    DN: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI