JDK 24.0.2 Release Notes

Removed Features and Options

Removed Baltimore CyberTrust Root Certificate After Expiry Date (JDK-8303770)

security-libs/java.security

The following expired root certificate has been removed from the cacerts keystore:

+ alias name "baltimorecybertrustca [jdk]"
  Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Removed Two Camerfirma Root Certificates (JDK-8350498)

security-libs/java.security

The following root certificates, which are terminated and no longer in use, have been removed from the cacerts keystore:

+ alias name "camerfirmachamberscommerceca [jdk]"
  Distinguished Name: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

+ alias name "camerfirmachambersignca [jdk]"
  Distinguished Name: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

Other Notes

Added 4 New Root Certificates from Sectigo Limited (JDK-8359170)

security-libs/java.security

The following root certificates have been added to the cacerts truststore:

+ Sectigo Limited
  + sectigocodesignroote46
    DN: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigocodesignrootr46
    DN: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigotlsroote46
    DN: CN=Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigotlsrootr46
    DN: CN=Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB

jpackage No Longer Includes Service Bindings by Default for Generated Run-Time Images (JDK-8345185)

tools/jpackage

Starting with JDK 25, jpackage no longer includes service bindings for a run-time image that it creates. Prior to JDK 25, jpackage would include service bindings for run-time images. As a result, the generated run-time images produced by jpackage might not include the same set of modules as it did in prior versions.

The previous behavior can be achieved by adding the --bind-services jlink option to the default jlink options jpackage uses:

jpackage [...] --jlink-options 
   "--strip-native-commands --strip-debug --no-man-pages --no-header-files --bind-services"