JDK 24.0.2 Release Notes

The following expired root certificate has been removed from the cacerts keystore:

+ alias name "baltimorecybertrustca [jdk]"
  Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

The following root certificates, which are terminated and no longer in use, have been removed from the cacerts keystore:

+ alias name "camerfirmachamberscommerceca [jdk]"
  Distinguished Name: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

+ alias name "camerfirmachambersignca [jdk]"
  Distinguished Name: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

The following root certificates have been added to the cacerts truststore:

+ Sectigo Limited
  + sectigocodesignroote46
    DN: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigocodesignrootr46
    DN: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigotlsroote46
    DN: CN=Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB

+ Sectigo Limited
  + sectigotlsrootr46
    DN: CN=Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB

Starting with JDK 25, jpackage no longer includes service bindings for a run-time image that it creates. Prior to JDK 25, jpackage would include service bindings for run-time images. As a result, the generated run-time images produced by jpackage might not include the same set of modules as it did in prior versions.

The previous behavior can be achieved by adding the --bind-services jlink option to the default jlink options jpackage uses:

jpackage [...] --jlink-options 
   "--strip-native-commands --strip-debug --no-man-pages --no-header-files --bind-services"