Java™ SE Development Kit 21, 21.0.3 Release Notes
Java™ SE Development Kit 21.0.3 (JDK 21.0.3)
Release date: April 16, 2024
The full version string for this update release is 21.0.3+7 (where "+" means "build"). The version number is 21.0.3.
IANA TZ Data 2024a
JDK 21.0.3 contains IANA time zone data 2024a which contains the following changes:
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31.
- Vostok, Antarctica changed time zones on 2023-12-18.
- Casey, Antarctica changed time zones five times since 2020.
- Code and data fixes for Palestine timestamps starting in 2072.
- A new data file zonenow.tab for timestamps starting now.
- Kazakhstan unifies on UTC+5 beginning 2024-03-01.
- Palestine springs forward a week later after Ramadan.
- zic no longer pretends to support indefinite-past DST.
- localtime no longer mishandles Ciudad Juárez in 2422.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime at the time of the release of JDK 21.0.3 are specified in the following table:
| Java Family Version | Security Baseline (Full Version String) |
|---|---|
| 21 | 21.0.3+7 |
| 17 | 17.0.11+7 |
| 11 | 11.0.23+7 |
| 8 | 8u411-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 21.0.3) be used after the next critical patch update scheduled for July 16, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
New Features
security-libs/javax.crypto
➜ Update XML Security for Java to 3.0.3 (JDK-8319124)
The XML Signature implementation has been updated to Santuario 3.0.3. Support for four new SHA-3 based RSA-MGF1 signature methods have been added: SHA3_224_RSA_MGF1, SHA3_256_RSA_MGF1, SHA3_384_RSA_MGF1, and SHA3_512_RSA_MGF1. While these new algorithm URIs are not defined in javax.xml.crypto.dsig.SignatureMethod in the JDK update releases, they may be represented as string literals in order to be functionally equivalent. SHA-3 hash algorithm support was delivered to JDK 9 via JEP 287. Releases earlier than that may use third party security providers.
Known Issues
tools/jpackage
➜ jpackage Apps May Fail to Build on Debian Linux Distros Due to Missing Shared Libraries
(JDK-8295111)
There is an issue on Debian Linux distros where jpackage could not always build an accurate list of required packages from shared libraries with symbolic links in their paths, causing installations to fail due to missing shared libraries.
Other Notes
client-libs/java.awt
➜ AWT SystemTray API Is Not Supported on Most Linux Desktops (JDK-8322750)
The java.awt.SystemTray API is used for notifications in a desktop taskbar and may include an icon representing an application. On Linux, the Gnome desktop's own icon support in the taskbar has not worked properly for several years due to a platform bug. This, in turn, has affected the JDK's API, which relies upon that.
Therefore, in accordance with the existing Java SE specification, java.awt.SystemTray.isSupported() will return false where ever the JDK determines the platform bug is likely to be present.
The impact of this is likely to be limited since applications always must check for that support anyway. Additionally, some distros have not supported the SystemTray for several years unless the end-user chooses to install non-bundled desktop extensions.
security-libs/java.security
➜ Added Certainly R1 and E1 Root Certificates (JDK-8321408)
The following root certificates have been added to the cacerts truststore:
+ Certainly
+ certainlyrootr1
DN: CN=Certainly Root R1, O=Certainly, C=US
+ Certainly
+ certainlyroote1
DN: CN=Certainly Root E1, O=Certainly, C=US
tools/javac
➜ Align javac with the Java Language Specification by Rejecting final in Record Patterns
(JDK-8317300)
JDK 21 introduced pattern matching in the Java language. However, javac allowed final in front of a record pattern, such as (case final R(...) ->), something which is not allowed by the Java Language Specification.
Programs that could be compiled erroneously in JDK21 with final will now fail to compile. This change fixes the issue in the compiler. Impacted users will need to remove the final keyword.
Updates to Third Party Libraries
| Library | New Version | Module | JBS |
|---|---|---|---|
| FreeType | 2.13.2 | java.desktop | JDK-8316028 |
| Xalan Java | 2.7.3 | java.xml | JDK-8305814 |
| XML Security for Java | 3.0.3 | java.xml.crypto | JDK-8319124 |
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 21.0.3:
| # | JBS | Component/Subcomponent | Summary |
|---|---|---|---|
| 1 | JDK-8319103 | client-libs/javax.swing | Popups that request focus are not shown on Linux with Wayland |
| 2 | JDK-8318590 | client-libs/javax.swing | JButton ignores margin when painting HTML text |
| 3 | JDK-8299058 | core-libs/java.net | AssertionError in sun.net.httpserver.ServerImpl when connection is idle |
| 4 | JDK-8323659 | core-libs/java.util.concurrent | LinkedTransferQueue add and put methods call overridable offer |
| 5 | JDK-8321480 | core-libs/java.util:i18n | ISO 4217 Amendment 176 Update |
| 6 | JDK-8314612 | hotspot/compiler | TestUnorderedReduction.java fails with -XX:MaxVectorSize=32 and -XX:+AlignVector |
| 7 | JDK-8321542 | hotspot/compiler | C2: Missing ChaCha20 stub for x86_32 leads to crashes |
| 8 | JDK-8313720 | hotspot/compiler | C2 SuperWord: wrong result with -XX:+UseVectorCmov -XX:+UseCMoveUnconditionally |
| 9 | JDK-8321974 | hotspot/compiler | Crash in ciKlass::is_subtype_of because TypeAryPtr::_klass is not initialized |
| 10 | JDK-8316661 | hotspot/compiler | CompilerThread leaks CodeBlob memory when dynamically stopping compiler thread in non-product |
| 11 | JDK-8321215 | hotspot/compiler | Incorrect x86 instruction encoding for VSIB addressing mode |
| 12 | JDK-8316594 | hotspot/compiler | C2 SuperWord: wrong result with hand unrolled loops |
| 13 | JDK-8319879 | hotspot/compiler | Stress mode to randomize incremental inlining decision |
| 14 | JDK-8309203 | hotspot/compiler | C2: remove copy-by-value of GrowableArray for InterfaceSet |
| 15 | JDK-8310844 | hotspot/compiler | [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate |
| 16 | JDK-8319372 | hotspot/compiler | C2 compilation fails with "Bad immediate dominator info" |
| 17 | JDK-8321599 | hotspot/compiler | Data loss in AVX3 Base64 decoding |
| 18 | JDK-8322321 | hotspot/runtime | Add man page doc for -XX:+VerifySharedSpaces |
| 19 | JDK-8323243 | hotspot/runtime | JNI invocation of an abstract instance method corrupts the stack |
| 20 | JDK-8320208 | security-libs/java.security | Update Public Suffix List to b5bf572 |
| 21 | JDK-8318971 | tools/jar | Better Error Handling for Jar Tool When Processing Non-existent Files |
| 22 | JDK-8305971 | tools/javac | NPE in JavacProcessingEnvironment for missing enum constructor body |
| 23 | JDK-8322040 | tools/javac | Missing array bounds check in ClassReader.parameter |
| 24 | JDK-8320145 | tools/javac | Compiler should accept final variable in Record Pattern |
| 25 | JDK-8321582 | tools/javac | yield <primitive-type>.class not parsed correctly. |
| 26 | JDK-8321164 | tools/javac | javac with annotation processor throws AssertionError: Filling jrt:/... during JarFileObject[/...] |
| 27 | JDK-8322159 | tools/javac | ThisEscapeAnalyzer crashes for erroneous code |