RELEASE NOTES FOR: 11.0.20 ==================================================================================================== Notes generated: Thu Apr 03 15:35:57 CEST 2025 Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES: hotspot/compiler: JDK-8308884: GregorianCalender.computeTime() JVM Crash A virtual machine crash was observed in JDK 11.0.19 and 17.0.7 when executing the `GregorianCalender.computeTime()` method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and 17.0.8 and will be reapplied once JDK-8307683 is resolved. core-libs/java.nio.charsets: JDK-8301119: Support for GB18030-2022 China National Standard body (CESI) has recently published GB18030-2022 which is an updated version of the GB18030 standard and brings GB18030 in sync with Unicode version 11.0. The `Charset` implementation for this new standard has now replaced the prior `2000` standard. However, this new standard has some incompatible changes from the prior implementation. For those who need to use the old mappings, a new system property `jdk.charset.GB18030` is introduced. By setting its value to `2000`, the previous JDK releases' mappings for the `GB18030 Charset` are used which are based on the `2000` standard. tools/javadoc(tool): JDK-8259530: Legal Headers for Generated Files The set of files generated by the Standard Doclet typically includes some files with associated licensing requirements. The Standard Doclet now provides support for including the associated legal files, with default behavior for the common case and a new command-line option (`--legal-notices`) to override that behavior when appropriate. security-libs/java.security: JDK-8307134: Added 4 GTS Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Google Trust Services LLC + gtsrootcar1 DN: CN=GTS Root R1, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootcar2 DN: CN=GTS Root R2, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootecccar3 DN: CN=GTS Root R3, O=Google Trust Services LLC, C=US + Google Trust Services LLC + gtsrootecccar4 DN: CN=GTS Root R4, O=Google Trust Services LLC, C=US ``` JDK-8305975: Added TWCA Root CA Certificate The following root certificate has been added to the cacerts truststore: ``` + TWCA + twcaglobalrootca DN: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW ``` JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates The following root certificates have been added to the cacerts truststore: ``` + Microsoft Corporation + microsoftecc2017 DN: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US + Microsoft Corporation + microsoftrsa2017 DN: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US ``` JDK-8303465: Enhance Contents (Trusted Certificate Entries) of macOS KeychainStore The macOS KeychainStore implementation now exposes certificates with proper trust in the user domain, admin domain, or both. Before, only the user domain was considered. Furthermore, if there exists a "deny" entry for a particular purpose in a certificate's trust settings in either domain, the certificate will not be part of the macOS KeychainStore. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs: (P3) JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors client-libs/2d: (P3) JDK-8304291: [AIX] Broken build after JDK-8301998 (P3) JDK-8301998: Update HarfBuzz to 7.0.1 (P3) JDK-8303482: Update LCMS to 2.15 (P4) JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 (P4) JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 client-libs/java.awt: (P4) JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails (P4) JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not client-libs/javax.accessibility: (P3) JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation client-libs/javax.imageio: (P3) JDK-8302151: BMPImageReader throws an exception reading BMP images client-libs/javax.swing: (P3) JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer (P3) JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer (P3) JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError (P4) JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 (P4) JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter (P4) JDK-8300205: Swing test bug8078268 make latch timeout configurable core-libs: (P3) JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) (P4) JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 core-libs/java.lang: (P3) JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed (P4) JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary core-libs/java.lang.module: (P4) JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates core-libs/java.lang:class_loading: (P4) JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message core-libs/java.net: (P3) JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 (P3) JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value (P3) JDK-8291638: Keep-Alive timeout of 0 should close connection immediately (P4) JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException (P4) JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out core-libs/java.nio: (P4) JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM core-libs/java.nio.charsets: (P4) JDK-8301119: Support for GB18030-2022 core-libs/java.time: (P3) JDK-8305113: (tz) Update Timezone Data to 2023c (P3) JDK-8278434: timeouts in test java/time/test/java/time/format/TestZoneTextPrinterParser.java core-libs/java.util:i18n: (P3) JDK-8305400: ISO 4217 Amendment 175 Update (P3) JDK-8275721: Name of UTC timezone in a locale changes depending on previous code (P3) JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id (P3) JDK-8209880: tzdb.dat is not reproducibly built (P3) JDK-8209167: Use CLDR's time zone mappings for Windows (P4) JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile core-svc/tools: (P3) JDK-8303937: Corrupted heap dumps due to missing retries for os::write() hotspot/compiler: (P3) JDK-8308884: [17u/11u] Backout JDK-8297951 (P3) JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi (P3) JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? (P3) JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE (P3) JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument (P4) JDK-8282467: add extra diagnostics for JDK-8268184 (P4) JDK-8305711: Arm: C2 always enters slowpath for monitorexit (P5) JDK-8306768: CodeCache Analytics reports wrong threshold hotspot/runtime: (P2) JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded (P3) JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code (P3) JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames (P3) JDK-8243936: NonWriteable system properties are actually writeable (P3) JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected (P4) JDK-8303861: Error handling step timeouts should never be blocked by OnError and others (P4) JDK-8214807: Improve handling of very old class files (P4) JDK-8308006: Missing NMT memory tagging in CMS hotspot/svc: (P3) JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns (P4) JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN hotspot/test: (P4) JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 (P4) JDK-8303822: gtestMain should give more helpful output infrastructure: (P4) JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 infrastructure/build: (P2) JDK-8306543: GHA: MSVC installation is failing (P3) JDK-8303476: Add the runtime version in the release file of a JDK image (P3) JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed (P3) JDK-8306664: GHA: Update MSVC version to latest stepping (P3) JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 (P4) JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle (P4) JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype (P4) JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters (P4) JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space (P4) JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep (P5) JDK-8297000: [jib] Add more friendly warning for proxy issues (P5) JDK-8305721: add `make compile-commands` artifacts to .gitignore infrastructure/release_eng: (P4) JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 security-libs: (P3) JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return (P4) JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return security-libs/java.security: (P3) JDK-8304760: Add 2 Microsoft TLS roots (P3) JDK-8307134: Add GTS root CAs (P3) JDK-8305975: Add TWCA Global Root CA (P3) JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test (P3) JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates (P4) JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider security-libs/javax.crypto: (P3) JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption (P4) JDK-8178806: Better exception logging in crypto code security-libs/javax.crypto:pkcs11: (P3) JDK-8294906: Memory leak in PKCS11 NSS TLS server (P4) JDK-8293232: Fix race condition in pkcs11 SessionManager (P4) JDK-8214459: NSS source should be removed (P4) JDK-8289301: P11Cipher should not throw out of bounds exception during padding (P4) JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation (P4) JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error security-libs/javax.net.ssl: (P3) JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary security-libs/javax.xml.crypto: (P4) JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider security-libs/jdk.security: (P3) JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx tools/javac: (P3) JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression tools/javadoc(tool): (P3) JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence tools/jlink: (P4) JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently tools/jshell: (P3) JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies (P4) JDK-8286398: Address possibly lossy conversions in jdk.internal.le