RELEASE NOTES: JDK 15.0.3

Notes generated: Sun Nov 03 22:44:34 CET 2024

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description

Issue	Description
JDK-8202343	Disable TLS 1.0 and 1.1 TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3). These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file.

JDK-8202343

Disable TLS 1.0 and 1.1

TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.

security-libs/java.security

Issue Description

Issue	Description
JDK-8243559	Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]" Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA alias name "verisignclass2g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US alias name "verisignclass3ca [jdk]" Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US alias name "verisignclass3g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US alias name "verisigntsaca [jdk]" Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ```

JDK-8243559

Removed Root Certificates with 1024-bit Keys

The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts keystore: ``` + alias name "thawtepremiumserverca [jdk]" Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

alias name "verisignclass2g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
alias name "verisignclass3ca [jdk]" Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
alias name "verisignclass3g2ca [jdk]" Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
alias name "verisigntsaca [jdk]" Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

```

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P3	JDK-8247867	Upgrade to freetype 2.10.2
P3	JDK-8245400	Upgrade to LittleCMS 2.11

core-libs/java.time

Priority	Bug	Summary
P3	JDK-8260356	(tz) Upgrade Timezone Data to tzdata2021a
P4	JDK-8259048	(tz) Upgrade Timezone Data to tzdata2020f

core-libs/java.util:i18n

Priority	Bug	Summary
P4	JDK-8252497	Incorrect numeric currency code for ROL

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8261912	Code IfNode::fold_compares_helper more defensively
P3	JDK-8259633	compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543

hotspot/runtime

Priority	Bug	Summary
P2	JDK-8261310	PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined

infrastructure

Priority	Bug	Summary
P4	JDK-8262541	Bump update version for OpenJDK: jdk-15.0.3

infrastructure/build

Priority	Bug	Summary
P3	JDK-8247676	vcruntime140_1.dll is not needed on 32-bit Windows

security-libs/java.security

Priority	Bug	Summary
P3	JDK-8243559	Remove root certificates with 1024-bit keys

security-libs/javax.net.ssl

Priority	Bug	Summary
P2	JDK-8202343	Disable TLS 1.0 and 1.1
P2	JDK-8256682	JDK-8202343 is incomplete