RELEASE NOTES: JDK 15.0.3

Notes generated: Wed Sep 01 04:29:02 CEST 2021

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description
JDK-8202343

Disable TLS 1.0 and 1.1


TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.


security-libs/java.security

Issue Description
JDK-8243559

Removed Root Certificates with 1024-bit Keys


The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  • alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  • alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  • alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  • alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

```


FIXED ISSUES

client-libs/2d

Priority Bug Summary
P3 JDK-8247867 Upgrade to freetype 2.10.2
P3 JDK-8245400 Upgrade to LittleCMS 2.11

core-libs/java.time

Priority Bug Summary
P3 JDK-8260356 (tz) Upgrade time-zone data to tzdata2021a
P4 JDK-8259048 (tz) Upgrade time-zone data to tzdata2020f

core-libs/java.util:i18n

Priority Bug Summary
P4 JDK-8252497 Incorrect numeric currency code for ROL

hotspot/compiler

Priority Bug Summary
P2 JDK-8261912 Code IfNode::fold_compares_helper more defensively

hotspot/runtime

Priority Bug Summary
P2 JDK-8261310 PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined

infrastructure

Priority Bug Summary
P4 JDK-8262541 Bump update version for OpenJDK: jdk-15.0.3

infrastructure/build

Priority Bug Summary
P3 JDK-8247676 vcruntime140_1.dll is not needed on 32-bit Windows

security-libs/java.security

Priority Bug Summary
P3 JDK-8243559 Remove root certificates with 1024-bit keys

security-libs/javax.net.ssl

Priority Bug Summary
P2 JDK-8202343 Disable TLS 1.0 and 1.1
P2 JDK-8256682 JDK-8202343 is incomplete