RELEASE NOTES FOR: 15.0.3
====================================================================================================

Notes generated: Thu Jul 03 11:00:50 CEST 2025

Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry.

JAVA ENHANCEMENT PROPOSALS (JEP):

  None.

RELEASE NOTES:

security-libs/javax.net.ssl:

    JDK-8202343: Disable TLS 1.0 and 1.1

      TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have
      been superseded by more secure and modern versions (TLS 1.2 and 1.3).
      
      These versions have now been disabled by default. If you encounter issues, you can, at your
      own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the
      `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file.

security-libs/java.security:

    JDK-8243559: Removed Root Certificates with 1024-bit Keys

      The following root certificates with weak 1024-bit RSA public keys have been removed from the
      `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name:
      EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services
      Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
      
      + alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network,
      OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary
      Certification Authority - G2, O="VeriSign, Inc.", C=US
      
      + alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary
      Certification Authority, O="VeriSign, Inc.", C=US
      
      + alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network,
      OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary
      Certification Authority - G2, O="VeriSign, Inc.", C=US
      
      + alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte
      Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
      
      ```


ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:

client-libs/2d:
  (P3) JDK-8247867: Upgrade to freetype 2.10.2
  (P3) JDK-8245400: Upgrade to LittleCMS 2.11

core-libs/java.time:
  (P3) JDK-8260356: (tz) Upgrade Timezone Data to tzdata2021a
  (P4) JDK-8259048: (tz) Upgrade Timezone Data to tzdata2020f

core-libs/java.util:i18n:
  (P4) JDK-8252497: Incorrect numeric currency code for ROL

hotspot/compiler:
  (P2) JDK-8261912: Code IfNode::fold_compares_helper more defensively
  (P3) JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543

hotspot/runtime:
  (P2) JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined

infrastructure:
  (P4) JDK-8262541: Bump update version for OpenJDK: jdk-15.0.3

infrastructure/build:
  (P3) JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows

security-libs/java.security:
  (P3) JDK-8243559: Remove root certificates with 1024-bit keys

security-libs/javax.net.ssl:
  (P2) JDK-8202343: Disable TLS 1.0 and 1.1
  (P2) JDK-8256682: JDK-8202343 is incomplete