RELEASE NOTES FOR: 15.0.3 ==================================================================================================== Notes generated: Fri Jun 25 02:00:03 CEST 2021 JIRA Query: project = JDK AND (status in (Closed, Resolved)) AND (resolution not in ("Won't Fix", Duplicate, "Cannot Reproduce", "Not an Issue", Withdrawn)) AND (labels not in (release-note, testbug, openjdk-na, testbug) OR labels is EMPTY) AND (summary !~ 'testbug') AND (summary !~ 'problemlist') AND (summary !~ 'problem list') AND (summary !~ 'release note') AND (issuetype != CSR) AND fixVersion = 15.0.3 Acquiring pages (12 total): . done Loading issues (12 total): . done Resolving issues (12 total): done Resolving parents (12 total): done Resolving backports (12 total): done JIRA Query: project = JDK AND issuetype = JEP AND fixVersion = 15.0.3 ORDER BY summary ASC Acquiring pages (0 total): done Loading issues (0 total): done Resolving issues (0 total): done Resolving parents (0 total): done Filtered 0 issues carried over, 12 pushes left. Hint: Prefix bug IDs with https://bugs.openjdk.java.net/browse/ to reach the relevant JIRA entry. JAVA ENHANCEMENT PROPOSALS (JEP): None. RELEASE NOTES, BY COMPONENT: security-libs/java.security: JDK-8256902: Removed Root Certificates with 1024-bit Keys The following root certificates with weak 1024-bit RSA public keys have been removed from the `cacerts` keystore: ``` + alias name "thawtepremiumserverca [jdk]"   Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + alias name "verisignclass2g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisignclass3ca [jdk]"   Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US + alias name "verisignclass3g2ca [jdk]"   Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + alias name "verisigntsaca [jdk]"   Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA ``` security-libs/javax.net.ssl: JDK-8256490: Disable TLS 1.0 and 1.1 TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3). These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. ALL FIXED ISSUES, BY COMPONENT AND PRIORITY: client-libs/2d: (P3) JDK-8247867: Upgrade to freetype 2.10.2 (P3) JDK-8245400: Upgrade to LittleCMS 2.11 core-libs/java.time: (P3) JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a (P4) JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f core-libs/java.util:i18n: (P4) JDK-8252497: Incorrect numeric currency code for ROL hotspot/compiler: (P2) JDK-8261912: Code IfNode::fold_compares_helper more defensively hotspot/runtime: (P2) JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined infrastructure: (P4) JDK-8262541: Bump update version for OpenJDK: jdk-15.0.3 infrastructure/build: (P3) JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows security-libs/java.security: (P3) JDK-8243559: Remove root certificates with 1024-bit keys security-libs/javax.net.ssl: (P2) JDK-8202343: Disable TLS 1.0 and 1.1 (P2) JDK-8256682: JDK-8202343 is incomplete