RELEASE NOTES: JDK 17.0.18

Notes generated: Thu Sep 18 06:53:52 CEST 2025

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description

Issue	Description
JDK-8245545	Disabled TLS_RSA Cipher Suites The TLSRSA cipher suites have been disabled by default, by adding "TLSRSA_" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLSRSA cipher suites do not preserve forward-secrecy and are not commonly used. Some TLSRSA cipher suites are already disabled because they use DES, 3DES, RC4, or NULL, which are disabled. This action disables all remaining TLSRSA cipher suites. Any attempts to use cipher suites starting with "TLSRSA" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "TLSRSA_" from the `jdk.tls.disabledAlgorithms` security property. The following previously enabled cipher suites are now disabled: `TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA`
JDK-8340321	Disabled SHA-1 in TLS 1.2 and DTLS 1.2 Handshake Signatures The SHA-1 algorithm has been disabled by default in TLS 1.2 and DTLS 1.2 handshake signatures, by adding `"rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature"` to the `jdk.tls.disabledAlgorithms` security property in the `java.security` config file. RFC 9155 deprecates the use of SHA-1 in TLS 1.2 and DTLS 1.2 digital signatures. Users can, at their own risk, re-enable the SHA-1 algorithm in TLS 1.2 and DTLS 1.2 handshake signatures by removing `"rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature"` from the `jdk.tls.disabledAlgorithms` security property.

Disabled TLS_RSA Cipher Suites

The TLSRSA cipher suites have been disabled by default, by adding "TLSRSA_" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. The TLSRSA cipher suites do not preserve forward-secrecy and are not commonly used. Some TLSRSA cipher suites are already disabled because they use DES, 3DES, RC4, or NULL, which are disabled. This action disables all remaining TLSRSA cipher suites. Any attempts to use cipher suites starting with "TLSRSA" will fail with an SSLHandshakeException. Users can, at their own risk, re-enable these cipher suites by removing "TLSRSA_" from the jdk.tls.disabledAlgorithms security property. The following previously enabled cipher suites are now disabled:

TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA

JDK-8340321

Disabled SHA-1 in TLS 1.2 and DTLS 1.2 Handshake Signatures

The SHA-1 algorithm has been disabled by default in TLS 1.2 and DTLS 1.2 handshake signatures, by adding "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" to the jdk.tls.disabledAlgorithms security property in the java.security config file. RFC 9155 deprecates the use of SHA-1 in TLS 1.2 and DTLS 1.2 digital signatures. Users can, at their own risk, re-enable the SHA-1 algorithm in TLS 1.2 and DTLS 1.2 handshake signatures by removing "rsa_pkcs1_sha1 usage HandshakeSignature, ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature" from the jdk.tls.disabledAlgorithms security property.

FIXED ISSUES

client-libs/2d

Priority	Bug	Summary
P3	JDK-8347377	Add validation checks for ICC_Profile header fields
P3	JDK-8361748	Enforce limits on the size of an XBM image
P3	JDK-8292214	Memory leak in getAllConfigs of awt_GraphicsEnv.c:386

client-libs/java.awt

Priority	Bug	Summary
P3	JDK-8324491	Keyboard layout didn't keep its state if it was changed when dialog was active
P3	JDK-8286159	Memory leak in getAllConfigs of awt_GraphicsEnv.c:585
P3	JDK-8332271	Reading data from the clipboard from multiple threads crashes the JVM
P4	JDK-8286447	[Linux] AWT should start in Headless mode if headful AWT library not installed
P4	JDK-8357675	Amend headless message
P4	JDK-8354106	Clean up and open source KeyEvent related tests (Part 2)
P4	JDK-8354472	Clean up and open source KeyEvent related tests (Part 3)
P4	JDK-8354653	Clean up and open source KeyEvent related tests (Part 4)
P4	JDK-8353950	Clipboard interaction on Windows is unstable
P4	JDK-8328124	Convert java/awt/Frame/ShownOnPack/ShownOnPack.html applet test to main
P4	JDK-8328562	Convert java/awt/InputMethods/DiacriticsTest/DiacriticsTest.java applet test to main
P4	JDK-8339962	Open source AWT TextField tests - Set1
P4	JDK-8354495	Open source several AWT DataTransfer tests
P4	JDK-8340015	Open source several AWT focus tests - series 7
P4	JDK-8359687	Use PassFailJFrame for java/awt/print/Dialog/DialogType.java

client-libs/java.beans

Priority	Bug	Summary
P3	JDK-8347826	Introspector shows wrong method list after 8071693

client-libs/javax.sound

Priority	Bug	Summary
P3	JDK-8350813	Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError

client-libs/javax.swing

Priority	Bug	Summary
P3	JDK-8140527	JInternalFrame has incorrect title button width
P3	JDK-8236907	JTable added to nested panels does not paint last visible row
P4	JDK-8354873	javax/swing/plaf/metal/MetalIconFactory/bug4952462.java failing on CI
P4	JDK-8139392	JInternalFrame has incorrect padding
P4	JDK-8353589	Open source a few Swing menu-related tests
P4	JDK-8354552	Open source a few Swing tests
P4	JDK-8354532	Open source JFileChooser Tests - Set 7
P4	JDK-8353309	Open source several Swing text tests
P4	JDK-8353011	Open source Swing JButton tests - Set 1
P4	JDK-8353319	Open source Swing tests - Set 3
P4	JDK-8353486	Open source Swing Tests - Set 4
P4	JDK-8354340	Open source Swing Tests - Set 6
P4	JDK-8354214	Open source Swing tests Batch 2
P4	JDK-8354418	Open source Swing tests Batch 4
P4	JDK-8353201	Open source Swing Tooltip tests - Set 2
P4	JDK-8359428	Test 'javax/swing/JTabbedPane/bug4499556.java' failed because after selecting one of L&F items, the test case automatically failed when clicking on L&F Menu button again
P5	JDK-8359418	Test "javax/swing/text/GlyphView/bug4188841.java" failed because the phrase of text pane does not match the instructions

core-libs/java.io

Priority	Bug	Summary
P4	JDK-8355444	[java.io] Use @requires tag instead of exiting based on "os.name" property value
P4	JDK-8359449	[TEST] open/test/jdk/java/io/File/SymLinks.java Refactor extract method for Windows specific test
P4	JDK-8355558	SJIS.java test is always ignored
P4	JDK-8359182	Use @requires instead of SkippedException for MaxPath.java

core-libs/java.lang.module

Priority	Bug	Summary
P4	JDK-8304163	Move jdk.internal.module.ModuleInfoWriter to the test library

core-libs/java.net

Priority	Bug	Summary
P4	JDK-8338740	java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes
P4	JDK-8359402	Test CloseDescriptors.java should throw SkippedException when there is no lsof/sctp
P4	JDK-8362855	Test java/net/ipv6tests/TcpTest.java should report SkippedException when there no ia4addr or ia6addr

core-libs/java.text

Priority	Bug	Summary
P4	JDK-8353585	Provide ChoiceFormat#parse(String, ParsePosition) tests

core-libs/java.util

Priority	Bug	Summary
P4	JDK-8351567	Jar Manifest test ValueUtf8Coding produces misleading diagnostic output

core-libs/java.util.jar

Priority	Bug	Summary
P4	JDK-8204868	java/util/zip/ZipFile/TestCleaner.java still fails with "cleaner failed to clean zipfile."

core-svc/javax.management

Priority	Bug	Summary
P3	JDK-8358701	Remove misleading javax.management.remote API doc wording about JMX spec, and historic link to JMXMP

core-svc/tools

Priority	Bug	Summary
P4	JDK-8318730	MonitorVmStartTerminate.java still times out after JDK-8209595

hotspot/compiler

Priority	Bug	Summary
P2	JDK-8358334	C2/Shenandoah: incorrect execution with Unsafe
P4	JDK-8325647	[IR framework] Only prints stdout if exitCode is 134
P4	JDK-8288180	C2: VectorPhase must ensure that SafePointNode memory input is a MergeMemNode
P4	JDK-8314319	LogCompilation doesn't reset lateInlining when it encounters a failure.

hotspot/runtime

Priority	Bug	Summary
P3	JDK-8331231	containers/docker/TestContainerInfo.java fails
P4	JDK-8359207	Remove runtime/signal/TestSigusr2.java since it is always skipped
P4	JDK-8346929	runtime/ClassUnload/DictionaryDependsTest.java fails with "Test failed: should be unloaded"
P4	JDK-8297936	Use reachabilityFence to manage liveness in ClassUnload tests

hotspot/test

Priority	Bug	Summary
P4	JDK-8338428	Add logging of final VM flags while setting properties

infrastructure

Priority	Bug	Summary
P4	JDK-8285915	failure_handler: gather the contents of /etc/hosts file

infrastructure/build

Priority	Bug	Summary
P4	JDK-8201183	sjavac build failures: "Connection attempt failed: Connection refused"

infrastructure/release_eng

Priority	Bug	Summary
P4	JDK-8366233	Bump update version for OpenJDK: jdk-17.0.18

other-libs

Priority	Bug	Summary
P4	JDK-8364597	Replace THL A29 Limited with Tencent

security-libs/java.security

Priority	Bug	Summary
P4	JDK-8219408	Tests should handle ${} in the view of jtreg "smart action"

security-libs/javax.crypto:pkcs11

Priority	Bug	Summary
P4	JDK-8230016	re-visit test sun/security/pkcs11/Serialize/SerializeProvider.java

security-libs/javax.net.ssl

Priority	Bug	Summary
P2	JDK-8340321	Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
P3	JDK-8245545	Disable TLS_RSA cipher suites
P4	JDK-8277424	javax/net/ssl/TLSCommon/TLSTest.java fails with connection refused