RELEASE NOTES FOR: 17.0.19
====================================================================================================
Notes generated: Wed Apr 22 05:48:37 CEST 2026
Hint: Prefix bug IDs with https://bugs.openjdk.org/browse/ to reach the relevant JIRA entry.
JAVA ENHANCEMENT PROPOSALS (JEP):
None.
RELEASE NOTES:
tools/javac:
JDK-8341779: `TypeMirror` Changed to Provide Annotations for Types Loaded from Bytecode
The implementation of `TypeMirror` now provides access to annotations for types loaded from
bytecode. Previously type annotations were not associated with types loaded from bytecode.
Annotation processors can access type annotations for elements using
`AnnotationMirror#getAnnotationMirrors`, and the annotations will be included in the output of
`AnnotationMirror#toString`.
Any programs that relied on annotations being omitted for elements loaded from the classpath
should be updated to handle type annotations.
core-libs/java.util.jar:
JDK-7036144: `GZIPInputStream` Will No Longer Use `InputStream.available()` to Check for the Presence of Concatenated GZIP Stream
The `GZipInputStream` `read` methods have been modified to remove the usage of
`InputStream::available()` when determining if the stream contains a concatenated GZIP stream.
These methods will now read any additional data in the underlying `InputStream` and check for
the presence of a GZIP stream header.
security-libs/javax.net.ssl:
JDK-8328608: Configurable New Session Tickets Count for TLSv1.3
A new system property, `jdk.tls.server.newSessionTicketCount`, sets the number of TLSv1.3
resumption tickets sent by a JSSE server per session. It can be set on the command line with
`-Djdk.tls.server.newSessionTicketCount=#`, where `#` ranges from 0 to 10. The default is 1.
For more details, see [Customizing
JSSE](https://docs.oracle.com/en/java/javase/24/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9).
JDK-8369282: Distrust TLS Server Certificates Anchored by Chunghwa Root Certificates and Issued After March 17, 2026
The JDK will stop trusting TLS server certificates issued after March 17, 2026 and anchored by
Chunghwa root certificates, in line with similar plans announced by Google and Mozilla.
TLS server certificates issued on or before March 17, 2026 will continue to be trusted until
they expire. Certificates issued after that date, and anchored by the Certificate Authority
listed in the table below, will be rejected.
The restrictions are enforced in the JDK implementation (the `SunJSSE` Provider) of the Java
Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's
certificate chain is anchored by any of the Certificate Authorities in the table below and the
certificate has been issued after March 17, 2026.
An application will receive an exception with a message indicating the trust anchor is not
trusted, for example:
``` "TLS Server certificate issued after 2026-03-17 and anchored by a distrusted legacy
Chunghwa root CA: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd." C=TW"
```
The JDK can be configured to trust these certificates again by removing "CHUNGHWA_TLS" from
the `jdk.security.caDistrustPolicies` security property in the `java.security` configuration
file.
The restrictions are imposed on the following Chunghwa Root certificates included in the JDK:
You can also use the `keytool` utility from the JDK to print out details of the certificate
chain, as follows:
keytool -v -list -alias -keystore
If any of the certificates in the chain are issued by one of the root CAs in the table above
are listed in the output you will need to update the certificate or contact the organization
that manages the server.
security-libs/java.security:
JDK-8244336: New Security Property jdk.crypto.disabledAlgorithms for Restricting Algorithms at the JCE layer
A new security property named `jdk.crypto.disabledAlgorithms` has been introduced to disable
algorithms for JCE/JCA cryptographic services. Initially, this property only supports the
_Cipher_, _KeyStore_, _MessageDigest_, and _Signature_ services. This property is defined in
the `java.security` file and initially no algorithms are disabled by default. However, this
may change in the future. This security property can be overridden by a system property of the
same name if applications need to re-enable algorithms.
See [Disabled and Restricted Cryptographic
Algorithms](https://docs.oracle.com/en/java/javase/26/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-0A438179-32A7-4900-A81C-29E3073E1E90)
for more information.
ALL FIXED ISSUES, BY COMPONENT AND PRIORITY:
client-libs:
(P4) JDK-8376270: [21u, 17u] Redo JDK-8361748: Enforce limits on the size of an XBM image
client-libs/2d:
(P3) JDK-8373727: New XBM images parser regression: only the first line of the bitmap array is parsed
(P3) JDK-8373290: Update FreeType to 2.14.1
(P3) JDK-8379158: Update FreeType to 2.14.2
(P3) JDK-8375057: Update HarfBuzz to 12.3.2
(P4) JDK-8363950: Incorrect jtreg header in TestLayoutVsICU.java
(P4) JDK-8368882: NPE during text drawing on machine with JP locale
client-libs/java.awt:
(P3) JDK-6899304: java.awt.Toolkit.getScreenInsets(GraphicsConfiguration) returns incorrect values
(P3) JDK-8372756: Mouse additional buttons and horizontal scrolling are broken on XWayland GNOME >= 47 after JDK-8351907
(P3) JDK-8372977: Unnecessary gthread-2.0 loading
(P3) JDK-8379256: Update GIFlib to 6.1.1
(P3) JDK-8380078: Update GIFlib to 6.1.2
(P3) JDK-8375063: Update Libpng to 1.6.54
(P3) JDK-8377526: Update Libpng to 1.6.55
(P3) JDK-8380959: Update Libpng to 1.6.56
(P3) JDK-8382047: Update Libpng to 1.6.57
(P4) JDK-8376251: [macos] java/awt/Frame/I18NTitle.java fails on MacOS (JDK-8355884)
(P4) JDK-8349351: Combine Screen Inset Tests into a Single File
(P4) JDK-8339271: giflib attribution correction
(P4) JDK-8256289: java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.java failed with "RuntimeException: Wrong focus owner: java.awt.Button[button1,41,36,56x23,label=Button1]"
(P4) JDK-8372048: Performance improvement on Linux remote desktop
(P4) JDK-8339791: Refactor MiscUndecorated/ActiveAWTWindowTest.java
(P4) JDK-8361067: Test ExtraButtonDrag.java requires frame.dispose in finally block
client-libs/javax.imageio:
(P4) JDK-8337681: PNGImageWriter uses much more memory than necessary
client-libs/javax.swing:
(P3) JDK-8244400: MenuItem may cache the size and did not update it when the screen DPI is changed
(P4) JDK-8353755: Add a helper method to Util - findComponent()
(P4) JDK-8354219: Automate javax/swing/JComboBox/ComboPopupBug.java
(P4) JDK-8347475: GTK: javax/swing/JColorChooser/Test8152419.java there are no swatches or RGB tab in JColorChooser
(P4) JDK-8361530: Test javax/swing/GraphicsConfigNotifier/StalePreferredSize.java timed out
core-libs/java.lang:
(P3) JDK-8355632: WhiteBox.waitForReferenceProcessing() fails assert for return type
core-libs/java.net:
(P4) JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException
core-libs/java.rmi:
(P4) JDK-8372857: Improve debuggability of java/rmi/server/RemoteServer/AddrInUse.java test
(P4) JDK-8366866: SslRMIClientSocketFactory#createSocket lacking priviledges (securitymanger)
core-libs/java.text:
(P4) JDK-8317633: Modernize text.testlib.HexDumpReader
core-libs/java.time:
(P3) JDK-8373476: (tz) Update Timezone Data to 2025c
(P3) JDK-8379035: (tz) Update Timezone Data to 2026a
core-libs/java.util:
(P3) JDK-8301875: java.util.TimeZone.getSystemTimeZoneID uses C library default file mode
core-libs/java.util.jar:
(P1) JDK-8378823: AIX build fails after zlib updated by JDK-8378631
(P4) JDK-7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream
(P4) JDK-8378631: Update Zlib Data Compression Library to Version 1.3.2
core-libs/javax.naming:
(P4) JDK-8355278: Improve debuggability of com/sun/jndi/ldap/LdapPoolTimeoutTest.java test
core-svc/debugger:
(P4) JDK-8366850: Test com/sun/jdi/JdbStopInNotificationThreadTest.java failed
(P4) JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second
core-svc/java.lang.management:
(P4) JDK-8030957: AIX: Implement OperatingSystemMXBean.getSystemCpuLoad() and .getProcessCpuLoad() on AIX
(P4) JDK-8351359: OperatingSystemMXBean: values from getCpuLoad and getProcessCpuLoad are stale after 24.8 days (Windows)
hotspot/compiler:
(P2) JDK-8361117: SIGSEGV in LShiftLNode::Ideal due to unexpected dead node
(P2) JDK-8329258: TailCall should not use frame pointer register for jump target
(P4) JDK-8368787: Error reporting: hs_err files should show instructions when referencing code in nmethods
(P4) JDK-8337102: JITTester: Fix breaks in static initialization blocks
(P4) JDK-8370579: PPC: fix inswri immediate argument order
(P4) JDK-8330016: Stress seed should be initialized for runtime stub compilation
(P4) JDK-8367135: Test compiler/loopstripmining/CheckLoopStripMining.java needs internal timeouts adjusted
hotspot/gc:
(P4) JDK-8282484: G1: Predicted old time in log always zero
(P4) JDK-8342175: MemoryEaterMT fails intermittently with ExceptionInInitializerError
(P4) JDK-8333386: TestAbortOnVMOperationTimeout test fails for client VM
hotspot/jvmti:
(P3) JDK-8371103: vmTestbase/nsk/jvmti/scenarios/events/EM02/em02t006/TestDescription.java failing
hotspot/other:
(P4) JDK-8271396: Spelling errors
hotspot/runtime:
(P2) JDK-8366938: Test runtime/handshake/HandshakeTimeoutTest.java crashed
(P3) JDK-8303475: potential null pointer dereference in filemap.cpp
(P3) JDK-8375530: PPC64: incorrect quick verify_method_data_pointer check causes poor performance in debug build
(P4) JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files
(P4) JDK-8283784: java_lang_String::as_platform_dependent_str stores to oop in native state
(P4) JDK-8374056: RISC-V: Fix argument passing for the RiscvFlushIcache::flush
(P4) JDK-8288556: VM crashes if it gets sent SIGUSR2 from outside
hotspot/test:
(P4) JDK-8346048: test/lib/containers/docker/DockerRunOptions.java uses addJavaOpts() from ctor
infrastructure:
(P4) JDK-8372465: Bump update version for OpenJDK: jdk-17.0.19
infrastructure/build:
(P3) JDK-8374642: EscapeHash macro fails with GNU make 4.3 and 4.4
(P3) JDK-8331431: Update to use jtreg 7.4
(P4) JDK-8368960: Adjust java UL logging in the build
(P4) JDK-8314555: Build with mawk fails on Windows
(P4) JDK-8275405: Linking error for classes with lambda template parameters and virtual functions
(P4) JDK-8378218: MSYS2 reports cygwin triplet causing bash configure failure
infrastructure/licensing:
(P4) JDK-8377905: gcc.md included with every build
infrastructure/release_eng:
(P4) JDK-8382440: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.19
security-libs/java.security:
(P2) JDK-8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid
(P3) JDK-8244336: Restrict algorithms at JCE layer
(P4) JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails
(P4) JDK-8346962: Test CRLReadTimeout.java fails with -Xcomp on a fastdebug build
(P4) JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry
security-libs/javax.net.ssl:
(P2) JDK-8328608: Multiple NewSessionTicket support for TLS
(P3) JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
(P3) JDK-8371559: Intermittent timeouts in test javax/net/ssl/Stapling/HttpsUrlConnClient.java
(P3) JDK-8311644: Server should not send bad_certificate alert when the client does not send any certificates
(P3) JDK-8334670: SSLSocketOutputRecord buffer miscalculation
(P3) JDK-8326705: Test CertMsgCheck.java fails to find alert certificate_required
(P4) JDK-8360539: DTLS handshakes fails due to improper cookie validation logic
(P4) JDK-8366817: test/jdk/javax/net/ssl/TLSCommon/interop/JdkProcServer.java and JdkProcClient.java should not delete logs
(P4) JDK-8357277: Update OpenSSL library for interop tests
security-libs/org.ietf.jgss:krb5:
(P3) JDK-8345578: New test in JDK-8343622 fails with a promoted build
(P4) JDK-8343622: AesDkCrypto.stringToKey should not return null
tools/jar:
(P4) JDK-8371978: tools/jar/ReproducibleJar.java fails on XFS
tools/javac:
(P2) JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed
(P2) JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001)
(P3) JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377)
(P3) JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations
(P3) JDK-8337795: Type annotation attached to incorrect type during class reading
(P4) JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index
tools/jshell:
(P4) JDK-8351639: Improve debuggability of test/langtools/jdk/jshell/JdiHangingListenExecutionControlTest.java test
xml/jaxp:
(P4) JDK-8336695: Update Commons BCEL to Version 6.10.0