java-17-openjdk/NEWS

529 lines
18 KiB
Plaintext
Raw Normal View History

Import java-17-openjdk - Update to jdk-17+35, also known as jdk-17-ga. - Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot. - Update buildjdkver to 17 so as to build with itself - Add possibility to disable system crypto policy - Add PR3695 to allow the system crypto policy to be turned off - Re-enable TestSecurityProperties after inclusion of PR3695 - Added gating.yaml - Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch - Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. - Remove restriction on disabling product build, as debug packages no longer have javadoc packages. - Update to jdk-17+33, including JDWP fix and July 2021 CPU - Support the FIPS mode crypto policy (RH1655466) - Update RH1655466 FIPS patch with changes in OpenJDK 8 version. - SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. - Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. - No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. - Disable FIPS mode support unless com.redhat.fips is set to "true". - Use appropriate keystore types when in FIPS mode (RH1818909) - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. - Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. - Add patch to login to the NSS software token when in FIPS mode. - Fix unused function compiler warning found in systemconf.c - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access. - Add JDK-8272332 fix so we actually link against HarfBuzz. - Update release notes to document the major changes between OpenJDK 11 & 17. - Add FIPS patch to allow plain key import. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Patch syslookup.c so it actually has some code to be compiled into libsyslookup - alternatives creation moved to posttrans - Set LTS designator on RHEL, but not Fedora or EPEL. Related: RHEL-45216
2020-12-10 15:04:50 +00:00
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 17.0.0 (2021-09-14):
===========================================
The full list of changes in the interim releases from 11u to 17u can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-12.txt
* https://builds.shipilev.net/backports-monitor/release-notes-13.txt
* https://builds.shipilev.net/backports-monitor/release-notes-14.txt
* https://builds.shipilev.net/backports-monitor/release-notes-15.txt
* https://builds.shipilev.net/backports-monitor/release-notes-16.txt
* https://builds.shipilev.net/backports-monitor/release-notes-17.txt
Major changes are listed below. Some changes may have been backported
to earlier releases following their first appearance in OpenJDK 12
through to 17.
NEW FEATURES
============
Language Features
=================
Switch Expressions
==================
https://openjdk.java.net/jeps/325
https://openjdk.java.net/jeps/354
https://openjdk.java.net/jeps/361
Extend the `switch` statement so that it can be used as either a
statement or an expression, and that both forms can use either a
"traditional" or "simplified" scoping and control flow behavior. Both
forms can use either traditional `case ... :` labels (with fall
through) or new `case ... ->` labels (with no fall through), with a
further new statement for yielding a value from a `switch`
expression. These changes will simplify everyday coding, and also
prepare the way for the use of pattern matching in `switch`.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 12 & 13 and became final in OpenJDK 14.
Text Blocks
===========
https://openjdk.java.net/jeps/355
https://openjdk.java.net/jeps/368
https://openjdk.java.net/jeps/378
Add text blocks to the Java language. A text block is a multi-line
string literal that avoids the need for most escape sequences,
automatically formats the string in a predictable way, and gives the
developer control over format when desired.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 13 & 14 and became final in OpenJDK 15.
Pattern Matching for instanceof
===============================
https://openjdk.java.net/jeps/305
https://openjdk.java.net/jeps/375
https://openjdk.java.net/jeps/394
http://cr.openjdk.java.net/~briangoetz/amber/pattern-match.html
Enhance the Java programming language with pattern matching for the
`instanceof` operator. Pattern matching allows common logic in a
program, namely the conditional extraction of components from objects,
to be expressed more concisely and safely.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 14 & 15 and became final in OpenJDK 16.
Records
=======
https://openjdk.java.net/jeps/359
https://openjdk.java.net/jeps/384
https://openjdk.java.net/jeps/395
Enhance the Java programming language with records. Records provide a
compact syntax for declaring classes which are transparent holders for
shallowly immutable data.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 14 & 15 and became final in OpenJDK 16.
Sealed Classes
==============
https://openjdk.java.net/jeps/360
https://openjdk.java.net/jeps/397
https://openjdk.java.net/jeps/409
https://cr.openjdk.java.net/~briangoetz/amber/datum.html
Enhance the Java programming language with sealed classes and
interfaces. Sealed classes and interfaces restrict which other classes
or interfaces may extend or implement them.
This was a preview feature (http://openjdk.java.net/jeps/12) in
OpenJDK 15 & 16 and became final in OpenJDK 17.
Restore Always-Strict Floating-Point Semantics
==============================================
https://openjdk.java.net/jeps/306
Make floating-point operations consistently strict, rather than have
both strict floating-point semantics (`strictfp`) and subtly different
default floating-point semantics. This will restore the original
floating-point semantics to the language and VM, matching the
semantics before the introduction of strict and default floating-point
modes in Java SE 1.2.
Pattern Matching for switch
===========================
https://openjdk.java.net/jeps/406
Enhance the Java programming language with pattern matching for
`switch` expressions and statements, along with extensions to the
language of patterns. Extending pattern matching to `switch` allows an
expression to be tested against a number of patterns, each with a
specific action, so that complex data-oriented queries can be
expressed concisely and safely.
This is a preview feature (http://openjdk.java.net/jeps/12) in OpenJDK
17.
Library Features
================
JVM Constants API
=================
https://openjdk.java.net/jeps/334
Introduce an API to model nominal descriptions of key class-file and
run-time artifacts, in particular constants that are loadable from the
constant pool.
Reimplement the Legacy Socket API
=================================
https://openjdk.java.net/jeps/353
Replace the underlying implementation used by the `java.net.Socket`
and `java.net.ServerSocket` APIs with a simpler and more modern
implementation that is easy to maintain and debug. The new
implementation will be easy to adapt to work with user-mode threads,
a.k.a. fibers, currently being explored in Project Loom
(https://openjdk.java.net/projects/loom).
JFR Event Streaming
===================
https://openjdk.java.net/jeps/349
Expose JDK Flight Recorder data for continuous monitoring.
Non-Volatile Mapped Byte Buffers
================================
https://openjdk.java.net/jeps/352
Add new JDK-specific file mapping modes so that the `FileChannel` API
can be used to create `MappedByteBuffer` instances that refer to
non-volatile memory.
Helpful NullPointerExceptions
=============================
https://openjdk.java.net/jeps/358
Improve the usability of `NullPointerException`s generated by the JVM
by describing precisely which variable was `null`.
Foreign-Memory Access API
=========================
https://openjdk.java.net/jeps/370
https://openjdk.java.net/jeps/383
https://openjdk.java.net/jeps/393
Introduce an API to allow Java programs to safely and efficiently
access foreign memory outside of the Java heap.
This was a incubation feature (https://openjdk.java.net/jeps/11) in
OpenJDK 14, 15 & 16, now superseded by the Foreign Function & Memory
API in OpenJDK 17 (see below).
Edwards-Curve Digital Signature Algorithm (EdDSA)
=================================================
https://openjdk.java.net/jeps/339
Implement cryptographic signatures using the Edwards-Curve Digital
Signature Algorithm (EdDSA) as described by RFC 8032
(https://tools.ietf.org/html/rfc8032).
Hidden Classes
==============
https://openjdk.java.net/jeps/371
Introduce hidden classes, which are classes that cannot be used
directly by the bytecode of other classes. Hidden classes are intended
for use by frameworks that generate classes at run time and use them
indirectly, via reflection. A hidden class may be defined as a member
of an access control nest (https://openjdk.java.net/jeps/181), and may
be unloaded independently of other classes.
Reimplement the Legacy DatagramSocket API
=========================================
https://openjdk.java.net/jeps/373
Replace the underlying implementations of the
`java.net.DatagramSocket` and `java.net.MulticastSocket` APIs with
simpler and more modern implementations that are easy to maintain and
debug. The new implementations will be easy to adapt to work with
virtual threads, currently being explored in Project Loom
(https://openjdk.java.net/projects/loom). This is a follow-on to JEP
353 (see above), which already reimplemented the legacy Socket API.
Vector API
==========
https://openjdk.java.net/jeps/338
https://openjdk.java.net/jeps/414
Provide an initial iteration of an incubator module,
`jdk.incubator.vector`, to express vector computations that reliably
compile at runtime to optimal vector hardware instructions on
supported CPU architectures and thus achieve superior performance to
equivalent scalar computations.
This is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 16.
Unix-Domain Socket Channels
===========================
https://openjdk.java.net/jeps/380
Add Unix-domain (`AF_UNIX`) socket support to the socket channel and
server-socket channel APIs in the `java.nio.channels` package. Extend
the inherited channel mechanism to support Unix-domain socket channels
and server socket channels.
Foreign Linker API (Incubator)
==============================
https://openjdk.java.net/jeps/389
Introduce an API that offers statically-typed, pure-Java access to
native code. This API, together with the Foreign-Memory API (see
above), will considerably simplify the otherwise error-prone process
of binding to a native library.
This was an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 16, now superseded by the Foreign Function &
Memory API in OpenJDK 17 (see below).
Strongly Encapsulate JDK Internals by Default
=============================================
https://openjdk.java.net/jeps/396
https://openjdk.java.net/jeps/403
Strongly encapsulate all internal elements of the JDK by default,
except for critical internal APIs such as `sun.misc.Unsafe`. It will
no longer be possible to relax the strong encapsulation of internal
elements via a single command-line option, as was possible in OpenJDK
9 through 16.
Enhanced Pseudo-Random Number Generators
========================================
https://openjdk.java.net/jeps/356
Provide new interface types and implementations for pseudo-random
number generators (PRNGs), including jumpable PRNGs and an additional
class of splittable PRNG algorithms (LXM).
Foreign Function & Memory API
=============================
https://openjdk.java.net/jeps/412
Introduce an API by which Java programs can interoperate with code and
data outside of the Java runtime. By efficiently invoking foreign
functions (i.e., code outside the JVM), and by safely accessing
foreign memory (i.e., memory not managed by the JVM), the API enables
Java programs to call native libraries and process native data without
the brittleness and danger of JNI.
This API is an incubation feature (https://openjdk.java.net/jeps/11)
introduced in OpenJDK 17, and is an evolution of the Foreign Memory
Access API (OpenJDK 14 through 16) and Foreign Linker API (OpenJDK
16) (see above).
Context-Specific Deserialization Filters
========================================
https://openjdk.java.net/jeps/415
Allow applications to configure context-specific and
dynamically-selected deserialization filters via a JVM-wide filter
factory that is invoked to select a filter for each individual
deserialization operation.
Tools
=====
Packaging Tool
==============
https://openjdk.java.net/jeps/343
https://openjdk.java.net/jeps/392
Provide the `jpackage` tool, for packaging self-contained Java
applications.
JVM Features
============
Shenandoah: A Low-Pause-Time Garbage Collector
==============================================
https://openjdk.java.net/jeps/189
https://openjdk.java.net/jeps/379
Add a new garbage collection (GC) algorithm named Shenandoah which
reduces GC pause times by doing evacuation work concurrently with the
running Java threads. Pause times with Shenandoah are independent of
heap size, meaning you will have the same consistent pause times
whether your heap is 200 MB or 200 GB.
Shenandoah has been provided in Red Hat builds of OpenJDK 8 since
8u131 in April 2017 and in all 11u builds.
Upstream, it was introduced in OpenJDK 12 as an experimental feature
and became a production feature in OpenJDK 15. It was backported to
OpenJDK 11 with the 11.0.9 release in October 2020.
Abortable Mixed Collections for G1
==================================
https://openjdk.java.net/jeps/344
Make G1 mixed collections abortable if they might exceed the pause
target.
Promptly Return Unused Committed Memory from G1
===============================================
https://openjdk.java.net/jeps/346
Enhance the G1 garbage collector to automatically return Java heap
memory to the operating system when idle.
Dynamic CDS Archives
====================
https://openjdk.java.net/jeps/310
https://openjdk.java.net/jeps/350
Extend application class-data sharing to allow the dynamic archiving
of classes at the end of Java application execution. The archived
classes will include all loaded application classes and library
classes that are not present in the default, base-layer CDS archive.
ZGC: Uncommit Unused Memory (Experimental)
==========================================
https://openjdk.java.net/jeps/351
Enhance ZGC to return unused heap memory to the operating system.
NUMA-Aware Memory Allocation for G1
===================================
https://openjdk.java.net/jeps/345
Improve G1 performance on large machines by implementing NUMA-aware
memory allocation.
ZGC on macOS (Experimental)
===========================
https://openjdk.java.net/jeps/364
Port the ZGC garbage collector to macOS.
ZGC on Windows (Experimental)
=============================
https://openjdk.java.net/jeps/365
Port the ZGC garbage collector to Windows.
ZGC: A Scalable Low-Latency Garbage Collector (Production)
==========================================================
https://openjdk.java.net/jeps/377
Change the Z Garbage Collector from an experimental feature into a
product feature.
ZGC: Concurrent Thread-Stack Processing
=======================================
https://openjdk.java.net/jeps/376
Move ZGC thread-stack processing from safepoints to a concurrent
phase.
Elastic Metaspace
=================
https://openjdk.java.net/jeps/387
Return unused HotSpot class-metadata (i.e., metaspace) memory to the
operating system more promptly, reduce metaspace footprint, and
simplify the metaspace code in order to reduce maintenance costs.
Ports
=====
Alpine Linux Port
=================
https://openjdk.java.net/jeps/386
Port the JDK to Alpine Linux, and to other Linux distributions that
use musl as their primary C library, on both the x64 and AArch64
architectures,
Windows/AArch64 Port
====================
https://openjdk.java.net/jeps/388
Port the JDK to Windows/AArch64.
New macOS Rendering Pipeline
============================
https://openjdk.java.net/jeps/382
Implement a Java 2D internal rendering pipeline for macOS using the
Apple Metal API as alternative to the existing pipeline, which uses
the deprecated Apple OpenGL API.
macOS/AArch64 Port
==================
https://openjdk.java.net/jeps/391
Port the JDK to macOS/AArch64.
DEPRECATIONS
============
Deprecate the ParallelScavenge + SerialOld GC Combination
=========================================================
https://openjdk.java.net/jeps/366
Deprecate the combination of the Parallel Scavenge and Serial Old
garbage collection algorithms.
Deprecate and Disable Biased Locking
====================================
https://openjdk.java.net/jeps/374
Disable biased locking by default, and deprecate all related
command-line options.
Warnings for Value-Based Classes
================================
https://openjdk.java.net/jeps/390
Designate the primitive wrapper classes as value-based and deprecate
their constructors for removal, prompting new deprecation
warnings. Provide warnings about improper attempts to synchronize on
instances of any value-based classes in the Java Platform.
Deprecate the Applet API for Removal
====================================
https://openjdk.java.net/jeps/398
Deprecate the Applet API for removal. It is essentially irrelevant
since all web-browser vendors have either removed support for Java
browser plug-ins or announced plans to do so.
Deprecate the Security Manager for Removal
==========================================
https://openjdk.java.net/jeps/411
Deprecate the Security Manager for removal in a future release. The
Security Manager dates from Java 1.0. It has not been the primary
means of securing client-side Java code for many years, and it has
rarely been used to secure server-side code. To move Java forward, we
intend to deprecate the Security Manager for removal in concert with
the legacy Applet API (see above). .
REMOVALS
========
Remove the Concurrent Mark Sweep (CMS) Garbage Collector
========================================================
https://openjdk.java.net/jeps/363
Remove the Concurrent Mark Sweep (CMS) garbage collector.
Remove the Pack200 Tools and API
================================
https://openjdk.java.net/jeps/336
https://openjdk.java.net/jeps/367
Remove the `pack200` and `unpack200` tools, and the `Pack200` API in
the `java.util.jar` package. These tools and API were deprecated for
removal in OpenJDK 11 with the express intent to remove them in a
future release.
Remove the Nashorn JavaScript Engine
====================================
https://openjdk.java.net/jeps/372
Remove the Nashorn JavaScript script engine and APIs, and the `jjs`
tool. The engine, the APIs, and the tool were deprecated for removal
in OpenJDK 11 with the express intent to remove them in a future
release.
Remove the Solaris and SPARC Ports
==================================
https://openjdk.java.net/jeps/362
https://openjdk.java.net/jeps/381
Remove the source code and build support for the Solaris/SPARC,
Solaris/x64, and Linux/SPARC ports. These ports were deprecated for
removal in OpenJDK 14 (JEP 362) and removed in OpenJDK 15 (JEP 381).
Remove RMI Activation
=====================
https://openjdk.java.net/jeps/385
https://openjdk.java.net/jeps/407
https://docs.oracle.com/en/java/javase/14/docs/specs/rmi/activation.html
Remove the Remote Method Invocation (RMI) Activation mechanism, while
preserving the rest of RMI. RMI Activation is an obsolete part of RMI
that has been optional since OpenJDK 8 and was deprecated in OpenJDK
15.
Remove the Experimental AOT and JIT Compiler
============================================
https://openjdk.java.net/jeps/410
Remove the experimental Java-based ahead-of-time (AOT) and
just-in-time (JIT) compiler. This compiler has seen little use since
its introduction and the effort required to maintain it is
significant. Retain the experimental Java-level JVM compiler
interface (JVMCI) so that developers can continue to use
externally-built versions of the compiler for JIT compilation.