OpenJDK 15.0.7 released

Yuri Nesterenko yan at
Wed Apr 20 08:58:02 UTC 2022

Hi all,

let me announce the release of OpenJDK 15.0.7.

The release sources are in Git repository
tagged jdk-15.0.7-ga.
For July release schedule see

* Security fixes in this release:
   - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
   - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
   - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
   - JDK-8282397: createTempFile method of is failing when called with suffix of spaces 
   - JDK-8278356: Improve file creation
   - JDK-8270504: Better Xpath expression handling
   - JDK-8272588: Enhanced recording parsing
   - JDK-8272594: Better record of recordings
   - JDK-8277672: Better invocation handler handling
   - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
   - JDK-8278972: Improve URL supports
   - JDK-8272261: Improve JFR recording file processing
   - JDK-8269938: Enhance XML processing passes redux
   - JDK-8272255: Completely handle MIDI files
   - JDK-8278805: Enhance BMP image loading
   - JDK-8278449: Improve keychain support
   - JDK-8277227: Better identification of OIDs
   - JDK-8275151: Improved Object Identification
   - JDK-8274221: More definite BER encodings
   - JDK-8277233: Improve ECDSA signature support
   - JDK-8278798: Improve supported intrinsic

* Other changes:
   - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
   - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
   - JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
   - JDK-8276141: XPathFactory set/getProperty method
   - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
   - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/ fails on platforms 
where no nsslib artifacts are defined
   - JDK-8272167: should skip *.dSYM directories
   - JDK-8249867: XML declaration is not followed by a newline
   - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
   - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
   - JDK-8278309: [windows] use of uninitialized OSThread::_state
   - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
   - JDK-8281374: Add MD5.implCompress0 to Graal toBeInvestigated list after 8280978
   - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
   - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
   - JDK-8253639: Change os::attempt_reserve_memory_at parameter order
   - JDK-8251216: Implement MD5 intrinsics on AArch64
   - JDK-8251260: two MD5 tests fail "RuntimeException: Unexpected count of intrinsic"
   - JDK-8250902: Implement MD5 Intrinsics on x86
   - JDK-8275082: Update XML Security for Java to 2.3.0
   - JDK-8280414: Memory leak in DefaultProxySelector
   - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
   - JDK-8259535: ECDSA SignatureValue do not always have the specified length
   - JDK-8273341: Update Siphash to version 1.0
   - JDK-8273359: CI: ciInstanceKlass::get_canonical_holder() doesn't respect instance size
   - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
   - JDK-8274658: ISO 4217 Amendment 170 Update
   - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
   - JDK-8253638: Cleanup os::reserve_memory and remove MAP_FIXED
   - JDK-8277224: throws NPE

* Notes on some issues:

     JDK-8249867 XML declaration is not followed by a newline
     Added a property jdk.xml.isStandalone to control the newline after the XML header for DOM 
     For usage, please refer to java.xml module-summary API document.

     New XML Processing Limits
     Added three new processing limits:
     jdk.xml.xpathExprGrpLimit (by default 10, 0 or less means no limit)
     jdk.xml.xpathExprOpLimit  (by default 100, 0 or less means no limit)
     jdk.xml.xpathTotalOpLimit (by default 1000, 0 or less means no limit)
     The limits may be set as system properties or in file; for XSLT processor - via 
     For detailed information please refer to java.xml module-summary API document.

     Parsing of URL Strings in Built-In JNDI Providers Is More Strict
     Added three system properties to control strength of some URLs parsing.
     Properties are com.sun.jndi.ldapURLParsing,
     and com.sun.jndi.rmiURLParsing
     with acceptable values "legacy", "compat", "strict".
     The default is always "compat";
     "legacy" would turn validation off;
     "strict" may reject some URLs unless all their fragments are explicitly supported by Uri subclass.

     Trusted Certificate Entries in macOS KeychainStore
     Starting from this release only certificates added with the system macOS "security 
add-trusted-cert" command
     will be treated as Trusted Certificate Entries in the macOS KeychainStore


More information about the jdk-updates-dev mailing list