Java JDK 23.0.1 (64-bit)

What's new in this version:

install/install:
- ➜ JDK RPM Upgrade Leaves Orphan Alternatives Entry (JDK-8336107 (not public))
- Fixed the issue with entries in the "java" and "javac" groups not being properly managed during an RPM upgrade.
- Upgrading from an older Java RPM installed into a shared directory (/usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH}) to a Java RPM installing into a version-specific directory (/usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}), results in the older Java entries in the "java" and "javac" groups not being deleted.
- The issue does not manifest until the new Java is uninstalled. When it is uninstalled and Java from the lower release is installed, running Java commands like java or keytool without the full path specified will result in the "command not found" error. For example, install 21.0.3; upgrade it to 21.0.4; uninstall 21.0.4; install any Java update of 17 or 11 or 8 release; run "java" from the command line. The command will fail with the "command not found" error.
- Manually delete orphan Java entries in the "java" and "javac" groups to workaround the issue.

Other Notes:
core-libs/java.net:
- ➜ New Default Limits in the JDK HTTP Implementations (JDK-8328286 (not public))
- New Default limits have been added to HTTP in the JDK.
- The JDK built-in implementation of the legacy URL protocol handler for HTTP, HttpURLConnection, and the new HttpClient, in the module java.net.http, now have a default limit on the maximum response headers size they will accept from a remote party. The limit is set by default at 384kB (393216 bytes) and is computed as the cumulative size of all header names and header values plus an overhead of 32 bytes per header name value pair.
- The default value of the limit can be changed by specifying a positive value with the jdk.http.maxHeaderSize system property on the command line, or in the appropriate conf.properties or net.properties file. A negative or zero value is interpreted as no limit. If the limit is exceeded, the request will fail with a protocol exception.
- The JDK built-in implementation of the com.sun.net.httpserver.HttpServer (jdk.httpserver) implements a similar limit for the maximum request header size the server is prepared to accept. The HttpServer limit can be changed by specifying a positive value with the sun.net.httpserver.maxReqHeaderSize system property on the command line. A negative or zero value is interpreted as no limit. The limit is set by default at 384kB (393216 bytes) and the size is computed in the same way as explained above. If the limit is exceeded, the connection is closed.

In addition, the JDK built-in implementation of the new java.net.http.HttpClient enforces two additional limits:
- The system property jdk.httpclient.maxNonFinalResponses can be specified with a positive value on the java command line, or in the conf.properties or net.properties file, to control how many interim responses the client will accept before receiving a final response. An interim response is considered informational and is a response whose status is in the range [100, 199]. These responses are typically either handled internally or simply discarded by the implementation. The default limit is now set at a maximum of 8 interim responses before receiving the final response. A negative or zero value is interpreted as no limit. If the limit is exceeded, the request will fail with a protocol exception.
- The system property jdk.httpclient.maxLiteralWithIndexing can be specified with a positive value on the java command line, or in the conf.properties or net.properties file, to control how many additions a server may request a client to make to the HPack dynamic table when decoding a set of headers. The default maximum value is now set to 512. A negative or zero value is interpreted as no limit. If the limit is exceeded, the request will fail with a protocol exception.

security-libs/java.security:
- ➜ Added SSL.com TLS Root CA Certificates issued in 2022 (JDK-8341057)

The following root certificates have been added to the cacerts truststore:
- + SSL.com
- + ssltlsrootecc2022
- DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
- + SSL.com
- + ssltlsrootrsa2022
- DN: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
- security-libs/javax.net.ssl
- ➜ Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024 (JDK-8337664)
- The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust.
- TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected.
- The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024.

An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:
- TLS server certificate issued after 2024-11-11 and anchored by a distrusted legacy Entrust root CA: CN=Entrust.net Certification Authority (2048),
- OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
- If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the jdk.security.caDistrustPolicies security property in the java.security configuration file.

Fixed:
- TAB-key does not work in JTables after selecting details-view in JFileChooser
- (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux)
- Change Entrust TLS distrust date to November 12, 2024