java

JDK 25.0.1 Release Notes

Java Development Kit 25 Release Notes

Java™ SE Development Kit 25.0.1 (JDK 25.0.1)

Release date: October 21, 2025

The full version string for this update release is 25.0.1+8 (where "+" means "build"). The version number is 25.0.1. This JDK conforms to version 25 of the Java SE Specification (JSR 400 2025-09-16).

 

IANA TZ Data 2025b

For more information, refer to Timezone Data Versions in the JRE Software.

 

Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 25.0.1 are specified in the following table:

Java Family Version Security Baseline (Full Version String)
2525.0.1+8
2121.0.9+7
1717.0.17+8
1111.0.29+8
81.8.0_471-b09

 

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 25.0.1) be used after the next critical patch update scheduled for January 20, 2026.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

 

Known Issues

core-libs/java.net
 Datagram Packet Loss on macOS 26 and macOS 15.6 and Above (JDK-8368741)

When IPv6 is enabled, the JDK uses dual stack IPv4/IPv6 sockets by default. Binding, connecting, or sending datagrams uses IPv4-mapped IPv6 addresses in this case.

On some hosts running macOS version 15.6.x and above, and macOS 26, it has been observed that when a datagram socket bound to a IPv4 mapped IPv6 address sends a packet, either using the java.net.DatagramSocket or java.nio.channels.DatagramChannel APIs, then the first packet is lost and never gets delivered. A second invocation of send on the same socket, even to the same destination address, correctly delivers the packet and it is received by the recipient.

A bug has been filed with Apple (feedback issue id FB20302424) seeking their assistance. The issue is currently unresolved.

Until the issue is resolved, there are a couple of workarounds that applications can consider:

  • If using IPv4 is acceptable, then the java command can be launched with -Djava.net.preferIPv4Stack=true to use IPv4 sockets by default.
  • If using -Djava.net.preferIPv4Stack=true is not acceptable, a more local workaround can be applied by changing the application code to create a java.nio.channels.DatagramChannel with java.net.StandardProtocolFamily.INET as the protocol family and then bind the channel to a IPv4 address.

 

Removed Features and Options

security-libs/java.security
 Removed Four AffirmTrust Root Certificates (JDK-8361212)

The following root certificates, which are deactivated and no longer in use, have been removed from the cacerts keystore:

+ alias name "affirmtrustcommercialca [jdk]"

  Distinguished Name: CN=AffirmTrust Commercial, O=AffirmTrust, C=US

+ alias name "affirmtrustnetworkingca [jdk]"
  Distinguished Name: CN=AffirmTrust Networking, O=AffirmTrust, C=US

+ alias name "affirmtrustpremiumca [jdk]"
  Distinguished Name: CN=AffirmTrust Premium, O=AffirmTrust, C=US

+ alias name "affirmtrustpremiumeccca [jdk]"
  Distinguished Name: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US

 

Other Notes

xml/jaxp
 FEATURE_SECURE_PROCESSING for XPath (JDK-8356294 (not public))

The XPath processor prevents evaluation of external DTD references in raw XML documents if secure processing is enabled explicitly, such as follows:

XPathFactory xf = XPathFactory.newInstance();

xf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

This process will cause the XPath processor created via the factory to throw XPathExpressionException if used to evaluate a raw XML document that contains external references such as an external DTD.

Mitigation includes using External Access Properties to override that enabled by FSP. For example, the following setting will allow the process to continue when there is a reference to a file-based external DTD in the XML document:

xf.setProperty(ACCESS_EXTERNAL_DTD, "file");

It is recommended that applications use the XPath processor to evaluate DOM rather than raw XML documents.

core-libs/java.io:serialization
 Resolved Regression in java.time Class Objects (JDK-8367031)

The regression in the serialization of java.time class objects, including LocalDate, has been corrected by backing out the change from JDK-8334742.

 

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 25.0.1:
# JBS Component/Subcomponent Summary
1JDK-8358452client-libs/java.awtJNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119)
2JDK-8360647client-libs/java.awt[XWayland] [OL10] NumPad keys are not triggered
3JDK-8367031core-libs/java.io:serialization[backout] Change java.time month/day field types to 'byte'
4JDK-8368308core-libs/java.util:i18nISO 4217 Amendment 180 Update - Bulgaria Adopts the Euro in 2026
5JDK-8366223hotspot/gcZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken