JDK 11.0.10 Release Notes
Java™ SE Development Kit 11.0.10 (JDK 11.0.10)
January 19, 2021
The full version string for this update release is 11.0.10+8 (where "+" means "build"). The version number is 11.0.10.
IANA Data 2020d
JDK 11.0.10 contains IANA time zone data version 2020d. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.10 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.10+8 |
| 8 | 1.8.0_281-b09 |
| 7 | 1.7.0_291-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.10) be used after the next critical patch update scheduled for April 20, 2021.
New Features
A new -groupname option has been added to keytool -genkeypair so that a user can specify a named group when generating a key pair. For example, keytool -genkeypair -keyalg EC -groupname secp384r1 will generate an EC key pair by using the secp384r1 curve. Because there might be multiple curves with the same size, using the -groupname option is preferred over the -keysize option.
The "certificate_authorities" extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.
With this JDK release, the "certificate_authorities" extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.
Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.
Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.
As an additional way to launch processes on Linux, the jdk.lang.Process.launchMechanism property can be set to POSIX_SPAWN. This option has been available for a long time on other *nix platforms. The default launch mechanism (VFORK) on Linux is unchanged, so this additional option does not affect existing installations.
POSIX_SPAWN mitigates rare pathological cases when spawning child processes, but it has not yet been excessively tested. Prudence is advised when using POSIX_SPAWN in productive installations.
The named elliptic curve groups x25519 and x448 are now available for JSSE key agreement in TLS versions 1.0 to 1.3, with x25519 being the most preferred of the default enabled named groups. The default ordered list is now:
x25519, secp256r1, secp384r1, secp521r1, x448,
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
The default list can be overridden by using the system property jdk.tls.namedGroups.
When signing a file that contains POSIX file permission or symlink attributes, jarsigner now preserves these attributes in the newly signed file but warns that these attributes are unsigned and not protected by the signature. The same warning is printed during the jarsigner -verify operation for such files.
Note that the jar tool does not read/write these attributes. This change is more visible to tools like unzip where these attributes are preserved.
Other Notes
Oracle JDK-11.0.10 and later for Solaris 11 requires that
the OS provide the package library/desktop/harfbuzz as part of the
system installation. This package is provided for Solaris 11.3 and later.
$ pkg info harfbuzz
Name: library/desktop/harfbuzz
Summary: HarfBuzz is an OpenType text shaping engine
Description: HarfBuzz is a library for text shaping, which converts
unicode text to glyph indices and positions. HarfBuzz is
used directly by libraries such as Pango, and the layout
engines in firefox.
Category: Desktop (GNOME)/Libraries
State: Installed
Publisher: solaris
This is a desktop library, but the font processing it does is part of some common backend server workloads. It should always be considered as required.
If this library is missing, then the pkg mechanism will require it during installation of the JDK.
If installing the JDK by using a tar.gz bundle (for example) and the library/desktop/harfbuzz package is missing, a runtime link failure will occur when this package is needed.
The JDK update incorporates tzdata2020d. The main change is
- Palestine ends DST earlier than predicted, on 2020-10-24.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html for more information.
The JDK update incorporates tzdata2020c. The main change is
- Fiji starts DST later than usual, on 2020-12-20.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000060.html for more information.
Following the JDK's update to tzdata2020b, the long-obsolete files named pacificnew and systemv have been removed. As a result, the "US/Pacific-New" Zone name declared in the pacificnew data file is no longer available for use.
Information regarding this update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.10:
| # | BugId | Component | Subcomponent | Summary |
|---|---|---|---|---|
| 1 | JDK-8245400 | client-libs | 2d | Upgrade to LittleCMS 2.11 |
| 2 | JDK-8247867 | client-libs | 2d | Upgrade to freetype 2.10.2 |
| 3 | JDK-8249215 | client-libs | 2d | JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. |
| 4 | JDK-7185258 | client-libs | java.awt | [macosx] Deadlock in SunToolKit.realSync() |
| 5 | JDK-8198334 | client-libs | java.awt | java/awt/FileDialog/8003399/bug8003399.java fails in headless mode |
| 6 | JDK-8207938 | client-libs | java.awt | At step6,Click Add button,case failed automatically. |
| 7 | JDK-8212226 | client-libs | java.awt | SurfaceManager throws "Invalid Image variant" for MultiResolutionImage (Windows) |
| 8 | JDK-8230480 | client-libs | java.awt | check malloc/calloc results in java.desktop |
| 9 | JDK-8231445 | client-libs | java.awt | check ZALLOC return values in awt coding |
| 10 | JDK-8232114 | client-libs | java.awt | JVM crashed at imjpapi.dll in native code |
| 11 | JDK-8241797 | client-libs | java.awt | Add some tests to the problem list |
| 12 | JDK-8248532 | client-libs | java.awt | Every time I change keyboard language at my MacBook, Java crashes |
| 13 | JDK-8249183 | client-libs | java.awt | JVM crash in "AwtFrame::WmSize" method |
| 14 | JDK-8252470 | client-libs | java.awt | java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows |
| 15 | JDK-8152332 | client-libs | javax.swing | [macosx] JFileChooser cannot be serialized on Mac OS X |
| 16 | JDK-8203281 | client-libs | javax.swing | [Windows] JComboBox change in ui when editor.setBorder() is called |
| 17 | JDK-8204963 | client-libs | javax.swing | javax.swing.border.TitledBorder has a memory leak |
| 18 | JDK-8209343 | client-libs | javax.swing | Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful |
| 19 | JDK-8213535 | client-libs | javax.swing | Windows HiDPI html lightweight tooltips are truncated |
| 20 | JDK-8240633 | client-libs | javax.swing | Memory leaks in the implementations of FileChooserUI |
| 21 | JDK-8240690 | client-libs | javax.swing | Race condition between EDT and BasicDirectoryModel.FilesLoader.run0() |
| 22 | JDK-8213017 | core-libs | java.lang | jspawnhelper: need to handle pipe write failure when sending return code |
| 23 | JDK-8232846 | core-libs | java.lang | ProcessHandle.Info command with non-English shows question marks |
| 24 | JDK-8233920 | core-libs | java.lang.invoke | MethodHandles::tryFinally generates illegal bytecode for long/double return types |
| 25 | JDK-8222448 | core-libs | java.lang:reflect | java/lang/reflect/PublicMethods/PublicMethodsTest.java times out |
| 26 | JDK-8217429 | core-libs | java.net | WebSocket over authenticating proxy fails to send Upgrade headers |
| 27 | JDK-8225037 | core-libs | java.net | java.net.JarURLConnection::getJarEntry() throws NullPointerException |
| 28 | JDK-8233958 | core-libs | java.net | Memory retention due to HttpsURLConnection finalizer that serves no purpose |
| 29 | JDK-8241138 | core-libs | java.net | http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector |
| 30 | JDK-8241568 | core-libs | java.nio | (fs) UserPrincipalLookupService.lookupXXX failure with IOE "Operation not permitted" |
| 31 | JDK-8242541 | core-libs | java.nio.charsets | Small charset issues (ISO8859-16, x-eucJP-Open, x-IBM834 and x-IBM949C) |
| 32 | JDK-8239351 | core-libs | java.util.jar | Give more meaningful InternalError messages in Deflater.c |
| 33 | JDK-8252497 | core-libs | java.util:i18n | Incorrect numeric currency code for ROL |
| 34 | JDK-8241130 | core-libs | javax.naming | com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException |
| 35 | JDK-8067354 | core-svc | debugger | com/sun/jdi/GetLocalVariables4Test.sh failed |
| 36 | JDK-8203393 | core-svc | debugger | com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout |
| 37 | JDK-8209517 | core-svc | debugger | com/sun/jdi/BreakpointWithFullGC.java fails with timeout |
| 38 | JDK-8209605 | core-svc | debugger | com/sun/jdi/BreakpointWithFullGC.java fails with ZGC |
| 39 | JDK-8210725 | core-svc | debugger | com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds |
| 40 | JDK-8212629 | core-svc | debugger | [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest |
| 41 | JDK-8212665 | core-svc | debugger | com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 |
| 42 | JDK-8214061 | core-svc | debugger | Buffer written into itself |
| 43 | JDK-8231209 | core-svc | java.lang.management | [REDO] JDK-8207266 ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread |
| 44 | JDK-8231968 | core-svc | java.lang.management | getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes |
| 45 | JDK-8242480 | core-svc | java.lang.management | Negative value may be returned by getFreeSwapSpaceSize() in the docker |
| 46 | JDK-8252157 | core-svc | java.lang.management | JDK-8231209 11u backport breaks jmm binary compatibility |
| 47 | JDK-8222533 | core-svc | tools | jtreg test jdk/internal/platform/cgroup/TestCgroupMetrics.java fails on SLES12.3 linux ppc64le machine |
| 48 | JDK-8250665 | globalization | locale-data | Wrong translation for the month of May in ar_JO, ar_LB and ar_SY |
| 49 | JDK-8022574 | hotspot | compiler | remove HaltNode code after uncommon trap calls |
| 50 | JDK-8220420 | hotspot | compiler | Cleanup c1_LinearScan |
| 51 | JDK-8225653 | hotspot | compiler | Provide more information when hitting SIGILL from HaltNode |
| 52 | JDK-8227647 | hotspot | compiler | [Graal] Test8009761.java fails due to "RuntimeException: static java.lang.Object compiler.uncommontrap.Test8009761.m3(boolean,boolean) not compiled" |
| 53 | JDK-8231720 | hotspot | compiler | Some perf regressions after 8225653 |
| 54 | JDK-8236944 | hotspot | compiler | The legVecZ operand should be limited to zmm0-zmm15 registers |
| 55 | JDK-8237950 | hotspot | compiler | C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization |
| 56 | JDK-8240676 | hotspot | compiler | Meet not symmetric failure when running lucene on jdk8 |
| 57 | JDK-8243114 | hotspot | compiler | Implement montgomery{Multiply,Square}intrinsics on Windows |
| 58 | JDK-8244278 | hotspot | compiler | Excessive code cache flushes and sweeps |
| 59 | JDK-8246381 | hotspot | compiler | VM crashes with "Current BasicObjectLock* below than low_mark" |
| 60 | JDK-8247246 | hotspot | compiler | [JVMCI] `ResolvedJavaType.getDeclaredMethod()` can throw NoClassDefFoundError. |
| 61 | JDK-8247502 | hotspot | compiler | PhaseStringOpts crashes while optimising effectively dead code |
| 62 | JDK-8247763 | hotspot | compiler | assert(outer->outcnt() == 2) failed: 'only phis' failure in LoopNode::verify_strip_mined() |
| 63 | JDK-8248226 | hotspot | compiler | TestCloneAccessStressGCM fails with -XX:-ReduceBulkZeroing |
| 64 | JDK-8248347 | hotspot | compiler | windows build broken by JDK-8243114 |
| 65 | JDK-8248552 | hotspot | compiler | C2 crashes with SIGFPE due to division by zero |
| 66 | JDK-8248791 | hotspot | compiler | sun/util/resources/cldr/TimeZoneNamesTest.java fails with -XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing |
| 67 | JDK-8248822 | hotspot | compiler | 8 vm/classfmt/atr_ann/atr_rtm_annot007/atr_rtm_annot00709 tests fail w/ AOT |
| 68 | JDK-8248987 | hotspot | compiler | AOT's Linker.java seems to eagerly fail-fast on Windows. |
| 69 | JDK-8249602 | hotspot | compiler | C2: assert(cnt == _outcnt) failed: no insertions allowed |
| 70 | JDK-8249603 | hotspot | compiler | C1: assert(has_error == false) failed: register allocation invalid |
| 71 | JDK-8249605 | hotspot | compiler | C2: assert(no_dead_loop) failed: dead loop detected |
| 72 | JDK-8249607 | hotspot | compiler | C2: assert(!had_error) failed: bad dominance |
| 73 | JDK-8249608 | hotspot | compiler | Vector register used by C2 compiled method corrupted at safepoint |
| 74 | JDK-8249749 | hotspot | compiler | modify a primitive array through a stream and a for cycle causes jre crash |
| 75 | JDK-8249880 | hotspot | compiler | JVMCI calling register_nmethod without CodeCache lock |
| 76 | JDK-8250233 | hotspot | compiler | -XX:+CITime triggers guarantee(events != NULL) in jvmci.cpp:173 |
| 77 | JDK-8250548 | hotspot | compiler | libgraal can deadlock in -Xcomp mode |
| 78 | JDK-8250609 | hotspot | compiler | C2 crash in IfNode::fold_compares |
| 79 | JDK-8251458 | hotspot | compiler | Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed" |
| 80 | JDK-8252696 | hotspot | compiler | Loop unswitching may cause out of bound array load to be executed |
| 81 | JDK-8253118 | hotspot | compiler | Avoid unnecessary deopts when OSR nmethods of the same level are present. |
| 82 | JDK-8254104 | hotspot | compiler | MethodCounters must exist before nmethod is installed |
| 83 | JDK-8254790 | hotspot | compiler | SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics |
| 84 | JDK-8248214 | hotspot | gc | Add paddings for TaskQueueSuper to reduce false-sharing cache contention |
| 85 | JDK-8250928 | hotspot | jfr | JFR: Improve hash algorithm for stack traces |
| 86 | JDK-8252090 | hotspot | jfr | JFR: StreamWriterHost::write_unbuffered() stucks in an infinite loop OpenJDK (build 13.0.1+9) |
| 87 | JDK-8252754 | hotspot | jfr | Hash code calculation of JfrStackTrace is inconsistent |
| 88 | JDK-8173361 | hotspot | jvmti | various crashes in JvmtiExport::post_compiled_method_load |
| 89 | JDK-8173658 | hotspot | jvmti | JvmtiExport::post_class_unload() is broken for non-JavaThread initiators |
| 90 | JDK-8210131 | hotspot | jvmti | vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code |
| 91 | JDK-8210926 | hotspot | jvmti | vmTestbase/nsk/jvmti/scenarios/allocation/AP11/ap11t001/TestDescription.java failed with JVMTI_ERROR_INVALID_CLASS in CDS mode |
| 92 | JDK-8212160 | hotspot | jvmti | JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value" |
| 93 | JDK-8216324 | hotspot | jvmti | GetClassMethods is confused by the presence of default methods in super interfaces |
| 94 | JDK-8224555 | hotspot | jvmti | vmTestbase/nsk/jvmti/scenarios/contention/TC02/tc02t001/TestDescription.java failed |
| 95 | JDK-8247615 | hotspot | jvmti | Initialize the bytes left for the heap sampler |
| 96 | JDK-8217338 | hotspot | runtime | [Containers] Improve systemd slice memory limit support |
| 97 | JDK-8217766 | hotspot | runtime | Container Support doesn't work for some Join Controllers combinations |
| 98 | JDK-8218851 | hotspot | runtime | JVM crash in custom classloader stress test, JDK 12 & 13 |
| 99 | JDK-8220718 | hotspot | runtime | Missing ResourceMark in nmethod::metadata_do |
| 100 | JDK-8227006 | hotspot | runtime | [linux] Runtime.availableProcessors execution time increased by factor of 100 |
| 101 | JDK-8233386 | hotspot | runtime | Initialize NULL fields for unused decorations |
| 102 | JDK-8235243 | hotspot | runtime | handle VS2017 15.9 and VS2019 in abstract_vm_version |
| 103 | JDK-8237512 | hotspot | runtime | AArch64: aarch64TestHook leaks a BufferBlob |
| 104 | JDK-8243290 | hotspot | runtime | Improve diagnostic messages for class verification and redefinition failures |
| 105 | JDK-8244340 | hotspot | runtime | Handshake processing thread lacks yielding |
| 106 | JDK-8246648 | hotspot | runtime | issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 |
| 107 | JDK-8249192 | hotspot | runtime | MonitorInfo stores raw oops across safepoints |
| 108 | JDK-8249672 | hotspot | runtime | Include microcode revision in features_string on x86 |
| 109 | JDK-8250598 | hotspot | runtime | Hyper-V is detected in spite of running on host OS |
| 110 | JDK-8250984 | hotspot | runtime | Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities |
| 111 | JDK-8251945 | hotspot | runtime | SIGSEGV in PackageEntry::purge_qualified_exports() |
| 112 | JDK-8209332 | hotspot | svc | [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect |
| 113 | JDK-8250968 | security-libs | java.security | Symlinks attributes not preserved when using jarsigner on zip files |
| 114 | JDK-8224997 | security-libs | javax.net.ssl | ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException |
| 115 | JDK-8244151 | security-libs | javax.smartcardio | Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 |
| 116 | JDK-8250582 | security-libs | org.ietf.jgss:krb5 | Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets |
| 117 | JDK-8230094 | xml | javax.xml.stream | CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter |
| 118 | JDK-8233686 | xml | javax.xml.transform | XML transformer uses excessive amount of memory |