JDK 11.0.11 Release Notes
Java SE 11.0.11 Based Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 11.0.11 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Changes in Java SE 11.0.11.0.2
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8226530 | core-libs | java.util.jar | ZipFile reads wrong entry size from ZIP64 entries |
Changes in Java SE 11.0.11.0.1
Bug Fixes
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8263575 (Confidential) | install | install | Conflict between JDK rpms and OL8 Modularity prevents dnf install/updates |
| JDK-8263407 | hotspot | runtime | SPARC64 detection fails on Athena (SPARC64-X) |
| JDK-8263004 | hotspot | runtime | SPARC CodeBuffer overflow in generate_satb_log_enqueue |
| JDK-8252482 | hotspot | compiler | disable cbcond instructions on SPARC64 |
Java™ SE Development Kit 11.0.11 (JDK 11.0.11)
April 20, 2021
The full version string for this update release is 11.0.11+9 (where "+" means "build"). The version number is 11.0.11.
IANA TZ Data 2020e, 2020f, 2021a
JDK 11.0.11 contains IANA time zone data 2020e, 2020f, 2021a.
- Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.11 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.11+9 |
| 8 | 8u291-b10 |
| 7 | 7u301-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.11) be used after the next critical patch update scheduled for July 20, 2021.
New Features
jdeps --print-module-deps, --list-deps, and --list-reduce-deps options have been enhanced as follows.
-
By default, they perform transitive module dependence analysis on libraries on the class path and module path, both directly and indirectly, as required by the given input JAR files or classes. Previously, they only reported the modules required by the given input JAR files or classes. The
--no-recursiveoption can be used to request non-transitive dependence analysis. -
By default, they flag any missing dependency, i.e. not found from class path and module path, as an error. The
--ignore-missing-depsoption can be used to suppress missing dependence errors. Note that a custom image is created with the list of modules output by jdeps when using the--ignore-missing-depsoption for a non-modular application. Such an application, running on the custom image, might fail at runtime when missing dependence errors are suppressed.
Other Notes
jdk.jndi.object.factoriesFilter: This system and security property allows a serial filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems. The factory class named by the reference instance is matched against this filter during remote reference reconstruction. The filter property supports pattern-based filter syntax with the format specified by JEP 290. This property applies both to the JNDI/RMI and the JNDI/LDAP built-in provider implementations. The default value allows any object factory class specified in the reference to recreate the referenced object.
com.sun.jndi.ldap.object.trustSerialData: This system property allows control of the deserialization of java objects from the javaSerializedData LDAP attribute. To prevent deserialization of java objects from the attribute, the system property can be set to false value. By default, deserialization of java objects from the javaSerializedData attribute is allowed.
The following root certificates have been added to the cacerts truststore:
+ HARICA
+ haricarootca2015
DN: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+ haricaeccrootca2015
DN: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.
In this release, some of the one-way byte-to-char mappings have been aligned with the preferred mappings provided by the Unicode Consortium.
In the java.lang.ProcessBuilder implementation on Windows, the system property jdk.lang.Process.allowAmbiguousCommands=false ensures, for each argument, that double-quotes are properly encoded in the command string passed to Windows CreateProcess. An argument with a final trailing double-quote preceded by a backslash is encoded as a literal double-quote; previously, the argument including the double-quote would be joined with the next argument. An empty argument is encoded as a pair of double-quotes ("") resulting in a zero length string passed for the argument to the process; previously, it was silently ignored. An argument containing double-quotes, other than first and last, is encoded to preserve the double-quotes when passed to the process; previously, the embedded double-quotes would be dropped and not passed to the process. If a security manager is set, such as in WebStart applications, double-quotes are encoded as described. When there is no security manager, there is no change to existing behavior; the jdk.lang.Process.allowAmbiguousCommands property can be set to true: jdk.lang.Process.allowAmbiguousCommands=true or false. If left unset, it is the same as setting it to true.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.11:
| # | BugId | Component | Subcomponent | Summary |
|---|---|---|---|---|
| 1 | JDK-8244088 | client-libs | 2d | [Regression] Switch of Gnome theme ends up in deadlocked UI |
| 2 | JDK-8247872 | client-libs | 2d | Upgrade HarfBuzz to the latest 2.7.2 |
| 3 | JDK-8244621 | client-libs | 2d | [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 |
| 4 | JDK-8258805 | client-libs | java.awt | Japanese characters not entered by mouse click on Windows 10 |
| 5 | JDK-8212678 | client-libs | java.awt | Windows IME related patch |
| 6 | JDK-8239137 | client-libs | javax.accessibility | JAWS does not always announce the value of JSliders in JColorChooser |
| 7 | JDK-8249588 | client-libs | javax.accessibility | libwindowsaccessbridge issues on 64bit Windows |
| 8 | JDK-6532025 | client-libs | javax.imageio | GIF reader throws misleading exception with truncated images |
| 9 | JDK-8237495 | client-libs | javax.sound | Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 |
| 10 | JDK-8255880 | client-libs | javax.swing | UI of Swing components is not redrawn after their internal state changed |
| 11 | JDK-8240704 | core-libs | java.lang | ProcessBuilder/checkHandles/CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent." |
| 12 | JDK-8239893 | core-libs | java.lang | Windows handle Leak when starting processes using ProcessBuilder |
| 13 | JDK-8251397 | core-libs | java.lang | NPE on ClassValue.ClassValueMap.cacheArray |
| 14 | JDK-8235351 | core-libs | java.lang.invoke | Lookup::unreflect should bind with the original caller independent of Method's accessible flag |
| 15 | JDK-7146776 | core-libs | java.net | Deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection |
| 16 | JDK-8232161 | core-libs | java.nio.charsets | Align some one-way conversion in MS950 charset with Windows |
| 17 | JDK-8254854 | core-svc | tools | [cgroups v1] Metric limits not properly detected on some join controller combinations |
| 18 | JDK-8218966 | hotspot | compiler | AArch64: String.compareTo() can read memory after string |
| 19 | JDK-8244164 | hotspot | compiler | AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base |
| 20 | JDK-8245051 | hotspot | compiler | c1 is broken if it is compiled by gcc without -fno-lifetime-dse |
| 21 | JDK-8253404 | hotspot | compiler | C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit |
| 22 | JDK-8247766 | hotspot | compiler | AArch64: guarantee(val < (1U << nbits)) failed: Field too big for insn |
| 23 | JDK-8255479 | hotspot | compiler | AArch64: assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity |
| 24 | JDK-8255466 | hotspot | compiler | C2 crashes at ciObject::get_oop() const+0x0 |
| 25 | JDK-8245512 | hotspot | compiler | CRC32 optimization using AVX512 instructions |
| 26 | JDK-8257575 | hotspot | compiler | C2: "failed: only phis" assert failure in loop strip mining verification |
| 27 | JDK-8254734 | hotspot | compiler | "dead loop detected" assert failure with patch from 8223051 |
| 28 | JDK-8257594 | hotspot | compiler | C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle |
| 29 | JDK-8256807 | hotspot | compiler | C2: Not marking stores correctly as mismatched in string opts |
| 30 | JDK-8256061 | hotspot | compiler | RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers |
| 31 | JDK-8257561 | hotspot | compiler | Some code is not vectorized after 8251925 and 8250607 |
| 32 | JDK-8256025 | hotspot | compiler | AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls |
| 33 | JDK-8257910 | hotspot | compiler | [JVMCI] Set exception_seen accordingly in the runtime. |
| 34 | JDK-8257220 | hotspot | compiler | [JVMCI] option validation should not result in a heavy-weight VM crash |
| 35 | JDK-8211320 | hotspot | compiler | AArch64: unsafe.compareAndSetByte() and unsafe.compareAndSetShort() c2 intrinsics broken with negative expected value |
| 36 | JDK-8215792 | hotspot | compiler | AArch64: String.indexOf generates incorrect result |
| 37 | JDK-8214025 | hotspot | compiler | assert(t->singleton()) failed: must be a constant when ScavengeRootsInCode < 2 |
| 38 | JDK-8229701 | hotspot | compiler | aarch64: C2 OSR compilation fails with "shouldn't process one node several times" in final graph reshaping |
| 39 | JDK-8255550 | hotspot | compiler | x86: Assembler::cmpq(Address dst, Register src) encoding is incorrect |
| 40 | JDK-8255058 | hotspot | compiler | C1: assert(is_virtual()) failed: type check |
| 41 | JDK-8253756 | hotspot | compiler | C2 CompilerThread0 crash in Node::add_req(Node*) |
| 42 | JDK-8251923 | hotspot | compiler | "Invalid JNI handle" assertion failure in JVMCICompiler::force_comp_at_level_simple() |
| 43 | JDK-8253524 | hotspot | compiler | C2: Refactor code that clones predicates during loop unswitching |
| 44 | JDK-8250825 | hotspot | compiler | C2 crashes with assert(field != __null) failed: missing field |
| 45 | JDK-8252881 | hotspot | compiler | [JVMCI] ResolvedJavaType.resolveMethod fails in fastdebug when invoked with a constructor |
| 46 | JDK-8251925 | hotspot | compiler | C2: RenaissanceStressTest fails with assert(!had_error): bad dominance |
| 47 | JDK-8253644 | hotspot | compiler | C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected |
| 48 | JDK-8247691 | hotspot | compiler | [aarch64] Incorrect handling of VM exceptions in C1 deopt stub/traps |
| 49 | JDK-8247200 | hotspot | compiler | AArch64: assert((unsigned)fpargs < 32) |
| 50 | JDK-8248336 | hotspot | compiler | AArch64: C2: offset overflow in BoxLockNode::emit |
| 51 | JDK-8258015 | hotspot | compiler | [JVMCI] JVMCI_lock shouldn't be held while initializing box classes |
| 52 | JDK-8256056 | hotspot | compiler | Deoptimization stub doesn't save vector registers on x86 |
| 53 | JDK-8258380 | hotspot | compiler | [JVMCI] don't clear InstalledCode reference when unloading JVMCI nmethods |
| 54 | JDK-8255578 | hotspot | compiler | [JVMCI] be more careful about reflective reads of Class.componentType. |
| 55 | JDK-8257513 | hotspot | compiler | C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset()) |
| 56 | JDK-8259339 | hotspot | compiler | AllocateUninitializedArray C2 intrinsic fails with void.class input |
| 57 | JDK-8245026 | hotspot | gc | PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused |
| 58 | JDK-8258396 | hotspot | jfr | SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() |
| 59 | JDK-8214180 | hotspot | runtime | Need better granularity for sleeping |
| 60 | JDK-8215583 | hotspot | runtime | Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java |
| 61 | JDK-8234742 | hotspot | runtime | Improve handshake logging |
| 62 | JDK-8234796 | hotspot | runtime | Refactor Handshake::execute to take a more complex type than ThreadClosure |
| 63 | JDK-8256359 | hotspot | runtime | AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails |
| 64 | JDK-8227275 | hotspot | runtime | Within native OOM error handling, assertions may hang the process |
| 65 | JDK-8228400 | hotspot | runtime | Remove built-in AArch64 simulator |
| 66 | JDK-8257168 | hotspot | runtime | Use SkippedException instead of RuntimeException for docker not able to pull the repository |
| 67 | JDK-8255544 | hotspot | runtime | Create a checked cast |
| 68 | JDK-8258077 | hotspot | runtime | Using -Xcheck:jni can lead to a double-free after JDK-8193234 |
| 69 | JDK-8242565 | security-libs | java.security | Policy initialization issues when the denyAfter constraint is enabled |
| 70 | JDK-8244154 | security-libs | javax.crypto:pkcs11 | Update SunPKCS11 provider with PKCS11 v3.0 header files |
| 71 | JDK-8240871 | security-libs | javax.net.ssl | SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3 |
| 72 | JDK-8257997 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 |
| 73 | JDK-8253368 | security-libs | javax.net.ssl | TLS connection always receives close_notify exception |
| 74 | JDK-8202343 | security-libs | javax.net.ssl | Disable TLS 1.0 and 1.1 |
| 75 | JDK-8257670 | security-libs | javax.net.ssl | sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks |
| 76 | JDK-8256818 | security-libs | javax.net.ssl | SSLSocket that is never bound or connected leaks socket resources |
| 77 | JDK-8255559 | security-libs | javax.xml.crypto | Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() |
| 78 | JDK-8213909 | tools | jdeps --print-module-deps should report missing dependences | |
| 79 | JDK-8234687 | tools | javac | change javap reporting on unknown attributes |
| 80 | JDK-8221759 | tools | javac | Crash when completing "java.io.File.path" |
| 81 | JDK-8255845 | tools | jlink | Memory leak in imageFile.cpp |
| 82 | JDK-8223688 | tools | jshell | JShell: crash on the instantiation of raw anonymous class |
| 83 | JDK-8242030 | tools | jshell | Wrong package declarations in jline classes after JDK-8241598 |
| 84 | JDK-8211694 | tools | jshell | JShell: Redeclared variable should be reset |
| 85 | JDK-8210527 | tools | jshell | JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack |
| 86 | JDK-8241598 | tools | jshell | Upgrade JLine to 3.14.0 |
| 87 | JDK-8218287 | tools | jshell | jshell tool: input behavior unstable after 12-ea+24 on Windows |
| 88 | JDK-8249867 | xml | jaxp | XML declaration is not followed by a newline |