JDK 11.0.19 Release Notes
Java SE 11.0.19 Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 11.0.19 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
Changes in Java SE 11.0.19.0.3
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8308884 | hotspot | compiler | [17u/11u] Backout JDK-8297951 |
Changes in Java SE 11.0.19.0.2
| BugId | Component | Subcomponent | Summary |
|---|---|---|---|
| JDK-8306690 (not public) | install | install | Restore missing /usr/java/default symlink on Linux |
| JDK-8308123 (not public) | install | install | /usr/java/latest symlink is not created during 8u371 jdk rpm install |
| JDK-8305976 (not public) | install | install | Installation of OL-specific x64 jdk rpms pulls in i686 dependencies |
| JDK-8305113 | core-libs | java.time | (tz) Update Timezone Data to 2023c |
| JDK-8212970 | core-libs | java.time | TZ database in "vanguard" format support |
| JDK-8302112 (not public) | hotspot | test | remove windows 2012 from task definitions |
Changes in Java SE 11.0.19.0.1
Fixes from the prior BPR are included in this version.
Java™ SE Development Kit 11.0.19 (JDK 11.0.19)
April 18, 2023
The full version string for this update release is 11.0.19+9 (where "+" means "build"). The version number is 11.0.19.
IANA TZ Data 2022g
JDK 11.0.19 contains IANA time zone data 2022g which contains the following changes:
- The northern edge of Chihuahua changes to US timekeeping.
- Much of Greenland stops changing clocks after March 2023.
- Fix some pre-1996 timestamps in northern Canada.
- C89 is now deprecated; please use C99 or later.
- Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.
- In C code, use more C23 features if available.
- C23 timegm now supported by default.
- Fixes for unlikely integer overflows.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.19 are specified in the following table:
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.19+9 |
| 8 | 8u371-b11 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 11.0.19) after the next critical patch update release, scheduled for July 18, 2023.
New Features
A native GSS-API library named sspi_bridge.dll has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib system property to its path.
Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly system property should be set to false.
com.sun.security.auth.module.Krb5LoginModule does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule from JAAS config.
Other Notes
Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true.
The following root certificate has been added to the cacerts truststore:
+ Certigna (Dhimyotis)
+ certignaca
DN: CN=Certigna, O=Dhimyotis, C=FR
SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.
After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms security property, the SSLSocket.getEnabledProtocols(), SSLServerSocket.getEnabledProtocols(), SSLEngine.getEnabledProtocols() and SSLParameters.getProtocols() APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols or jdk.tls.server.protocols system properties or with the SSLSocket.setEnabledProtocols(), SSLServerSocket.setEnabledProtocols() and SSLEngine.setEnabledProtocols() APIs.
The behavior of the method java.io.File.listRoots() on Microsoft Windows has changed in this release so that the returned array includes a File object for all available disk drives. This differs from the behavior in JDK 10 to JDK 20, where this method filtered out disk drives that were not accessible or did not have media present. This change avoids performance issues observed in the previous releases and also ensures that the method is consistent with the root directories in the iteration returned by FileSystem.getDefault().getRootDirectories().
Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:
Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.19:
| # | JBS | Component | Summary |
|---|---|---|---|
| 1 | JDK-8285399 | client-libs/2d | JNI exception pending in awt_GraphicsEnv.c:1432 |
| 2 | JDK-8284023 | client-libs/java.awt | java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo |
| 3 | JDK-8296496 | client-libs/java.awt | Overzealous check in sizecalc.h prevents large memory allocation |
| 4 | JDK-8279614 | client-libs/java.awt | The left line of the TitledBorder is not painted on 150 scale factor |
| 5 | JDK-8288332 | client-libs/java.awt | Tier1 validate-source fails after 8279614 |
| 6 | JDK-8295685 | client-libs/java.awt | Update Libpng to 1.6.38 |
| 7 | JDK-8282958 | client-libs/javax.swing | Rendering Issues with Borders on Windows High-DPI systems |
| 8 | JDK-8299238 | core-libs | Fix Bad Copyright introduced in 8299223 |
| 9 | JDK-8294378 | core-libs/java.net | URLPermission constructor exception when using tr locale |
| 10 | JDK-8297569 | core-libs/java.net | URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 |
| 11 | JDK-8299439 | core-libs/java.text | java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR |
| 12 | JDK-8295530 | core-libs/java.util.jar | Update Zlib Data Compression Library to Version 1.2.13 |
| 13 | JDK-8287180 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-08-08 |
| 14 | JDK-8267038 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2022-03-02 |
| 15 | JDK-8296239 | core-libs/java.util:i18n | ISO 4217 Amendment 174 Update |
| 16 | JDK-8297548 | core-libs/jdk.nashorn | Update double-conversion to 3.2.0 |
| 17 | JDK-8169718 | core-svc/debugger | nsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false |
| 18 | JDK-8292541 | core-svc/java.lang.management | [Metrics] Reported memory limit may exceed physical machine memory |
| 19 | JDK-8216314 | hotspot/compiler | SIGILL in CodeHeapState::print_names() |
| 20 | JDK-8276066 | hotspot/compiler | Reset LoopPercentProfileLimit for x86 due to suboptimal performance |
| 21 | JDK-8269574 | hotspot/compiler | C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events |
| 22 | JDK-8270533 | hotspot/compiler | AArch64: size_fits_all_mem_uses should return false if its output is a CAS |
| 23 | JDK-8295066 | hotspot/compiler | Folding of loads is broken in C2 after JDK-8242115 |
| 24 | JDK-8256934 | hotspot/compiler | C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit |
| 25 | JDK-8296912 | hotspot/compiler | C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 |
| 26 | JDK-8290964 | hotspot/compiler | C2 compilation fails with assert "non-reduction loop contains reduction nodes" |
| 27 | JDK-8296924 | hotspot/compiler | C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address |
| 28 | JDK-8285835 | hotspot/compiler | SIGSEGV in PhaseIdealLoop::build_loop_late_post_work |
| 29 | JDK-8295788 | hotspot/compiler | C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" |
| 30 | JDK-8297951 | hotspot/compiler | C2: Create skeleton predicates for all If nodes in loop predication |
| 31 | JDK-8297264 | hotspot/compiler | C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top |
| 32 | JDK-8295116 | hotspot/compiler | C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead |
| 33 | JDK-8287425 | hotspot/compiler | Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path |
| 34 | JDK-8242115 | hotspot/compiler | C2 SATB barriers are not safepoint-safe |
| 35 | JDK-8272985 | hotspot/gc | Reference discovery is confused about atomicity and degree of parallelism |
| 36 | JDK-8283199 | hotspot/runtime | Linux os::cpu_microcode_revision() stalls cold startup |
| 37 | JDK-8271506 | hotspot/runtime | Add ResourceHashtable support for deleting selected entries |
| 38 | JDK-8048190 | hotspot/runtime | NoClassDefFoundError omits original ExceptionInInitializerError |
| 39 | JDK-8291763 | hotspot/runtime | Include virtualization information in hs_err crash log on Solaris |
| 40 | JDK-8289424 | hotspot/runtime | Include LD_HWCAP in hs_err log output |
| 41 | JDK-8287107 | hotspot/runtime | CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller |
| 42 | JDK-8287741 | hotspot/runtime | Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete |
| 43 | JDK-8293472 | hotspot/runtime | Incorrect container resource limit detection if manual cgroup fs mounts present |
| 44 | JDK-8231610 | hotspot/runtime | Relocate the CDS archive if it cannot be mapped to the requested address |
| 45 | JDK-8287011 | hotspot/runtime | Improve container information |
| 46 | JDK-8286030 | hotspot/runtime | Avoid JVM crash when containers share the same /tmp dir |
| 47 | JDK-8298349 | install/install | /usr/java/latest points to wrong JDK |
| 48 | JDK-8298330 | install/install | /usr/java/latest is missing after one of JDK rpms is uninstalled |
| 49 | JDK-8242897 | security-libs/java.security | KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException |
| 50 | JDK-8280890 | security-libs/java.security | Cannot use '-Djava.system.class.loader' with class loader in signed JAR |
| 51 | JDK-8253829 | security-libs/org.ietf.jgss | Wrong length compared in SSPI bridge |
| 52 | JDK-8225687 | security-libs/org.ietf.jgss | Newly added sspi.cpp in JDK-6722928 still contains some small errors |
| 53 | JDK-8222251 | tools/javac | preflow visitor is not visiting lambda expressions |
| 54 | JDK-8222091 | tools/javadoc(tool) | Javadoc does not handle package annotations correctly on package-info.java |
| 55 | JDK-8296619 | tools/javadoc(tool) | Upgrade jQuery to 3.6.1 |