JDK 11.0.24 Release Notes
Java SE 11.0.24 Bundled Patch Release (BPR) - Bug Fixes and Updates
The following sections summarize changes made in all Java SE 11.0.24 BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in the previous BPR are also included in the current BPR.
Changes in Java SE 11.0.24.0.3
Bug Fixes
Release date: September 18, 2024| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8337792 | core-libs | javax.naming.NamingException: Could not resolve a valid ldap host when using LDAP connection in JDK11 |
Changes in Java SE 11.0.24.0.2
Bug Fixes
Release date: August 16, 2024| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8336107 (not public) | install | JDK rpm upgrade from 11.0.23 to 11.0.25 leaves "orphan" alternatives entry |
Changes in Java SE 11.0.24.0.1
Bug Fixes
Release date: July 16, 2024| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8333447 (not public) | install | install | "alternatives" uninstallation results into intermittent “Java not available” issues |
| JDK-8333859 | core-libs | java.util.jar | Pack200.newUnpacker().unpack() throws IOException |
Java™ SE Development Kit 11.0.24 (JDK 11.0.24)
Release date: July 16, 2024
The full version string for this update release is 11.0.24+7 (where "+" means "build"). The version number is 11.0.24.
IANA TZ Data 2024a
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime at the time of the release of JDK 11.0.24 are specified in the following table:
| Java Family Version | Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.24+7 |
| 8 | 8u421-b09 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.24) be used after the next critical patch update scheduled for October 15, 2024.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
New Features
-XshowSettings Launcher Option
(JDK-8281658)
The -XshowSettings launcher has a new security category. Settings from security properties, security providers and TLS related settings are displayed with this option. A security sub-category can be passed as an argument to the security category option. See the output from java -X:
-XshowSettings:security
show all security settings and continue
-XshowSettings:security:*sub-category*
show settings for the specified security sub-category and continue. Possible *sub-category* arguments for this option include:
all: show all security settings and continue
properties: show security properties and continue
providers: show static security provider settings and continue
tls: show TLS related security settings and continue
Third party security provider details will be reported if they are included in the application class path or module path and such providers are configured in the java.security file.
Removed Features and Options
Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons, /usr/share/mime, and /usr/share/applications subtrees.
Other Notes
The following root certificates have been added to the cacerts truststore:
+ GlobalSign
+ globalsignr46
DN: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
+ GlobalSign
+ globalsigne46
DN: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
DTLS 1.0 has been disabled by default, by adding "DTLSv1.0" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. Any attempts to use DTLSv1.0 will fail with an SSLHandshakeException. Users can, at their own risk, re-enable the version by removing "DTLSv1.0" from the jdk.tls.disabledAlgorithms security property.
RPATH Instead of RUNPATH
(JDK-8326891)
Native executables and libraries on Linux have switched to using RPATH instead of RUNPATH in this release.
JDK native executables and libraries use embedded runtime search paths to locate other internal JDK native libraries. On Linux these can be defined as either RPATH or RUNPATH. The main difference is that the dynamic linker considers RPATH before the LD_LIBRARY_PATH environment variable, while RUNPATH is only considered after LD_LIBRARY_PATH.
By making the change to using RPATH, it is no longer possible to replace JDK internal native libraries using LD_LIBRARY_PATH.
The installation directory name of the Oracle JDK in RPM and DEB packages has changed from /usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH} to /usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}.
Every update release will be installed in a separate directory on Linux platform.
Installers will create a /usr/java/jdk-${FEATURE}-oracle-${ARCH} link pointing to the installation directory to allow programs to find the latest JDK version in the ${FEATURE} release train.
Updates to Third Party Libraries
| Library | New Version | Module | JBS |
|---|---|---|---|
| LCMS | 2.16 | java.desktop | JDK-8321489 |
| Zlib Data Compression Library | 1.3.1 | java.base | JDK-8324632 |
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.24:
| # | JBS | Component | Summary |
|---|---|---|---|
| 1 | JDK-8318854 | client-libs/java.awt | [macos14] Running any AWT app prints Secure coding warning |
| 2 | JDK-8317771 | client-libs/javax.accessibility | [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma |
| 3 | JDK-8296878 | client-libs/javax.swing | Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters |
| 4 | JDK-8218917 | client-libs/javax.swing | KeyEvent.getModifiers() returns inconsistent values for ALT keys |
| 5 | JDK-8322239 | client-libs/javax.swing | [macos] a11y : java.lang.NullPointerException is thrown when focus is moved on the JTabbedPane |
| 6 | JDK-8187759 | client-libs/javax.swing | Background not refreshed when painting over a transparent JFrame |
| 7 | JDK-8258956 | core-libs/java.lang | Memory Leak in StringCoding on ThreadLocal resultCached StringCoding.Result |
| 8 | JDK-8302791 | core-libs/java.lang:class_loading | Add specific ClassLoader object to Proxy IllegalArgumentException message |
| 9 | JDK-8319436 | core-libs/java.lang:reflect | Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader |
| 10 | JDK-8318599 | core-libs/java.net | HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809 |
| 11 | JDK-8292044 | core-libs/java.net | HttpClient doesn't handle 102 or 103 properly |
| 12 | JDK-8242999 | core-libs/java.net | HTTP/2 client may not handle CONTINUATION frames correctly |
| 13 | JDK-8263940 | core-libs/java.nio | NPE when creating default file system when default file system provider is packaged as JAR file on class path |
| 14 | JDK-8318322 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-10-16 |
| 15 | JDK-8304761 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-03-22 |
| 16 | JDK-8302512 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-02-14 |
| 17 | JDK-8306031 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-04-13 |
| 18 | JDK-8308021 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-05-11 |
| 19 | JDK-8327631 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2024-03-07 |
| 20 | JDK-8313702 | core-libs/java.util:i18n | Update IANA Language Subtag Registry to Version 2023-08-02 |
| 21 | JDK-8326638 | hotspot/compiler | Crash in PhaseIdealLoop::remix_address_expressions due to unexpected Region instead of Loop |
| 22 | JDK-8215205 | hotspot/compiler | javaVFrame much slower than vframeStream |
| 23 | JDK-8208669 | hotspot/gc | GC changes to allow enabling -Wreorder |
| 24 | JDK-8236124 | hotspot/jvmti | Minimal VM slowdebug build failed after JDK-8212160 |
| 25 | JDK-8254270 | hotspot/svc | linux 32 bit build doesn't compile libjdwp/log_messages.c |
| 26 | JDK-8241960 | security-libs/java.security | The SHA3 message digests impl of SUN provider are not thread safe after cloned |
| 27 | JDK-8214583 | security-libs/java.security | AccessController.getContext may return wrong value after JDK-8212605 |
| 28 | JDK-8212605 | security-libs/java.security | Pure-Java implementation of AccessController.doPrivileged |
| 29 | JDK-8214329 | security-libs/java.security | SwingMark SubMenus 9% regression in 12-b19 on Linux client |
| 30 | JDK-8326643 | security-libs/java.security | JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message |
| 31 | JDK-8236512 | security-libs/javax.crypto:pkcs11 | PKCS11 Connection closed after Cipher.doFinal and NoPadding |
| 32 | JDK-8312383 | security-libs/javax.net.ssl | Log X509ExtendedKeyManager implementation class name in TLS/SSL connection |
| 33 | JDK-8303809 | security-libs/org.ietf.jgss | Dispose context in SPNEGO NegotiatorImpl |