JDK 11.0.26 Release Notes
Java™ SE Development Kit 11.0.26 (JDK 11.0.26)
Release date: January 21, 2025
The full version string for this update release is 11.0.26+7 (where "+" means "build"). The version number is 11.0.26. This JDK conforms to version 11.3 of the Java SE Specification (JSR 384 MR 3 2024-07-02).
IANA TZ Data 2024b
JDK 11.0.26 contains IANA time zone data 2024b which contains the following changes:
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent.
- The main data form now uses %z.
- The code now conforms to RFC 8536 for early timestamps.
- Support POSIX.1-2024, which removes asctime_r and ctime_r.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime at the time of the release of JDK 11.0.26 are specified in the following table:
| Java Family Version | Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.26+7 |
| 8 | 1.8.0_441-b07 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.26) be used after the next critical patch update scheduled for April 15, 2025.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
New Features
The java.security.debug system property now accepts arguments which add thread ID, thread name, caller information, and timestamp information to debug statements for all components or a specific component.
+timestamp can be appended to debug options to print a timestamp for that debug option. +thread can be appended to debug options to print thread and caller information for that debug option.
Examples: -Djava.security.debug=all+timestamp+thread adds timestamp and thread information to every debug statement generated.
-Djava.security.debug=properties+timestamp adds timestamp information to every debug statement generated for the properties component.
You can also specify -Djava.security.debug=help which will display a complete list of supported components and arguments.
See Printing Thread and Timestamp Information for more information.
Other Notes
ProcessBuilder on Windows Quotes Argument Strings Containing Any Space Character
(JDK-8335428 (not public))
On Windows, the ProcessBuilder has expanded the quoting of argument strings when starting a process to ensure they are recognized by the application as a single command argument. The set of space characters has been expanded from space (0x20) to include all space characters as defined by java.lang.Character.isSpaceChar, which includes all Unicode space separator characters, such as EN-SPACE (0x2002), and line separator and paragraph separator characters.
IANA Time Zone Database has been upgraded to 2024b. This version mainly includes changes to improve historical data for Mexico, Mongolia, and Portugal. It also changes one timestamp abbreviation, for the time zone 'MET'. Also Asia/Choibalsan is now an alias for Asia/Ulaanbaatar.
The new tzdata changes also impact some legacy time zone IDs. As per 2024b changes "EST" links to "America/Panama", "HST" links to "Pacific/Honolulu" and "MST" links to "America/Phoenix". To maintain compatibility with the Java SE specification, the java.time.ZoneId.SHORT_IDS Map has not changed. Further details are available at JDK-8342331
The Standard Doclet no longer generates pre-compressed index files. Decisions about compression are now left to the underlying means of delivery (for example, application layer protocols such as HTTP).
Updates to Third Party Libraries
| Library | New Version | Module | JBS |
|---|---|---|---|
| JSZip | removed | jdk.javadoc | JDK-8237909 |
| Pipewire | 0.3.68 | java.desktop | JDK-8280982 |
Bug Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.26:
| # | JBS | Component | Summary |
|---|---|---|---|
| 1 | JDK-8309621 | client-libs/java.awt | [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 |
| 2 | JDK-8280993 | client-libs/java.awt | [XWayland] Popup is not closed on click outside of area controlled by XWayland |
| 3 | JDK-8309756 | client-libs/java.awt | Occasional crashes with pipewire screen capture on Wayland |
| 4 | JDK-8313697 | client-libs/java.awt | [XWayland][Screencast] consequent getPixelColor calls are slow |
| 5 | JDK-8331011 | client-libs/java.awt | [XWayland] TokenStorage fails under Security Manager |
| 6 | JDK-8321176 | client-libs/java.awt | [Screencast] make a second attempt on screencast failure |
| 7 | JDK-8280994 | client-libs/java.awt | [XWayland] Drag and Drop does not work in java -> wayland app direction |
| 8 | JDK-8215921 | client-libs/java.awt | There is no change when select different Foreground and Background by mouse. |
| 9 | JDK-8014503 | client-libs/java.awt | AWT Choice implementation should be made consistent across platforms. |
| 10 | JDK-8280982 | client-libs/java.awt | [Wayland] [XWayland] java.awt.Robot taking screenshots |
| 11 | JDK-8280132 | client-libs/java.beans | Incorrect comparator com.sun.beans.introspect.MethodInfo.MethodOrder |
| 12 | JDK-8308152 | client-libs/java.beans | PropertyDescriptor should work with overridden generic getter method |
| 13 | JDK-8329667 | client-libs/javax.accessibility | [macos] Issue with JTree related fix for JDK-8317771 |
| 14 | JDK-8282578 | client-libs/javax.sound | AIOOBE in javax.sound.sampled.Clip |
| 15 | JDK-8319103 | client-libs/javax.swing | Popups that request focus are not shown on Linux with Wayland |
| 16 | JDK-8337792 | core-libs | javax.naming.NamingException: Could not resolve a valid ldap host when using LDAP connection in JDK11 |
| 17 | JDK-8340812 | core-libs/java.lang.invoke | LambdaForm customization via MethodHandle::updateForm is not thread safe |
| 18 | JDK-8312741 | hotspot/compiler | C2: LoopLimitNode is not eliminated |
| 19 | JDK-8337066 | hotspot/compiler | Repeated call of StringBuffer.reverse with double byte string returns wrong result |
| 20 | JDK-8315988 | hotspot/gc | Parallel: Make TestAggressiveHeap use createTestJvm |
| 21 | JDK-8298129 | hotspot/jfr | Let checkpoint event sizes grow beyond u4 limit |
| 22 | JDK-8338389 | hotspot/jfr | [JFR] Long strings should be added to the string pool |
| 23 | JDK-8340387 | hotspot/runtime | Update OS detection code to recognize Windows Server 2025 |
| 24 | JDK-8328723 | security-libs/java.security | IP Address error when client enables HTTPS endpoint check on server socket |
| 25 | JDK-8331864 | security-libs/java.security | Update Public Suffix List to 1cbd6e7 |
| 26 | JDK-8322809 | tools/jlink | SystemModulesMap::classNames and moduleNames arrays do not match the order |