The following issues are addressed in 11.0.27.6.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.27+6tAlltUpdate Corretto baseline to OpenJDK 11.0.27+6tjdk-11.0.27+6$$$JDK-8352716tAlltUpdate Timezone Data to 2025btJDK-8352716$$$The following CVEs are addressed in 11.0.27.6.1:$$$$$$CVEtCVSStComponent$$$CVE-2025-21587t7.4tsecurity-libs/javax.net.ssl$$$CVE-2025-30698t5.6tclient-libs/2d$$$CVE-2025-30691t4.8thotspot/compiler

Corretto version: 11.0.26.4.1$$$Release Date: January 21; 2025$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86; x86_64$$$macOS 13.0 and later; x86_64$$$macOS 13.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.26.4.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.26+4tAlltUpdate Corretto baseline to OpenJDK 11.0.26+4tjdk-11.0.26+4$$$JDK-8339637tAlltUpdate timezone data to 2024b.tJDK-8339637$$$JDK-8339803tAlltTZDB spec allows not only month/weekday names; but the keywords themselves can be case-insensitive and unambiguous abbreviations.tJDK-8339803$$$JDK-8339644tAlltImproved parsing of Day/Month in tzdata rules.tJDK-8339644$$$JDK-8341059tAlltChange Entrust TLS distrust date to November 12; 2024tJDK-8341059$$$JDK-8341057tAlltAdd 2 SSL.com TLS roots.tJDK-8341057$$$JDK-8337664tAlltDistrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAstJDK-8337664$$$The following CVEs are addressed in 11.0.26.4.1:$$$$$$CVEtCVSStComponent$$$CVE-2024-21502t4.8thotspot/compiler

1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.25.9.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.25+9tAlltUpdate Corretto baseline to OpenJDK 11.0.25+9tjdk-11.0.25+9$$$JDK-8279164tAlltThe TLS_ECDH cipher suites do not preserve forward secrecy and are rarely used in practice. With this release; they are disabled by adding ECDH to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. Attempts to use these suites with this release will result in a SSLHandshakeException being thrown. Note that ECDH cipher suites which use RC4 were already disabled prior to this change. Users can; at their own risk; remove this restriction by modifying the java.security configuration file (or override it by using the java.security.properties system property) so ECDH is no longer listed in the jdk.tls.disabledAlgorithms security property. This change has no effect on TLS_ECDHE cipher suites; which remain enabled by default.tJDK-8279164$$$JDK-8341059tAlltIn accordance with similar plans recently announced by Google and Mozilla; the JDK will not trust Transport Layer Security (TLS) certificates issued after the 12th of November 2024 which are anchored by Entrust root certificates. This includes certificates branded as AffirmTrust; which are managed by Entrust. Certificates issued on or before November 12th; 2024 will continue to be trusted until they expire. If a servers certificate chain is anchored by an affected certificate; attempts to negotiate a TLS session will fail with an Exception that indicates the trust anchor is not trusted.tJDK-8341059$$$JDK-8307779tAlltThis release of OpenJDK 11 updates to the latest maintenance release of the Java 11 specification. This relaxes the specification of three methods in the java.awt.Robot class - mouseMove(int;int); getPixelColor(int;int) and createScreenCapture(Rectangle) - to allow these methods to fail when the desktop environment does not permit moving the mouse pointer or capturing screen content.tJDK-8307779$$$JDK-8290367tAlltWith this OpenJDK release; the JDK implementation of the LDAP provider no longer supports the deserialisation of Java objects by default. This is achieved by the system property com.sun.jndi.ldap.object.trustSerialData being set to false by default. Note that this release also increases the scope of the com.sun.jndi.ldap.object.trustSerialData to cover the reconstruction of RMI remote objects from the javaRemoteLocation LDAP attribute. The result of this change is that transparent deserialisation of Java objects will require an explicit opt-in. Applications that wish to reconstruct Java objects and RMI stubs from LDAP attributes will need to set the com.sun.jndi.ldap.object.trustSerialData to true.tJDK-8290367$$$JDK-8328286tAlltThis OpenJDK release limits the maximum header field size accepted by the HTTP client within the JDK for all supported versions of the HTTP protocol. The header field size is computed as the sum of the size of the uncompressed header name; the size of the uncompressed header value and a overhead of 32 bytes for each field section line. If a peer sends a field section that exceeds this limit; a java.net.ProtocolException will be raised. This release also introduces a new system property; jdk.http.maxHeaderSize. This property can be used to alter the maximum header field size (in bytes) or disable it by setting the value to zero or a negative value. The default value is 393;216 bytes or 384kB.t$$$The following CVEs are addressed in 11.0.25.9.1:$$$$$$CVEtCVSStComponent$$$CVE-2024-21235t4.8thotspot/compiler$$$CVE-2024-21208t3.7tcore-libs/java.net$$$CVE-2024-21210t3.7thotspot/compiler$$$CVE-2024-21217t3.7tcore-libs/java.io:serialization

1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.24.8.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.24+8tAlltUpdate Corretto baseline to OpenJDK 11.0.24+8tjdk-11.0.24+8$$$Re-enable DTLS1.0tAlltRe-enable DTLS to not change default TLStcorretto-11/pull/366$$$The following CVEs are addressed in 11.0.24.8.1:$$$$$$CVEtCVSStComponent$$$CVE-2024-21147t7.4thotspot/compiler$$$CVE-2024-21145t4.8tclient-libs/2d$$$CVE-2024-21140t4.8thotspot/compiler$$$CVE-2024-21144t3.7tcore-libs/java.util$$$CVE-2024-21131t3.7thotspot/runtime$$$CVE-2024-21138t3.7thotspot/runtime

Release Date: April 16; 2024$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86; x86_64$$$macOS 12.0 and later; x86_64$$$macOS 12.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.23.9.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.23+9tAlltUpdate Corretto baseline to OpenJDK 11.0.23+9tjdk-11.0.23+9$$$(tz) Update Timezone Data to 2024atAlltUpdate Timezone Data to 2024atJDK-8325150$$$The following CVEs are addressed in 11.0.23.9.1:$$$$$$CVEtCVSStComponent$$$CVE-2024-21094t3.7thotspot/compiler$$$CVE-2024-21085t3.7tcore-libs/java.util$$$CVE-2024-21011t3.7thotspot/runtime$$$CVE-2024-21068t3.7thotspot/compiler$$$CVE-2024-21012t3.7tcore-libs/java.net

Corretto version: 11.0.22.7.1$$$Release Date: January 16; 2024$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86; x86_64$$$macOS 12.0 and later; x86_64$$$macOS 12.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.22.7.1:$$$$$$Issue NamettttttPlatformtDescriptiontttttLink$$$Import jdk-11.0.22+7tttttAllttUpdate Corretto baseline to OpenJDK 11.0.22+7tjdk-11.0.22+7$$$(tz) Update Timezone Data to 2023dtttAllttUpdate Timezone Data to 2023dtttJDK-8322725$$$NPE in PKCS7.parseOldSignedDatattttAllttfixes exception PKCS7.parseOldSignedDatttJDK-8315042$$$Disable build-ids in AL RPMsttttAL2023ttBuild-ids can conflict across versionsttN/A$$$Support dealing with standard assert macrottAllttfix name clash of assert macro in debug.hpp with libcs assert macrotJDK-8299254$$$Enable Neoverse N1 optimizations for Neoverse V2tAllttEnable Neoverse N1 optimizations for Neoverse V2tJDK-8321025$$$The following CVEs are addressed in 11.0.22.7.1:$$$$$$CVEtCVSStComponent$$$CVE-2024-20918t7.4thotspot/compiler$$$CVE-2024-20952t7.4tsecurity-libs/java.security$$$CVE-2024-20926t5.9tcore-libs/javax.script$$$CVE-2024-20919t5.9thotspot/runtime$$$CVE-2024-20921t5.9thotspot/compiler$$$CVE-2024-20945t4.7tsecurity-libs/javax.xml.crypto

Change Log for Amazon Corretto 11$$$The following sections describe the changes for each release of Amazon Corretto 11.$$$$$$Corretto version: 11.0.21.9.1$$$Release Date: October 17; 2023$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86; x86_64$$$macOS 11.0 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.21.9.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.21+9tAlltUpdate Corretto baseline to OpenJDK 11.0.21+9tjdk-11.0.21+9$$$JDK-8168261tAlltUse Server Cipher Suites Preference by DefaulttJDK-8168261$$$The following CVEs are addressed in 11.0.21.9.1:$$$$$$CVEtCVSStComponent$$$CVE-2023-22081t5.3tsecurity-libs/javax.net.ssl

Change Log for Amazon Corretto 11$$$The following sections describe the changes for each release of Amazon Corretto 11.$$$$$$Corretto version: 11.0.20.9.1$$$Release Date: August 22; 2023$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86_64$$$macOS 11.0 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.20.9.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$8313765: Invalid CEN header (invalid zip64 extra data field size)tAlltFix ZipException that may be encountered when opening select APK; ZIP or JAR filestJDK-8313765

Corretto version: 11.0.20.8.1$$$Release Date: July 18; 2023$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86_64$$$macOS 11.0 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.20.8.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.20+8tAlltUpdate Corretto baseline to OpenJDK 11.0.20+8tjdk-11.0.20+8$$$Dynamic link zlib for non armv7 linuxtAlltDynamic link zlib for non armv7 linuxt#333$$$8302483: Enhance ZIP performancetAlltThis release of OpenJDK includes stronger checks on the Zip64 fields of zip files. In the event that these checks cause failures on trusted zip files; the checks can be disabled by setting the new system property jdk.util.zip.disableZip64ExtraFieldValidation to true.t$$$8300596: Enhance Jar Signature validationtAlltA System property jdk.jar.maxSignatureFileSize is introduced to configure the maximum number of bytes allowed for the signature-related files in a JAR file during verification. The default value is 8000000 bytes (8 MB).t$$$The following CVEs are addressed in 11.0.20.8.1:ttt$$$CVEtCVSStComponent$$$CVE-2023-22041t5.1thotspot/compiler$$$CVE-2023-25193t3.7tclient-libs/2d$$$CVE-2023-22045t3.7thotspot/compiler$$$CVE-2023-22049t3.7tcore-libs/java.io$$$CVE-2023-22036t3.7tcore-libs/java.util$$$CVE-2023-22006t3.1tcore-libs/java.net

Corretto version: 11.0.19.7.1$$$Release Date: April 18; 2023$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Alpine-based Linux; aarch64$$$Windows 10 or later; x86_64$$$macOS 11.0 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.19.7.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.19+7tAlltUpdate Corretto baseline to OpenJDK 11.0.19+7tjdk-11.0.19+7$$$(tz) Update Timezone Data to 2023ctAlltUpdate Timezone Data to 2023ct#323$$$Update amazon cacertstAlltUpdate amazon cacerts file from amazonlinuxt#318 #321 #322$$$The following CVEs are addressed in 11.0.19.7.1:$$$$$$CVEtCVSStComponent$$$CVE-2023-21930t7.4tsecurity-libs/javax.net.ssl$$$CVE-2023-21954t5.9thotspot/gc$$$CVE-2023-21967t5.9tsecurity-libs/javax.net.ssl$$$CVE-2023-21939t5.3tclient-libs/javax.swing$$$CVE-2023-21938t3.7tcore-libs/java.lang$$$CVE-2023-21937t3.7tcore-libs/java.net$$$CVE-2023-21968t3.7tcore-libs/java.nio

Corretto version: 11.0.18.10.1$$$Release Date: January 17; 2023$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Windows 10 or later; x86_64$$$macOS 10.15 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.18.10.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.18+10tAlltUpdate Corretto baseline to OpenJDK 11.0.18+10tjdk-11.0.18+10$$$Backport 8221351tAlltBackport 8221351: Crash in KlassFactory::check_shared_class_file_load_hookt#298$$$Backport 8221621tAlltBackport 8221621: FindTests.gmk cannot handle = in TEST.groups commentst#298$$$Fix java_home alternativetLinuxtAlternative dir without architecture should be created on headless packaget#302$$$Update amazon cacertstAlltUpdate amazon cacerts file from amazonlinuxt$$$Relax VerifyCACertstAlltRelax VerifyCACerts expiry conditiont#294$$$The following CVEs are addressed in 11.0.18.10.1:$$$$$$CVEtCVSStComponent$$$CVE-2023-21835t8287411t5.3$$$CVE-2023-21830t8285021t5.3$$$CVE-2023-21843t8293742t3.7

Change Log for Amazon Corretto 11$$$The following sections describe the changes for each release of Amazon Corretto 11.$$$$$$Corretto version: 11.0.17.8.1$$$Release Date: October 18; 2022$$$$$$Target Platforms 1$$$$$$RPM-based Linux using glibc 2.12 or later; x86; x86_64$$$Debian-based Linux using glibc 2.12 or later; x86; x86_64$$$RPM-based Linux using glibc 2.17 or later; aarch64$$$Debian-based Linux using glibc 2.17 or later; aarch64$$$Linux using glibc 2.25 or later; Arm$$$Linux using muslc 1.2.2 or later; Arm$$$Alpine-based Linux; x86_64$$$Windows 7 or later; x86_64$$$macOS 10.15 and later; x86_64$$$macOS 11.0 and later; aarch64$$$1. This is the platform targeted by the build. See Using Amazon Corretto in the Amazon Corretto FAQ for supported platforms$$$$$$The following issues are addressed in 11.0.17.8.1:$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.17+8tAlltUpdate Corretto baseline to OpenJDK 11.0.17+8tjdk-11.0.17+8$$$Update Timezone Data to 2022etAlltAll tzdata updates up to 2022et#292 #293$$$Add jpeg; alsa and fonts as headless dependenciestAmazon LinuxtAdd libraries that could be used in headless mode to RPM dependeciest#287$$$Update amazon cacertstAlltUpdate amazon cacerts file from amazonlinuxt$$$The following CVEs are addressed in 11.0.17.8.1:$$$$$$CVEtCVSStComponent$$$CVE-2022-21626t5.3tsecurity-libs/java.security$$$CVE-2022-21618t5.3tsecurity-libs/org.ietf.jgss$$$CVE-2022-21628t5.3tcore-libs/java.net$$$CVE-2022-39399t3.7tcore-libs/java.net$$$CVE-2022-21619t3.7tsecurity-libs/java.security$$$CVE-2022-21624t3.7tcore-libs/javax.naming

The following issues are addressed in 11.0.16.9.1$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.16.1+1tAlltUpdates Corretto baseline to OpenJDK 11.0.16.1+1tjdk-11.0.16.1+1$$$Resolve C2 compiler crashtAlltJDK-8279219 caused regressions in the OpenJDK 11.0.16 and OpenJDK 17.0.4 releases and we are backing it out. See JDK-8291665.tJDK-8292260$$$Unify Info.plist files with correct version stringstmacOSttJDK-8252145

The following issues are addressed in 11.0.16.8.1.$$$$$$Issue NametPlatformtDescriptiontLink$$$Import jdk-11.0.16+8tAlltUpdate Corretto baseline to OpenJDK 11.0.16+8tjdk-11.0.16+8$$$Enable bundled zlib library on macOS aarch64tMacOStUpdates to use bundled (not the system) version of the zlib library on macOS aarch64t#36$$$Update amazon cacertstAlltUpdate amazon cacerts file from amazonlinuxt