New Features$$$hotspot/runtime$$$? Command-Line Flag -XX:+ExtensiveErrorReports (JDK-8211845)$$$The command-line flag -XX:+ExtensiveErrorReports has been added to allow more extensive reporting of information related to a crash as reported in the hs_err<pid>.log file. Disabled by default in product builds; the flag can be turned on in environments where maximal information is desired - even if the resulting logs may be quite large and/or contain information that might be considered sensitive.$$$$$$$$$security-libs/javax.crypto:pkcs11$$$? Legacy Mechanism Check in SunPKCS11 Provider Is Enhanced with Service Type (JDK-8293345)$$$Native PKCS11 mechanisms which support decryption but not encryption; or signature verification but not signing; are considered legacy and are disabled by default. The legacy mechanism check in SunPKCS11 provider is enhanced with the service type. For example; prior to this fix; a mechanism supporting encryption; decryption; and verification but not signing; is considered legacy and cant be used at all. After this fix; the corresponding Cipher service using this mechanism is available since both encryption and decryption are supported. However; the corresponding Signature service is not since only verification is supported. To bypass the legacy mechanism check; set the PKCS11 provider configuration attribute allowLegacy to true. The default value is false. Note that it is the callers responsibility to make sure the legacy mechanism is not used for the unsupported functionality.$$$$$$Refer-https://www.oracle.com/java/technologies/javase/11all-relnotes.html#R11_0_27

Java™ SE Development Kit 11.0.26 (JDK 11.0.26)$$$Release date: January 21; 2025$$$$$$The full version string for this update release is 11.0.26+7 (where + means build). The version number is 11.0.26. This JDK conforms to version 11.3 of the Java SE Specification (JSR 384 MR 3 2024-07-02).$$$$$$ $$$$$$IANA TZ Data 2024b$$$JDK 11.0.26 contains IANA time zone data 2024b which contains the following changes:$$$$$$Improve historical data for Mexico; Mongolia; and Portugal.$$$System V names are now obsolescent.$$$The main data form now uses %z.$$$The code now conforms to RFC 8536 for early timestamps.$$$Support POSIX.1-2024; which removes asctime_r and ctime_r.

Release date: October 15; 2024$$$$$$The full version string for this update release is 11.0.25+9 (where + means build). The version number is 11.0.25.$$$$$$ $$$$$$IANA TZ Data 2024a$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime at the time of the release of JDK 11.0.25 are specified in the following table:$$$$$$Java Family VersiontSecurity Baseline (Full Version String)$$$11t11.0.25+9$$$8t1.8.0_431-b10$$$Keeping the JDK up to Date$$$Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest; the Security Baseline page can be used to determine which is the latest version for each release family.$$$$$$Critical patch updates; which contain security vulnerability fixes; are announced one year in advance on Critical Patch Updates; Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.25) be used after the next critical patch update scheduled for January 21; 2025.$$$$$$Java Management Service; available to all users; can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.$$$$$$ $$$$$$Notable Issues Fixed$$$install/install$$$? JDK RPM Upgrade Leaves Orphan Alternatives Entry (JDK-8336107 (not public))$$$Fixed the issue with entries in the java and javac groups not being properly managed during an RPM upgrade.$$$$$$Upgrading from an older Java RPM installed into a shared directory (/usr/lib/jvm/jdk-${FEATURE}-oracle-${ARCH}) to a Java RPM installing into a version-specific directory (/usr/lib/jvm/jdk-${VERSION}-oracle-${ARCH}); results in the older Java entries in the java and javac groups not being deleted.$$$$$$The issue does not manifest until the new Java is uninstalled. When it is uninstalled and Java from the lower release is installed; running Java commands like java or keytool without the full path specified will result in the command not found error. For example; install 21.0.3; upgrade it to 21.0.4; uninstall 21.0.4; install any Java update of 17 or 11 or 8 release; run java from the command line. The command will fail with the command not found error.$$$$$$Manually delete orphan Java entries in the java and javac groups to workaround the issue.$$$For more details; refer - https://www.oracle.com/java/technologies/javase/11all-relnotes.html#R11_0_25

Java™ SE Development Kit 11.0.24 (JDK 11.0.24)$$$Release date: July 16; 2024$$$$$$The full version string for this update release is 11.0.24+7 (where + means build). The version number is 11.0.24.$$$$$$ $$$$$$IANA TZ Data 2024a$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime at the time of the release of JDK 11.0.24 are specified in the following table:$$$$$$Java Family VersiontSecurity Baseline (Full Version String)$$$11t11.0.24+7$$$8t8u421-b09$$$Keeping the JDK up to Date$$$Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest; the Security Baseline page can be used to determine which is the latest version for each release family.$$$$$$Critical patch updates; which contain security vulnerability fixes; are announced one year in advance on Critical Patch Updates; Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.24) be used after the next critical patch update scheduled for October 15; 2024.$$$$$$Java Management Service; available to all users; can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.$$$$$$ $$$$$$New Features$$$security-libs/java.security$$$? New Security Category for -XshowSettings Launcher Option (JDK-8281658)$$$The -XshowSettings launcher has a new security category. Settings from security properties; security providers and TLS related settings are displayed with this option. A security sub-category can be passed as an argument to the security category option. See the output from java -X:$$$$$$ -XshowSettings:security$$$$$$ show all security settings and continue$$$ -XshowSettings:security:*sub-category*$$$ show settings for the specified security sub-category and continue. Possible *sub-category* arguments for this option include:$$$ all: show all security settings and continue$$$ properties: show security properties and continue$$$ providers: show static security provider settings and continue$$$ tls: show TLS related security settings and continue$$$Third party security provider details will be reported if they are included in the application class path or module path and such providers are configured in the java.security file.$$$$$$ $$$$$$Removed Features and Options$$$install/install$$$? Remove Obsolete Desktop Integration from Linux Installers (JDK-8322234 (not public))$$$Delete nonfunctional desktop integration functionality from Linux installers. The installers will stop depositing files in /usr/share/icons; /usr/share/mime; and /usr/share/applications subtrees.$$$$$$ $$$$$$Other Notes$$$security-libs/java.security$$$? Added GlobalSign R46 and E46 Root CA Certificates (JDK-8316138)$$$The following root certificates have been added to the cacerts truststore:$$$$$$+ GlobalSign$$$$$$ + globalsignr46$$$ DN: CN=GlobalSign Root R46; O=GlobalSign nv-sa; C=BE$$$$$$+ GlobalSign$$$ + globalsigne46$$$ DN: CN=GlobalSign Root E46; O=GlobalSign nv-sa; C=BE$$$security-libs/javax.net.ssl$$$? Disabled DTLS 1.0 (JDK-8256660)$$$DTLS 1.0 has been disabled by default; by adding DTLSv1.0 to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. Any attempts to use DTLSv1.0 will fail with an SSLHandshakeException. Users can; at their own risk; re-enable the version by removing

Java™ SE Development Kit 11.0.23 (JDK 11.0.23)$$$Release date: April 16; 2024$$$$$$The full version string for this update release is 11.0.23+7 (where + means build). The version number is 11.0.23.$$$$$$ $$$$$$IANA TZ Data 2024a$$$JDK 11.0.23 contains IANA time zone data 2024a which contains the following changes:$$$$$$Ittoqqortoormiit; Greenland changes time zones on 2024-03-31.$$$Vostok; Antarctica changed time zones on 2023-12-18.$$$Casey; Antarctica changed time zones five times since 2020.$$$Code and data fixes for Palestine timestamps starting in 2072.$$$A new data file zonenow.tab for timestamps starting now.$$$Kazakhstan unifies on UTC+5 beginning 2024-03-01.$$$Palestine springs forward a week later after Ramadan.$$$zic no longer pretends to support indefinite-past DST.$$$localtime no longer mishandles Ciudad Juárez in 2422.

Java™ SE Development Kit 11.0.22 (JDK 11.0.22)$$$January 16; 2024$$$$$$The full version string for this update release is 11.0.22+9 (where + means build). The version number is 11.0.22.$$$$$$ $$$$$$IANA TZ Data 2023c$$$For more information; refer to Timezone Data Versions in the Java Runtime.$$$$$$ $$$$$$ $$$$$$IANA TZ Data 2023c$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.21 are specified in the following table:$$$$$$JRE Family VersiontJRE Security Baseline (Full Version String)$$$11t11.0.21+9$$$8t8u391-b13$$$

Java™ SE Development Kit 11.0.21 (JDK 11.0.21)$$$October 17; 2023$$$$$$The full version string for this update release is 11.0.21+9 (where + means build). The version number is 11.0.21.$$$$$$ $$$$$$IANA TZ Data 2023c$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.21 are specified in the following table:$$$$$$JRE Family VersiontJRE Security Baseline (Full Version String)$$$11t11.0.21+9$$$8t8u391-b13$$$

Java™ SE Development Kit 11.0.20 (JDK 11.0.20)$$$July 18; 2023$$$$$$The full version string for this update release is 11.0.20+9 (where + means build). The version number is 11.0.20.$$$$$$ $$$$$$IANA TZ Data 2023c$$$JDK 11.0.20 contains IANA time zone data 2023c which contains the following changes:$$$$$$Egypt now uses DST again; from April through October.$$$This year Morocco springs forward April 23; not April 30.$$$Palestine delays the start of DST this year.$$$Much of Greenland still uses DST from 2024 on.$$$America/Yellowknife now links to America/Edmonton.$$$tzselect can now use current time to help infer timezone.$$$The code now defaults to C99 or later.$$$Fix use of C23 attributes.$$$This releases code and data are identical to 2023a.$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.20 are specified in the following table:$$$$$$JRE Family VersiontJRE Security Baseline (Full Version String)$$$11t11.0.20+9$$$8t8u381-b09$$$

Java™ SE Development Kit 11.0.19 (JDK 11.0.19)$$$April 18; 2023$$$$$$The full version string for this update release is 11.0.19+9 (where + means build). The version number is 11.0.19.$$$$$$ $$$$$$IANA TZ Data 2022g$$$JDK 11.0.19 contains IANA time zone data 2022g which contains the following changes:$$$$$$The northern edge of Chihuahua changes to US timekeeping.$$$Much of Greenland stops changing clocks after March 2023.$$$Fix some pre-1996 timestamps in northern Canada.$$$C89 is now deprecated; please use C99 or later.$$$Portability fixes for AIX; libintl; MS-Windows; musl; z/OS.$$$In C code; use more C23 features if available.$$$C23 timegm now supported by default.$$$Fixes for unlikely integer overflows.

Java™ SE Development Kit 11.0.18 (JDK 11.0.18)$$$January 17; 2023$$$$$$The full version string for this update release is 11.0.18+9 (where + means build). The version number is 11.0.18.$$$$$$ $$$$$$IANA TZ Data 2022d; 2022e; 2022f$$$JDK 11.0.18 contains IANA time zone data 2022d; 2022e; 2022f.$$$Palestine transitions are now Saturdays at 02:00.$$$Simplify three Ukraine zones into one.$$$Jordan and Syria switch from +02/+03 with DST to year-round +03.$$$Mexico will no longer observe DST except near the US border.$$$Chihuahua moves to year-round -06 on 2022-10-30.$$$Fiji no longer observes DST.$$$Move links to backward.$$$In vanguard form; GMT is now a Zone and Etc/GMT a link.$$$zic now supports links to links; and vanguard form uses this.$$$Simplify four Ontario zones.$$$Fix a Y2438 bug when reading TZif data.$$$Enable 64-bit time_t on 32-bit glibc platforms.$$$Omit large-file support when no longer needed.$$$In C code; use some C23 features if available.$$$Remove no-longer-needed workaround for Qt bug 53071.$$$For more information; refer to Timezone Data Versions in the JRE Software.$$$ $$$$$$Security Baselines$$$The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.18 are specified in the following table:$$$$$$For more details refer - https://www.oracle.com/java/technologies/javase/11-0-18-relnotes.html#R11_0_18

New Features$$$security-libs/java.security$$$? Upgrade the Default PKCS12 MAC Algorithm (JDK-8267880)$$$The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.$$$$$$The new SHA-256 based MAC algorithms were introduced in the 11.0.12; 8u301; and 7u311 JDK versions. Keystores created using this newer; stronger; MAC algorithm cannot be opened in JDK versions earlier than 11.0.12; 8u301; and 7u311. A java.security.NoSuchAlgorithmException exception will be thrown in such circumstances.$$$$$$For compatibility; use the keystore.pkcs12.legacy system property; which will revert the algorithms to use the older; weaker algorithms. There is no value defined for this property.$$$$$$core-libs/java.io:serialization

New Features$$$security-libs/java.security$$$? Upgrade the Default PKCS12 MAC Algorithm (JDK-8267880)$$$The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.$$$$$$The new SHA-256 based MAC algorithms were introduced in the 11.0.12; 8u301; and 7u311 JDK versions. Keystores created using this newer; stronger; MAC algorithm cannot be opened in JDK versions earlier than 11.0.12; 8u301; and 7u311. A java.security.NoSuchAlgorithmException exception will be thrown in such circumstances.$$$$$$For compatibility; use the keystore.pkcs12.legacy system property; which will revert the algorithms to use the older; weaker algorithms. There is no value defined for this property.$$$$$$core-libs/java.io:serialization