Liberica JDK 11.0.30+9: Release Notes$$$Published: January 20; 2026$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.30 release. The full version string for this update release is 11.0.30+9. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$Notable Changes$$$This is the list of the notable issues fixed in this release.$$$Issue IDt$$$JDK-8245545$$$Summary: Disabled TLS_RSA cipher suites$$$$$$Description: The TLS_RSA cipher suites have been disabled by default; by adding TLS_RSA_* to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. The TLS_RSA cipher suites do not preserve forward-secrecy and are not commonly used. Some TLS_RSA cipher suites are already disabled because they use DES; 3DES; RC4; or NULL; which are disabled. This action disables all remaining TLS_RSA cipher suites. Any attempts to use cipher suites starting with TLS_RSA_ will fail with an SSLHandshakeException. Users can; at their own risk; re-enable these cipher suites by removing TLS_RSA_* from the jdk.tls.disabledAlgorithms security property. The following previously enabled cipher suites are now disabled: TLS_RSA_WITH_AES_256_GCM_SHA384; TLS_RSA_WITH_AES_128_GCM_SHA256; TLS_RSA_WITH_AES_256_CBC_SHA256; TLS_RSA_WITH_AES_128_CBC_SHA256; TLS_RSA_WITH_AES_256_CBC_SHA; TLS_RSA_WITH_AES_128_CBC_SHA.$$$$$$JDK-8313083$$$$$$Summary: Print rss and cache As Part of the Container Information$$$Description: The HotSpot runtime code has been updated to additionally print a container’s rss and cache. The additional output can be found in the JVM’s response to a jcmd [PID] VM.info request and in the hs_err file generated in case of JVM abrupt termination. This will help monitoring and troubleshooting OutOfMemory situations as OOM killer can terminate a process if its rss + cache usage reaches the max memory limit of the container.$$$$$$JDK-8337506$$$$$$Summary: Disabled best-fit Mapping on Windows Command Line$$$$$$Description: Command line arguments to the Java launcher are no longer converted with Windows best-fit mapping when the arguments include unmappable characters for the ANSI code page. This mapping has been intervening in the Java launcher’s argument parsing. Unmappable characters are now replaced with the default replacement character; such as ? in some cases. For rare cases; where applications need those unmappable characters on the command line; select UTF-8 in Windows Regional Settings.$$$$$$JDK-8341964$$$$$$Summary: Added a mechanism to Disable TLS Cipher Suites by Pattern Matching$$$$$$Description: TLS cipher suites can be disabled with the jdk.tls.disabledAlgorithms security property in the java.security configuration file using one or more wildcard characters. For example; TLS_RSA_ disables all cipher suites that start with TLS_RSA_. Only cipher suites starting with TLS_ are allowed to have wildcard characters. $$$For more; Refer -https://docs.bell-sw.com/liberica-jdk/11.0.30b9/general/release-notes/

Liberica JDK 11.0.29+12: Release Notes$$$Published: November 20; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.29 release. This is a cumulative release of Liberica JDK that includes all fixed bugs and CVEs from Liberica JDK 11.0.29+10. For the list of updates; see What’s New.$$$$$$The full version string for this update release is 11.0.29+12. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$$$$CDS update$$$CDS archives (classes*.jsa files) were missing in Linux AArch64 builds in the previous version of Liberica JDK. Linux AArch64 builds in Liberica JDK 11.0.29+12 now contain CDS archives. This update affects JDK versions 11; 17; and 21.

Liberica JDK 11.0.29+12: Release Notes$$$Published: November 20; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.29 release. This is a cumulative release of Liberica JDK that includes all fixed bugs and CVEs from Liberica JDK 11.0.29+10. For the list of updates; see What’s New.$$$$$$The full version string for this update release is 11.0.29+12. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$$$$CDS update$$$CDS archives (classes*.jsa files) were missing in Linux AArch64 builds in the previous version of Liberica JDK. Linux AArch64 builds in Liberica JDK 11.0.29+12 now contain CDS archives. This update affects JDK versions 11; 17; and 21.

Liberica JDK 11.0.29+12: Release Notes$$$Published: November 20; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.29 release. This is a cumulative release of Liberica JDK that includes all fixed bugs and CVEs from Liberica JDK 11.0.29+10. For the list of updates; see What’s New.$$$$$$The full version string for this update release is 11.0.29+12. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$$$$CDS update$$$CDS archives (classes*.jsa files) were missing in Linux AArch64 builds in the previous version of Liberica JDK. Linux AArch64 builds in Liberica JDK 11.0.29+12 now contain CDS archives. This update affects JDK versions 11; 17; and 21.

1. Version information$$$This document provides information about Liberica JDK 11.0.29 release.$$$$$$The full version string for this update release is 11.0.29+10. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$$$$Notable Changes$$$This is the list of the notable issues fixed in this release.$$$$$$Issue IDt$$$JDK-8361212$$$$$$Summary: Removed Four AffirmTrust Root Certificates

1. Version information$$$This document provides information about Liberica JDK 11.0.29 release.$$$$$$The full version string for this update release is 11.0.29+10. The version number is 11.$$$$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; .pkg; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$$$$Notable Changes$$$This is the list of the notable issues fixed in this release.$$$$$$Issue IDt$$$JDK-8361212$$$$$$Summary: Removed Four AffirmTrust Root Certificates

Release notes not updated by vendor

Release notes not updated by vendor

Liberica JDK 11.0.27+9: Release Notes$$$Published: April 15; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.27 release.$$$$$$The full version string for this update release is 11.0.27+9. The version number is 11.$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$Notable Changes$$$This is the list of the notable issues fixed in this release$$$Issue IDt$$$JDK-8273914$$$Summary: Indy string concat changes order of operations$$$Description: String concatenation has been changed to evaluate each argument and eagerly convert it to a string; in left-to-right order. This fixes a bug in the invokedynamic-based string concatenation strategies introduced in [JEP 280](http://openjdk.java.net/jeps/280).$$$$$$JDK-8335912$$$Summary: Add an operation mode to the jar command when extracting to not overwriting existing files$$$Description: The jar tool’s extract operation has been enhanced to allow the --keep-old-files and the -k options to be used in preventing the overwriting of existing files. Examples: jar xkf foo.jar or jar --extract --keep-old-files --file foo.jar. Either of these commands will extract the contents of foo.jar. If an entry with the same name already exists in the target directory; then the existing file will not be overwritten.$$$$$$JDK-8346587$$$Summary: Distrust TLS server certificates anchored by Camerfirma Root CAs$$$Description: The JDK will stop trusting TLS server certificates issued after April 15; 2025 and anchored by Camerfirma root certificates; in line with similar plans announced by Google; Mozilla; Apple; and Microsoft. TLS server certificates issued on or before April 15; 2025 will continue to be trusted until they expire. Certificates issued after that date; and anchored by any of the Certificate Authorities in the table below; will be rejected. The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after April 15; 2025.$$$$$$JDK-8347965$$$Summary: Update Timezone Data to 2025a$$$Description: Update Timezone Data to 2025a in which Paraguay adopts permanent -03 starting spring 2024; Improve pre-1991 data for the Philippines; Etc/Unknown is now reserved.$$$$$$Graal support in Liberica JDK 11$$$Liberica JDK continues to provide support for AOT and Graal JIT. Since in OpenJDK 11 builds these features are deemed experimental and deprecated; it is recommended to compile native executables with Liberica Native Image Kit to avoid errors.$$$IANA TZ Data update$$$This release of Liberica JDK 11.0.27 upgrades the in-tree copy of the IANA timezone database to 2025a. This timezone update is primarily concerned with the following:$$$Paraguay adopts permanent -03 starting spring 2024.$$$Improve pre-1991 data for the Philippines.$$$Etc/Unknown is now reserved.$$$For more information; see JDK-8347965.$$$$$$3. Known Issues$$$This release does not contain any known issues.$$$$$$4. Fixed CVEs$$$This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.$$$$$$CVE IDtCVSS scoretComponenttModuletAttack VectortComplexitytPrivilegestUser InteractiontScopetConfidentialitytIntegritytAvailability$$$CVE-2024-47606 7.5 javafx media network high none required unchanged high high high$$$CVE-2024-54534 7.5 javafx web network high none required unchanged high high high$$$CVE-2025-21587 7.4 security-libsjavax.net.ssl network high none none unchanged high high none$$$CVE-2025-30691 4.8 hotspotcompiler network high none none unchanged low low none$$$CVE-2025-30698 5.6 client-libs2d

Liberica JDK 11.0.27+9: Release Notes$$$Published: April 15; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.27 release.$$$$$$The full version string for this update release is 11.0.27+9. The version number is 11.$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$Notable Changes$$$This is the list of the notable issues fixed in this release$$$Issue IDt$$$JDK-8273914$$$Summary: Indy string concat changes order of operations$$$Description: String concatenation has been changed to evaluate each argument and eagerly convert it to a string; in left-to-right order. This fixes a bug in the invokedynamic-based string concatenation strategies introduced in [JEP 280](http://openjdk.java.net/jeps/280).$$$$$$JDK-8335912$$$Summary: Add an operation mode to the jar command when extracting to not overwriting existing files$$$Description: The jar tool’s extract operation has been enhanced to allow the --keep-old-files and the -k options to be used in preventing the overwriting of existing files. Examples: jar xkf foo.jar or jar --extract --keep-old-files --file foo.jar. Either of these commands will extract the contents of foo.jar. If an entry with the same name already exists in the target directory; then the existing file will not be overwritten.$$$$$$JDK-8346587$$$Summary: Distrust TLS server certificates anchored by Camerfirma Root CAs$$$Description: The JDK will stop trusting TLS server certificates issued after April 15; 2025 and anchored by Camerfirma root certificates; in line with similar plans announced by Google; Mozilla; Apple; and Microsoft. TLS server certificates issued on or before April 15; 2025 will continue to be trusted until they expire. Certificates issued after that date; and anchored by any of the Certificate Authorities in the table below; will be rejected. The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after April 15; 2025.$$$$$$JDK-8347965$$$Summary: Update Timezone Data to 2025a$$$Description: Update Timezone Data to 2025a in which Paraguay adopts permanent -03 starting spring 2024; Improve pre-1991 data for the Philippines; Etc/Unknown is now reserved.$$$$$$Graal support in Liberica JDK 11$$$Liberica JDK continues to provide support for AOT and Graal JIT. Since in OpenJDK 11 builds these features are deemed experimental and deprecated; it is recommended to compile native executables with Liberica Native Image Kit to avoid errors.$$$IANA TZ Data update$$$This release of Liberica JDK 11.0.27 upgrades the in-tree copy of the IANA timezone database to 2025a. This timezone update is primarily concerned with the following:$$$Paraguay adopts permanent -03 starting spring 2024.$$$Improve pre-1991 data for the Philippines.$$$Etc/Unknown is now reserved.$$$For more information; see JDK-8347965.$$$$$$3. Known Issues$$$This release does not contain any known issues.$$$$$$4. Fixed CVEs$$$This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.$$$$$$CVE IDtCVSS scoretComponenttModuletAttack VectortComplexitytPrivilegestUser InteractiontScopetConfidentialitytIntegritytAvailability$$$CVE-2024-47606 7.5 javafx media network high none required unchanged high high high$$$CVE-2024-54534 7.5 javafx web network high none required unchanged high high high$$$CVE-2025-21587 7.4 security-libsjavax.net.ssl network high none none unchanged high high none$$$CVE-2025-30691 4.8 hotspotcompiler network high none none unchanged low low none$$$CVE-2025-30698 5.6 client-libs2d

Liberica JDK 11.0.27+9: Release Notes$$$Published: April 15; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.27 release.$$$$$$The full version string for this update release is 11.0.27+9. The version number is 11.$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$Notable Changes$$$This is the list of the notable issues fixed in this release$$$Issue IDt$$$JDK-8273914$$$Summary: Indy string concat changes order of operations$$$Description: String concatenation has been changed to evaluate each argument and eagerly convert it to a string; in left-to-right order. This fixes a bug in the invokedynamic-based string concatenation strategies introduced in [JEP 280](http://openjdk.java.net/jeps/280).$$$$$$JDK-8335912$$$Summary: Add an operation mode to the jar command when extracting to not overwriting existing files$$$Description: The jar tool’s extract operation has been enhanced to allow the --keep-old-files and the -k options to be used in preventing the overwriting of existing files. Examples: jar xkf foo.jar or jar --extract --keep-old-files --file foo.jar. Either of these commands will extract the contents of foo.jar. If an entry with the same name already exists in the target directory; then the existing file will not be overwritten.$$$$$$JDK-8346587$$$Summary: Distrust TLS server certificates anchored by Camerfirma Root CAs$$$Description: The JDK will stop trusting TLS server certificates issued after April 15; 2025 and anchored by Camerfirma root certificates; in line with similar plans announced by Google; Mozilla; Apple; and Microsoft. TLS server certificates issued on or before April 15; 2025 will continue to be trusted until they expire. Certificates issued after that date; and anchored by any of the Certificate Authorities in the table below; will be rejected. The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after April 15; 2025.$$$$$$JDK-8347965$$$Summary: Update Timezone Data to 2025a$$$Description: Update Timezone Data to 2025a in which Paraguay adopts permanent -03 starting spring 2024; Improve pre-1991 data for the Philippines; Etc/Unknown is now reserved.$$$$$$Graal support in Liberica JDK 11$$$Liberica JDK continues to provide support for AOT and Graal JIT. Since in OpenJDK 11 builds these features are deemed experimental and deprecated; it is recommended to compile native executables with Liberica Native Image Kit to avoid errors.$$$IANA TZ Data update$$$This release of Liberica JDK 11.0.27 upgrades the in-tree copy of the IANA timezone database to 2025a. This timezone update is primarily concerned with the following:$$$Paraguay adopts permanent -03 starting spring 2024.$$$Improve pre-1991 data for the Philippines.$$$Etc/Unknown is now reserved.$$$For more information; see JDK-8347965.$$$$$$3. Known Issues$$$This release does not contain any known issues.$$$$$$4. Fixed CVEs$$$This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.$$$$$$CVE IDtCVSS scoretComponenttModuletAttack VectortComplexitytPrivilegestUser InteractiontScopetConfidentialitytIntegritytAvailability$$$CVE-2024-47606 7.5 javafx media network high none required unchanged high high high$$$CVE-2024-54534 7.5 javafx web network high none required unchanged high high high$$$CVE-2025-21587 7.4 security-libsjavax.net.ssl network high none none unchanged high high none$$$CVE-2025-30691 4.8 hotspotcompiler network high none none unchanged low low none$$$CVE-2025-30698 5.6 client-libs2d