Liberica JDK 11.0.27+9: Release Notes$$$Published: April 15; 2025$$$$$$1. Version information$$$This document provides information about Liberica JDK 11.0.27 release.$$$$$$The full version string for this update release is 11.0.27+9. The version number is 11.$$$Liberica JDK 11 is distributed as .apk; .rpm; .zip; .deb; and .tar.gz packages. Please select the most appropriate for your purposes.$$$$$$2. What’s New$$$This release contains the following updates and new features.$$$Notable Changes$$$This is the list of the notable issues fixed in this release$$$Issue IDt$$$JDK-8273914$$$Summary: Indy string concat changes order of operations$$$Description: String concatenation has been changed to evaluate each argument and eagerly convert it to a string; in left-to-right order. This fixes a bug in the invokedynamic-based string concatenation strategies introduced in [JEP 280](http://openjdk.java.net/jeps/280).$$$$$$JDK-8335912$$$Summary: Add an operation mode to the jar command when extracting to not overwriting existing files$$$Description: The jar tool’s extract operation has been enhanced to allow the --keep-old-files and the -k options to be used in preventing the overwriting of existing files. Examples: jar xkf foo.jar or jar --extract --keep-old-files --file foo.jar. Either of these commands will extract the contents of foo.jar. If an entry with the same name already exists in the target directory; then the existing file will not be overwritten.$$$$$$JDK-8346587$$$Summary: Distrust TLS server certificates anchored by Camerfirma Root CAs$$$Description: The JDK will stop trusting TLS server certificates issued after April 15; 2025 and anchored by Camerfirma root certificates; in line with similar plans announced by Google; Mozilla; Apple; and Microsoft. TLS server certificates issued on or before April 15; 2025 will continue to be trusted until they expire. Certificates issued after that date; and anchored by any of the Certificate Authorities in the table below; will be rejected. The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after April 15; 2025.$$$$$$JDK-8347965$$$Summary: Update Timezone Data to 2025a$$$Description: Update Timezone Data to 2025a in which Paraguay adopts permanent -03 starting spring 2024; Improve pre-1991 data for the Philippines; Etc/Unknown is now reserved.$$$$$$Graal support in Liberica JDK 11$$$Liberica JDK continues to provide support for AOT and Graal JIT. Since in OpenJDK 11 builds these features are deemed experimental and deprecated; it is recommended to compile native executables with Liberica Native Image Kit to avoid errors.$$$IANA TZ Data update$$$This release of Liberica JDK 11.0.27 upgrades the in-tree copy of the IANA timezone database to 2025a. This timezone update is primarily concerned with the following:$$$Paraguay adopts permanent -03 starting spring 2024.$$$Improve pre-1991 data for the Philippines.$$$Etc/Unknown is now reserved.$$$For more information; see JDK-8347965.$$$$$$3. Known Issues$$$This release does not contain any known issues.$$$$$$4. Fixed CVEs$$$This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.$$$$$$CVE IDtCVSS scoretComponenttModuletAttack VectortComplexitytPrivilegestUser InteractiontScopetConfidentialitytIntegritytAvailability$$$CVE-2024-47606 7.5 javafx media network high none required unchanged high high high$$$CVE-2024-54534 7.5 javafx web network high none required unchanged high high high$$$CVE-2025-21587 7.4 security-libsjavax.net.ssl network high none none unchanged high high none$$$CVE-2025-30691 4.8 hotspotcompiler network high none none unchanged low low none$$$CVE-2025-30698 5.6 client-libs2d