JDK 11.0.14 Release Notes

Java Development Kit 11 Release Notes

Java™ SE Development Kit 11.0.14 (JDK 11.0.14)

January 18, 2022

The full version string for this update release is 11.0.14+8 (where "+" means "build"). The version number is 11.0.14.


IANA TZ Data 2021b, 2021c, 2021d, 2021e

JDK 11.0.14 contains IANA time zone data 2021b, 2021c, 2021d, 2021e.
  • Jordan now starts DST on February's last Thursday.
  • Samoa no longer observes DST.
  • Merge more location-based Zones whose timestamps agree since 1970.
  • Move some backward-compatibility links to 'backward'.
  • Rename Pacific/Enderbury to Pacific/Kanton.
  • Correct many pre-1993 transitions in Malawi, Portugal, etc.
  • zic now creates each output file or link atomically.
  • zic -L no longer omits the POSIX TZ string in its output.
  • zic fixes for truncation and leap second table expiration.
  • zic now follows POSIX for TZ strings using all-year DST.
  • Fix some localtime crashes and bugs in obscure cases.
  • zdump -v now outputs more-useful boundary cases.
  • tzfile.5 better matches a draft successor to RFC 8536.
  • A new file SECURITY.
  • Revert most 2021b changes to 'backward'.
  • Fix 'zic -b fat' bug in pre-1970 32-bit data.
  • Fix two Link line typos.
  • Distribute SECURITY file.

This release is intended as a bugfix release, to fix compatibility problems and typos reported since 2021b was released.

  • Fiji suspends DST for the 2021/2022 season.
  • 'zic -r' marks unspecified timestamps with "-00".
  • Palestine will fall back 10-29 (not 10-30) at 01:00.
For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.14 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
11 11.0.14+8
8 8u321-b07
7 7u331-b06

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.14) be used after the next critical patch update scheduled for April 19, 2022.


New Features

 New SunPKCS11 Configuration Properties

SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy the underlying PKCS11 Token after logout.

The 3 new attributes for SunPKCS11 provider configuration file are:

  1. destroyTokenAfterLogout (boolean, defaults to false)

    If set to true, when java.security.AuthProvider.logout() is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that a PKCS11 provider with this attribute set to true should not be added to the system provider list since the provider object is not usable after a logout() method call.

  2. cleaner.shortInterval (integer, defaults to 2000, in milliseconds)

    This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).

  3. cleaner.longInterval (integer, defaults to 60000, in milliseconds)

    This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.

See JDK-8240256

 Configurable Extensions With System Properties

Two new system properties have been added. The system property, jdk.tls.client.disableExtensions, is used to disable TLS extensions used in the client. The system property, jdk.tls.server.disableExtensions, is used to disable TLS extensions used in the server. If an extension is disabled, it will be neither produced nor processed in the handshake messages.

The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.

Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.

See JDK-8217633


Removed Features and Options

 Removed Google's GlobalSign Root Certificate

The following root certificate from Google has been removed from the cacerts keystore:

+ alias name "globalsignr2ca [jdk]"

  Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

See JDK-8225083


Other Notes

 Zip File System Provider Throws ZipException When Entry Name Element Contains "." or ".."

The ZIP file system provider has been changed to reject existing ZIP files that contain entries with "." or ".." in name elements. ZIP files with these entries cannot be used as a file system. Invoking the java.nio.file.FileSystems.newFileSystem(...) methods throw ZipException if the ZIP file contains these entries.

See JDK-8251329

 Update Timezone Data to 2021c

IANA Time Zone Database, on which JDK's Date/Time libraries are based, has made a tweak to some time zone rules since 2021c. Note that since this update, some of the time zone rules prior to the year 1970 have been modified according to the changes which were introduced with 2021b. For more detail, refer to the announcement of 2021b

See JDK-8274407

 LDAP Channel Binding Support for Java GSS/Kerberos

A new JNDI environment property “com.sun.jndi.ldap.tls.cbtype” has been added to enable TLS Channel Binding data in LDAP authentication over SSL/TLS protocol to the Windows AD server. A possible value is “tls-server-end-point” - Channel Binding data is created on the base of the TLS server certificate. See the module description of the java.naming module.

See JDK-8245527

 SocketExceptions Are Not Wrapped Into SSLExceptions in SSLSocketImpl

This release reverts the behavior of SSLSocketImpl and SSLTransport introduced by JDK-8196584. SocketException will now be thrown as is instead of being suppressed into an SSLException.

See JDK-8259662

 OperatingSystemMXBean.getProcessCpuLoad Is Now Container Aware

For JVMs running in a container, OperatingSystemMXBean.getProcessCpuLoad now considers only the CPU resources available to the container when calculating CPU load. Prior to this change, the calculation included all CPUs on a host. After this change, management agents may report higher CPU usage by JVMs in containers that are constrained to a limited set of CPUs.

See JDK-8269851


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 11.0.14:

# BugId Component Subcomponent Summary
1 JDK-8249548 client-libs backward focus traversal gets stuck in button group
2 JDK-8273436 client-libs Backport JDK-8273426 caused build failure due to missing "All rights reserved."
3 JDK-8211999 client-libs java.awt Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI)
4 JDK-8272806 client-libs java.awt [macOS] "Apple AWT Internal Exception" when input method is changed
5 JDK-6722236 client-libs java.awt 3 Choice regression testcases are failing from 6u10_b26 build onwards
6 JDK-8015886 client-libs java.awt java/awt/Focus/DeiconifiedFrameLoosesFocus/DeiconifiedFrameLoosesFocus.java sometimes failed on ubuntu
7 JDK-8257242 client-libs java.awt [macOS] Java app crashes while switching input methods
8 JDK-8274326 client-libs javax.accessibility [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
9 JDK-8274056 client-libs javax.accessibility JavaAccessibilityUtilities leaks JNI objects
10 JDK-8274381 client-libs javax.accessibility missing CAccessibility definitions in JNI code
11 JDK-8208747 client-libs javax.accessibility [a11y] [macos] In Optionpane Demo, inside ComponentDialog Example, unable to navigate to all items, with VO on
12 JDK-8270893 client-libs javax.imageio IndexOutOfBoundsException while reading large TIFF file
13 JDK-8239334 client-libs javax.swing Tab Size does not work correctly in JTextArea with setLineWrap on
14 JDK-8269951 client-libs javax.swing [macos] Focus not painted in JButton when setBorderPainted(false) is invoked
15 JDK-8259237 client-libs javax.swing Demo selection changes with left/right arrow key. No need to press space for selection.
16 JDK-8269850 core-libs Most JDK releases report macOS version 12 as 10.16 instead of 12.0
17 JDK-8231717 core-libs java.lang Improve performance of charset decoding when charset is always compactable
18 JDK-8274779 core-libs java.net HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
19 JDK-8276536 core-libs java.time Update TimeZoneNames files to follow the changes made by JDK-8275766
20 JDK-8273924 core-libs java.util:i18n ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
21 JDK-8187649 core-libs java.util:i18n ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
22 JDK-8245527 core-libs javax.naming LDAP Channel Binding support for Java GSS/Kerberos
23 JDK-8195703 core-svc debugger BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2'
24 JDK-8247469 core-svc javax.management getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
25 JDK-8235211 core-svc tools serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
26 JDK-8270886 hotspot compiler Crash in PhaseIdealLoop::verify_strip_mined_scheduling
27 JDK-8210392 hotspot compiler assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
28 JDK-8223137 hotspot compiler Rename predicate 'do_unroll_only()' to 'is_unroll_only()'.
29 JDK-8223139 hotspot compiler Rename mandatory policy-do routines.
30 JDK-8223923 hotspot compiler C2: Missing interference with mismatched unsafe accesses
31 JDK-8223140 hotspot compiler Clean-up in 'ok_to_convert()'
32 JDK-8272570 hotspot compiler C2: crash in PhaseCFG::global_code_motion
33 JDK-8267652 hotspot compiler c2 loop unrolling by 8 results in reading memory past array
34 JDK-8263303 hotspot compiler C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
35 JDK-8268019 hotspot compiler C2: assert(no_dead_loop) failed: dead loop detected
36 JDK-8268672 hotspot compiler C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only
37 JDK-8252049 hotspot compiler Native memory leak in ciMethodData ctor
38 JDK-8231501 hotspot compiler VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*): fatal error: unexpected tag 99
39 JDK-8223138 hotspot compiler Small clean-up in loop-tree support.
40 JDK-8271341 hotspot compiler Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
41 JDK-8271340 hotspot compiler Crash PhaseIdealLoop::clone_outer_loop
42 JDK-8271459 hotspot compiler C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
43 JDK-8257919 hotspot compiler [JVMCI] profiling info didn't change after reprofile
44 JDK-8263776 hotspot compiler [JVMCI] add helper to perform Java upcalls
45 JDK-8272131 hotspot compiler PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
46 JDK-8268261 hotspot compiler C2: assert(n != __null) failed: Bad immediate dominator info.
47 JDK-8272574 hotspot compiler C2: assert(false) failed: Bad graph detected in build_loop_late
48 JDK-8215889 hotspot gc assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC
49 JDK-8221584 hotspot jvmti SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
50 JDK-8217348 hotspot jvmti assert(thread->is_Java_thread()) failed: just checking
51 JDK-8236177 hotspot runtime assert(status == 0) failed: error ETIMEDOUT(60), cond_wait
52 JDK-8218483 hotspot runtime Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5"
53 JDK-8222446 hotspot runtime assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ
54 JDK-8273229 hotspot runtime Update OS detection code to recognize Windows Server 2022
55 JDK-8274840 hotspot runtime Update OS detection code to recognize Windows 11
56 JDK-8273342 hotspot runtime Null pointer dereference in classFileParser.cpp:2817
57 JDK-8269668 hotspot runtime [aarch64] java.library.path not including /usr/lib64
58 JDK-8230674 hotspot runtime Heap dumps should exclude dormant CDS archived objects of unloaded classes
59 JDK-8272124 hotspot runtime Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
60 JDK-8269934 hotspot runtime RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
61 JDK-8181313 hotspot svc-agent SA: Remove libthread_db dependency on Linux
62 JDK-8225083 security-libs java.security Remove Google certificate that is expiring in December 2021
63 JDK-8273826 security-libs java.security Correct Manifest file name and NPE checks
64 JDK-8277224 security-libs java.security sun.security.pkcs.PKCS9Attributes.toString() throws NPE
65 JDK-8269034 security-libs javax.crypto:pkcs11 AccessControlException for SunPKCS11 daemon threads
66 JDK-8240256 security-libs javax.crypto:pkcs11 Better resource cleaning for SunPKCS11 Provider
67 JDK-8270344 security-libs javax.net.ssl Session resumption errors
68 JDK-8217633 security-libs javax.net.ssl Configurable extensions with system properties
69 JDK-8268965 security-libs javax.net.ssl TCP Connection Reset when connecting simple socket to SSL server
70 JDK-8211148 tools javac var in implicit lambdas shouldn't be accepted for source < 11
71 JDK-8267459 tools jshell Pasting Unicode characters into JShell does not work.