May 2, 2022
The full version string for this update release is 11.0.15.1+2 (where "+" means "build"). The version number is 11.0.15.1.
The security baselines are unchanged from the release of JDK 11.0.15.
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.15+8 |
| 8 | 8u331-b09 |
| 7 | 7u341-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.15.1) be used after the next critical patch update scheduled for July 19, 2022.
The Windows implementation of java.io.File has been changed so that strict validity checks are not performed by default on file paths. This includes allowing colons (‘:’) in the path other than only immediately after a single drive letter. It also allows paths that represent NTFS Alternate Data Streams (ADS), such as “filename:streamname”. This restores the default behavior of java.io.File to what it was prior to the April 2022 CPU in which strict validity checks were not performed by default on file paths on Windows. To re-enable strict path checking in java.io.File, the system property jdk.io.File.enableADS should be set to false (case ignored). This might be preferable, for example, if Windows special device paths such as NUL: are not used.
This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8284920 | xml | javax.xml.path | Incorrect Token type causes XPath expression to return incorrect results |
| JDK-8284548 | xml | jaxp | Invalid XPath expression causes StringIndexOutOfBoundsException |