May 2, 2022
The full version string for this update release is 11.0.15.1+2 (where "+" means "build"). The version number is 11.0.15.1.
The security baselines are unchanged from the release of JDK 11.0.15.
| JRE Family Version | JRE Security Baseline (Full Version String) |
|---|---|
| 11 | 11.0.15+8 |
| 8 | 8u331-b09 |
| 7 | 7u341-b08 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.15.1) be used after the next critical patch update scheduled for July 19, 2022.
The Windows implementation of java.io.File allows access to NTFS Alternate Data Streams (ADS) by default. Such streams have a structure like “filename:streamname”. A system property jdk.io.File.enableADS has been added to control this behavior. To disable ADS support in java.io.File, the system property jdk.io.File.enableADS should be set to false (case ignored). Stricter path checking however prevents the use of special devices such as NUL:
This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
| BugId | Category | Subcategory | Summary |
|---|---|---|---|
| JDK-8284920 | xml | javax.xml.path | Incorrect Token type causes XPath expression to return incorrect results |
| JDK-8284548 | xml | jaxp | Invalid XPath expression causes StringIndexOutOfBoundsException |