The following sections summarize changes made in all Java SE 11.0.16.1 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
BugId | Category | Subcategory | Description |
---|---|---|---|
JDK-8239785 | hotspot | runtime | Cgroups: Incorrect detection logic on old systems in hotspot |
August 18, 2022
The full version string for this update release is 11.0.16.1+1 (where "+" means "build"). The version number is 11.0.16.1.
The security baselines are unchanged from the release of JDK 11.0.16.
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
11 | 11.0.16+11 |
8 | 8u341-b10 |
7 | 7u351-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.16.1) be used after the next critical patch update scheduled for October 18, 2022.
Oracle recommends that all JDK 11 users, even those that have already updated to 11.0.16, uptake the 11.0.16.1 patch release.
Fixes a regression in the C2 JIT compiler which caused the Java Runtime to crash unpredictably.
July 19, 2022
The full version string for this update release is 11.0.16+11 (where "+" means "build"). The version number is 11.0.16.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.16 are specified in the following table:
JRE Family Version | JRE Security Baseline (Full Version String) |
---|---|
11 | 11.0.16+11 |
8 | 8u341-b10 |
7 | 7u351-b07 |
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.16) be used after the next critical patch update scheduled for October 18, 2022.
Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security which can mitigate certain kinds of socially engineered, man in the middle (MITM) attacks. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property jdk.https.negotiate.cbt
which is described fully on the Networking Properties page.
The java.net.InetAddress
class has been updated to strictly accept IPv4 address literals in decimal quad notation. The InetAddress
class methods are updated to throw an java.net.UnknownHostException
for invalid IPv4 address literals. To disable this check, the new "jdk.net.allowAmbiguousIPAddressLiterals" system property can be set to "true".
On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like ".exe", ".rpm", ".deb". If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
java.util.Vector
is updated to correctly report ClassNotFoundException
that occurs during deserialization using java.io.ObjectInputStream.GetField.get(name, object)
when the class of an element of the Vector is not found. Without this fix, a StreamCorruptedException
is thrown that does not provide information about the missing class.
DeflaterOutputStream.close()
and GZIPOutputStream.finish()
methods have been modified to close out the associated default JDK compressor before propagating a Throwable up the stack. ZIPOutputStream.closeEntry()
method has been modified to close out the associated default JDK compressor before propagating an IOException, not of type ZipException, up the stack.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 11.0.16:
# | JBS | Component | Subcomponent | Summary |
---|---|---|---|---|
1 | JDK-8221741 | client-libs | 2d | ClassCastException can happen when fontconfig.properties is used |
2 | JDK-8262470 | client-libs | 2d | Printed GlyphVector outline with low DPI has bad quality on Windows |
3 | JDK-8251558 | client-libs | demo | J2DBench should support shaped and translucent windows |
4 | JDK-8274751 | client-libs | java.awt | Drag And Drop hangs on Windows |
5 | JDK-8133713 | client-libs | javax.accessibility | [macosx] Accessible JTables always reported as empty |
6 | JDK-8277922 | client-libs | javax.accessibility | Unable to click JCheckBox in JTable through Java Access Bridge |
7 | JDK-7124301 | client-libs | javax.accessibility | [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements. |
8 | JDK-7124298 | client-libs | javax.accessibility | [macosx] Nothing heard from VoiceOver when tabbing between a nested tab group and a parent tab group |
9 | JDK-7124293 | client-libs | javax.accessibility | [macosx] VoiceOver reads percentages rather than the actual values for sliders. |
10 | JDK-8274735 | client-libs | javax.imageio | javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image |
11 | JDK-8212904 | client-libs | javax.swing | JTextArea line wrapping incorrect when using UI scale |
12 | JDK-8277093 | core-libs | java.io:serialization | Vector should throw ClassNotFoundException for a missing class of an element |
13 | JDK-8267256 | core-libs | java.net | Extend minimal retry for loopback connections on Windows to PlainSocketImpl |
14 | JDK-8250521 | core-libs | java.net | Configure initial RTO to use minimal retry for loopback connections on Windows |
15 | JDK-8255264 | core-libs | java.net | Support for identifying the full range of IPv4 localhost addresses on Windows |
16 | JDK-8279842 | core-libs | java.net | HTTPS Channel Binding support for Java GSS/Kerberos |
17 | JDK-8282293 | core-libs | java.net | Domain value for system property jdk.https.negotiate.cbt should be case-insensitive |
18 | JDK-8258795 | core-libs | java.util:i18n | Update IANA Language Subtag Registry to Version 2021-05-11 |
19 | JDK-8277368 | core-libs | javax.script | Metaspace OOM thrown due to the leak of Nashorn ScriptEngine |
20 | JDK-8279219 | hotspot | compiler | [REDO] C2 crash when allocating array of size too large |
21 | JDK-8234930 | hotspot | compiler | Use MAP_JIT when allocating pages for code cache on macOS |
22 | JDK-8224648 | hotspot | compiler | assert(!exceeding_node_budget()) failed: Too many NODES required! failure with ctw |
23 | JDK-8225475 | hotspot | compiler | Node budget asserts on x86_32/64 |
24 | JDK-8223143 | hotspot | compiler | Restructure/clean-up for 'loopexit_or_null()'. |
25 | JDK-8223363 | hotspot | compiler | Bad node estimate assertion failure |
26 | JDK-8263403 | hotspot | compiler | [JVMCI] output written to tty via HotSpotJVMCIRuntime can be garbled |
27 | JDK-8283451 | hotspot | compiler | C2: assert(_base == Long) failed: Not a Long |
28 | JDK-8282312 | hotspot | compiler | Minor corrections to evbroadcasti32x4 intrinsic on x86 |
29 | JDK-8254887 | hotspot | compiler | C2: assert(cl->trip_count() > 0) failed: peeling a fully unrolled loop |
30 | JDK-8253816 | hotspot | compiler | Support macOS W^X |
31 | JDK-8253795 | hotspot | compiler | Implementation of JEP 391: macOS/AArch64 Port |
32 | JDK-8214004 | hotspot | compiler | Missing space between compiler thread name and task info in hs_err |
33 | JDK-8216137 | hotspot | compiler | assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit |
34 | JDK-8234605 | hotspot | compiler | C2 failed "assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 208 >> request = 101" |
35 | JDK-8283641 | hotspot | compiler | Large value for CompileThresholdScaling causes assert |
36 | JDK-8283408 | hotspot | compiler | Fix a C2 crash when filling arrays with unsafe |
37 | JDK-8280867 | hotspot | compiler | Cpuid1Ecx feature parsing is incorrect for AMD CPUs |
38 | JDK-8279837 | hotspot | compiler | C2: assert(is_Loop()) failed: invalid node class: Region |
39 | JDK-8279668 | hotspot | compiler | x86: AVX2 versions of vpxor should be asserted |
40 | JDK-8275330 | hotspot | compiler | C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions |
41 | JDK-8275337 | hotspot | compiler | C1: assert(false) failed: live_in set of first block must be empty |
42 | JDK-8280526 | hotspot | compiler | x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1} |
43 | JDK-8279356 | hotspot | compiler | Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist! |
44 | JDK-8262011 | hotspot | compiler | [JVMCI] allow printing to tty from unattached libgraal thread |
45 | JDK-8265480 | hotspot | compiler | add basic JVMCI support for JEP 309: Dynamic Class-File Constants |
46 | JDK-8262323 | hotspot | compiler | do not special case JVMCI in tiered compilation policy |
47 | JDK-8258715 | hotspot | compiler | [JVMCI] separate JVMCI code install timers for CompileBroker and hosted compilations |
48 | JDK-8240335 | hotspot | compiler | C2: assert(found_sfpt) failed: no node in loop that's not input to safepoint |
49 | JDK-8219520 | hotspot | compiler | assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit |
50 | JDK-8282231 | hotspot | compiler | x86-32: runtime call to SharedRuntime::ldiv corrupts registers |
51 | JDK-8284633 | hotspot | runtime | CompressedClassPointers.java fails on macos-aarch64 |
52 | JDK-8230305 | hotspot | runtime | Cgroups v2: Container awareness |
53 | JDK-8282589 | hotspot | runtime | runtime/ErrorHandling/ErrorHandler.java fails on MacOS aarch64 in jdk 11 |
54 | JDK-8253727 | hotspot | runtime | [cgroups v2] Memory and swap limits reported incorrectly |
55 | JDK-8253714 | hotspot | runtime | [cgroups v2] Soft memory limit incorrectly using memory.high |
56 | JDK-8208697 | hotspot | runtime | vmTestbase/metaspace/stressHierarchy/stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace |
57 | JDK-8253817 | hotspot | runtime | Support macOS Aarch64 ABI in Interpreter |
58 | JDK-8281275 | hotspot | runtime | Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths |
59 | JDK-8214275 | hotspot | runtime | CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type" |
60 | JDK-8218751 | hotspot | runtime | Do not store original classfiles inside the CDS archive |
61 | JDK-8281517 | install | install | Improve the error message shown when a user tries to install the aarch64 bundle on an intel mac |
62 | JDK-8278851 | security-libs | java.security | Correct signer logic for jars signed with multiple digest algorithms |
63 | JDK-8255266 | security-libs | java.security | Update Public Suffix List to 3c213aa |
64 | JDK-8268427 | security-libs | java.security | Improve AlgorithmConstraints:checkAlgorithm performance |
65 | JDK-8274524 | security-libs | javax.net.ssl | SSLSocket.close() hangs if it is called during the ssl handshake |
66 | JDK-8270317 | security-libs | javax.net.ssl | Large Allocation in CipherSuite |
67 | JDK-8275082 | security-libs | javax.xml.crypto | Update XML Security for Java to 2.3.0 |
68 | JDK-8279520 | security-libs | org.ietf.jgss | SPNEGO has not passed channel binding info into the underlying mechanism |
69 | JDK-8214026 | tools | javac | Canonicalized archive paths appearing in diagnostics |
70 | JDK-8236210 | tools | javac | javac generates wrong annotation for fields generated from record components |
71 | JDK-8261205 | tools | javac | AssertionError: Cannot add metadata to an intersection type |
72 | JDK-8210649 | tools | javac | AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter(Modules.java:244) |
73 | JDK-8225559 | tools | javac | assertion error at TransTypes.visitApply |
74 | JDK-8166727 | tools | jlink | javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28 |