JDK 11.0.19 Release Notes

Java SE 11.0.19 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 11.0.19 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

Changes in Java SE

BugId Component Subcomponent Summary
JDK-8308884 hotspot compiler [17u/11u] Backout JDK-8297951

Changes in Java SE

BugId Component Subcomponent Summary
JDK-8306690 (not public) install install Restore missing /usr/java/default symlink on Linux
JDK-8308123 (not public) install install /usr/java/latest symlink is not created during 8u371 jdk rpm install
JDK-8305976 (not public) install install Installation of OL-specific x64 jdk rpms pulls in i686 dependencies
JDK-8305113 core-libs java.time (tz) Update Timezone Data to 2023c
JDK-8212970 core-libs java.time TZ database in "vanguard" format support
JDK-8302112 (not public) hotspot test remove windows 2012 from task definitions


Changes in Java SE

Fixes from the prior BPR are included in this version.

Java™ SE Development Kit 11.0.19 (JDK 11.0.19)

April 18, 2023

The full version string for this update release is 11.0.19+9 (where "+" means "build"). The version number is 11.0.19.


IANA TZ Data 2022g

JDK 11.0.19 contains IANA time zone data 2022g which contains the following changes:

  • The northern edge of Chihuahua changes to US timekeeping.
  • Much of Greenland stops changing clocks after March 2023.
  • Fix some pre-1996 timestamps in northern Canada.
  • C89 is now deprecated; please use C99 or later.
  • Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.
  • In C code, use more C23 features if available.
  • C23 timegm now supported by default.
  • Fixes for unlikely integer overflows.

For more information, refer to Timezone Data Versions in the JRE Software.


Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.19 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended to use this JDK (version 11.0.19) after the next critical patch update release, scheduled for July 18, 2023.


New Features

 Added a Default Native GSS-API Library on Windows (JDK-6722928)

A native GSS-API library named sspi_bridge.dll has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the system property is set to "true". A user can still load a third-party native GSS-API library by setting the system property to its path.

Native GSS automatically uses cached credentials from operating systems, thus the system property should be set to false. does not call native JGSS. Avoid using from JAAS config.


Other Notes

 System Property to Handle HTML ObjectView Creation (JDK-8296832 (Not Public))

Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true.

 Added Certigna(Dhimyotis) CA Certificate (JDK-8245654)

The following root certificate has been added to the cacerts truststore:

+ Certigna (Dhimyotis)
   + certignaca
      DN: CN=Certigna, O=Dhimyotis, C=FR

 Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols (JDK-8190492)

SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms security property, the SSLSocket.getEnabledProtocols(), SSLServerSocket.getEnabledProtocols(), SSLEngine.getEnabledProtocols() and SSLParameters.getProtocols() APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.

If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols or jdk.tls.server.protocols system properties or with the SSLSocket.setEnabledProtocols(), SSLServerSocket.setEnabledProtocols() and SSLEngine.setEnabledProtocols() APIs.

 File::listRoots Changed to Return All Available Drives on Windows (JDK-8208077)

The behavior of the method on Microsoft Windows has changed in this release so that the returned array includes a File object for all available disk drives. This differs from the behavior in JDK 10 to JDK 20, where this method filtered out disk drives that were not accessible or did not have media present. This change avoids performance issues observed in the previous releases and also ensures that the method is consistent with the root directories in the iteration returned by FileSystem.getDefault().getRootDirectories().

 Crypto-J Exception for Diffie-Hellman and DSA AlgorithmParameters Requests (JDK-8278027)

Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:

Exception in thread "main" Could not decode parameters. at Source) at

Dell BSAFE Crypto-J version has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 11.0.19:

# JBS Component Summary
1JDK-8285399client-libs/2dJNI exception pending in awt_GraphicsEnv.c:1432
2JDK-8284023client-libs/java.awtjava.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
3JDK-8296496client-libs/java.awtOverzealous check in sizecalc.h prevents large memory allocation
4JDK-8279614client-libs/java.awtThe left line of the TitledBorder is not painted on 150 scale factor
5JDK-8288332client-libs/java.awtTier1 validate-source fails after 8279614
6JDK-8295685client-libs/java.awtUpdate Libpng to 1.6.38
7JDK-8282958client-libs/javax.swingRendering Issues with Borders on Windows High-DPI systems
8JDK-8299238core-libsFix Bad Copyright introduced in 8299223
9JDK-8294378core-libs/java.netURLPermission constructor exception when using tr locale
10JDK-8297569core-libs/java.netURLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
11JDK-8299439core-libs/java.textjava/text/Format/NumberFormat/ fails for hr_HR
12JDK-8295530core-libs/java.util.jarUpdate Zlib Data Compression Library to Version 1.2.13
13JDK-8287180core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-08-08
14JDK-8267038core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-03-02
15JDK-8296239core-libs/java.util:i18nISO 4217 Amendment 174 Update
16JDK-8297548core-libs/jdk.nashornUpdate double-conversion to 3.2.0
17JDK-8169718core-svc/debuggernsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false
18JDK-8292541core-svc/[Metrics] Reported memory limit may exceed physical machine memory
19JDK-8216314hotspot/compilerSIGILL in CodeHeapState::print_names()
20JDK-8276066hotspot/compilerReset LoopPercentProfileLimit for x86 due to suboptimal performance
21JDK-8269574hotspot/compilerC2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
22JDK-8270533hotspot/compilerAArch64: size_fits_all_mem_uses should return false if its output is a CAS
23JDK-8295066hotspot/compilerFolding of loads is broken in C2 after JDK-8242115
24JDK-8256934hotspot/compilerC2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
25JDK-8296912hotspot/compilerC2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1
26JDK-8290964hotspot/compilerC2 compilation fails with assert "non-reduction loop contains reduction nodes"
27JDK-8296924hotspot/compilerC2: assert(is_valid_AArch64_address( failed: bad address
28JDK-8285835hotspot/compilerSIGSEGV in PhaseIdealLoop::build_loop_late_post_work
29JDK-8295788hotspot/compilerC2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node"
30JDK-8297951hotspot/compilerC2: Create skeleton predicates for all If nodes in loop predication
31JDK-8297264hotspot/compilerC2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top
32JDK-8295116hotspot/compilerC2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead
33JDK-8287425hotspot/compilerRemove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path
34JDK-8242115hotspot/compilerC2 SATB barriers are not safepoint-safe
35JDK-8272985hotspot/gcReference discovery is confused about atomicity and degree of parallelism
36JDK-8283199hotspot/runtimeLinux os::cpu_microcode_revision() stalls cold startup
37JDK-8271506hotspot/runtimeAdd ResourceHashtable support for deleting selected entries
38JDK-8048190hotspot/runtimeNoClassDefFoundError omits original ExceptionInInitializerError
39JDK-8291763hotspot/runtimeInclude virtualization information in hs_err crash log on Solaris
40JDK-8289424hotspot/runtimeInclude LD_HWCAP in hs_err log output
41JDK-8287107hotspot/runtimeCgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
42JDK-8287741hotspot/runtimeFix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
43JDK-8293472hotspot/runtimeIncorrect container resource limit detection if manual cgroup fs mounts present
44JDK-8231610hotspot/runtimeRelocate the CDS archive if it cannot be mapped to the requested address
45JDK-8287011hotspot/runtimeImprove container information
46JDK-8286030hotspot/runtimeAvoid JVM crash when containers share the same /tmp dir
47JDK-8298349install/install/usr/java/latest points to wrong JDK
48JDK-8298330install/install/usr/java/latest is missing after one of JDK rpms is uninstalled
49JDK-8242897security-libs/java.securityKeyFactory.generatePublic( x509Spec ) failed with
50JDK-8280890security-libs/java.securityCannot use '-Djava.system.class.loader' with class loader in signed JAR
51JDK-8253829security-libs/org.ietf.jgssWrong length compared in SSPI bridge
52JDK-8225687security-libs/org.ietf.jgssNewly added sspi.cpp in JDK-6722928 still contains some small errors
53JDK-8222251tools/javacpreflow visitor is not visiting lambda expressions
54JDK-8222091tools/javadoc(tool)Javadoc does not handle package annotations correctly on
55JDK-8296619tools/javadoc(tool)Upgrade jQuery to 3.6.1