JDK 11.0.22 Release Notes

Java SE 11.0.22 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 11.0.22 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.



Changes in Java SE

Bug Fixes

March 14, 2024
BugId Category Subcategory Summary
JDK-8325580 (not public) install install Remove "alternatives --remove" call from Java rpm installer
JDK-8325150 core-libs java.time (tz) Update Timezone Data to 2024a


Changes in Java SE

Bug Fixes

February 12, 2024
BugId Category Subcategory Summary
JDK-8268893 hotspot runtime jcmd to trim the glibc heap
JDK-8322725 core-libs java.time (tz) Update Timezone Data to 2023d

Changes in Java SE

January 16, 2024

Fixes from the prior BPR are included in this version.

Java™ SE Development Kit 11.0.22 (JDK 11.0.22)

January 16, 2024

The full version string for this update release is 11.0.22+9 (where "+" means "build"). The version number is 11.0.22.


IANA TZ Data 2023c

For more information, refer to Timezone Data Versions in the Java Runtime.


Security Baselines

The security baselines for the Java Runtime at the time of the release of JDK 11.0.22 are specified in the following table:

Java Family Version Security Baseline (Full Version String)

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.22) be used after the next critical patch update scheduled for April 16, 2024.

Java SE Subscription products customers managing JRE updates/installs for large number of desktops should consider using Java Management Service (JMS).


New Features

 New System Property to Toggle XML Signature Secure Validation Mode (JDK-8301260)

A new system property named has been added. It can be used to enable or disable the XML Signature secure validation mode. The system property should be set to "true" to enable, or "false" to disable. Any other value for the system property is treated as "false". If the system property is set, it supersedes the XMLCryptoContext property value.

Secure validation mode is enabled by default if you are running the code with a SecurityManager, otherwise it is disabled by default.


Known Issues

 Potential Performance Regression Due to Limited Range Check Elimination (JDK-8314468 (not public))

When the C1 compiler is the only compiler available to the VM, it applies loop predication to remove array access range checks from loop bodies. Due to a defect, this optimization was disabled, potentially leading to a performance regression.

This only affects the client VM or VM's running with the non-default command line flags -XX:+NeverActAsServerClassMachine or -XX:TieredStopAtLevel=[1,2,3].


Other Notes

 Add Process-Memory Information to hs-err and (JDK-8251255)

On Linux, process memory information has been added to both JVM crash reports (hs_err files) and the diagnostic jcmd. This information contains the process' virtual size, its resident set size, and how much memory was swapped out. If the JVM uses glibc, the size of glibc outstanding allocations and retained memory are printed, as well as the glibc tunables.

 Increase Default Value of the System Property jdk.jar.maxSignatureFileSize (JDK-8312489)

The system property, jdk.jar.maxSignatureFileSize, allows applications to control the maximum size of signature files in a signed JAR. Its default value has been increased from 8000000 bytes (8 MB) to 16000000 bytes (16 MB).

 Added Four Root Certificates from DigiCert, Inc. (JDK-8318759)

The following root certificates have been added to the cacerts truststore:

+ DigiCert, Inc.

  + digicertcseccrootg5
    DN: CN=CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicertcsrsarootg5
    DN: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlseccrootg5
    DN: DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US

+ DigiCert, Inc.
  + digicerttlsrsarootg5
    DN: DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US

 Added Three Root Certificates from eMudhra Technologies Limited (JDK-8319187)

The following root certificates have been added to the cacerts truststore:

+ eMudhra Technologies Limited

  + emsignrootcag1
    DN: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsigneccrootcag3
    DN: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

+ eMudhra Technologies Limited
  + emsignrootcag2
    DN: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN

 Added Telia Root CA v2 Certificate (JDK-8317373)

The following root certificate has been added to the cacerts truststore:

+ Telia Root CA v2

  + teliarootcav2
    DN: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI

 Added ISRG Root X2 CA Certificate from Let's Encrypt (JDK-8317374)

The following root certificate has been added to the cacerts truststore:

+ Let's Encrypt

  + letsencryptisrgx2
    DN: CN=ISRG Root X2, O=Internet Security Research Group, C=US

 Call X509KeyManager.chooseClientAlias Once for All Key Types (JDK-8262186)

The (D)TLS implementation in JDK now calls X509KeyManager.chooseClientAlias() only once during handshaking for client authentication, even if there are multiple algorithms requested .


Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.

Issues fixed in 11.0.22:

# JBS Component Summary
1JDK-8238436client-libs/java.awtjava/awt/Frame/FrameLocationTest/ fails
2JDK-8266421client-libs/javax.soundDeadlock in Sound System
3JDK-8153090client-libs/javax.swingTAB key cannot change input focus after the radio button in the Color Selection dialog
4JDK-8294427client-libs/javax.swingCheck boxes and radio buttons have rendering issues on Windows in High DPI env
5JDK-8314263core-libs/java.util.loggingSigned jars triggering Logger finder recursion and StackOverflowError
6JDK-8303440core-libs/java.util:i18nThe "ZonedDateTime.parse" may not accept the "UTC+XX" zone id
7JDK-8313657core-libs/javax.namingcom.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors
8JDK-8314063core-libs/javax.namingThe socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
9JDK-8198540core-libs/jdk.nashornDynalink leaks memory when generating type converters
10JDK-8299658hotspot/compilerC1 compilation crashes in LinearScan::resolve_exception_edge
11JDK-8313626hotspot/compilerC2 crash due to unexpected exception control flow
12JDK-8307572hotspot/compilerAArch64: Vector registers are clobbered by some macroassemblers
13JDK-8316178hotspot/compilerBetter diagnostic header for CodeBlobs
14JDK-8316514hotspot/compilerBetter diagnostic header for VtableStub
15JDK-8292713hotspot/compilerUnsafe.allocateInstance should be intrinsified without UseUnalignedAccesses
16JDK-8244207hotspot/compilerSimplify usage of Compile::print_method() when debugging with gdb and enable its use with rr
17JDK-8313756hotspot/compiler[BACKOUT] 8308682: Enhance AES performance
18JDK-8313760hotspot/compiler[REDO] Enhance AES performance
19JDK-8210265hotspot/gcCrash in HSpaceCounters::update_used()
20JDK-8275333hotspot/gcPrint count in "Too many recored phases?" assert
21JDK-8316906hotspot/gcClarify TLABWasteTargetPercent flag
22JDK-8207200hotspot/gcCommitted > max memory usage when getting MemoryUsage
23JDK-8209062hotspot/gcClean up G1MonitoringSupport
24JDK-8209061hotspot/gcMove G1 serviceability functionality to G1MonitoringSupport
25JDK-8208498hotspot/gcPut archive regions into a first-class HeapRegionSet
26JDK-8263185hotspot/runtimeMallinfo deprecated in glibc 2.33
27JDK-8320597security-libs/java.securityRSA signature verification fails on signed data that does not encode params correctly
28JDK-8302017security-libs/java.securityAllocate BadPaddingException only if it will be thrown
29JDK-8313792tools/jshellVerify 4th party information in src/jdk.internal.le/share/legal/