JDK 26.0.1 Release Notes
Java™ SE Development Kit 26, Update 26.0.1 (JDK 26.0.1)
April 21, 2026
The full version string for this update release is 26.0.1+8 (where "+" means "build"). The version number is 26.0.1. This JDK conforms to version 26 of the Java SE Specification (JSR 401 2026-03-17).
IANA TZ Data 2026a
JDK 26.0.1 contains IANA time zone data 2026a which contains the following changes:
- Several code changes for compatibility with FreeBSD.
- The only changed data are leap second table expiration and pre-1976 time in Baja California.
- Moldova has used EU transition times since 2022.
- The "right" TZif files are no longer installed by default.
-DTZ_RUNTIME_LEAPS=0disables runtime support for leap seconds.- TZif files are no longer limited to 50 bytes of abbreviations.
zicis no longer limited to 50 leap seconds.- Several integer overflow bugs have been fixed.
For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 26.0.1 are specified in the following table:
| Java Family Version | Security Baseline (Full Version String) |
|---|---|
| 26 | 26.0.1+8 |
| 25 | 25.0.3+9 |
| 21 | 21.0.11+9 |
| 17 | 17.0.19+9 |
| 11 | 11.0.31+9 |
| 8 | 1.8.0_491-b10 |
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 26.0.1) be used after the next critical patch update scheduled for July 21, 2026.
Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.
Other Notes
The third-party legal files for Oracle JDK 26.0.1, for Windows and macOS, report an older version of the FreeType library. This is incorrect; the actual version provided is 2.14.2.
Fixes
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update.
➜ Issues fixed in 26.0.1:| # | JBS | Component/Subcomponent | Summary |
|---|---|---|---|
| 1 | JDK-8373290 | client-libs/2d | Update FreeType to 2.14.1 |
| 2 | JDK-8379158 | client-libs/2d | Update FreeType to 2.14.2 |
| 3 | JDK-8375063 | client-libs/java.awt | Update Libpng to 1.6.54 |
| 4 | JDK-8374644 | core-libs/java.util.jar | Regression in GZIPInputStream performance after JDK-7036144 |