January 15, 2019
The full version string for this update release is 11.0.2+9 (where "+" means "build"). The version number is 11.0.2.
JDK 11.0.2 contains IANA time zone data version 2018g. For more information, refer to Timezone Data Versions in the JRE Software.
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.2 are specified in the following table:
|JRE Family Version||JRE Security Baseline |
(Full Version String)
The JDK expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. This JDK (version 11.0.2) will expire with the release of the next critical patch update scheduled for April 16, 2019.
Due to incompatible changes in the GTK+ 3 library versions 3.20 and later, the Swing GTK Look and Feel does not render some UI components when using this library. Therefore, Linux installations with versions of GTK+ 3.20 and above are not supported for use by the Swing GTK Look And Feel in this release.
The TLS anon (anonymous) and NULL cipher suites have been added to the
jdk.tls.disabledAlgorithms security property and are now disabled by default.
Additional safeguards to protect against buffer overruns in native code have been enabled on Linux. If a buffer overrun is encountered the system will write the message “stack smashing detected” and the program will exit. Issues of this type should be reported to your vendor.
This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 11.0.2 Bug Fixes page.