Release notes for OpenJDK 11.0.13

OpenJDK 11

Red Hat Customer Content Services


This document provides an overview of new features in OpenJDK 11, as well as a list of potential known issues and possible workarounds.


OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in two versions, OpenJDK 8u and OpenJDK 11u.

Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Support policy for OpenJDK

Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.

A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.

OpenJDK 11 is supported on Microsoft Windows and Red Hat Enterprise Linux until October 2024.


RHEL 6 has reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration.

For more information, see the OpenJDK Life Cycle and Support Policy.

Chapter 2. Differences from upstream OpenJDK 11

OpenJDK in Red Hat Enterprise Linux contains a number of structural changes from the upstream distribution of OpenJDK. The Windows version of OpenJDK tries to follow Red Hat Enterprise Linux as closely as possible.

The most notable changes are the following:

  • On Red Hat Enterprise Linux, we dynamically link against native libraries such as zlib for archive format support and libjpeg-turbo, libpng, and giflib for image support. Likewise, we dynamically link against Harfzbuzz and Freetype for font rendering and management.
  • On Red Hat Enterprise Linux, system-wide timezone data files are used as a source for timezone information.

    On Microsoft Windows, the latest available timezone data from Red Hat Enterprise Linux is included.

  • On Red Hat Enterprise Linux, system-wide CA certificates are used.

    On Microsoft Windows, the latest available CA certificate from Red Hat Enterprise Linux is used.

  • The file includes the source for all of the JAR libraries shipped with OpenJDK.

Chapter 3. OpenJDK features

3.1. New features and enhancements

This section describes the new features introduced in this release. It also contains information about changes in the existing features.


For all the other changes and security fixes, see OpenJDK 11.0.13 Released.

3.1.1. Removed IdenTrust root certificate

The following root certificate from IdenTrust has been removed from the cacerts keystore:

  • Alias Name: identrustdstx3 [jdk]
  • Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.

For more information, see JDK-8271434.

3.1.2. Updated keytool to create AKID from SKID for issuing certificate as specified by RFC 5280

The gencert command of the keytool utility has been updated to create AKID from the SKID for issuing certificate as specified by RFC 5280.

For more information, see JDK-8261922.

3.1.3. Added ChaCha20 and Poly1305 TLS cipher suites

The new TLS cipher suites using the ChaCha20-Poly1305 algorithm are added to JSSE. These cipher suites are enabled by default. The TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.

The following cipher suites are available for TLS 1.2:


For more information, see JDK-8210799.

3.1.4. Updated the default enabled cipher suites preference

The preference of the default enabled cipher suites are changed. The compatibility impact should be minimal. If needed, applications can customize the enabled cipher suites and its preference.

For more information, see JDK-8219551.

Chapter 4. Portable build changes

4.1. Portable Linux builds of OpenJDK

The portable Linux builds of OpenJDK are available with the FIPS mode. FIPS mode is also available on the RHEL OpenJDK builds. You must install NSS on the portable Linux builds if your system is running in FIPS mode.

4.2. Portable Windows builds of OpenJDK

The portable Windows builds of OpenJDK are available with the FIPS mode. You do not need to install NSS on the portable Windows builds if your system is running in FIPS mode.

Chapter 5. Advisories related to this release

The following advisories have been issued to bugfixes and CVE fixes included in this release.

Revised on 2021-10-20 14:22:41 UTC

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.