Release notes for OpenJDK 11.0.18
Abstract
Preface
OpenJDK (Open Java Development Kit) is a free and open source implementation of the Java Platform, Standard Edition (Java SE). The Red Hat build of OpenJDK is available in three versions: OpenJDK 8u, OpenJDK 11u, and OpenJDK 17u.
Packages for the Red Hat build of OpenJDK are made available on Red Hat Enterprise Linux and Microsoft Windows and shipped as a JDK and JRE in the Red Hat Ecosystem Catalog.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. To provide feedback, you can highlight the text in a document and add comments.
This section explains how to submit feedback.
Prerequisites
- You are logged in to the Red Hat Customer Portal.
- In the Red Hat Customer Portal, view the document in Multi-page HTML format.
Procedure
To provide your feedback, perform the following steps:
Click the Feedback button in the top-right corner of the document to see existing feedback.
NoteThe feedback feature is enabled only in the Multi-page HTML format.
- Highlight the section of the document where you want to provide feedback.
Click the Add Feedback pop-up that appears near the highlighted text.
A text box appears in the feedback section on the right side of the page.
Enter your feedback in the text box and click Submit.
A documentation issue is created.
- To view the issue, click the issue tracker link in the feedback view.
Chapter 1. Support policy for OpenJDK
Red Hat will support select major versions of OpenJDK in its products. For consistency, these versions will be the same ones that Oracle designates 'LTS' for the Oracle JDK.
A major version of OpenJDK will be supported for a minimum of six years from the time it is first introduced.
OpenJDK 11 is supported on Microsoft Windows and Red Hat Enterprise Linux until October 2024.
RHEL 6 reached the end of life in November 2020. Due to this, OpenJDK is not supporting RHEL 6 as a supporting configuration.
Chapter 2. Differences from upstream OpenJDK 11
OpenJDK in Red Hat Enterprise Linux (RHEL) contains a number of structural changes from the upstream distribution of OpenJDK. The Microsoft Windows version of OpenJDK attempts to follow RHEL updates as closely as possible.
The following list details the most notable Red Hat OpenJDK 11 changes:
- FIPS support. Red Hat OpenJDK 11 automatically detects whether RHEL is in FIPS mode and automatically configures OpenJDK 11 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
- Cryptographic policy support. Red Hat OpenJDK 11 obtains the list of enabled cryptographic algorithms and key size constraints from RHEL. These configuration components are used by the Transport Layer Security (TLS) encryption protocol, the certificate path validation, and any signed JARs. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
-
Red Hat OpenJDK on RHEL dynamically links against native libraries such as
zlibfor archive format support andlibjpeg-turbo,libpng, andgiflibfor image support. RHEL also dynamically links againstHarfbuzzandFreetypefor font rendering and management. -
The
src.zipfile includes the source for all the JAR libraries shipped with OpenJDK. - Red Hat OpenJDK on RHEL uses system-wide timezone data files as a source for timezone information.
- Red Hat OpenJDK on RHEL uses system-wide CA certificates.
- Red Hat OpenJDK on Microsoft Windows includes the latest available timezone data from RHEL.
- Red Hat OpenJDK on Microsoft Windows uses the latest available CA certificate from RHEL.
Additional resources
- For more information about detecting if a system is in FIPS mode, see the Improve system FIPS detection example on the Red Hat RHEL Planning Jira.
- For more information about cryptographic policies, see Using system-wide cryptographic policies.
Chapter 3. OpenJDK features
The latest OpenJDK 11 release might include new features. Additionally, the latest release might enhance, deprecate, or remove features that originated from previous OpenJDK 11 releases.
For all the other changes and security fixes, see OpenJDK 11.0.18 Released.
OpenJDK new features and enhancements
Review the following release notes to understand new features and feature enhancements that are included with the OpenJDK 11.0.18 release:
Enhanced BMP bounds
By default, OpenJDK 11.0.18 disables loading a linked International Color Consortium (ICC) profile in a BMP image. You can enable this functionality by setting the new sun.imageio.bmp.enabledLinkedProfiles property to true. This property replaces the old sun.imageio.plugins.bmp.disableLinkedProfiles property
See JDK-8295687 (JDK Bug System).
Improved banking of sounds
Previously, the SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, downloaded a JAR soundbank from a URL. For OpenJDK 11.0.18, this behavior is now disabled by default. To re-enable the behavior, set the new system property jdk.sound.jarsoundbank to true.
See JDK-8293742 (JDK Bug System).
Enhanced Datagram Transport Layer Security (DTLS) performance
OpenJDK now exchanges DTLS cookies for all new and resumed handshake communications.
To re-enable the previous release behavior, set the new system property jdk.tls.enableDtlsResumeCookie to false.
See JDK-8287411 (JDK Bug System).
SunMSCAPI provider supports new Microsoft Windows keystore types
The SunMSCAPI provider supports the following Microsoft Windows keystore types where you must append your local namespace to Windows-:
-
Windows-MY-LOCALMACHINE -
Windows-ROOT-LOCALMACHINE -
Windows-MY-CURRENTUSER -
Windows-ROOT-CURRENTUSER
By specifying any of these types, you can provide access to your local computer’s location for the Microsoft Windows keystore. Thereby providing the keystore access to certificates that are stored on your local system.
See JDK-6782021 (JDK Bug System).
Added note for LoginModule implementation
The OpenJDK 9 release changed the Set implementation, which holds principals and credentials, so that the implementation can reject null values. Any attempts to call add(null), contains(null), or remove(null) would throw a NullPointerException message.
The OpenJDK 9 release did not update the logout() method in the LoginModule implementation to check for null values. These values could occur because of a failed login attempt, which can cause a logout() call to throw a NullPointerException message.
The OpenJDK 11.0.18 release updates the LoginModule implementations to check for null values. Additionally, the release adds an implementation note to the specification that states the change also applies to third-party modules. The note advises developers of third-party modules to verify that a logout() method does not throw a NullPointerException message.
- See JDK-8015081 (JDK Bug System).
- See JDK-8282730 (JDK Bug System).
Chapter 4. Advisories related to this release
The following advisories are issued to bug fixes and CVE fixes included in this release:
Revised on 2023-01-31 09:52:08 UTC