Java SE 11.0.19 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 11.0.19 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.

Changes in Java SE 11.0.19.0.2

Java™ SE Development Kit 11.0.19 (JDK 11.0.19)

April 18, 2023

The full version string for this update release is 11.0.19+9 (where "+" means "build"). The version number is 11.0.19.

IANA TZ Data 2022g

JDK 11.0.19 contains IANA time zone data 2022g which contains the following changes:

The northern edge of Chihuahua changes to US timekeeping.

Much of Greenland stops changing clocks after March 2023.

Fix some pre-1996 timestamps in northern Canada.

C89 is now deprecated; please use C99 or later.

Portability fixes for AIX, libintl, MS-Windows, musl, z/OS.

In C code, use more C23 features if available.

C23 timegm now supported by default.

Fixes for unlikely integer overflows.

For more information, refer to Timezone Data Versions in the JRE Software .

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.19 are specified in the following table:

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. Use the Security Baseline page to determine the latest version for each release family. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins . It is not recommended to use this JDK (version 11.0.19) after the next critical patch update release, scheduled for July 18, 2023.

New Features

security-libs/org.ietf.jgss

➜ Added a Default Native GSS-API Library on Windows ( JDK-6722928 )

A native GSS-API library named sspi_bridge.dll has been added to the JDK on the Windows platform. The library is client-side only and uses the default credentials. It will be loaded when the sun.security.jgss.native system property is set to "true". A user can still load a third-party native GSS-API library by setting the sun.security.jgss.lib system property to its path.

Native GSS automatically uses cached credentials from operating systems, thus the javax.security.auth.useSubjectCredsOnly system property should be set to false.

com.sun.security.auth.module.Krb5LoginModule does not call native JGSS. Avoid using com.sun.security.auth.module.Krb5LoginModule from JAAS config.

Other Notes

client-libs/javax.swing

➜ System Property to Handle HTML ObjectView Creation (JDK-8296832 (Not Public))

Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true .

security-libs/java.security

➜ Added Certigna(Dhimyotis) Root CA Certificate ( JDK-8245654 )

The following root certificate has been added to the cacerts truststore:

+ Certigna (Dhimyotis) + certignarootca DN: CN=Certigna, O=Dhimyotis, C=FR

security-libs/javax.net.ssl

➜ Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols ( JDK-8190492 )

SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

After this update, if SSLv3 is removed from the jdk.tls.disabledAlgorithms security property, the SSLSocket.getEnabledProtocols() , SSLServerSocket.getEnabledProtocols() , SSLEngine.getEnabledProtocols() and SSLParameters.getProtocols() APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.

If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the jdk.tls.client.protocols or jdk.tls.server.protocols system properties or with the SSLSocket.setEnabledProtocols() , SSLServerSocket.setEnabledProtocols() and SSLEngine.setEnabledProtocols() APIs.

core-libs/java.io

➜ File::listRoots Changed to Return All Available Drives on Windows ( JDK-8208077 )

The behavior of the method java.io.File.listRoots() on Microsoft Windows has changed in this release so that the returned array includes a File object for all available disk drives. This differs from the behavior in JDK 10 to JDK 20, where this method filtered out disk drives that were not accessible or did not have media present. This change avoids performance issues observed in the previous releases and also ensures that the method is consistent with the root directories in the iteration returned by FileSystem.getDefault().getRootDirectories() .

security-libs/java.security

➜ Crypto-J Exception for Diffie-Hellman and DSA AlgorithmParameters Requests ( JDK-8278027 )

Applications using the Dell BSAFE Crypto-J 3rd party security provider may encounter an IOException if decoding DH or DSA algorithm parameters with the following exception:

Exception in thread "main" java.io.IOException: Could not decode parameters. at com.rsa.cryptoj.o.ms.engineInit(Unknown Source) at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)

Dell BSAFE Crypto-J version 6.2.6.2 has been released to address this issue. Applications using this provider should upgrade to that version or later. For applications on older versions of this provider, an interoperability fix has been added to this release of the JDK.

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update .

➜ Issues fixed in 11.0.19:

1 JDK-8285399 client-libs/2dJNI exception pending in awt_GraphicsEnv.c:1432 2 JDK-8284023 client-libs/java.awtjava.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo 3 JDK-8296496 client-libs/java.awtOverzealous check in sizecalc.h prevents large memory allocation 4 JDK-8279614 client-libs/java.awtThe left line of the TitledBorder is not painted on 150 scale factor 5 JDK-8288332 client-libs/java.awtTier1 validate-source fails after 8279614 6 JDK-8295685 client-libs/java.awtUpdate Libpng to 1.6.38 7 JDK-8282958 client-libs/javax.swingRendering Issues with Borders on Windows High-DPI systems 9 JDK-8294378 core-libs/java.netURLPermission constructor exception when using tr locale 10 JDK-8297569 core-libs/java.netURLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 11 JDK-8299439 core-libs/java.textjava/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR 12 JDK-8295530 core-libs/java.util.jarUpdate Zlib Data Compression Library to Version 1.2.13 13 JDK-8287180 core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-08-08 14 JDK-8267038 core-libs/java.util:i18nUpdate IANA Language Subtag Registry to Version 2022-03-02 15 JDK-8296239 core-libs/java.util:i18nISO 4217 Amendment 174 Update 16 JDK-8297548 core-libs/jdk.nashornUpdate double-conversion to 3.2.0 17 JDK-8169718 core-svc/debuggernsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false 18 JDK-8292541 core-svc/java.lang.management[Metrics] Reported memory limit may exceed physical machine memory 19 JDK-8216314 hotspot/compilerSIGILL in CodeHeapState::print_names() 20 JDK-8276066 hotspot/compilerReset LoopPercentProfileLimit for x86 due to suboptimal performance 21 JDK-8269574 hotspot/compilerC2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events 22 JDK-8270533 hotspot/compilerAArch64: size_fits_all_mem_uses should return false if its output is a CAS 23 JDK-8295066 hotspot/compilerFolding of loads is broken in C2 after JDK-8242115 24 JDK-8256934 hotspot/compilerC2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit 25 JDK-8296912 hotspot/compilerC2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 26 JDK-8290964 hotspot/compilerC2 compilation fails with assert "non-reduction loop contains reduction nodes" 27 JDK-8296924 hotspot/compilerC2: assert(is_valid_AArch64_address(dest.target())) failed: bad address 28 JDK-8285835 hotspot/compilerSIGSEGV in PhaseIdealLoop::build_loop_late_post_work 29 JDK-8295788 hotspot/compilerC2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" 30 JDK-8297951 hotspot/compilerC2: Create skeleton predicates for all If nodes in loop predication 31 JDK-8297264 hotspot/compilerC2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top 32 JDK-8295116 hotspot/compilerC2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead 33 JDK-8287425 hotspot/compilerRemove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path 34 JDK-8242115 hotspot/compilerC2 SATB barriers are not safepoint-safe 35 JDK-8272985 hotspot/gcReference discovery is confused about atomicity and degree of parallelism 36 JDK-8283199 hotspot/runtimeLinux os::cpu_microcode_revision() stalls cold startup 37 JDK-8271506 hotspot/runtimeAdd ResourceHashtable support for deleting selected entries 38 JDK-8048190 hotspot/runtimeNoClassDefFoundError omits original ExceptionInInitializerError 39 JDK-8291763 hotspot/runtimeInclude virtualization information in hs_err crash log on Solaris 40 JDK-8289424 hotspot/runtimeInclude LD_HWCAP in hs_err log output 41 JDK-8287107 hotspot/runtimeCgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller 42 JDK-8287741 hotspot/runtimeFix of JDK-8287107 (unused cgv1 freezer controller) was incomplete 43 JDK-8293472 hotspot/runtimeIncorrect container resource limit detection if manual cgroup fs mounts present 44 JDK-8231610 hotspot/runtimeRelocate the CDS archive if it cannot be mapped to the requested address 45 JDK-8287011 hotspot/runtimeImprove container information 46 JDK-8286030 hotspot/runtimeAvoid JVM crash when containers share the same /tmp dir 47 JDK-8298349 install/install/usr/java/latest points to wrong JDK 48 JDK-8298330 install/install/usr/java/latest is missing after one of JDK rpms is uninstalled 49 JDK-8242897 security-libs/java.securityKeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException 50 JDK-8280890 security-libs/java.securityCannot use '-Djava.system.class.loader' with class loader in signed JAR 51 JDK-8253829 security-libs/org.ietf.jgssWrong length compared in SSPI bridge 52 JDK-8225687 security-libs/org.ietf.jgssNewly added sspi.cpp in JDK-6722928 still contains some small errors 53 JDK-8222251 tools/javacpreflow visitor is not visiting lambda expressions 54 JDK-8222091 tools/javadoc(tool)Javadoc does not handle package annotations correctly on package-info.java 55 JDK-8296619 tools/javadoc(tool)Upgrade jQuery to 3.6.1