OpenJDK 11.0.11 Released

Andrew Hughes gnu.andrew at
Wed Apr 21 05:54:14 UTC 2021

We are pleased to announce the release of OpenJDK 11.0.11.

The source tarball is available from:


The tarball is accompanied by a digital signature available at:


This is signed by our Red Hat OpenJDK key (openjdk at

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://
Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

a00f8cf0c1edbefb767bce893a74b170478cb9bf152224b215aa59e7b431079c  openjdk-11.0.11-ga.tar.xz
b5f7a56a6aad10d3378784f7aa829cadf4c2796faa13d01d1f5933be4740eadd  openjdk-11.0.11-ga.tar.xz.sig

The checksums can be downloaded from:


New in release OpenJDK 11.0.11 (2021-04-20):
Live versions of these release notes can be found at:

* Security fixes
  - JDK-8244473: Contextualize registration for JNDI
  - JDK-8244543: Enhanced handling of abstract classes
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
  - JDK-8253799: Make lists of normal filenames
  - JDK-8257001: Improve Http Client Support
* Other changes
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
  - JDK-8168869: jdeps: localized messages don't use proper line breaks
  - JDK-8202343: Disable TLS 1.0 and 1.1
  - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
  - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
  - JDK-8210413: AArch64: Optimize div/rem by constant in C1
  - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
  - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
  - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
  - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
  - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
  - JDK-8212043: Add floating-point Math.min/max intrinsics
  - JDK-8212218: [TESTBUG] runtime/ErrorHandling/ timed out
  - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/ fails in Windows
  - JDK-8213909: jdeps --print-module-deps should report missing dependences
  - JDK-8214180: Need better granularity for sleeping
  - JDK-8214223: tools/jdeps/listdeps/ failed due to missing Lib2 file
  - JDK-8214230: Classes generated by are not reproducable
  - JDK-8214741: docs/index.html has no title or copyright
  - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
  - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/ fails
  - JDK-8218482: sun/security/krb5/auto/ failed - no KrbException thrown
  - JDK-8218550: Add test omitted from JDK-8212043
  - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
  - JDK-8221995: AARCH64: problems with CAS instructions encoding
  - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
  - JDK-8222785: aarch64: add necessary masking for immediate shift counts
  - JDK-8223186: HotSpot compile warnings from GCC 9
  - JDK-8225773: jdeps --check produces NPE if there are missing module dependences
  - JDK-8225805: Java Access Bridge does not close the logger
  - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
  - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
  - JDK-8229474: Shenandoah: Cleanup CM::update_roots()
  - JDK-8232225: Rework the fix for JDK-8071483
  - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
  - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
  - JDK-8233910: java/awt/ColorClass/ is failing intermittently in nightly lnux-x64 system
  - JDK-8233912: aarch64: minor improvements of atomic operations
  - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
  - JDK-8234742: Improve handshake logging
  - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
  - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
  - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
  - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/ test
  - JDK-8237392: Shenandoah: Remove unreliable assertion
  - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
  - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
  - JDK-8240704: failed "AssertionError: Handle use increased by more than 10 percent."
  - JDK-8240751: Shenandoah: fold ShenandoahTracer definition
  - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
  - JDK-8241598: Upgrade JLine to 3.14.0
  - JDK-8241649: Optimize Character.toString
  - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
  - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
  - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
  - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
  - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
  - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
  - JDK-8244340: Handshake processing thread lacks yielding
  - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
  - JDK-8244683: A TSA server used by tests
  - JDK-8245005: javax/net/ssl/compatibility/ failed with No enum constant
  - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
  - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
  - JDK-8245512: CRC32 optimization using AVX512 instructions
  - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
  - JDK-8246707: (sc) throws AsynchronousCloseException on closed channel
  - JDK-8246709: sun/security/tools/jarsigner/ compilation failed after JDK-8244683
  - JDK-8247200: assert((unsigned)fpargs < 32)
  - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
  - JDK-8248865: Document JNDI/LDAP timeout properties
  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
  - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
  - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
  - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
  - JDK-8249867: xml declaration is not followed by a newline
  - JDK-8250911: [windows] os::pd_map_memory() error detection broken
  - JDK-8251255: [linux] Add process-memory information to hs-err and
  - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
  - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
  - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/
  - JDK-8251992: VM crashed running test with -XX:UseAVX=X
  - JDK-8253220: Epsilon: clean up unused code/declarations
  - JDK-8253274: The CycleDMImagetest brokes the system
  - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
  - JDK-8253368: TLS connection always receives close_notify exception
  - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
  - JDK-8253409: Double-rounding possibility in float fma
  - JDK-8253476: fails on some Linux kernels w/o swap limit capabilities
  - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
  - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
  - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
  - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
  - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
  - JDK-8254104: MethodCounters must exist before nmethod is installed
  - JDK-8254734: "dead loop detected" assert failure with patch from 8223051
  - JDK-8254748: Bad Copyright header format after JDK-8212218
  - JDK-8254799: runtime/ErrorHandling/ fails with release VMs
  - JDK-8255058: C1: assert(is_virtual()) failed: type check
  - JDK-8255351: Add detection for Graviton 2 CPUs
  - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
  - JDK-8255387: Japanese characters were printed upside down on AIX
  - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
  - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
  - JDK-8255544: Create a checked cast
  - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
  - JDK-8255681: print callstack in error case in runAWTLoopWithApp
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
  - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
  - JDK-8255845: Memory leak in imageFile.cpp
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
  - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
  - JDK-8256056: Deoptimization stub doesn't save vector registers on x86
  - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
  - JDK-8256187: [TEST_BUG] Automate test
  - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
  - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
  - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
  - JDK-8256290: javac/lambda/ fails with StackOverflowError on x86_32
  - JDK-8256359: AArch64: runtime/ReservedStack/ fails
  - JDK-8256387: Unexpected result if patching an entire instruction on AArch64
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
  - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
  - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
  - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
  - JDK-8256633: Fix product build on Windows+Arm64
  - JDK-8256682: JDK-8202343 is incomplete
  - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
  - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
  - JDK-8256806: Shenandoah: optimize shenandoah/jni/ test
  - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
  - JDK-8256810: Incremental rebuild broken on Macosx
  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
  - JDK-8256888: Client manual test problem list update
  - JDK-8257083: Security infra test failures caused by JDK-8202343
  - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
  - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
  - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
  - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
  - JDK-8257547: Handle multiple prereqs on the same line in deps files
  - JDK-8257561: Some code is not vectorized after 8251925 and 8250607
  - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
  - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
  - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
  - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
  - JDK-8257670: sun/security/ssl/SSLSocketImpl/ reports leaks
  - JDK-8257707: Fix incorrect format string in Http1HeaderParser
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
  - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/ as automatic test
  - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
  - JDK-8257997: sun/security/ssl/SSLSocketImpl/ again reports leaks after JDK-8257884
  - JDK-8257999: Parallel GC crash in gc/parallel/ new region is not in covered_region
  - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
  - JDK-8258247: Couple of issues in fix for JDK-8249906
  - JDK-8258373: Update the text handling in the JPasswordField
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
  - JDK-8258419: RSA cipher buffer cleanup
  - JDK-8258471: "search codecache" clhsdb command does not work
  - JDK-8258534: Epsilon: clean up unused includes
  - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
  - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
  - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/ to a regular java test
  - JDK-8259007: This test printed a blank page
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
  - JDK-8259049: Uninitialized variable after JDK-8257513
  - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
  - JDK-8259271: gc/parallel/ still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
  - JDK-8259312: fails as soneraclass2ca cert will expire in 90 days
  - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
  - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
  - JDK-8259446: runtime/jni/checked/ fails with stderr not empty
  - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
  - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
  - JDK-8259633: compiler/graalunit/ fails with NPE after JDK-8244543
  - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
  - JDK-8259707: LDAP channel binding does not work with StartTLS extension
  - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
  - JDK-8259849: Shenandoah: Rename store-val to IU-barrier
  - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
  - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
  - JDK-8260029: aarch64: fix typo in verify_oop_array
  - JDK-8260308: Update LogCompilation junit to 4.13.1
  - JDK-8260338: Some fields in HaltNode is not cloned
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
  - JDK-8260378: [TESTBUG] reports false positive
  - JDK-8260497: Shenandoah: Improve SATB flushing
  - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
  - JDK-8260632: Build failures after JDK-8253353
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
  - JDK-8261022: Fix incorrect result of Math.abs() with char type
  - JDK-8261089: [TESTBUG] native library of test fails to compile with gcc 4.x
  - JDK-8261183: Follow on to Make lists of normal filenames
  - JDK-8261209: isStandalone property: remove dependency on pretty-print
  - JDK-8261231: Windows IME was disabled after DnD operation
  - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
  - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
  - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
  - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
  - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
  - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/ fails on platforms where no nsslib artifacts are defined
  - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
  - JDK-8261753: Test java/lang/System/ still failing on BigSur patch versions after JDK-8253702
  - JDK-8261829: Exclude tools/jlink/ in 11u
  - JDK-8261912: Code IfNode::fold_compares_helper more defensively
  - JDK-8261920: [AIX] jshell command throws on non English locales
  - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
  - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator

Notes on individual issues:


JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
been added to enable TLS Channel Binding data in LDAP authentication
over SSL/TLS protocol to the Windows AD server.  The only valid value
at present is "tls-server-end-point", where channel binding data is
created on the base of the TLS server certificate. See RFC-5929 [0]
and the module description of the `java.naming` module for further

[0] RFC-5929 "Channel Bindings for TLS":


JDK-8260597: Added 2 HARICA Root CA Certificates
The following root certificates have been added to the cacerts truststore:

Alias Name: haricarootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

Alias Name: haricaeccrootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR


JDK-8256490: Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
considered secure and have been superseded by more secure and modern
versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter
issues, you can, at your own risk, re-enable the versions by removing
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
security property in the `` configuration file.


JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
options have been enhanced as follows.

1. By default, they perform transitive module dependence analysis on
libraries on the class path and module path, both directly and
indirectly, as required by the given input JAR files or
classes. Previously, they only reported the modules required by the
given input JAR files or classes.  The `--no-recursive` option can be
used to request non-transitive dependence analysis.

2. By default, they flag any missing dependency, i.e. not found from
class path and module path, as an error.  The `--ignore-missing-deps`
option can be used to suppress missing dependence errors. Note that a
custom image is created with the list of modules output by jdeps when
using the `--ignore-missing-deps` option for a non-modular
application. Such an application, running on the custom image, might
fail at runtime when missing dependence errors are suppressed.


JDK-8249867 XML declaration is not followed by a newline
The DOM Load and Save `LSSerializer` does not have an explicit control
for whether or not the XML Declaration ends with a newline. In this
release, a JDK implementation specific property
`` and
corresponding System property `jdk.xml.isStandalone` are added to
control the addition of a newline and act independently without
having to set the pretty-print property. This property can be used to
reverse the incompatible change introduced in Java SE 7 Update 4 with
an update of Xalan 2.7.1 where a newline is omitted when pretty-print
is required.

For details, please refer to the bug report and the java.xml module-summary.


// to set the property, get an instance of LSSerializer and set it along with pretty-print
LSSerializer ser = impl.createLSSerializer();
ser.getDomConfig().setParameter("format-pretty-print", true);
ser.getDomConfig().setParameter("", true);

// to use the System property, set it before initializing a LSSerializer
System.setProperty("jdk.xml.isStandalone", “true”);

// to clear the property, place the line anywhere after the LSSerializer is initialized

Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

More information about the jdk-updates-dev mailing list