OpenJDK 13.0.11 released

Yuri Nesterenko yan at azul.com
Wed Apr 20 08:55:06 UTC 2022 

Hi all,

let me announce the release of OpenJDK 13.0.11.

The release sources are in https://github.com/openjdk/jdk13u Git repository
tagged jdk-13.0.11-ga.
For July release schedule see https://wiki.openjdk.java.net/display/JDKUpdates/JDK+13u

* Security fixes in this release:
=================================
   - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
   - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
   - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
   - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces 
character
   - JDK-8278356: Improve file creation
   - JDK-8270504: Better Xpath expression handling
   - JDK-8272594: Better record of recordings
   - JDK-8277672: Better invocation handler handling
   - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
   - JDK-8278972: Improve URL supports
   - JDK-8272261: Improve JFR recording file processing
   - JDK-8269938: Enhance XML processing passes redux
   - JDK-8272255: Completely handle MIDI files
   - JDK-8278805: Enhance BMP image loading
   - JDK-8278449: Improve keychain support
   - JDK-8277227: Better identification of OIDs
   - JDK-8275151: Improved Object Identification
   - JDK-8274221: More definite BER encodings
   - JDK-8278798: Improve supported intrinsic

* Other changes:
================
   - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
   - JDK-8276141: XPathFactory set/getProperty method
   - JDK-8249867: XML declaration is not followed by a newline
   - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
   - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
   - JDK-8278309: [windows] use of uninitialized OSThread::_state
   - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
   - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
   - JDK-8275082: Update XML Security for Java to 2.3.0
   - JDK-8280947: Adapt test/jdk/javax/xml/crypto/dsig/LogParameters.java for 13u
   - JDK-8280414: Memory leak in DefaultProxySelector
   - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
   - JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
   - JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
   - JDK-8247907: XMLDsig logging does not work
   - JDK-8259535: ECDSA SignatureValue do not always have the specified length
   - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
   - JDK-8273341: Update Siphash to version 1.0
   - JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
   - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
   - JDK-8274658: ISO 4217 Amendment 170 Update
   - JDK-8065704: Set LC_ALL=C for all relevant commands in the build system

* Notes on some issues:
=========================

     xml/jaxp:
     JDK-8249867 XML declaration is not followed by a newline
     ========================================================
     Added a property jdk.xml.isStandalone to control the newline after the XML header for DOM 
LSSerializer.
     For usage, please refer to java.xml module-summary API document.

     xml/jaxp:
     New XML Processing Limits
     ========================================================
     Added three new processing limits:
     jdk.xml.xpathExprGrpLimit (by default 10, 0 or less means no limit)
     jdk.xml.xpathExprOpLimit  (by default 100, 0 or less means no limit)
     jdk.xml.xpathTotalOpLimit (by default 1000, 0 or less means no limit)
     The limits may be set as system properties or in jaxp.properties file; for XSLT processor - via 
TransformerFactory.
     For detailed information please refer to java.xml module-summary API document.

     core-libs/javax.naming:
     Parsing of URL Strings in Built-In JNDI Providers Is More Strict
     ================================================================
     Added three system properties to control strength of some URLs parsing.
     Properties are com.sun.jndi.ldapURLParsing,
     com.sun.jndi.dnsURLParsing,
     and com.sun.jndi.rmiURLParsing
     with acceptable values "legacy", "compat", "strict".
     The default is always "compat";
     "legacy" would turn validation off;
     "strict" may reject some URLs unless all their fragments are explicitly supported by Uri subclass.

     security-libs/java.security
     Trusted Certificate Entries in macOS KeychainStore
     ==================================================
     Starting from this release only certificates added with the system macOS "security 
add-trusted-cert" command
     will be treated as Trusted Certificate Entries in the macOS KeychainStore


     Thanks,
     --yan

More information about the jdk-updates-dev mailing list