OpenJDK 11.0.26 Released
Andrew Hughes
gnu.andrew at redhat.com
Wed Jan 22 01:56:26 UTC 2025
We are pleased to announce the release of OpenJDK 11.0.26.
The source tarball is available from:
* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.tar.xz
The tarball is accompanied by a digital signature available at:
* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.tar.xz.sig
This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):
PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6 AC44 92EF 8D39 DC13 168F
SHA256 checksums:
c8c08c47bf5f610c93f1b8428b9cd770c577349fbb73f2e1d818e1234de62006 openjdk-11.0.26+4.tar.xz
f01ee4689f9792f658518229d9a58224502205d7c6b492e6dac4845629bf37b2 openjdk-11.0.26+4.tar.xz.sig
SHA512 checksums:
99f635fa2fcbf34b8ddbaa830554832075a0108a98b39d03c205b08669c0375161c0f61f1561f365742ece886c929dfb3d4437d53418b47966dd7ee80dbc63ea openjdk-11.0.26+4.tar.xz
11f9130a3f12fe8c0860556b6ad348c368b4ed993a58f06cbf4626e986606f8b8008cdc3d7ec55db5b5e11191819132a631f85bfc6e560bbfdc2ae36a0f4a6dc openjdk-11.0.26+4.tar.xz.sig
The checksums can be downloaded from:
* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.sha256
* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.sha512
New in release OpenJDK 11.0.26 (2025-01-21):
============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11026
* CVEs
- CVE-2025-21502
* Changes
- JDK-8224624: Inefficiencies in CodeStrings::add_comment cause timeouts
- JDK-8225045: javax/swing/JInternalFrame/8146321/JInternalFrameIconTest.java fails on linux-x64
- JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
- JDK-8247706: Unintentional use of new Date(year...) with absolute year
- JDK-8299254: Support dealing with standard assert macro
- JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test
- JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
- JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak
- JDK-8328300: Convert PrintDialogsTest.java from Applet to main program
- JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main
- JDK-8330045: Enhance array handling
- JDK-8334332: TestIOException.java fails if run by root
- JDK-8335428: Enhanced Building of Processes
- JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339470: [17u] More defensive fix for 8163921
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1
- JDK-8340815: Add SECURITY.md file
- JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails
- JDK-8342629: [11u] Properly message out that shenandoah is disabled
- JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26
Notes on individual issues:
===========================
core-libs/java.util.jar:
JDK-8335912/JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
===================================================================================================================
In previous OpenJDK releases, when the jar tool extracted files from
an archive, it would overwrite any existing files with the same name
in the target directory. With this release, a new option ('-k' or
'--keep-old-files') may be specified so that existing files are not
overwritten.
The option may be specified in short or long option form, as in the
following examples:
* jar xkf foo.jar
* jar --extract --keep-old-files --file foo.jar
By default, the old behaviour remains in place and files will be
overwritten.
core-libs/java.time:
JDK-8339637: (tz) Update Timezone Data to 2024b
===============================================
This OpenJDK release upgrades the in-tree copy of the IANA timezone
database to 2024b. This timezone update is primarily concerned with
improving historical data for Mexico, Monogolia and Portugal. It also
makes Asia/Choibalsan an alias for Asia/Ulaanbaatar and makes the MET
timezone the same as CET.
The 2024b update also makes a number of legacy timezone IDs equal to
geographical names rather than fixed offsets, as follows:
* EST => America/Panama instead of -5:00
* MST => America/Phoenix instead of -7:00
* HST => Pacific/Honolulu instead of -10:00
For long term support releases of OpenJDK, this change is overridden
locally to retain the existing fixed offset mapping.
Happy hacking,
--
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-updates-dev/attachments/20250122/85065261/signature.asc>
More information about the jdk-updates-dev
mailing list