OpenJDK 11.0.26 Released

Andrew Hughes gnu.andrew at redhat.com
Wed Jan 22 01:56:26 UTC 2025 

We are pleased to announce the release of OpenJDK 11.0.26.

The source tarball is available from:

* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.tar.xz

The tarball is accompanied by a digital signature available at:

* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.tar.xz.sig

This is signed by our Red Hat OpenJDK key (openjdk at redhat.com):

PGP Key: rsa4096/0x92EF8D39DC13168F (hkp://keys.gnupg.net)
Fingerprint = CA5F 11C6 CE22 644D 42C6  AC44 92EF 8D39 DC13 168F

SHA256 checksums:

c8c08c47bf5f610c93f1b8428b9cd770c577349fbb73f2e1d818e1234de62006  openjdk-11.0.26+4.tar.xz
f01ee4689f9792f658518229d9a58224502205d7c6b492e6dac4845629bf37b2  openjdk-11.0.26+4.tar.xz.sig

SHA512 checksums:

99f635fa2fcbf34b8ddbaa830554832075a0108a98b39d03c205b08669c0375161c0f61f1561f365742ece886c929dfb3d4437d53418b47966dd7ee80dbc63ea  openjdk-11.0.26+4.tar.xz
11f9130a3f12fe8c0860556b6ad348c368b4ed993a58f06cbf4626e986606f8b8008cdc3d7ec55db5b5e11191819132a631f85bfc6e560bbfdc2ae36a0f4a6dc  openjdk-11.0.26+4.tar.xz.sig

The checksums can be downloaded from:

* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.sha256
* https://openjdk-sources.osci.io/openjdk11/openjdk-11.0.26+4.sha512

New in release OpenJDK 11.0.26 (2025-01-21):
============================================
Live versions of these release notes can be found at:
  * https://bit.ly/openjdk11026

* CVEs
  - CVE-2025-21502
* Changes
  - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause timeouts
  - JDK-8225045: javax/swing/JInternalFrame/8146321/JInternalFrameIconTest.java fails on linux-x64
  - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
  - JDK-8247706: Unintentional use of new Date(year...) with absolute year
  - JDK-8299254: Support dealing with standard assert macro
  - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test
  - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
  - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak
  - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program
  - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main
  - JDK-8330045: Enhance array handling
  - JDK-8334332: TestIOException.java fails if run by root
  - JDK-8335428: Enhanced Building of Processes
  - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings
  - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
  - JDK-8336564: Enhance mask blit functionality redux
  - JDK-8338402: GHA: some of bundles may not get removed
  - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
  - JDK-8339180: Enhanced Building of Processes: Follow-on Issue
  - JDK-8339470: [17u] More defensive fix for 8163921
  - JDK-8339637: (tz) Update Timezone Data to 2024b
  - JDK-8339644: Improve parsing of Day/Month in tzdata rules
  - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
  - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
  - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1
  - JDK-8340815: Add SECURITY.md file
  - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails
  - JDK-8342629: [11u] Properly message out that shenandoah is disabled
  - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26

Notes on individual issues:
===========================

core-libs/java.util.jar:

JDK-8335912/JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
===================================================================================================================
In previous OpenJDK releases, when the jar tool extracted files from
an archive, it would overwrite any existing files with the same name
in the target directory. With this release, a new option ('-k' or
'--keep-old-files') may be specified so that existing files are not
overwritten.

The option may be specified in short or long option form, as in the
following examples:

* jar xkf foo.jar
* jar --extract --keep-old-files --file foo.jar

By default, the old behaviour remains in place and files will be
overwritten.

core-libs/java.time:

JDK-8339637: (tz) Update Timezone Data to 2024b
===============================================
This OpenJDK release upgrades the in-tree copy of the IANA timezone
database to 2024b.  This timezone update is primarily concerned with
improving historical data for Mexico, Monogolia and Portugal. It also
makes Asia/Choibalsan an alias for Asia/Ulaanbaatar and makes the MET
timezone the same as CET.

The 2024b update also makes a number of legacy timezone IDs equal to
geographical names rather than fixed offsets, as follows:

* EST => America/Panama instead of -5:00
* MST => America/Phoenix instead of -7:00
* HST => Pacific/Honolulu instead of -10:00

For long term support releases of OpenJDK, this change is overridden
locally to retain the existing fixed offset mapping.

Happy hacking,
-- 
Andrew :)
Pronouns: he / him or they / them
Principal Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

Please contact via e-mail, not proprietary chat networks
Available on Libera Chat & OFTC IRC networks as gnu_andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/jdk-updates-dev/attachments/20250122/85065261/signature.asc>

More information about the jdk-updates-dev mailing list