RELEASE NOTES: JDK 11.0.21

Notes generated: Sat May 03 14:07:10 CEST 2025

JEPs

None.

RELEASE NOTES

security-libs/javax.net.ssl

Issue Description
JDK-8301700

The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit


The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.

As a workaround, users can revert to the previous size by setting the jdk.tls.ephemeralDHKeySize system property to 1024 (at their own risk).

This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
JDK-8168261

Use Server Cipher Suites Preference by Default


For TLS connections, the cipher suite selection, by default, is updated to use the server cipher suites preference. Applications can configure the behavior by using the SSLParameters.setUseCipherSuitesOrder​() method.

security-libs/javax.crypto

Issue Description
JDK-8023980

JDK Now Accepts RSA Keys in PKCS#1 Format


RSA private and public keys in PKCS#1 format can now be accepted by JDK providers, such as the RSA KeyFactory.impl from the SunRsaSign provider. The RSA private or public key object should have the PKCS#1 format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA private key and public key.

tools/launcher

Issue Description
JDK-8305950

`-XshowSettings:locale` Output Now Includes Tzdata Version


The -XshowSettings launcher option has been enhanced to print the tzdata version configured with the JDK. The tzdata version is displayed as part of the locale showSettings option.

Example output using -X:showSettings:locale: ` ..... Locale settings: default locale = English default display locale = English default format locale = English tzdata version = 2023c ..... `

security-libs/java.security

Issue Description
JDK-8295894

Removed SECOM Trust System's RootCA1 Root Certificate


The following root certificate from SECOM Trust System has been removed from the cacerts keystore: ``` + alias name "secomscrootca1 [jdk]" Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

```
JDK-8155246

Throw Error If Default java.security File Fails to Load


A behavioral change has been made when the default conf/security/java.security security configuration file fails to load. In such a scenario, the JDK will now throw an InternalError.

Such a scenario should never occur. The default security file should always be present. Prior to this change, a static security configuration was loaded.
JDK-8314960

Added Certigna Root CA Certificate


The following root certificate has been added to the cacerts truststore: ` + Certigna (Dhimyotis) + certignarootca DN: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR `

FIXED ISSUES

client-libs

Priority Bug Summary
P4 JDK-8307569 Build with gcc8 is broken after JDK-8307301

client-libs/2d

Priority Bug Summary
P3 JDK-8307603 [AIX] Broken build after JDK-8307301
P3 JDK-8307604 gcc12 based Alpine build broken build after JDK-8307301
P3 JDK-8312555 Ideographic characters aren't stretched by AffineTransform.scale(2, 1)
P3 JDK-8306881 Update FreeType to 2.13.0
P3 JDK-8307301 Update HarfBuzz to 7.2.0
P4 JDK-8311033 [macos] PrinterJob does not take into account Sides attribute
P4 JDK-8298974 Add ftcolor.c to imported freetype sources
P4 JDK-8295737 macOS: Print content cut off when width > height with portrait orientation
P4 JDK-8275303 sun/java2d/pipe/InterpolationQualityTest.java fails with D3D basic render driver
P4 JDK-8297681 Unnecessary color conversion during 4BYTE_ABGR_PRE to INT_ARGB_PRE blit

client-libs/java.awt

Priority Bug Summary
P2 JDK-8307799 Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause
P2 JDK-8311689 Wrong visible amount in Adjustable of ScrollPane
P3 JDK-6176679 Application freezes when copying an animated gif image to the system clipboard
P3 JDK-8286481 Exception printed to stdout on Windows when storing transparent image in clipboard
P3 JDK-8297923 java.awt.ScrollPane broken after multiple scroll up/down
P3 JDK-8310054 ScrollPane insets are incorrect
P3 JDK-8305815 Update Libpng to 1.6.39
P4 JDK-8314086 [11u] A typo in the fix for JDK-8312462 is causing test failure in ChildAlwaysOnTopTest.java
P4 JDK-8222323 ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
P4 JDK-8298921 Create a regression test for JDK-8139581
P4 JDK-8307135 java/awt/dnd/NotReallySerializableTest/NotReallySerializableTest.java failed
P4 JDK-8304054 Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed
P4 JDK-8306682 Open source a few more AWT Choice tests
P4 JDK-8306133 Open source few AWT Drag & Drop related tests
P4 JDK-8306954 Open source five Focus related tests
P4 JDK-8306484 Open source several AWT Choice jtreg tests
P4 JDK-8306137 Open source several AWT ScrollPane related tests
P4 JDK-8306638 Open source some AWT tests related to datatransfer and Toolkit
P4 JDK-8307128 Open source some drag and drop tests 4
P4 JDK-8307078 Opensource and clean up five more AWT Focus related tests
P4 JDK-8306718 Optimize and opensource some old AWT tests
P4 JDK-8297523 Various GetPrimitiveArrayCritical miss result - NULL check

client-libs/javax.accessibility

Priority Bug Summary
P4 JDK-8284524 Create an automated test for JDK-4422362
P4 JDK-8284767 Create an automated test for JDK-4422535

client-libs/javax.sound

Priority Bug Summary
P3 JDK-8269091 javax/sound/sampled/Clip/SetPositionHang.java failed with ArrayIndexOutOfBoundsException: Array index out of range: -4

client-libs/javax.swing

Priority Bug Summary
P3 JDK-8263970 Manual test javax/swing/JTextField/JapaneseReadingAttributes/JapaneseReadingAttributes.java failed
P4 JDK-8286172 Create an automated test for JDK-4516019
P4 JDK-8286620 Create regression test for verifying setMargin() of JRadioButton
P4 JDK-8285635 javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel
P4 JDK-8296084 javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM
P4 JDK-8306955 Open source several JComboBox jtreg tests
P4 JDK-8307133 Open source some JTable jtreg tests
P4 JDK-8307080 Open source some more JComboBox jtreg tests
P4 JDK-8225012 sanity/client/SwingSet/src/ToolTipDemoTest.java fails on Windows
P4 JDK-8299713 Test javax/swing/JTableHeader/6889007/bug6889007.java failed: Wrong type of cursor

core-libs/java.io

Priority Bug Summary
P3 JDK-8229333 java/io/File/SetLastModified.java timed out
P4 JDK-8249699 java/io/ByteArrayOutputStream/MaxCapacity.java should use @requires instead of @ignore

core-libs/java.lang

Priority Bug Summary
P3 JDK-8276651 java/lang/ProcessHandle tests fail with "RuntimeException: Input/output error" in java.lang.ProcessHandleImpl$Info.info0
P4 JDK-8260934 java/lang/StringBuilder/HugeCapacity.java fails without Compact Strings

core-libs/java.lang.invoke

Priority Bug Summary
P4 JDK-8292443 Weak CAS VarHandle/Unsafe tests should test always-failing cases

core-libs/java.math

Priority Bug Summary
P4 JDK-8232195 Enable BigInteger tests: DivisionOverflow, SymmetricRangeTests and StringConstructorOverflow
P4 JDK-8239007 java/math/BigInteger/largeMemory/ tests should be disabled on 32-bit platforms
P4 JDK-8232840 java/math/BigInteger/largeMemory/SymmetricRangeTests.java fails due to "OutOfMemoryError: Requested array size exceeds VM limit"
P4 JDK-8241097 java/math/BigInteger/largeMemory/SymmetricRangeTests.java requires -XX:+CompactStrings

core-libs/java.net

Priority Bug Summary
P3 JDK-8217237 HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers
P3 JDK-8223573 Replace wildcard address with loopback or local host in tests - part 4
P3 JDK-8223856 Replace wildcard address with loopback or local host in tests - part 8
P4 JDK-8232101 (sctp) Add minimal sanity tests for SCTP
P4 JDK-8223714 HTTPSetAuthenticatorTest could be made more resilient
P4 JDK-8229348 java/net/DatagramSocket/UnreferencedDatagramSockets.java fails intermittently
P4 JDK-8231037 java/net/InetAddress/ptr/Lookup.java fails intermittently due to reverse lookup failed
P4 JDK-8230132 java/net/NetworkInterface/NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling Pseudo-Interface
P4 JDK-8293562 KeepAliveCache Blocks Threads while Closing Connections
P4 JDK-8231516 network QuickAckTest.java failed due to "SocketException: maximum number of DatagramSockets reached"
P4 JDK-8305763 Parsing a URI with an underscore goes through a silent exception, negatively impacting performance
P4 JDK-8268464 Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
P4 JDK-8223783 sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections
P4 JDK-8229481 sun/net/www/protocol/https/ChunkedOutputStream.java failed with a SSLException

core-libs/java.nio

Priority Bug Summary
P3 JDK-8237183 Bug ID missing for test in patch which fixed JDK-8230665
P4 JDK-8224617 (fs) java/nio/file/FileStore/Basic.java found filesystem twice
P4 JDK-8283756 (zipfs) ZipFSOutputStreamTest.testOutputStream should only check inflated bytes
P4 JDK-8279536 jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out

core-libs/java.time

Priority Bug Summary
P4 JDK-8158880 test/java/time/tck/java/time/format/TCKDateTimeFormatterBuilder.java fail with zh_CN locale

core-libs/java.util.concurrent

Priority Bug Summary
P2 JDK-8259796 timed CompletableFuture.get may swallow InterruptedException
P3 JDK-8254350 CompletableFuture.get may swallow InterruptedException
P3 JDK-8300098 java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3

core-libs/java.util.jar

Priority Bug Summary
P3 JDK-8315135 Memory leak in the native implementation of Pack200.Unpacker.unpack()

core-libs/java.util:collections

Priority Bug Summary
P5 JDK-8229338 clean up test/jdk/java/util/RandomAccess/Basic.java

core-svc/debugger

Priority Bug Summary
P3 JDK-8234808 jdb quoted option parsing broken
P4 JDK-8260878 com/sun/jdi/JdbOptions.java fails without jfr

core-svc/java.lang.management

Priority Bug Summary
P3 JDK-8300659 Refactor TestMemoryAwareness to use WhiteBox api for host values

core-svc/javax.management

Priority Bug Summary
P3 JDK-8293657 sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake"

hotspot/compiler

Priority Bug Summary
P2 JDK-8307572 AArch64: Vector registers are clobbered by some macroassemblers
P3 JDK-8299658 C1 compilation crashes in LinearScan::resolve_exception_edge
P3 JDK-8289748 C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM
P3 JDK-8297730 C2: Arraycopy intrinsic throws incorrect exception
P3 JDK-8303511 C2: assert(get_ctrl(n) == cle_out) during unrolling
P3 JDK-8301491 C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument
P3 JDK-8201516 DebugNonSafepoints generates incorrect information
P4 JDK-8306636 Disable compiler/c2/Test6905845.java with -XX:TieredStopAtLevel=3
P4 JDK-8313878 Exclude two compiler/rtm/locking tests on ppc64le
P4 JDK-8218471 generate-unsafe-access-tests.sh does not correctly invoke build.tools.spp.Spp
P4 JDK-8273807 Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java
P5 JDK-8301959 Compile command in compiler.loopopts.TestRemoveEmptyCountedLoop does not work

hotspot/gc

Priority Bug Summary
P3 JDK-8310176 JDK 11 G1 crash during full GC with +UseStringDeduplication
P4 JDK-8315529 [11u] Exclude some failing Z-GC tests

hotspot/jfr

Priority Bug Summary
P4 JDK-8313803 [11u] Exclude jdk/jfr/event/sampling/TestStackFrameLineNumbers.java

hotspot/jvmti

Priority Bug Summary
P2 JDK-8291830 jvmti/RedefineClasses/StressRedefine failed: assert(!is_null(v)) failed: narrow klass value can never be zero
P3 JDK-8221372 Test vmTestbase/nsk/jvmti/GetThreadState/thrstat001/TestDescription.java times out
P3 JDK-8257993 vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine/TestDescription.java crash intermittently
P4 JDK-8211343 nsk_jvmti_parseoptions should handle multiple suboptions
P4 JDK-8216059 nsk_jvmti_parseoptions still has dependency on tilde separator

hotspot/runtime

Priority Bug Summary
P4 JDK-8239537 cgroup MetricsTester testMemorySubsystem fails sometimes when testing memory.kmem.tcp.usage_in_bytes
P4 JDK-8314950 CMS may miss NMT tag after mark stack expansion
P4 JDK-8299424 containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit
P4 JDK-8309138 Fix container tests for jdks with symlinked conf dir
P4 JDK-8265980 Fix systemDictionary and loaderConstraints printing
P4 JDK-8312138 jcmd VM.metaspace vslist has no newline character before the Class: label.
P4 JDK-8229147 Linux os::create_thread() overcounts guardpage size with newer glibc (>=2.27)
P4 JDK-8297887 Update Siphash
P4 JDK-8305421 Work around JDK-8305420 in CDSJDITest.java

hotspot/svc

Priority Bug Summary
P4 JDK-8313796 AsyncGetCallTrace crash on unreadable interpreter method pointer
P4 JDK-8181383 com/sun/jdi/OptionTest.java fails intermittently with bind failed: Address already in use

hotspot/svc-agent

Priority Bug Summary
P4 JDK-8217612 (CL)HSDB cannot show some JVM flags
P4 JDK-8243210 ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace
P4 JDK-8217850 CompressedClassSpaceSizeInJmapHeap fails after JDK-8217612

hotspot/test

Priority Bug Summary
P4 JDK-8313159 [11u] Fix test SSLEngineKeyLimit.java after Merge error
P4 JDK-8244078 ProcessTools executeTestJvm and createJavaProcessBuilder have inconsistent handling of test.*.opts
P5 JDK-8252530 Fix inconsistencies in hotspot whitebox

infrastructure

Priority Bug Summary
P4 JDK-8309108 Bump update version for OpenJDK: jdk-11.0.21

infrastructure/build

Priority Bug Summary
P3 JDK-8291444 GHA builds/tests won't run manually if disabled from automatic running
P4 JDK-8304867 Explicitly disable dtrace for ppc builds

infrastructure/release_eng

Priority Bug Summary
P4 JDK-8317644 [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.21

security-libs/java.security

Priority Bug Summary
P2 JDK-8314960 Add Certigna Root CA - 2
P3 JDK-8293858 Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG
P3 JDK-8224729 Cleanups in sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
P3 JDK-8239264 Clearup the legacy ObjectIdentifier constructor from int array
P3 JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration
P3 JDK-8242897 KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException
P3 JDK-8255348 NPE in PKIXCertPathValidator event logging code
P3 JDK-8295894 Remove SECOM certificate that is expiring in September 2023
P3 JDK-8228403 SignTwice.java failed with java.io.FileNotFoundException: File name too long
P3 JDK-8224768 Test ActalisCA.java fails
P3 JDK-8155246 Throw error if default java.security file is missing
P3 JDK-8302182 Update Public Suffix List to 88467c9
P4 JDK-8271838 AmazonCA.java interop test fails
P4 JDK-8317040 Exclude cleaner test failing on older releases
P4 JDK-8292297 Fix up loading of override java.security properties file
P4 JDK-8277353 java/security/MessageDigest/ThreadSafetyTest.java test times out
P4 JDK-8297955 LDAP CertStore should use LdapName and not String for DNs
P4 JDK-8239333 Mark test AmazonCA.java with intermittent key
P4 JDK-8292033 Move jdk.X509Certificate event logic to JCA layer
P4 JDK-8309088 security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
P4 JDK-8238157 security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java test failures because of revocation date
P4 JDK-8247895 SHA1PRNGReseed.java is calling setSeed(0)
P4 JDK-8308156 VerifyCACerts.java misses blank in error output

security-libs/javax.crypto

Priority Bug Summary
P3 JDK-8023980 JCE doesn't provide any class to handle RSA private key in PKCS#1
P3 JDK-8247968 test/jdk/javax/crypto/SecretKeyFactory/security.properties has wrong header
P4 JDK-8260274 Cipher.init(int, key) does not use highest priority provider for random bytes

security-libs/javax.crypto:pkcs11

Priority Bug Summary
P3 JDK-8209398 sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
P3 JDK-8226221 Update PKCS11 tests to use NSS 3.46 libs
P4 JDK-8231357 sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14

security-libs/javax.net.ssl

Priority Bug Summary
P3 JDK-8301700 Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit
P3 JDK-8240193 loadLibrary("osxsecurity") should not be removed
P3 JDK-8168261 Use server cipher suites preference by default

security-libs/javax.security

Priority Bug Summary
P3 JDK-8242330 Arrays should be cloned in several JAAS Callback classes
P3 JDK-8284910 Buffer clean in PasswordCallback

security-libs/jdk.security

Priority Bug Summary
P3 JDK-8220410 sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed with missing expected output
P4 JDK-8228341 SignTwice.java fails intermittently on Windows

security-libs/org.ietf.jgss

Priority Bug Summary
P3 JDK-8303809 Dispose context in SPNEGO NegotiatorImpl

security-libs/org.ietf.jgss:krb5

Priority Bug Summary
P3 JDK-8274205 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

tools/javac

Priority Bug Summary
P3 JDK-8217395 Update langtools shell tests to use ${EXE_SUFFIX}
P4 JDK-8300751 [17u] Remove duplicate entry in javac.properties

tools/javadoc(tool)

Priority Bug Summary
P3 JDK-8293180 JQuery UI license file not updated
P4 JDK-8297437 javadoc cannot link to old docs (with old style anchors)
P4 JDK-8248001 javadoc generates invalid HTML pages whose ftp:// links are broken
P4 JDK-8302161 Upgrade jQuery UI to version 1.13.2

tools/jshell

Priority Bug Summary
P3 JDK-8304498 JShell does not switch to raw mode when there is no /bin/test
P3 JDK-8297587 Upgrade JLine to 3.22.0

tools/launcher

Priority Bug Summary
P4 JDK-8212045 Add back the tests that were removed from HashesTest.java and AddExportsTest.java
P4 JDK-8305950 Have -XshowSettings option display tzdata version

xml

Priority Bug Summary
P4 JDK-8274606 Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test
P4 JDK-8268457 XML Transformer outputs Unicode supplementary character incorrectly to HTML

xml/jaxp

Priority Bug Summary
P4 JDK-8289508 Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling
P4 JDK-8301269 Update Commons BCEL to Version 6.7.0