Liberica JDK 11.0.26+9: Release Notes

JDK-8335912/JDK-8337499

Summary: Add an operation mode to the jar command when extracting to not overwrite existing files

Description: In previous OpenJDK releases, when the jar tool extracted files from an archive, it would overwrite any existing files with the same name in the target directory. With this release, a new option ('-k' or '--keep-old-files') may be specified so that existing files are not overwritten. The option may be specified in short or long option form, as in the following examples: '* jar xkf foo.jar', '* jar --extract --keep-old-files --file foo.jar'. By default, the old behaviour remains in place and files are overwritten.

JDK-8339914

Summary: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods

Description: The ClassLoadingMXBean and MemoryMXBean APIs have setVerbose methods to control verbose mode and isVerbose methods to query it. Some JCK tests expect setVerbose(false) to disable verbose mode and, subsequently, isVerbose() to return false. However, if logging to a file is enabled by using '-Xlog' on the java launcher command line, isVerbose() returned true even after calling setVerbose(false).

JDK-8339915

Summary: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs

Description: Google and Mozilla have announced plans to distrust TLS Server certificates issued by Entrust. This enhancement implements similar restrictions in the JDK. The restrictions is enforced in the SunJSSE Provider of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the Certificate Authorities specified in this issue and the certificate’s notBefore date is after October 31, 2024. If necessary, you can work around the restrictions by removing 'ENTRUST_TLS' from the 'jdk.security.caDistrustPolicies' security property.

JDK-8341396

Summary: Add 2 SSL.com TLS roots

Description: New SSL.com TLS roots are added as they are the issuing CA used by Entrust going forward.

JDK-8341397

Summary: Change Entrust TLS distrust date to November 12, 2024

Description: Google has changed their distrust date for Entrust from November 1 to November 12, 2024. Entrust has also changed the date they plan to use SSL.com as the issuing CA for public TLS server certificates to November 12. To align with those updated dates, the distrust date was changed to November 12, 2024.

JDK-8342374

Summary: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

Description: The LDAP Naming Service Provider implementation’s default settings can be improved by disallowing the reconstruction of Java objects from different LDAP attributes (RFC 2713). Changes include the following modifications: Extended the scope of the system property to cover the creation of RMI remote objects from the 'javaRemoteLocation' LDAP attribute; Updated the default value of 'com.sun.jndi.ldap.object.trustSerialData' system property to "false". That prevents the deserialization of java objects from the 'javaSerializedData' and the 'javaRemoteLocation' LDAP attributes.

JDK-8345140

Summary: Update Timezone Data to 2024b

Description: This OpenJDK release upgrades the in-tree copy of the IANA timezone database to 2024b. This timezone update is primarily concerned with improving historical data for Mexico, Mongolia and Portugal. It also makes Asia/Choibalsan an alias for Asia/Ulaanbaatar and makes the MET timezone the same as CET.

JDK-8211920

Close server socket and cleanups in test/jdk/javax/naming/module/RunBasic.java

JDK-8224624

Inefficiencies in CodeStrings::add_comment cause timeouts

JDK-8225045

javax/swing/JInternalFrame/8146321/JInternalFrameIconTest.java fails on linux-x64

JDK-8232367

Update Reactive Streams to 1.0.3 — tests only

JDK-8247706

Unintentional use of new Date(year…​) with absolute year

JDK-8251188

Update LDAP tests not to use wildcard addresses

JDK-8299254

Support dealing with standard assert macro

JDK-8303920

Avoid calling out to python in DataDescriptorSignatureMissing test

JDK-8315936

Parallelize gc/stress/TestStressG1Humongous.java test

JDK-8316193

jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak

JDK-8328300

Convert PrintDialogsTest.java from Applet to main program

JDK-8328642

Convert applet test MouseDraggedOutCauseScrollingTest.html to main

JDK-8330045

Enhance array handling

JDK-8334332

TestIOException.java fails if run by root

JDK-8335428

Enhanced Building of Processes

JDK-8335801

[11u] Backport of 8210988 to 11u removes gcc warnings

JDK-8336564

Enhance mask blit functionality redux

JDK-8338402

GHA: some of bundles may not get removed

JDK-8339082

Bump update version for OpenJDK: jdk-11.0.26

JDK-8339470

[17u] More defensive fix for 8163921

JDK-8339637

(tz) Update Timezone Data to 2024b

JDK-8339644

Improve parsing of Day/Month in tzdata rules

JDK-8339803

Acknowledge case insensitive unambiguous keywords in tzdata files

JDK-8340552

Harden TzdbZoneRulesCompiler against missing zone names

JDK-8340671

GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1

JDK-8340815

Add SECURITY.md file

JDK-8342426

[11u] javax/naming/module/RunBasic.java javac compile fails

JDK-8342629

[11u] Properly message out that shenandoah is disabled

JDK-8301312

Create implementation of NSAccessibilityButton protocol

JDK-8311806

Class ButtonAccessibility is implemented twice

JDK-8333374

Cannot invoke "com.sun.prism.RTTexture.contentsUseful()" because "this.txt" is null

JDK-8334656

Enable issuestitle check

JDK-8334657

Enable binary check

JDK-8334713

WebKit build failed on LoongArch64 because currentStackPointer is undefined

JDK-8335714

Enhance playing MP3s

JDK-8335715

Improve Direct Show support

JDK-8340208

Additional WebKit 619.1 fixes from WebKitGTK 2.44.4

JDK-8341920

Intermittent WebKit build failure on Windows generating PDB files in 619.1

JDK-8343630

Pass AccessControlContext to/from WebKit as opaque object