Liberica JDK 8u492+9: Release Notes
Published: April 21, 2026
1. Version information
This document provides information about Liberica JDK 8u492 release. The full version string for this update release is 8u492+9. The version number is 8.
Liberica JDK 8 is distributed as .apk, .rpm, .zip, .deb, .pkg, and .tar.gz packages. Please select the most appropriate for your purposes.
2. What’s New
This release contains the following updates and new features.
Notable Changes
This is the list of the notable issues fixed in this release.
| Issue ID | |
|---|---|
JDK-8369282 | Summary: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA Description: TLS server certificates anchored by the Chunghwa root CAs are distrusted or distrusted after a specific date by Google and Mozilla. The restrictions will be enforced in the SunJSSE Provider of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server’s certificate chain is anchored by any of the mentioned Certificate Authorities and the certificate’s notBefore date is after March 17, 2026. An application will receive an Exception with a message indicating the trust anchor (root) is not trusted. |
JDK-8373476 | Summary: Update Timezone Data to 2025c Description: The 2025c release of the tz code and data is available. This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California. This release contains several code changes for compatibility with FreeBSD. |
IANA TZ Data version
This release of Liberica JDK 8u492 comes with the 2025c version of the in-tree copy of the IANA timezone database. The following are the key features of this version.
This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California.
Briefly
Several code changes for compatibility with FreeBSD.
Changes to past timestamps
Baja California agreed with California’s DST rules in 1953 and in 1961 through 1975, instead of observing standard time all year.
Changes to build procedure
Files in distributed tarballs now have correct commit times. Formerly, the committer’s time zone was incorrectly ignored.
Changes to code
An unset TZ is no longer invalid when /etc/localtime is missing, and is abbreviated "UTC" not "-00". This reverts to 2024b behavior.
New function offtime_r, short for fixed-offset localtime_rz. It is defined if STD_INSPIRED is defined.
Changes to commentary
The leapseconds file contains commentary about the IERS and NIST last-modified and expiration timestamps for leap second data.
For more information, see JDK-8373476.
3. Known Issues
This release does not contain any known issues.
4. Fixed CVEs
This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.
| CVE ID | CVSS score | Component | Module | Attack Vector | Complexity | Privileges | User Interaction | Scope | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2026-20652 | 7.5 | javafx | web | network | low | none | none | unchanged | none | none | high |
CVE-2026-22007 | 2.9 | security-libs | java.security | local | high | none | none | unchanged | low | none | none |
CVE-2026-22013 | 5.3 | security-libs | org.ietf.jgss | network | high | none | required | unchanged | high | none | none |
CVE-2026-22016 | 7.5 | xml | jaxp | network | low | none | none | unchanged | high | none | none |
CVE-2026-22018 | 3.7 | core-libs | java.util | network | high | none | none | unchanged | none | none | low |
CVE-2026-22021 | 5.3 | security-libs | java.security | network | low | none | none | unchanged | none | none | low |
CVE-2026-23865 | 5.3 | client-libs | 2d | local | low | none | required | unchanged | low | low | low |
CVE-2026-34268 | 2.9 | security-libs | java.security | local | high | none | none | unchanged | low | none | none |
5. Resolved Issues
JDK issues
This is the list of general JDK issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-8056039 | Hotspot does not compile with clang 3.4 on Linux |
JDK-8074840 | Resolve disabled warnings for libjli and libjli_static |
JDK-8132786 | java/security/cert/CertPathValidator/OCSP/AIACheck.java fails intermittently |
JDK-8153147 | Mark java/net/BindException/Test.java as intermittently failing |
JDK-8157758 | JDK9 does not compile on Linux with GCC 6.1 because left-shifting a negative number has undefined behavior |
JDK-8170464 | Remove shell script from compiler/c2/cr7005594/Test7005594.java |
JDK-8174734 | Safepoint sync time did not increase |
JDK-8186149 | quarantine gc/survivorAlignment/TestPromotionFromSurvivorToTenuredAfterMinorGC.java |
JDK-8220658 | Improve the readability of container information in the error log |
JDK-8223145 | Replace wildcard address with loopback or local host in tests - part 1 |
JDK-8225487 | giflib legal file is missing attribution for openbsd-reallocarray.c. |
JDK-8237834 | com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout |
JDK-8251189 | com/sun/jndi/ldap/LdapDnsProviderTest.java failed due to timeout |
JDK-8264524 | jdk/internal/platform/docker/TestDockerMemoryMetrics.java fails due to swapping not working |
JDK-8274893 | Update java.desktop classes to use try-with-resources |
JDK-8277159 | Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points |
JDK-8284758 | [linux] improve print_container_info |
JDK-8285836 | sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server" |
JDK-8287011 | Improve container information |
JDK-8303482 | Update LCMS to 2.15 |
JDK-8312518 | [macos13] setFullScreenWindow() shows black screen on macOS 13 & above |
JDK-8313770 | jdk/internal/platform/docker/TestSystemMetrics.java fails on Ubuntu |
JDK-8328999 | Update GIFlib to 5.2.2 |
JDK-8343622 | AesDkCrypto.stringToKey should not return null |
JDK-8345578 | New test in JDK-8343622 fails with a promoted build |
JDK-8347911 | Limit the length of inflated text chunks |
JDK-8348014 | Enhance certificate processing |
JDK-8350813 | Rendering of bulky sound bank from MIDI sequence can cause OutOfMemoryError |
JDK-8353657 | [8u] Test tools/launcher/VersionCheck.java fails with debug build |
JDK-8360869 | jcstress is able to crash jdk8 on aarch64 with jfr on |
JDK-8361748 | Enforce limits on the size of an XBM image |
JDK-8364373 | Transform Affine transformations |
JDK-8364465 | Enhance behavior of some intrinsics |
JDK-8364660 | ClassVerifier::ends_in_athrow() should be removed |
JDK-8369226 | GHA: Switch to MacOS 15 |
JDK-8369282 | Distrust TLS server certificates anchored by Chunghwa ePKI Root CA |
JDK-8369575 | Enhance crypto algorithm support |
JDK-8370529 | Enhance Path Factories Redux |
JDK-8370615 | Improve Kerberos credentialing |
JDK-8370986 | Enhance Zip file reading |
JDK-8370995 | Enhance ZipFile usage |
JDK-8371830 | Enhance certificate chain validation |
JDK-8371935 | Enhance key generation |
JDK-8372660 | [8u] ProblemList TestCPUAwareness until 8370492 is addressed |
JDK-8373250 | Bump update version of OpenJDK: 8u492 |
JDK-8373290 | Update FreeType to 2.14.1 |
JDK-8373476 | (tz) Update Timezone Data to 2025c |
JDK-8373727 | New XBM images parser regression: only the first line of the bitmap array is parsed |
JDK-8374899 | [8u] Fully handle clang as the toolchain in flags.m4 |
JDK-8374917 | [8u] C++ flags get passed to C compiles in the HotSpot build |
JDK-8374948 | [8u] saproc & jsig builds add duplicate linker flags on Darwin/MacOS |
JDK-8375063 | Update Libpng to 1.6.54 |
JDK-8375189 | [8u] Problem list CAInterop.java#microsoftrsa2017 |
JDK-8376225 | [8u] GHA: Apply work-around for missing JNF for MacOSX builds |
JDK-8376272 | [8u] Windows x86-32 fails to build after JDK-8359501 |
JDK-8376338 | Test7005594.sh fails when given a memory value with decimals |
JDK-8376352 | [8u] Build failure on Windows 32-bit after JDK-8362308 |
JDK-8377344 | [8u] Compilation failure on Windows for Linux-specific platform metric tests |
JDK-8377526 | Update Libpng to 1.6.55 |
JDK-8379035 | (tz) Update Timezone Data to 2026a |
JDK-8379158 | Update FreeType to 2.14.2 |
JDK-8379256 | Update GIFlib to 6.1.1 |
JDK-8380078 | Update GIFlib to 6.1.2 |
JDK-8380959 | Update Libpng to 1.6.56 |
JDK-8382047 | Update Libpng to 1.6.57 |
JFX issues
This is the list of JFX issues fixed in this release.
| Issue ID | Summary |
|---|---|
JDK-8278021 | Fix warnings in macOS glass native code and treat warnings as errors |
JDK-8336938 | Update libFFI to 3.4.6 |
JDK-8347937 | Canvas pattern test fails and crashes on WebKit 620.1 |
JDK-8368572 | Update WebKit to 623.1 |
JDK-8371052 | Update libFFI to 3.5.2 |
JDK-8374153 | Add a MAX_COMPILE_THREADS gradle property to limit number of threads |
JDK-8375225 | WebIObserverTest fails with WebKit 623.1 |
JDK-8376282 | [linux, macos] JavaFX fails to build WebKit in DebugNative |
JDK-8377099 | Additional WebKit 623.1 fixes from WebKitGTK 2.50.4 |
JDK-8377930 | Additional WebKit 623.1 fixes from WebKitGTK 2.50.5 |
JDK-8380557 | Additional WebKit 623.1 fixes from WebKitGTK 2.50.6 |
6. Updates to Third Party Libraries
This is the list of changes in the third party libraries.
| Library | Full name | New Version | Module | JBS number |
|---|---|---|---|---|
FreeType | FreeType | 2.14.2 | java.desktop | JDK-8379158 |
GIFlib | GIFlib | 6.1.2 | java.desktop | JDK-8380078 |
Libpng | Libpng | 1.6.57 | java.awt | JDK-8382047 |
7. Upgrading to the New Version
To keep your Liberica JDK up-to-date and secure, always upgrade to the newest available version once it is released. To upgrade, install the new version over the previous one. For the installation instructions, see Liberica JDK Installation Guide.