stable

OpenJDK 11.0.18 for Fedora 37

FEDORA-2023-d6bd6ec00b created by ahughes a year ago for Fedora 37

New in release OpenJDK 11.0.18 (2023-01-17)

CVEs Fixed

  • CVE-2023-21835
  • CVE-2023-21843

Security Fixes

  • JDK-8286070: Improve UTF8 representation
  • JDK-8286496: Improve Thread labels
  • JDK-8287411: Enhance DTLS performance
  • JDK-8288516: Enhance font creation
  • JDK-8289350: Better media supports
  • JDK-8293554: Enhanced DH Key Exchanges
  • JDK-8293598: Enhance InetAddress address handling
  • JDK-8293717: Objective view of ObjectView
  • JDK-8293734: Improve BMP image handling
  • JDK-8293742: Better Banking of Sounds
  • JDK-8295687: Better BMP bounds

Major Changes

JDK-8295687: Better BMP bounds

Loading a linked ICC profile within a BMP image is now disabled by default. To re-enable it, set the new system property sun.imageio.bmp.enabledLinkedProfiles to true. This new property replaces the old property, sun.imageio.plugins.bmp.disableLinkedProfiles.

JDK-8293742: Better Banking of Sounds

Previously, the SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, would download a JAR soundbank from a URL. This behaviour is now disabled by default. To re-enable it, set the new system property jdk.sound.jarsoundbank to true.

JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set

Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to hold principals and credentials so that it rejected null values. Attempts to call add(null), contains(null) or remove(null) were changed to throw a NullPointerException.

However, the logout() methods in the LoginModule implementations within the JDK were not updated to check for null values, which may occur in the event of a failed login. As a result, a logout() call may throw a NullPointerException.

The LoginModule implementations have now been updated with such checks and an implementation note added to the specification to suggest that the same change is made in third party modules. Developers of third party modules are advised to verify that their logout() method does not throw a NullPointerException.

JDK-8287411: Enhance DTLS performance

The JDK now exchanges DTLS cookies for all handshakes, new and resumed. The previous behaviour can be re-enabled by setting the new system property jdk.tls.enableDtlsResumeCookie to false.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-d6bd6ec00b

This update has been submitted for testing by ahughes.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

ahughes edited this update.

a year ago

This update has been pushed to testing.

a year ago
User Icon nixuser commented & provided feedback a year ago
karma

NetBeans 16 can run fine in the new JDK11 and JDK17.

User Icon besser82 commented & provided feedback a year ago
karma

Works great! LGTM! =)

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
approved
a year ago

Automated Test Results