-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-d6bd6ec00b 2023-02-05 01:46:08.509290 -------------------------------------------------------------------------------- Name : java-11-openjdk Product : Fedora 37 Version : 11.0.18.0.10 Release : 1.fc37 URL : http://openjdk.java.net/ Summary : OpenJDK 11 Runtime Environment Description : The OpenJDK 11 runtime environment. -------------------------------------------------------------------------------- Update Information: # New in release [OpenJDK 11.0.18](https://bit.ly/openjdk11018) (2023-01-17) ## CVEs Fixed - CVE-2023-21835 - CVE-2023-21843 ## Security Fixes - JDK-8286070: Improve UTF8 representation - JDK-8286496: Improve Thread labels - JDK-8287411: Enhance DTLS performance - JDK-8288516: Enhance font creation - JDK-8289350: Better media supports - JDK-8293554: Enhanced DH Key Exchanges - JDK-8293598: Enhance InetAddress address handling - JDK-8293717: Objective view of ObjectView - JDK-8293734: Improve BMP image handling - JDK-8293742: Better Banking of Sounds - JDK-8295687: Better BMP bounds ## Major Changes ### JDK-8295687: Better BMP bounds Loading a linked ICC profile within a BMP image is now disabled by default. To re-enable it, set the new system property `sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property replaces the old property, `sun.imageio.plugins.bmp.disableLinkedProfiles`. ### JDK-8293742: Better Banking of Sounds Previously, the SoundbankReader implementation, `com.sun.media.sound.JARSoundbankReader`, would download a JAR soundbank from a URL. This behaviour is now disabled by default. To re-enable it, set the new system property `jdk.sound.jarsoundbank` to `true`. ### [JDK-8282730](https://bugs.openjdk.org/browse/JDK-8282730): New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set Back in OpenJDK 9, [JDK-8015081](https://bugs.openjdk.org/browse/JDK-8015081) changed the `Set` implementation used to hold principals and credentials so that it rejected `null` values. Attempts to call `add(null)`, `contains(null)` or `remove(null)` were changed to throw a `NullPointerException`. However, the `logout()` methods in the `LoginModule` implementations within the JDK were not updated to check for `null` values, which may occur in the event of a failed login. As a result, a `logout()` call may throw a `NullPointerException`. The `LoginModule` implementations have now been updated with such checks and an implementation note added to the specification to suggest that the same change is made in third party modules. Developers of third party modules are advised to verify that their `logout()` method does not throw a `NullPointerException`. ### JDK-8287411: Enhance DTLS performance The JDK now exchanges DTLS cookies for all handshakes, new and resumed. The previous behaviour can be re-enabled by setting the new system property `jdk.tls.enableDtlsResumeCookie` to `false`. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 26 2023 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.18.0.10-1 - Update to jdk-11.0.18+10 (GA) - Update release notes to 11.0.18+10 - Switch to GA mode for release * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:11.0.18.0.9-0.1.ea.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Dec 29 2022 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.18.0.9-0.1.ea - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone * Thu Dec 15 2022 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.18.0.1-0.1.ea - Update to jdk-11.0.18+1 - Update release notes to 11.0.18+1 - Switch to EA mode for 11.0.18 pre-release builds. - Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d6bd6ec00b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
