Software Update: Oracle Java 13.0.2 / 11.0.6 / 8u241

Oracle has released versions 13.0.2, 11.0.6, and 8u241 of Java Standard Edition. Oracle has released only the Java SE Development Kit (JDK) since version 11.x, in both the Oracle JDK- as the OpenJDKflavor, the latter being offered under the gpl license. Java Runtime Environment (JRE) and Server Java Runtime Environment (Server JRE) are no longer being released. However, it is possible to jlink compose a smaller runtime. The release notes for these versions are as follows:

Java™ SE Development Kit 13.0.2 (JDK 13.0.2)

The full version string for this update release is 13.0.2+8 (where “+” means “build”). The version number is 13.0.2.

IANA Dates 2019c
JDK 13.0.2 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.

Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the following Security Baseline page can be used to determine which is the latest version for each release family. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 13.0.2) be used after the next critical patch update scheduled for April 14, 2020.

Other notes

  • security-libs/java.security ➜ New Checks on Trust Anchor Certificates
  • security-libs/java.security ➜ Exact Match Required for Trusted TLS Server Certificate
  • security-libs/java.security ➜ Added LuxTrust Global Root 2 Certificate
  • security-libs/java.security ➜ Added 4 Amazon Root CA Certificates
  • core-libs/java.rmi Improve Registry support

Bug Fixes
The following are some of the notable bug fixes included in this release:

  • core-libs/java.io:serialization Better Serial Filter Handling

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 13.0.2 Bug Fixes page.

Java™ SE Development Kit 11.0.6 (JDK 11.0.6)

The full version string for this update release is 11.0.6+8 (where “+” means “build”). The version number is 11.0.6.

IANA Dates 2019c
JDK 11.0.6 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.

Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the following Security Baseline page can be used to determine which is the latest version for each release family. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.6) be used after the next critical patch update scheduled for April 14, 2020.

New Features

  • security-libs/javax.security ➜ Allow SASL Mechanisms to Be Restricted
  • security-libs/javax.crypto:pkcs11 ➜ SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40

Other notes

  • security-libs/java.security ➜ New Checks on Trust Anchor Certificates
  • security-libs/java.security ➜ Exact Match Required for Trusted TLS Server Certificate
  • security-libs/java.security ➜ Added LuxTrust Global Root 2 Certificate
  • security-libs/java.security ➜ Added 4 Amazon Root CA Certificates
  • hotspot/compiler ➜ Turn off AOT by Default and Change Related Flags to Experimental

Bug Fixes
The following are some of the notable bug fixes included in this release:

  • security-libs/javax.crypto:pkcs11 ➜ Memory Growth Issue in SunPKCS11 Fixed
  • core-libs/java.io:serialization Better Serial Filter Handling

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 11.0.6 Bug Fixes page.

Java™ SE Development Kit 8, Update 241 (JDK 8u241)

The full version string for this update release is 1.8.0_241-b07 (where “b” means “build”). The version number is 8u241.

IANA Dates 2019c
JDK 8u241 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.

Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update (CPU). In order to determine if a release is the latest, the following Security Baseline page can be used to determine which is the latest version for each release family. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u241) be used after the next critical patch update scheduled for April 14, 2020. Java SE Subscription customers managing JRE updates/installs for large number of desktops should consider using Java Advanced Management Console (AMC) . For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u241) on May 14, 2020. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.

New Features

  • security-libs/javax.security ➜ Allow SASL Mechanisms to Be Restricted
  • security-libs/javax.crypto:pkcs11 ➜ SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40

Other notes

  • security-libs/java.security ➜ New Checks on Trust Anchor Certificates
  • security-libs/java.security ➜ Exact Match Required for Trusted TLS Server Certificate
  • security-libs/java.security ➜ Added LuxTrust Global Root 2 Certificate
  • security-libs/java.security ➜ Added 4 Amazon Root CA Certificates
  • core-libs/java.rmi ➜ Improve Registry Support

Bug Fixes
The following are some of the notable bug fixes included in this release:

  • client-libs/2d ➜ Support for OpenType CFF Fonts
  • core-libs/java.io:serialization Better Serial Filter Handling

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u241 Bug Fixes page.

Version number 13.0.2 / 11.0.6 / 8u241
Release status Final
Website Oracle
Download https://www.oracle.com/technetwork/java/javase/downloads/index.html
License type Conditions (GNU/BSD/etc.)
Comments
Loading...