Le 20/05/2019 à 14:38, Aleksey Shipilev a écrit : > Yes. Security fixes and Japanese epoch changes are delivered in 11.0.3+7, > after security embargo was > lifted. The fixes are not in 11.0.3+6, which was tagged before the embargo > lifted. You are looking > for these: > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/175eb80c253a > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/2996b4523925 > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/f0d8b845de21 > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/1084d119236b > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c61b8801f0e4 > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/59610bddd37a > > So yes, I would say the update should be high priority.
OpenJDK 11.0.3 GA is now available in stretch-backports for amd64, the other architectures are still building [1] and will follow soon. Since I couldn't upload 11.0.3+7 directly I've uploaded 11.0.3+1 with a patch containing the changes up to 11.0.3+7 (the patch is only ~1000 lines long, so it's still reasonable). The version of the package could be misleading since it's still 11.0.3+1, but I've taken care to ensure that "java -version" reports 11.0.3+7. Disclaimer: this backport remains a technology preview for Debian 9 "Stretch", I'll do my best to maintain it but I can't guarantee any ETA on the updates (co-maintainers would be welcome). Anyone serious about using OpenJDK 11 in production should switch to Debian 10 "Buster" when it's released. OpenJDK 11 in Buster will be tracked by the Security Team and is guaranteed to work with the Java applications and libraries packaged in Debian. Emmanuel Bourg [1] https://buildd.debian.org/status/package.php?p=openjdk-11&suite=stretch-backports
