- Click to view our Accessibility Policy
- Skip to content
Looking for other Java downloads?
Java 19 and Java 17 available now
Java 17 LTS is the latest long-term support release for the Java SE platform. JDK 19 and JDK 17 binaries are free to use
in production and free to redistribute, at no cost, under the
Oracle No-Fee Terms and Conditions.
JDK 19 will receive updates under these terms, until March 2023 when it will be superseded by JDK 20.
JDK 17 will receive updates under these terms, until at least September 2024.
Protect your investment—and more
Java SE subscribers get support for JDK 17, receive updates until at least October 2029, are entitled to GraalVM
Enterprise, Java Management Service, and bundled patch releases (BPRs) with fixes not yet available to
nonsubscribers, and more.
Java SE subscribers have more choices
Also available for development, personal use, and to run other licensed Oracle products.
JDK (так же известен как Java Development Kit и Java SE) — один из ключевых пакетов инструментов для разработки программного обеспечения на платформе Java, включающий в себя виртуальную машину, исполнительную систему Java Runtime Environment, библиотеки классов, документацию, а так же компилятор javac.
Начинающие разработчики часто путают между собой пакеты JVM, JRE и JDK, да и в принципе слабо представляют, чем они различаются, поэтому внесём немного ясности в этот вопрос:
- JVM (Java Virtual Machine) — это виртуальная машина Java, исполняющая байт-код, который создаётся из исходных текстов компилятором javac.
- JRE (Java Runtime Environment) — минимальная среда выполнения, в которую входит JVM и библиотеки Java-классов. Именно этот пакет обязательно нужно устанавливать на компьютер с «чистой» операционной системой Windows, чтобы корректно выполнялись приложения написанные на Java.
- JDK (Java Development Kit) — бесплатный пакет для разработчиков, состоящий из JRE и средств разработчика, в которые входят компилятор javac, различные утилиты, документация и примеры. Так же сами пакеты JDK бывают нескольких различных модификаций:
- Java SE Development Kit — стандартный комплект (Standard Edition) для разработки приложений для настольных компьютеров и серверов;
- Java ЕЕ Development Kit — комплект Enterprise Edition, с дополнительными инструментами для разработки корпоративных приложений;
- Java ME Development Kit — компактная версия платформы (Micro Edition), в основном предназначенная для разработки приложений для встраиваемых и мобильных устройств.
Являясь новичком в программировании, используйте Java SE Development Kit, который подходит для большинства целей, при необходимости можно в любой момент переключиться на более подходящий пакет. При этом нужно понимать, что в Java Development Kit не входит непосредственно редактор кода и для написания программ нужно использовать стороннюю интегрированную среду разработки, например, вполне подойдут бесплатные Eclipse, Brackets или NetBeans IDE.
В данный момент для скачивания доступны Java SE Development Kit 8, 11 и 13, однако учитывая полную обратную совместимость, лучше всего использовать самую последнюю версию или версию с пометкой LTS, которая имеет наиболее длительный период поддержки. Кроме того, последняя версия JDK содержит в себе наиболее актуальный функционал, который невозможно использовать в предыдущих версиях пакета.
The full version string for this update release is 11.0.18+11 (where «+» means «build»). The version number is 11.0.18.
Complete release notes for Java 11 can be found here.
What is Java?
Java is a programming language and software platform. Examples of applications that use Java are numerous and widespread but include web browsers, office applications and even mainstream games like Minecraft are based on Java.
What is Java JDK?
The Java Development Kit (JDK) is the full-featured software development kit for Java developers. It has everything the JRE has, but adds the compiler (javac) and tools (like javadoc and jdb). The JDK allows you to create and compile Java programs.
Is Java free to use?
Yes, Java is free to use under the jdk.java.net license. This means anyone can download it for personal or development use at no cost. Oracle does charge for long term support, but this is optional.
IANA Data 2020a
JDK 11.0.16 contains IANA time zone data 2021a. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.16 are specified in the following table:
JRE Family Version = JRE Security Baseline (Full Version String)
- 11 = 11.0.16+11
- 8 = 8u341-b10
- 7 = 7u351-b07
Keeping the JDK up to Date
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.13) be used after the next critical patch update scheduled for January 18, 2022.
What’s New
Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.
Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 11.0.16) be used after the next critical patch update scheduled for October 18, 2022.
New Features
core-libs/java.net
➜ HTTPS Channel Binding Support for Java GSS/Kerberos
Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security which can mitigate certain kinds of socially engineered, man in the middle (MITM) attacks. They work by communicating from a client to a server the client’s understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.
The feature is controlled through a new system property jdk.https.negotiate.cbt which is described fully on the Networking Properties page.
Other Notes
➜ JDK Bundle Extensions Truncated When Downloading Using Firefox 102
On oracle.com and java.com, certain JDK bundle extensions are getting truncated on download when using Firefox version 102. The downloaded bundles have no file extension like «.exe», «.rpm», «.deb». If you are not able to upgrade to Firefox ESR 102.0.1 or Firefox 103 when it is released, then as a workaround you can:
- manually add a file extension to the file name after download.
- use a different browser
Changes
core-libs/java.io
➜ Enable Windows Alternate Data Streams by default
The Windows implementation of java.io.File has been changed so that strict validity checks are not performed by default on file paths. This includes allowing colons (‘:’) in the path other than only immediately after a single drive letter. It also allows paths that represent NTFS Alternate Data Streams (ADS), such as «filename:streamname». This restores the default behavior of java.io.File to what it was prior to the April 2022 CPU in which strict validity checks were not performed by default on file paths on Windows. To re-enable strict path checking in java.io.File, the system property jdk.io.File.enableADS should be set to false (case ignored). This might be preferable, for example, if Windows special device paths such as NUL: are not used.
Bug Fixes
This release is based on the previous CPU and does not contain any additional security fixes. The following issues have also been resolved:
- JDK-8284920 Category: xml Subcategory: javax.xml.path Summary: Incorrect Token type causes XPath expression to return incorrect results
- JDK-8284548 Category:xml Subcategory: jaxpInvalid Summary: XPath expression causes StringIndexOutOfBoundsException
Java SE 11.0.15 Advanced — Bundled Patch Release (BPR) — Bug Fixes and Updates
The following sections summarize changes made in all Java SE 11.0.15 BPR releases. The BPR releases are listed below in date order, most current BPR first. Note that bug fixes in previous BPRs are also included in the current BPR.
- JDK-8221741 Category: client-libs Subcategory: 2d Description: ClassCastException can happen when fontconfig.properties is used
- JDK-8212904 Category: client-libs Subcategory: javax.swing Description: JTextArea line wrapping incorrect when using UI scale
- JDK-8282583 Category: xml Subcategory: jaxp Description: Update BCEL md to include the copyright notice
- JDK-8283350 Category: core-libs Subcategory: java.time Description: (tz) Update Timezone Data to 2022a
Previous release notes
security-libs/org.ietf.jgss:krb5
➜ Support cross-realm MSSFU
The support for the Kerberos MSSFU extensions [1] is now extended to cross-realm environments.
By leveraging the Kerberos cross-realm referrals enhancement introduced in the context of JDK-8215032, the ‘S4U2Self’ and ‘S4U2Proxy’ extensions may be used to impersonate user and service principals located on different realms.
security-libs/java.security
➜ Customizing PKCS12 keystore Generation
New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores. This includes algorithms and parameters for key protection, certificate protection, and MacData. The detailed explanation and possible values for these properties can be found in the «PKCS12 KeyStore properties» section of the java.security file.
Also, support for the following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider: HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512, HmacPBESHA512/224, HmacPBESHA512/256
Removed Features and Options
security-libs/java.security
➜ Removed Root Certificates with 1024-bit Keys
The following root certificates with weak 1024-bit RSA public keys have been removed from the cacerts keystore:
+ alias name «thawtepremiumserverca [jdk]» Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + alias name «verisignclass2g2ca [jdk]» Distinguished Name: OU=VeriSign Trust Network, OU=»(c) 1998 VeriSign, Inc. — For authorized use only», OU=Class 2 Public Primary Certification Authority — G2, O=»VeriSign, Inc.», C=US + alias name «verisignclass3ca [jdk]» Distinguished Name: OU=Class 3 Public Primary Certification Authority, O=»VeriSign, Inc.», C=US + alias name «verisignclass3g2ca [jdk]» Distinguished Name: OU=VeriSign Trust Network, OU=»(c) 1998 VeriSign, Inc. — For authorized use only», OU=Class 3 Public Primary Certification Authority — G2, O=»VeriSign, Inc.», C=US + alias name «verisigntsaca [jdk]» Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Previous release notes
security-libs/java.security
➜ -groupname Option Added to keytool Key Pair Generation
A new -groupname option has been added to keytool -genkeypair so that a user can specify a named group when generating a key pair. For example, keytool -genkeypair -keyalg EC -groupname secp384r1 will generate an EC key pair by using the secp384r1 curve. Because there might be multiple curves with the same size, using the -groupname option is preferred over the -keysize option.
security-libs/javax.net.ssl
➜ Support for certificate_authorities Extension
The «certificate_authorities» extension is an optional extension introduced in TLS 1.3. It is used to indicate the certificate authorities (CAs) that an endpoint supports and should be used by the receiving endpoint to guide certificate selection.
With this JDK release, the «certificate_authorities» extension is supported for TLS 1.3 in both the client and the server sides. This extension is always present for client certificate selection, while it is optional for server certificate selection.
Applications can enable this extension for server certificate selection by setting the jdk.tls.client.enableCAExtension system property to true. The default value of the property is false.
Note that if the client trusts more CAs than the size limit of the extension (less than 2^16 bytes), the extension is not enabled. Also, some server implementations do not allow handshake messages to exceed 2^14 bytes. Consequently, there may be interoperability issues when jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs than the server implementation limit.
core-libs/java.lang
➜ POSIX_SPAWN Option on Linux
As an additional way to launch processes on Linux, the jdk.lang.Process.launchMechanism property can be set to POSIX_SPAWN. This option has been available for a long time on other *nix platforms. The default launch mechanism (VFORK) on Linux is unchanged, so this additional option does not affect existing installations.
POSIX_SPAWN mitigates rare pathological cases when spawning child processes, but it has not yet been excessively tested. Prudence is advised when using POSIX_SPAWN in productive installations.
security-libs/javax.net.ssl
➜ Support for X25519 and X448 in TLS
The named elliptic curve groups x25519 and x448 are now available for JSSE key agreement in TLS versions 1.0 to 1.3, with x25519 being the most preferred of the default enabled named groups. The default ordered list is now:
x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
The default list can be overridden by using the system property jdk.tls.namedGroups.
security-libs/java.security
➜ jarsigner Preserves POSIX File Permission and symlink Attributes
When signing a file that contains POSIX file permission or symlink attributes, jarsigner now preserves these attributes in the newly signed file but warns that these attributes are unsigned and not protected by the signature. The same warning is printed during the jarsigner -verify operation for such files.
Note that the jar tool does not read/write these attributes. This change is more visible to tools like unzip where these attributes are preserved.
client-libs/2d
➜ Oracle JDK11u for Solaris Now Requires harfbuzz to be Installed
Oracle JDK-11.0.10 and later for Solaris 11 requires that the OS provide the package library/desktop/harfbuzz as part of the system installation. This package is provided for Solaris 11.3 and later.
$ pkg info harfbuzz Name: library/desktop/harfbuzz Summary: HarfBuzz is an OpenType text shaping engine Description: HarfBuzz is a library for text shaping, which converts unicode text to glyph indices and positions. HarfBuzz is used directly by libraries such as Pango, and the layout engines in firefox. Category: Desktop (GNOME)/Libraries State: Installed Publisher: solaris
This is a desktop library, but the font processing it does is part of some common backend server workloads. It should always be considered as required.
If this library is missing, then the pkg mechanism will require it during installation of the JDK. If installing the JDK by using a tar.gz bundle (for example) and the library/desktop/harfbuzz package is missing, a runtime link failure will occur when this package is needed.
JDK-8251907 (not public)
core-libs/java.time
➜ JDK time-zone data upgraded to tzdata2020d
The JDK update incorporates tzdata2020d. The main change is
Palestine ends DST earlier than predicted, on 2020-10-24.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html for more information.
core-libs/java.time
➜ JDK time-zone data upgraded to tzdata2020c
The JDK update incorporates tzdata2020c. The main change is
Fiji starts DST later than usual, on 2020-12-20.
Please refer to https://mm.icann.org/pipermail/tz-announce/2020-October/000060.html for more information.
core-libs/java.time
➜ US/Pacific-New Zone Name Removed as Part of tzdata2020b
Following the JDK’s update to tzdata2020b, the long-obsolete files named pacificnew and systemv have been removed. As a result, the «US/Pacific-New» Zone name declared in the pacificnew data file is no longer available for use.
Information regarding this update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html.
Bug Fixes
- This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 11.0.10 Bug Fixes page.
security-libs/java.security
➜ Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
- Weak named curves are disabled by default by adding them to the following disabledAlgorithms security properties: jdk.tls.disabledAlgorithms, jdk.certpath.disabledAlgorithms, and jdk.jar.disabledAlgorithms. The named curves are listed below.
- With 47 weak named curves to be disabled, adding individual named curves to each disabledAlgorithms property would be overwhelming. To relieve this, a new security property, jdk.disabled.namedCurves, is implemented that can list the named curves common to all of the disabledAlgorithms properties. To use the new property in the disabledAlgorithms properties, precede the full property name with the keyword include. Users can still add individual named curves to disabledAlgorithms properties separate from this new property. No other properties can be included in the disabledAlgorithms properties.
- To restore the named curves, remove the include jdk.disabled.namedCurves either from specific or from all disabledAlgorithms security properties. To restore one or more curves, remove the specific named curve(s) from the jdk.disabled.namedCurves property.
- Curves that are disabled through jdk.disabled.namedCurves include the following: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
- Curves that remain enabled are: secp256r1, secp384r1, secp521r1, X25519, X448. See JDK-8233228
security-libs/org.ietf.jgss:krb5
➜ Support for Kerberos Cross-Realm Referrals (RFC 6806)
- The Kerberos client has been enhanced with the support of principal name canonicalization and cross-realm referrals, as defined by the RFC 6806 protocol extension.
- As a result of this new feature, the Kerberos client can take advantage of more dynamic environment configurations and does not necessarily need to know (in advance) how to reach the realm of a target principal (user or service).
- Support is enabled by default and 5 is the maximum number of referral hops allowed. To turn it off, set the sun.security.krb5.disableReferrals security or system property to false. To configure a custom maximum number of referral hops, set the sun.security.krb5.maxReferrals security or system property to any positive value.
Previous versions:
- Java SE JDK 11.0.10 for Windows
- Java SE JDK 11.0.10 for macOS
- Java SE JDK 11.0.10 for Linux DEB
- Java SE JDK 11.0.10 for Linux RPM
- Java SE JDK 11.0.6 for Windows
- Java SE JDK 11.0.6 for macOS
- Java SE JDK 11.0.6 for Linux DEB
- Java SE JDK 11.0.6 for Linux RPM
- Java SE JDK 11.0.4 for Windows
- Java SE JDK 11.0.4 for macOS
- Java SE JDK 11.0.4 for Linux DEB
- Java SE JDK 11.0.4 for Linux RPM
- Java SE JDK 11.0.3 for Windows
- Java SE JDK 11.0.3 for macOS
- Java SE JDK 11.0.3 for Linux DEB
- Java SE JDK 11.0.3 for Linux RPM
Обновлено
2020-12-18 10:23:47
Совместимость
Windows Vista, Windows 7, Windows 8, Windows 10
Описание
Java SE Development Kit (JDK) — это бесплатно распространяемый комплект разработчика приложений на языке Java.
Краткий обзор
Программа включает в себя компилятор Java, стандартные библиотеки классов, примеры кода, необходимую документацию, а также различные утилиты и исполнительную систему Java. На языке Java написано множество современных программ и игр, что во многом обусловлено высокой мобильностью и кроссплатформенностью языка. Это означает, что написанные на нём приложения можно использовать на устройствах с разными операционными системами, если на них установлен Java Runtime Environment. В то время, как JRE позволяет выполнять Java-приложения, компоненты и апплеты, Java Development Kit, или JDK, предоставляет доступ к полному набору инструментов для создания, отладки,запуска и даже документирования кода на Java.
Стоит добавить, что в состав Java SE Development Kit не входит интегрированная среда разработки. Это означает, что писать код необходимо встороннем текстовом редакторе, а для компиляции кода придется использовать утилиты командной строки.