This Red Hat security advisory covers the OpenJDK 11.0.31 ELS update for Windows builds, which replaces version 11.0.30. The update addresses eight distinct security vulnerabilities in the OpenJDK 11 Java Runtime Environment and Software Development Kit. The vulnerabilities correspond to CVEs CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, and CVE-2026-34282. The advisory does not provide CVSS scores but classifies the impact as Important. The update also includes bug fixes and enhancements. The affected products include Red Hat OpenJDK 11 ELS for various RHEL versions and architectures. No known exploits in the wild have been reported. The vendor advisory recommends applying this update after ensuring all prior relevant errata are applied.

The update addresses multiple security vulnerabilities in the OpenJDK 11 runtime and SDK, which could potentially impact the security posture of systems running affected versions. The vulnerabilities span several CWE categories including cryptographic issues (CWE-327), information exposure (CWE-319), XML external entity issues (CWE-611), buffer overflows (CWE-125), resource management errors (CWE-674), and out-of-bounds reads (CWE-835). Red Hat rates the overall security impact as Important (high severity). There are no reports of known exploits in the wild at this time.

Red Hat has released an updated OpenJDK 11 ELS version 11.0.31 that includes fixes for the identified vulnerabilities. Users should apply this update promptly to mitigate the security risks. Before applying the update, ensure all previously released relevant errata are installed. Detailed update instructions are available in the Red Hat advisory and documentation. Since this is a product update, no additional mitigation steps beyond applying the official update are indicated.