Name of the Vulnerable Software and Affected Versions java-11-openjdk versions 11.0.14

Description The issue concerns a regression in the HTTP client of OpenJDK 11, which caused both the :authority and Host header fields to be sent in HTTP/2 requests. This behavior is rejected by some HTTP servers. Additionally, changes to the Lightweight Directory Access Protocol (LDAP) implementation led to a behavior change when an authentication failure occurred, where all available LDAP servers would be tried with the same credentials instead of aborting immediately after the first denial.

Recommendations For java-11-openjdk version 11.0.14, update to a version that includes the fix for the regression in the HTTP client and the LDAP implementation changes.