[Bug 2141785] [NEW] openjdk-25-jre-headless in jammy depends on openjdk-11
Kevin Puetz
2141785 at bugs.launchpad.net
Fri Feb 13 20:13:13 UTC 2026
Public bug reported:
In an otherwise clean machine (e.g. docker run ubuntu:jammy), `apt
install openjdk-25-jre-headless` will also install openjdk-11-jre-
headless. This is undesirable because openjdk-11 is end-of-life.
The openjdk-17-jre-headless and openjdk-21-jre-headless packages do not
exhibit this problem.
The issue seems to be the dependency chain in which openjdk-25-jre-
headless has Depends: ca-certificates-java, ca-certificates-java has
Depends: default-jre-headless | java8-runtime-headless, and default-jre-
headless has Depends: openjdk-11-jre-headless
openjdk-17 and openjdk-21 both have provides: java8-runtime-headless, and satisfy ca-certificates-java in that way.
Provides: java-runtime-headless (= 21), [... many javaN-runtime-headless ...], java8-runtime-headless
So they can satisfy the `| java8-runtime-headless` branch of ca-
certificates-java, and apt ends up installing only the requested openjdk
version..
But openjdk-25-jre-headless has only `Provides: java-runtime-headless (= 25)` and none of the other individual entries.
These changes seem to be intentional on the debian side, see
https://salsa.debian.org/openjdk-
team/openjdk/-/commit/2fa0698ece274ae9e1539b5fa2289a59d332c6b3. And ca-
certificates likewise dropped the depends entry in
https://salsa.debian.org/java-team/ca-certificates-
java/-/commit/ff1821043d4cd3fc8e4d5a49bed9304135a479e6
But the security backport of openjdk-25-jre-headless is not consistent
with the version of ca-certificates-java in jammy - either it needs the
Provides: java8-runtime-headless put back, or ca-certificates-java needs
the corresponding update to adjust its Depends.
** Affects: openjdk-25 (Ubuntu)
Importance: Undecided
Status: New
** Tags: jammy
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openjdk-25 in Ubuntu.
https://bugs.launchpad.net/bugs/2141785
Title:
openjdk-25-jre-headless in jammy depends on openjdk-11
Status in openjdk-25 package in Ubuntu:
New
Bug description:
In an otherwise clean machine (e.g. docker run ubuntu:jammy), `apt
install openjdk-25-jre-headless` will also install openjdk-11-jre-
headless. This is undesirable because openjdk-11 is end-of-life.
The openjdk-17-jre-headless and openjdk-21-jre-headless packages do
not exhibit this problem.
The issue seems to be the dependency chain in which openjdk-25-jre-
headless has Depends: ca-certificates-java, ca-certificates-java has
Depends: default-jre-headless | java8-runtime-headless, and default-
jre-headless has Depends: openjdk-11-jre-headless
openjdk-17 and openjdk-21 both have provides: java8-runtime-headless, and satisfy ca-certificates-java in that way.
Provides: java-runtime-headless (= 21), [... many javaN-runtime-headless ...], java8-runtime-headless
So they can satisfy the `| java8-runtime-headless` branch of ca-
certificates-java, and apt ends up installing only the requested
openjdk version..
But openjdk-25-jre-headless has only `Provides: java-runtime-headless (= 25)` and none of the other individual entries.
These changes seem to be intentional on the debian side, see
https://salsa.debian.org/openjdk-
team/openjdk/-/commit/2fa0698ece274ae9e1539b5fa2289a59d332c6b3. And
ca-certificates likewise dropped the depends entry in
https://salsa.debian.org/java-team/ca-certificates-
java/-/commit/ff1821043d4cd3fc8e4d5a49bed9304135a479e6
But the security backport of openjdk-25-jre-headless is not consistent
with the version of ca-certificates-java in jammy - either it needs
the Provides: java8-runtime-headless put back, or ca-certificates-java
needs the corresponding update to adjust its Depends.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-25/+bug/2141785/+subscriptions
More information about the foundations-bugs
mailing list