diff --git a/debian/changelog b/debian/changelog
index e35274e6313a01433d454df30e3fd12fdec98862..6d983a90e06e3c362da374dd94c3b425568bcbe0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ca-certificates-java (20190909+deb11u1) bullseye; urgency=medium
+
+  [ Andreas Beckmann]
+  * Non-maintainer upload.
+  * Backport changes from 20230620 in sid.  (Closes: #1039472)
+
+  [ Vladimir Petko ]
+  * d/ca-certificates-java.postinst: Work-around not yet configured jre.
+
+ -- Andreas Beckmann <anbe@debian.org>  Thu, 27 Jul 2023 16:29:03 +0200
+
 ca-certificates-java (20190909) unstable; urgency=medium
 
   * Team upload.
@@ -226,7 +237,7 @@ ca-certificates-java (20120524) unstable; urgency=low
 
   [ James Page ]
   * d/rules: Ensure java is built with source/target == 1.6 for backwards
-    compatibility with openjdk-6. 
+    compatibility with openjdk-6.
 
   [ Damien Raude-Morvan ]
   * Sync handling of nss.cfg between debian/jks-keystore.hook.in and
diff --git a/debian/postinst b/debian/postinst
index 555f87bc2fc46a7f4634a895788c6578a5bd29c1..7d68036ef2f9afe9e1cbc9f9eb8fe3968d5f9a0e 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -50,6 +50,13 @@ setup_path()
         if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
             export JAVA_HOME=/usr/lib/jvm/$jvm
             PATH=$JAVA_HOME/bin:$PATH
+	    # copy java.security to allow import to function
+	    security_conf=/etc/${jvm%-${arch}}/security
+	    if [ -f ${security_conf}/java.security.dpkg-new ] \
+		&& [ ! -f ${security_conf}/java.security ]; then
+			cp -v ${security_conf}/java.security.dpkg-new \
+				${security_conf}/java.security
+	    fi
             break
         fi
     done