posts

Liberica 8u352, 11.0.17, 17.0.5, and 19.0.1 builds are generally available

figure
Oct 19, 2022
Aleksei Voitylov

We are happy to announce the general availability of a Critical Patch Update (CPU) of Liberica JDK versions 8u351, 11.0.16.1, and 17.0.4.1. CPU releases include patches for Common Vulnerabilities and Exposures (CVE). In addition, we release PSU versions 8u352, 11.0.17, 17.0.5, and 19.0.1 with non-critical fixes and general improvements.

The release contains 601 fixes and backports overall. BellSoft participated in eliminating 16 issues in all releases.

How to keep your runtime secure

BellSoft recommends updating Liberica JDK with each Critical Patch Update (CPU) to ensure the stable work and secure performance of the runtime.

CPUs are scheduled for release in January, April, June, and October every year. 

Liberica JDK updates and patches are available at no cost.

The summary of fixes

  • 6 security issues (CVEs) fixed
  • 34 total security fixes in CPU release:
    • in Liberica 8u351: 10 security fixes + 0 in FX
    • in Liberica 11.0.16.1: 13 security fixes + 0 in FX
    • in Liberica 17.0.4.1: 11 security fixes + 0 in FX

In addition, PSU releases include a total of 567 bugs and backports fixed: 

  • in Liberica 8u352: 4 security fixes + 50 additional fixes (+ 9 in FX)
  • in Liberica 11.0.17: 6 security fixes + 217 additional fixes (+11 in FX)
  • in Liberica 17.0.5: 5 security fixes + 222 additional fixes (+12 in FX)
  • in Liberica 19.0.1: 5 security fixes + 26 additional fixes

List of security issues fixed

CVE ID

cvss score

component

module

Attack vector (network/local)

Complexity (low/high)

Privileges (none/low)

User interaction (none/required)

Scope (changed/unchanged)

Confidentiality (low/none/high)

Integrity (low/none/high)

Availability (low/none/high)

CVE-2022-21618

5.3

security-libs

org.ietf.jgss

network

low

none

none

unchanged

none

low

none

CVE-2022-21619

3.7

security-libs

java.security

network

high

none

none

unchanged

none

low

none

CVE-2022-21624

3.7

core-libs

javax.naming

network

high

none

none

unchanged

none

low

none

CVE-2022-21626

5.3

security-libs

java.security

network

low

none

none

unchanged

none

none

low

CVE-2022-21628

5.3

core-libs

java.net

network

low

none

none

unchanged

none

none

low

CVE-2022-39399

3.7

core-libs

java.net

network

high

none

none

unchanged

none

low

none

Summary of fixes in Liberica JDK

CVEs fixed in Liberica per version:

CVE ID

8

11

17

19

CVE-2022-21626

-

-

CVE-2022-21618

-

CVE-2022-21628

CVE-2022-39399

-

CVE-2022-21619

CVE-2022-21624

Supported platforms

Liberica JDK is tested and proven to work on a large number of platforms

Liberica JDK can be run in virtual and cloud environments. The following hypervisors are supported:

  • Docker
  • KVM
  • Microsoft Hyper-V (gen 1 and gen 2)
  • VirtualBox
  • VMware vSphere Hypervisor
  • Solaris Containers & Solaris LDOMs

Liberica JDK supports all major cloud providers, including but not limited to:

  • Amazon AWS
  • Digital Ocean
  • Google Cloud
  • Microsoft Azure
  • OVH
  • Packet
  • Scaleway
  • VMware Tanzu

Enjoy the most stable runtime!

The CPU release cycle enables the OpenJDK community to introduce security patches and bug fixes to Java as soon as possible, thus minimizing the risk of attacks on your applications. Download the new Liberica JDK builds now! Click on the button below to head over to Liberica Download Center.

posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.