Posts

Liberica JDK 8u402, 11.0.22, 17.0.10, 21.0.2 builds are generally available

Jan 17, 2024
Aleksei Voitylov
4.3

We are happy to announce the general availability of a Critical Patch Update (CPU) of Liberica JDK versions 8u401, 11.0.21.0.1, 17.0.9.0.1, and 21.0.1.0.1. CPU releases are stabilized builds that include patches for Common Vulnerabilities and Exposures (CVE) described in the relevant CVE entries in BellSoft’s Security Advisory.

BellSoft is only one of three companies including Oracle that release CPU builds aimed at eliminating known security issues without disrupting the production environment.

In addition, we release PSU versions 8u402, 11.0.22, 17.0.10, and 21.0.2 with non-critical fixes and general improvements.

The release contains 940 fixes and backports overall. BellSoft participated in eliminating 7 issues in all releases.

How to keep your runtime secure

BellSoft recommends updating Liberica JDK with each Critical Patch Update (CPU) to ensure the stable work and secure performance of the runtime.

CPUs are scheduled for release in January, April, June, and October every year. 

Liberica JDK updates and patches are available at no cost.

Download Liberica JDK

The summary of fixes

  • 10 security issues (CVEs) fixed.
  • 48 total security fixes (+ 6 additional non-security fixes) in CPU release:
    • in Liberica 6u411: 8 security fixes + 5 additional fixes;
    • in Liberica 7u411: 7 security fixes + 1 additional fix;
    • in Liberica 8u401: 9 security fixes;
    • in Liberica 11.0.21.0.1: 9 security fixes;
    • in Liberica 17.0.9.0.1: 9 security fixes;
    • in Liberica 21.0.1.0.1: 6 security fixes.

In addition, PSU releases include a total of 886 bugs and backports fixed: 

  • in Liberica 8u402: 9 security fixes (+ 3 in FX) + 28 additional fixes (+ 19 in FX);
  • in Liberica 11.0.22: 9 security fixes (+ 3 in FX) + 178 additional fixes (+ 1 in FX);
  • in Liberica 17.0.10: 9 security fixes (+ 3 in FX) + 280 additional fixes (+ 12 in FX);
  • in Liberica 21.0.2: 6 security fixes (+ 3 in FX) + 295 additional fixes (+ 28 in FX).

Download Liberica JDK

List of security issues fixed

CVE ID

cvss score

component

module

Attack vector (network/local)

Complexity (low/high)

Privileges (none/low)

User interaction (none/required)

Scope (changed/unchanged)

Confidentiality (low/none/high)

Integrity (low/none/high)

Availability (low/none/high)

CVE-2024-20932

7.5

security-libs

java.security

network

low

none

none

unchanged

none

high

none

CVE-2024-20918

7.4

hotspot

compiler

network

high

none

none

unchanged

high

high

none

CVE-2024-20952

7.4

security-libs

java.security

network

high

none

none

unchanged

high

high

none

CVE-2024-20926

5.9

core-libs

javax.script

network

high

none

none

unchanged

high

none

none

CVE-2024-20919

5.9

hotspot

runtime

network

high

none

none

unchanged

none

high

none

CVE-2024-20921

5.9

hotspot

compiler

network

high

none

none

unchanged

high

none

none

CVE-2024-20945

4.7

security-libs

javax.xml.crypto

local

high

low

none

unchanged

high

none

none

CVE-2024-20925

3.1

javafx

media

network

high

none

none

unchanged

high

high

none

CVE-2024-20923

3.1

javafx

graphics

network

high

none

required

unchanged

low

none

none

CVE-2024-20922

2.5

javafx

network-toolkit

local

high

none

required

unchanged

none

low

none

 

Summary of fixes in Liberica JDK

CVEs fixed in Liberica per version:

CVE ID

8

11

17

21

CVE-2024-20932

  

 

CVE-2024-20918

CVE-2024-20952

CVE-2024-20926

  

CVE-2024-20919

CVE-2024-20921

CVE-2024-20945

CVE-2024-20925

CVE-2024-20923

CVE-2024-20922

Supported platforms

Liberica JDK is tested and proven to work on a large number of platforms

Liberica JDK can be run in virtual and cloud environments. The following hypervisors are supported:

  • Docker
  • KVM
  • Microsoft Hyper-V (gen 1 and gen 2)
  • VirtualBox
  • VMware vSphere Hypervisor
  • Solaris Containers & Solaris LDOMs

Liberica JDK supports all major cloud providers, including but not limited to:

  • Amazon AWS
  • Digital Ocean
  • Google Cloud
  • Microsoft Azure
  • OVH
  • Packet
  • Scaleway
  • VMware Tanzu  

Enjoy the most stable runtime!

The CPU release cycle enables the OpenJDK community to introduce security patches and bug fixes to Java as soon as possible, thus minimizing the risk of attacks on your applications. Download the new Liberica JDK builds now! Click on the button below to head to Liberica Download Center.

Download Liberica JDK

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.

Further reading