posts

Liberica Native Image Kit 22.3.0 and 21.3.4 builds are released

figure
Oct 19, 2022
Peter Zhelezniakov

We are happy to announce the general availability of Liberica Native Image Kit (NIK) versions 22.3.0 and 21.3.4 as part of Critical Patch Update (CPU) release cycle. The builds contain several security fixes and enhancements.

All Liberica NIK builds contain the latest version of Liberica JDK with fixes and eliminated security issues.

Notable changes

  • Improved module system support. When building JavaFX native images with the Full version, there is no need to list JavaFX modules on the command line with --add-modules javafx.controls,... because all modules that are part of JDK are visible by default
  • Added support for JFR events: jdk.JavaMonitorEnter, jdk.JavaMonitorWait, jdk.ThreadSleep
  • Added support for heap dumps
  • Added new class initialization strategy that allows all classes to be used at image build time
  • Added support for ThreadMXBean#getThreadCpuTime
  • Introduced the --enable-monitoring option

Summary of fixes and enhancements

List of security issues fixed

CVE ID

cvss score

component

module

Attack vector (network/local)

Complexity (low/high)

Privileges (none/low)

User interaction (none/required)

Scope (changed/unchanged)

Confidentiality (low/none/high)

Integrity (low/none/high)

Availability (low/none/high)

CVE-2022-21618

5.3

security-libs

org.ietf.jgss

network

low

none

none

unchanged

none

low

none

CVE-2022-21619

3.7

security-libs

java.security

network

high

none

none

unchanged

none

low

none

CVE-2022-21624

3.7

core-libs

javax.naming

network

high

none

none

unchanged

none

low

none

CVE-2022-21626

5.3

security-libs

java.security

network

low

none

none

unchanged

none

none

low

CVE-2022-21628

5.3

core-libs

java.net

network

low

none

none

unchanged

none

none

low

CVE-2022-39399

3.7

core-libs

java.net

network

high

none

none

unchanged

none

low

none

Summary of fixes in Liberica NIK

CVEs fixed in Liberica NIK per version:

CVE ID

22.3.0 (JDK 11)

22.3.0 (JDK 11)

21.3.4 (JDK 17)

21.3.4 (JDK 17)

CVE-2022-21626

-

-

CVE-2022-21618

CVE-2022-21628

CVE-2022-39399

CVE-2022-21619

CVE-2022-21624

Conclusion

BellSoft strives to provide Java developers with a full stack of secure and affordable technologies suitable for creating a wide range of applications. And thanks to the CPU release cycle, your applications will be secure at all times. Download the latest version of Liberica NIK now!

posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.