Announcements

Liberica Native Image Kit 23.0.1 builds are released

Jul 27, 2023
Peter Zhelezniakov
1.9

We are happy to announce the general availability of Liberica Native Image Kit (NIK) version 23.0.1 for JDK 17.0.8 and 20.0.2 as part of Critical Patch Update (CPU) release cycle. The builds contain several security and bug fixes.

Liberica NIK releases are aligned with GraalVM release schedule. Starting with JDK 20 release in March 2023, GraalVM CE conforms to the six-month JDK release cadence. CPU builds become available four times a year as before.

All Liberica NIK builds contain the latest version of Liberica JDK with fixes and eliminated security issues.

Summary of fixes and enhancements

Notable changes:

  • ParallelGC is now available on Windows. The feature is aimed at enhancing the GC performance in GraalVM CE by reducing GC pause times. It is currently experimental and is not suitable for production use. However, we encourage you to test it out and report any discovered bugs via our GitHub page.
  • Fixed compilation of JavaFX FXML applications.

List of security issues fixed

CVE ID

cvss score

component

module

Attack vector (network/local)

Complexity (low/high)

Privileges (none/low)

User interaction (none/required)

Scope (changed/unchanged)

Confidentiality (low/none/high)

Integrity (low/none/high)

Availability (low/none/high)

CVE-2023-22043

5.9

javafx

graphics

network

high

none

none

unchanged

none

high

none

CVE-2023-22041

5.1

hotspot

compiler

local

high

none

none

unchanged

high

none

none

CVE-2023-25193

3.7

client-libs

2d

network

high

none

none

unchanged

none

none

low

CVE-2023-22044

3.7

hotspot

compiler

network

high

none

none

unchanged

low

none

none

CVE-2023-22045

3.7

hotspot

compiler

network

high

none

none

unchanged

low

none

none

CVE-2023-22049

3.7

core-libs

java.io

network

high

none

none

unchanged

none

low

none

CVE-2023-22036

3.7

core-libs

java.util

network

high

none

none

unchanged

none

none

low

CVE-2023-22006

3.1

core-libs

java.net

network

high

none

required

unchanged

none

low

none

Conclusion

BellSoft strives to provide Java developers with a full stack of secure and affordable technologies suitable for creating a wide range of applications. And thanks to the CPU release cycle, your applications will be secure at all times. Download the latest version of Liberica NIK now!

Download Liberica NIK

Posts
A guide to Java profiling: tools, techniques, best practices
card image
Nov 14, 2024
Catherine Edelveis
0

Discover Java profiling with JFR, VisualVM, Async Profiler, and more. Detailed setups and tips for production-ready applications.

News
BellSoft adds AArch64 support to Alpaquita Linux distribution and Alpaquita containers
card image
Nov 12, 2024
0

BellSoft’s Alpaquita Linux now includes AArch64 support, optimizing Java on Arm-based hardware for the cloud. Experience faster response, lower costs, and secure containerized Java applications with this powerful, lightweight Linux distribution tailored for modern workloads.

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.

Further reading

Posts
Master Spring Boot 3 with GraalVM Native Image
card image
Feb 23, 2023
Dmitry Chuyko
0

Find out how to solve common issues when migrating Spring Boot apps to Native Image

Shorts
Static images with Liberica Native Image Kit
card image
Feb 3, 2023
Peter Zhelezniakov
0

This guide describes how to cross-compile static musl-based images with Liberica NIK

Shorts
How to containerize native images
card image
Mar 10, 2023
Dmitry Chuyko
0

Discover a step-by-step guide to containerizing native images

Peter Zhelezniakov
Peter Zhelezniakov | Software Engineer at BellSoft