Posts

Liberica Native Image Kit 23.0.3 and 23.1.2 builds are released

Jan 22, 2024
Peter Zhelezniakov
1.9

We are happy to announce the general availability of Liberica Native Image Kit (NIK) versions 23.0.3 for JDK 17 and 23.1.2 for JDK 21 as part of Critical Patch Update (CPU) release cycle. The builds contain several security and bug fixes.

Liberica NIK releases are aligned with GraalVM release schedule. Starting with JDK 20 release in March 2023, GraalVM CE conforms to the six-month JDK release cadence. CPU builds become available four times a year as before.

All Liberica NIK builds contain the latest version of Liberica JDK with fixes and eliminated security issues.

Notable improvements

  • Better support for AWT and JavaFX fullscreen mode.
  • Intrinsified memory copying routines on AMD64 platforms. Where available, they now use AVX instructions for better performance.
  • Improved SubstrateVM monitor enter/exit routines for accelerated startup of native images. Head to this article for more details on the improvement.

List of security issues fixed

CVE ID

cvss score

component

module

Attack vector (network/local)

Complexity (low/high)

Privileges (none/low)

User interaction (none/required)

Scope (changed/unchanged)

Confidentiality (low/none/high)

Integrity (low/none/high)

Availability (low/none/high)

CVE-2024-20932

7.5

security-libs

java.security

network

low

none

none

unchanged

none

high

none

CVE-2024-20918

7.4

hotspot

compiler

network

high

none

none

unchanged

high

high

none

CVE-2024-20952

7.4

security-libs

java.security

network

high

none

none

unchanged

high

high

none

CVE-2024-20926

5.9

core-libs

javax.script

network

high

none

none

unchanged

high

none

none

CVE-2024-20919

5.9

hotspot

runtime

network

high

none

none

unchanged

none

high

none

CVE-2024-20921

5.9

hotspot

compiler

network

high

none

none

unchanged

high

none

none

CVE-2024-20945

4.7

security-libs

javax.xml.crypto

local

high

low

none

unchanged

high

none

none

CVE-2024-20925

3.1

javafx

media

network

high

none

none

unchanged

high

high

none

CVE-2024-20923

3.1

javafx

graphics

network

high

none

required

unchanged

low

none

none

CVE-2024-20922

2.5

javafx

network-toolkit

local

high

none

required

unchanged

none

low

none

Download the new builds now!

BellSoft strives to provide Java developers with a full stack of secure and affordable technologies suitable for creating a wide range of applications. And thanks to the CPU release cycle, your applications will be secure at all times. Download the latest version of Liberica NIK now!

Download Liberica NIK

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.

Further reading