Liberica Native Image Kit 23.0.12, 23.1.11, and 25.0.3 builds are released
We are happy to announce the general availability of Liberica Native Image Kit (NIK) versions 23.0.12 for JDK 17, 23.1.11 for JDK 21, and 25.0.3 for JDK 25 as part of Critical Patch Update (CPU) release cycle. The builds contain several security and bug fixes.
Liberica NIK releases are aligned with GraalVM release schedule. Starting with JDK 20 release in March 2023, GraalVM CE conforms to the six-month JDK release cadence. CPU builds become available four times a year as before.
All Liberica NIK builds contain the latest version of Liberica JDK with fixes and eliminated security issues.
Notable improvements
List of security issues fixed
The following vulnerabilities are fixed in all three releases — 23.0.12 (JDK 17), 23.1.11 (JDK 21), and 25.0.3 (JDK 25):
23.0.12 (JDK 17) and 23.1.11 (JDK 21)
|
CVE ID |
CVSS score |
Component |
Module |
Attack vector |
|
CVE-2026-22016 |
7.5 |
xml |
jaxp |
network |
|
CVE-2026-34282 |
7.5 |
core-libs |
java.net |
network |
|
CVE-2026-22021 |
5.3 |
security-libs |
java.security |
network |
|
CVE-2026-22013 |
5.3 |
security-libs |
org.ietf.jgss |
network |
|
CVE-2026-23865 |
5.3 |
client-libs |
2d |
local |
|
CVE-2026-22018 |
3.7 |
core-libs |
java.util |
network |
|
CVE-2026-22007 |
2.9 |
security-libs |
java.security |
local |
|
CVE-2026-34268 |
2.9 |
security-libs |
java.security |
local |
The 25.0.3 (JDK 25) build additionally addresses the following vulnerability:
|
CVE ID |
CVSS score |
Component |
Module |
Attack vector |
|
CVE-2026-22008 |
3.7 |
core-libs |
java.lang |
network |
Download the new builds now!
BellSoft strives to provide Java developers with a full stack of secure and affordable technologies suitable for creating a wide range of applications. And thanks to the CPU release cycle, your applications will be secure at all times. Download the latest version of Liberica NIK now!
