Fix java_lang_String::hash_code
Release Notes of Azul Zulu Prime Stream and Stable Builds of OpenJDK
- Latest Stream Build
- Latest Stable Builds
- Previous Stream Builds
- 23.07.0.0
- 23.06.0.0
- 23.05.0.0
- 23.04.0.0
- 23.03.0.0
- 23.02.0.0
- 23.01.0.0
- 22.12.0.0
- 22.10.0.0
- 22.09.0.0
- 22.08.0.0
- 22.07.1.0
- 22.07.0.0
- 22.06.0.0
- 22.05.0.0
- 22.04.1.0
- 22.04.0.0
- 22.03.0.0
- 22.02.0.0
- 22.01.2.0
- 22.01.1.0
- 22.01.0.0
- 21.12.0.0
- 21.10.1.0
- 21.10.0.0
- 21.09.1.0
- 21.09.0.0
- 21.08.0.0
- 21.07.0.0
- 21.06.0.0
- 21.05.1.0
- 21.05.0.0
- 21.04.0.0
- 21.03.0.0
- 21.02.0.0
- 21.01.0.0
- 20.12.0.0
- 20.10.0.0
- 20.09.1.0
- 20.09.0.0
- 20.08.0.0
- 20.07.0.0
- 20.06.0.0
- 20.05.0.0
- 20.04.0.0
- 20.03.1.0
- 20.03.0.0
- 20.02.1.0
- 20.02.0.0
- 20.01.0.0
- Previous Stable Builds
- 23.02.301.0
- 23.02.300.0
- 23.02.202.0
- 23.02.200.0
- 23.02.101.0
- 23.02.100.0
- 23.02.2.0
- 23.02.1.0
- 22.08.400.0
- 22.08.301.0
- 22.08.300.0
- 22.08.201.0
- 22.08.200.0
- 22.08.101.0
- 22.08.100.0
- 22.08.1.0
- 22.02.501.0
- 22.02.500.0
- 22.02.401.0
- 22.02.400.0
- 22.02.300.0
- 22.02.202.0
- 22.02.201.0
- 22.02.200.0
- 22.02.100.0
- 22.02.3.0
- 22.02.2.0
- 22.02.1.0
- 21.08.502.0
- 21.08.501.0
- 21.08.500.0
- 21.08.402.0
- 21.08.401.0
- 21.08.400.0
- 21.08.301.0
- 21.08.300.0
- 21.08.202.0
- 21.08.201.0
- 21.08.200.0
- 21.08.100.0
- 21.08.1.0
- 21.02.500.0
- 21.02.401.0
- 21.02.400.0
- 21.02.300.0
- 21.02.201.0
- 21.02.200.0
- 21.02.100.0
- 21.02.2.0
- 21.02.1.0
- 20.08.501.0
- 20.08.500.0
- 20.08.400.0
- 20.08.300.0
- 20.08.202.0
- 20.08.201.0
- 20.08.200.0
- 20.08.101.0
- 20.08.100.0
- 20.08.2.0
- 20.08.1.0
- 20.02.501.0
- 20.02.500.0
- 20.02.402.0
- 20.02.401.0
- 20.02.400.0
- 20.02.300.0
- 20.02.201.0
- 20.02.200.0
- 20.02.101.0
- 20.02.100.0
- 20.02.1.0
Note
|
This page contains release notes for versions 20.02.1.0 and newer. |
Azul Zulu Prime Builds of OpenJDK are available in two versions:
-
Stream Builds: Fast-moving monthly releases (end of the month) that include all of the latest features and changes that are part of PSU releases. Free for development and evaluation. Use in production requires an active subscription.
Current latest: 23.08.0.0
-
Stable Builds: Builds that incorporate only CPUs, PSUs, and Azul Platform Prime critical fixes and do not uptake new features and non-critical enhancements from Stream Builds. Stable Builds are our primary vehicle for delivering time-sensitive bug-fixes to customers and are only available to Azul customers.
Current latest: 23.08.1.0 and 23.02.400.0
Latest Stream Build
23.08.0.0
Release date: September 11, 2023
This release is based on Azul Platform Prime 23.07.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_382-b2 |
11 |
11.0.20.1+1-LTS |
17 |
17.0.8.1+1-LTS |
What’s New
-
Compilation ranks by priority, which allows the JVM to assign compilation ranks to methods, has been introduced to Azul Platform Prime 23.08.0.0. This allows the Falcon compiler to assign ranks, hot, warm, or cold, to methods in order to prioritize system resources to methods depending on their hotness. The value of compilation ranking is that compiler activity is optimized later in an application run, not only reducing system load and freeing up resources for the running application but also reducing application outliers.
For more information on compilation ranks, see Analyzing and Tuning Warmup. For newly added options, see Command Line Options.
-
As of Azul Platform Prime 23.08.0.0, ZVision and ZVRobot components have been deprecated and are no longer actively developed. While we still support these components, we encourage users to switch to Java Flight Recorder, as ZVision and ZVRobot are planned for End-of-Life with Azul Platform Prime 24.02.0.0.
-
Support for the latest features in Optimizer Hub (formerly Cloud Native Compiler) 1.8.0. As Cloud Native Compiler expands its scope to offer more functionality than just offloading compilations, it is time to rebrand the offering to better reflect what it does. Starting with release 1.8, we are using the following naming:
-
Optimizer Hub (was Cloud Native Compiler) - The name of the overall component that you install on your Kubernetes cluster.
-
Cloud Native Compiler (was Compiler Service) - The feature that performs the compilation on Optimizer Hub.
-
ReadyNow Orchestrator (was Profile Log Service) - The feature that records and serves ReadyNow profiles to JVMs.
-
-
In Optimizer Hub 1.8, all major artifacts and command line switches use the updated branding. This includes, but is not limited to:
-
Command-line JVM options to configure Cloud Native Compiler and ReadyNow Orchestrator. See Command Line Options.
-
Helm repository locations, names, and parameter names: github.com/AzulSystems/opthub-helm-charts.
If you are using release 1.7 and earlier, all of the previous spellings of artifacts still work. Additionally, all of the pre-1.8 command-line arguments will continue to work for a period of one year from the release of 1.8.
-
-
The command line option
PreferContainerQuotaForVMInternalCPUCount
has been set totrue
by default in order to make calculations of internal thread counts, as well as budgeting options, more clear in container environments.In container environments where both CPU shares and CPU quota are specified, such as with Kubernetes where these are commonly specified, the VM now uses quota to calculate compiler and GC thread counts. Prior to Azul Platform Prime 23.08, it was using half of quota for the calculation.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-28301 |
|
ZVM-28262 |
Remove default RSS cap for ProfileLogIn |
ZVM-28242 |
JFR profiler does not collect stack traces |
ZVM-28144 |
Exhausting java heap during early VM initialization causes a hang |
ZVM-28121 |
JFR is not collecting jdk.ExecutionSample events on ARM |
ZVM-27536 |
Enable per-thread CPU utilisation data collection in SelfDiagnosticRunLevel=3 |
Latest Stable Builds
23.08.1.0
Release date: September 26, 2023
This release is based on Azul Platform Prime 23.08.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_382-b2 |
11 |
11.0.20.1+1-LTS |
17 |
17.0.8.1+1-LTS |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-28703 |
java.lang.UnsupportedOperationException Monitoring of Synchronizer Usage is not supported sun.management.ThreadImpl.findDeadlockedThreads(ThreadImpl.java:411) |
ZVM-28639 |
Debug files/libraries not being excluded from release artifacts |
ZVM-28588 |
weblogic crashed with "assert0(false) failed: [false expected]" |
23.02.400.0
Release date: August 28, 2023
This PSU release is based on Azul Platform Prime 23.02.302.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_382-b2 |
11 |
11.0.20.1+1-LTS |
17 |
17.0.8.1+1-LTS |
What’s New
-
ZVision and ZVRobot have been separated from the Azul Platform Prime package due to a known vulnerability in jQuery 1.4.3, which is used in building the ZVision and ZVRobot utilities. At this time, Azul is not aware of any vulnerability in ZVision itself. For this reason, ZVision is still available for download for Azul Platform Prime subscribers at https://ftp.azul.com/releases/Zing/ZVision/ZVTools.zip
-
It is no longer necessary to LD_PRELOAD the libnmt_hooks.so library in order to use extended Native Memory Tracking (NMT). The libnmt_hooks.so library is now linked by default.
-
July 2023 CPU and PSU release security fixes.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hotspot |
None |
No |
5.1 |
Local |
High |
None |
None |
Unchanged |
High |
None |
None |
17, 11 |
Note 1 |
|
Utility |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
2D (Harfbuzz) |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Networking |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
17, 11 |
Note 1 |
|
CVE-2023-22043 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
None |
Note 1 |
CVE-2023-22044 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22045 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22051 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
GraalVM Compiler |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2023
-
Azul Platform Prime 23.02.400.0 contains Zing Critical Fixes (ZCF).
Resolved Issues
Issue ID | Description |
---|---|
ZVM-28301 |
Fix java_lang_String::hash_code |
ZVM-28295 |
Avoid implicit type conversion when calling the Address constructor with Register parameter |
ZVM-28242 |
[AArch64] JFR profiler does not collect stack traces |
ZVM-27897 |
Hadoop fails with Prime when -XX:+UseAES is used |
ZVM-27796 |
SEGV due to module loading early during JVM init |
ZVM-25950 |
Backport JDK-7059899 Stack overflows in Java code cause 64-bit JVMs to exit due to SIGSEGV |
Previous Stream Builds
23.07.0.0
Release date: July 31, 2023
This PSU release is based on Azul Platform Prime 23.06.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_382-b5 |
11 |
11.0.20+8-LTS |
17 |
17.0.8+7-LTS |
What’s New
-
ZVision and ZVRobot have been separated from the Azul Platform Prime package due to a known vulnerability in jQuery 1.4.3, which is used in building the ZVision and ZVRobot utilities. At this time, Azul is not aware of any vulnerability in ZVision itself. For this reason, ZVision is still available for download for Azul Platform Prime subscribers at https://ftp.azul.com/releases/Zing/ZVision/ZVTools.zip
-
The command line option
-XX:CompileCommand
has been updated to useFalconCompileThreshold
.This option is used in the following way:
-XX:CompileCommand="option,<Class>::<method>,FalconCompileThreshold=<threshold value>"
-
July 2023 CPU release security fixes.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hotspot |
None |
No |
5.1 |
Local |
High |
None |
None |
Unchanged |
High |
None |
None |
17, 11 |
Note 1 |
|
Utility |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
2D (Harfbuzz) |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Networking |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
17, 11 |
Note 1 |
|
CVE-2023-22043 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
None |
Note 1 |
CVE-2023-22044 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22045 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22051 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
GraalVM Compiler |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2023
23.06.0.0
Release date: June 30, 2023
This release is based on Azul Platform Prime 23.05.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_372-b2 |
11 |
11.0.19+7-LTS |
17 |
17.0.7+7-LTS |
What’s New
-
A new option,
C2CompileThreshold
, has been added to CPU Budgeting options. This option allows the C2 compile threshold to be specified for individual methods. This option was introduced because some methods that are rarely called are still important and need to undergo regular optimization. This is set using-XX:CompileCommand
in the following way:-XX:CompileCommand="option,<Class>::<method>,C2CompileThreshold=<threshold>"
-
The maximum supported code cache size has been increased to 1758 MB when
AllocCodeCacheInLower2G
is disabled using-XX:-AllocCodeCacheInLower2G
. -
It is no longer necessary to LD_PRELOAD the libnmt_hooks.so library in order to use extended Native Memory Tracking (NMT). The libnmt_hooks.so library is now linked by default.
-
Using Java Flight Recorder, you can now see exact JIT name for each stacktrace frame in Azul Mission Control in the Method Profiling tab. This uses the option
JFRDistinguishJITTypes
, which is set totrue
by default, and shows either C1, C2, or Falcon for each stacktrace frame. WithJFRDistinguishJITTypes
set tofalse
, it shows JIT compiled.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-27634 |
Unify Prime’s "java.vendor" with Zulu |
ZVM-27514 |
High JFRCheckpoint pauses seen on Prime |
ZVM-27506 |
Turn on JFRDistinguishJITTypes flag by default |
ZVM-27424 |
Prime 11+ doesn’t throw IncompatibleClassChangeError in instanceKlass::method_at_itable |
ZVM-27785 |
Fix segmentation fault on StubRoutines::stringIndexOf |
ZVM-27675 |
Prohibit inlining for methods with invalid method ID |
ZVM-27624 |
Disable RSS workaround only once use of large pages are confirmed |
ZVM-27388 |
objSizes.jar application crashes with "assert(m->is_abstract()) failed: should be public and abstract" in fastdebug mode |
ZVM-27549 |
Avoid native method calls from VM.java class |
23.05.0.0
Release date: May 31, 2023
This release is based on Azul Platform Prime 23.04.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_372-b2 |
11 |
11.0.19+7-LTS |
17 |
17.0.7+7-LTS |
What’s New
-
Some Falcon CPU Budgeting options have been renamed according to the following table:
Changed from: Changed to: CompilerTier2BudgetingThreadsPercent
CompilerTier2BudgetingCPUPercent
CompilerTier2BudgetingWarmupThreadsPercent
CompilerTier2BudgetingWarmupCPUPercent
CompilerTier2BudgetMaxMs
CompilerTier2BudgetWindowDurationMs
For more information on Falcon CPU Budgeting options, see Command Line Options, CPU Budgeting Options
-
The command line option
UseTrueObjectsForUnsafe
has been set totrue
by default. This option forces unsafe objects to be returned in their true object form instead of the equivalent java class object. For example, withUseTrueObjectsForUnsafe
disabled, java.lang.Class can be returned instead of the true klassOop. -
Azul Platform Prime 23.05.0.0 includes several performance optimizations including many intrinsic functions implemented in the Falcon compiler.
23.04.0.0
Release date: April 28, 2023
This PSU release is based on Azul Platform Prime 23.03.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_372-b2 |
11 |
11.0.19+7-LTS |
17 |
17.0.7+7-LTS |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JSSE |
TLS |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
17, 11, 8 |
Note 1 |
|
JSSE |
HTTPS |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
None |
High |
17, 11, 8 |
Note 1 |
|
Swing |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Networking |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
CVE-2023-21954 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
High |
None |
None |
None |
Note 1 |
CVE-2023-21986 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image |
None |
No |
5.7 |
Local |
Low |
None |
None |
Changed |
None |
Low |
Low |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for April 2023
-
Cloud Native Compiler (CNC) 1.7 client support.
-
The command line option,
AllocCodeCacheInLower2G
, is now supported on the aarch64 system architecture, which is set totrue
by default. This option allocates code cache and related data structures at virtual address within 2 GB. To allow allocation to higher memory addresses, use-XX:-AllocCodeCacheinLower2G
. -
A new command line option,
GPGCCommitInitialHeapLazily
, has been introduced, which is set tofalse
by default. When enabled, this option prevents the whole of the initial heap size,InitialHeapSize
or-Xms
, from being committed from the OS upfront.With this option enabled, use the option
GPGCLazyInitialHeapCommitPercent
to specify how much of Xms shall be committed from the OS upfront, at startup. The default value forGPGCLazyInitialHeapCommitPercent
is50
. The remainder gets committed based on regular elastic heap heuristics. -
The command line option
InitialHeapSize
is now incorporated in Azul Platform Prime in order to keep compatibility with OpenJDK.InitialHeapSize
can be used instead of-Xms<size>
on the command line.
Note
|
The command line argument MaxHeapSize can also be used instead of -Xmx<size>
|
23.03.0.0
Release date: March 31, 2023
This release is based on Azul Platform Prime 23.02.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b2 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
19 |
19.0.2+7-MTS |
What’s New
-
Included in this release are the final set of JDK versions 13, 15 and 19. The next release will no longer contain these versions. Starting from 23.04.0.0, stream releases will include only JDK 8, 11, and 17. Starting from 23.02.100.0, stable releases will only include JDK 8, 11, and 17 CPU/PSU builds.
-
Oracle Linux (Centos 7.9) ARM is supported from Azul Platform Prime version 22.03.0.0.
-
The Command Line Option
GPGCUseAllocationPacing
has been disabled by default. -
The Command Line Option
CNCForceLocalCompiler
has been deprecated and replaced with the new optionCNCEnableRemoteCompiler
.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-26650 |
Transform head of _freeThreads to a tagged reference to avoid ABA problems |
ZVM-26648 |
Missing tag update in HeapRefBufferList::grab() |
ZVM-26387 |
[Alpine] Failed to bundle core from alpine container |
ZVM-26245 |
jlink on Prime converts library symlinks to files and increase the total size by 87MB |
23.02.0.0
Release date: March 1, 2023
This release is based on Azul Platform Prime 23.01.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b2 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
19 |
19.0.2+7-MTS |
Note
|
Version 1 of the GC Log Analyzer has reached its end-of-life and has been replaced with Version 2 of the GC Log Analyzer. GC Log Analyzer 2 is included in Azul Zulu Prime packages and can be found at <installdir>/etc/GCLogAnalyzer2.jar . The latest version of GC Log Analyzer 2 is also available for download at https://docs.azul.com/prime/GC-Log-Analyzer.
|
What’s New
-
Azul Zulu Prime 23.02.0.0 contains the General Availability (GA) release of Azul Prime Builds of OpenJDK 19 for x86_64 systems.
-
Cloud Native Compiler (CNC) 1.6.1 client support.
-
NativeMemoryTracking has been extended with further Falcon tracking support.
To enable "extended tracking," set
LD_PRELOAD=$JAVA_HOME/etc/zing/lib/libnmt_hooks.so
in addition to regular NMT flags which are described in Native Memory Tracking Options and in the Oracle documentation. -
Azul Zulu Prime 23.02.0.0 introduces new CPU budgeting features for the Falcon Tier 2 compiler. CPU Budgeting tells the Tier 2 compiler when to run and how many CPU threads to use, pre and post warmup.
With these new features, it is possible to specify allocated threads as a percent, meaning the compiler and the running application can share resources, resulting in less pauses and more stability for the running application. Previously, only whole numbers of threads could be allocated.
To enable these new features, use the argument
-XX:+EnableTier2CompilerBudgeting
.New Falcon CPU Budgeting features are listed in Command Line Options, CPU Budgeting Options
-
A new command line option,
AllocCodeCacheInLower2G
has been introduced and is set totrue
by default. This option allocates code cache and related data structures at virtual address within 2 GB. To allow allocation to higher memory addresses, use-XX:-AllocCodeCacheinLower2G
. This option is only available for x86_64 systems. -
Lower GC pauses with JVMTI - JVMTI tag map clearing has been moved outside of safepoint pause by default. This is set by the command line argument
ConcurrentJVMTITagMapClearing
and is set totrue
by default. -
Falcon improvement - Register allocation enhancement that improves code generation for derived pointers around GC safepoints. This allows derived pointers to rematerialize immediately before their use instead of after every safepoint. This is beneficial when a pointer is live across many statepoints but has few uses.
-
Allocation publication barrier optimizations for Aarch64 in Falcon. Testing has yielded up to an 8.5% performance improvement from this optimization.
-
The output format for
-Xlog:safepoint
has been changed to match OpenJDK for JDK13 and above.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-26265 |
Add jcmd, jmap, jps, jstack tools to jdk8 jre tar.gz |
ZVM-25703 |
backport JDK-8297028 (UseContainerCpuShares ) missing for Prime Java 8 Jan 2023 (Oracle 8u361 equivalent) |
ZVM-26144 |
attaching agent generates error: Skipping cleaning of inline cache |
ZVM-25902 |
ProfilePersistCodeProfilesOnUncommonTraps may introduce a significant overhead |
ZVM-25844 |
Tune FalconContextReset to lower value - Resolution: Reset frequency is chosen using an ergonomics heuristic. There is no need to tune the default value. |
ZVM-25437 |
jdk/test/hotspot/jtreg/serviceability/jvmti/RedefineClasses/RedefinePreviousVersions.java failed with "java.lang.RuntimeException: 'Class unloading: has_previous_versions = false' missing from stdout/stderr" |
ZVM-22464 |
JTreg crashed with JvmtiEnvBase::get_stack_trace |
ZVM-26017 |
-Xlog:safepoint output format differs between Zing 17 and OpenJDK 17 |
23.01.0.0
Release date: January 31, 2023
This PSU release is based on Azul Platform Prime 22.12.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b3 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
Note
|
Version 1 of the GC Log Analyzer has reached its end-of-life and has been replaced with Version 2 of the GC Log Analyzer. GC Log Analyzer 2 is included in Azul Zulu Prime packages and can be found at <installdir>/etc/GCLogAnalyzer2.jar . The latest version of GC Log Analyzer 2 is also available for download at https://docs.azul.com/prime/GC-Log-Analyzer.
|
What’s New
-
January 2023 CPU and PSU release security fixes.
-
Cloud Native Compiler (CNC) 1.6 client support.
-
You can now read and write ReadyNow profile logs to Cloud Native Compiler. This simplifies getting ReadyNow profile logs in and out of containers and other environments without persistent storage.
-
Compile stashing has been disabled by default, even when using ReadyNow.
Existing ReadyNow users that want to maintain the same compile stashing behavior as in earlier releases should ensure the
-XX:+FalconUseCompileStashing
flag is set.Users who wish to use compile stashing with the new Profile Log Service must ensure both
+FalconUseCompileStashing
and+CNCEnableRemoteCompiler
flags are set. -
FalconContextReset is now set using ergonomics heuristic based on the number of Falcon compiler threads, unless specified explicitly. Falcon compiler threads reset the internal caches after every
FalconContextReset
number of compilations. This is a tradeoff between compilation speed and memory consumption. The more often the caches are reset, the less memory is consumed but more time is spent rebuilding the caches.Currently, the value of
FalconContextReset
is chosen asFalconContextResetFactor=<number of Falcon threads>
nested betweenFalconContextResetLowerLimit
andFalconContextResetUpperLimit
.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
|
|
JSSE |
DTLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
|
|
Sound |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
|
|
CVE-2022-43548 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
None |
|
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for January 2023
22.12.0.0
Release date: December 19, 2022
This release is based on Azul Platform Prime 22.10.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_352-b2 |
11 |
11.0.17+8 |
13 |
13.0.13+5 |
15 |
15.0.9+5 |
17 |
17.0.5+8 |
Note
|
Version 1 of the GC Log Analyzer has reached its end-of-life and has been replaced with Version 2 of the GC Log Analyzer. GC Log Analyzer 2 is included in Azul Zulu Prime packages and can be found at <installdir>/etc/GCLogAnalyzer2.jar . The latest version of GC Log Analyzer 2 is also available for download at https://docs.azul.com/prime/GC-Log-Analyzer.
|
What’s New
-
Azul Zulu Prime 22.12.0.0, through various changed and updates, has been able to achieve 10% lower GC CPU usage on Cassandra.
-
Azul Zulu Prime 22.12.0.0 lowers the amount of GC pauses with hidden classes.
-
Falcon has been improved for Jackson as well as other optimizations to the Falcon JIT compiler.
-
New JMX MXBean metrics replace old metric name below java.lang.GarbageCollector to increase accuracy for GC monitoring added with JDK-8265136: Previously, metric "GPGC New/Old" was providing a sum of GC pauses and concurrent GC duration. This metric is replaced by the following:
-
GPGC New/Old Cycles: duration time in ms of the concurrent GC which runs in parallel to application threads and is not stopping the application.
-
GPGC New/Old Pauses: GC pause time in ms.
-
On Java 11 and 17, the new metrics are enabled by default and the old removed. If you need to switch back to the old metric, add -XX:+GPGCReportLegacyGarbageCollectorMXBean
.
On Java 8, only the old metric is active by default. To switch to the new metric add -XX:-GPGCReportLegacyGarbageCollectorMXBean
.
22.10.0.0
Release date: October 31, 2022
This CPU/PSU release is based on Azul Platform Prime 22.09.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u352-b08 |
11 |
11.0.17+8 |
13 |
13.0.13+5 |
15 |
15.0.9+5 |
17 |
17.0.5+8 |
What’s New
-
October 2022 CPU and PSU release security fixes
-
Compatibility with Cloud Native Compiler (CNC) version 1.5
-
Support for the GA release of Azul Vulnerability Detection (AVD).
-
Changes for containers regarding thread pool size calculation and number of available CPUs.
With the October 2022 release of Java 11 and 17, the default calculation of available CPU cores will change, following JDK-8281181. Previously, the number of available CPU cores was in some situations calculated based on the lower bound defined in the environment. With the change in this release, the lower bound won’t be used anymore and the calculation will only be based on the upper limit of the environment. If in container-based systems no upper limit is defined, the total number of CPUs on the host machine is read as upper limit.
A situation where a change will occur is, for example, a Kubernetes container where neither CPU requests nor CPU Limits are set, as previously the JVM would select only 1 CPU core as available in this situation while after the chance, it will select all available CPU cores of the environment which can lead to higher resource usage as thread pools of various open source frameworks are using this calculation for sizing. To verify if your systems are effect, check especially those where no upper limit is defined.
In case you need to switch back to the previous calculation, add
-XX:+UseContainerCpuShares
to the Java command line.Other terms used in the context of CPU definitions are for lower bound "CPU Requests" or "cgroups cpu.shares", and for upper limit "CPU Limits" or "cgroups cpu.cfs_quota_us".
When both quota and shares are specified for a cgroup and
UseContainerCpuShares
istrue
, the number of GC and compiler threads are derived based on a total processor count calculated as(quota+shares)/2
. WhenUseContainerCpuShares
isfalse
the number is derived based on a total processor count calculated as(quota/2)
.To check the current setting, for example, to compare previous and current Java versions in your environment, use the following example to display the actual number of CPUs as seen by application code and run it inside your container environment:
File AvailableCPUs.java:
public class AvailableCPUs { public static void main(String[] args) { System.out.println("CPUs: " + Runtime.getRuntime().availableProcessors()); } }To run it:
java -showversion AvailableCPUs.java
22.09.0.0
Release date: September 30, 2022
This release is based on Azul Platform Prime 22.08.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16.1+1 |
13 |
13.0.12+4 |
15 |
15.0.8+4 |
17 |
17.0.4.1+1 |
What’s New
-
Internal bug fixes.
-
Improved accuracy of RSS metric reported in GC log (C heap usage). With this improvement, the reported memory usage in GC log will give more accurate results.
-
The Allocation Pacing feature is turned on by default in non-ZST mode. This will help reduce peak allocation delays while introducing smaller delays into allocation paths as heap usage approaches the total Java heap committed. To turn off the feature use
-XX:-GPGCUseAllocationPacing
.
22.08.0.0
Release date: August 30, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16.1+1 |
13 |
13.0.12+4 |
15 |
15.0.8+4 |
17 |
17.0.4.1+1 |
What’s New
-
Internal bug fixes.
-
ZVM-24576 - New feature, Allocation Pacing, to help protect against long allocation delays. When enabled, the virtual machine adds smooth delays to allocations as the heap usage approaches the maximum. This new feature helps prevent long allocation delays caused by memory exhaustion and helps the garbage collector keep up. To enable the feature, use -XX:+GPGCUseAllocationPacing, available in non-ZST mode only.
-
ZVM-24277 - Implemented StringUTF16.compress
Resolved Issues
Issue ID | Description |
---|---|
ZVM-24429 |
Using Xlog:safepoint could cause long pauses under I/O contention |
ZVM-24614 |
PrintCodeCacheMap could cause application crash at exit time. |
ZVM-24455 |
LockOpt::eliminateNestedLock could sometimes add an invalid/stale value to the deopt bundle which could potentially lead to crashes. |
22.07.1.0
Release date: August 9, 2022
This release is based on Azul Platform Prime 22.07.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16 |
13 |
13.0.12 |
15 |
15.0.8 |
17 |
17.0.4 |
22.07.0.0
Release date: July 29, 2022
This PSU release is based on Azul Platform Prime 22.06.0.0 and 22.02.300.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u342 |
11 |
11.0.16 |
13 |
13.0.12 |
15 |
15.0.8 |
17 |
17.0.4 |
What’s New
-
July 2022 PSU release fixes.
-
ZVM-24301 - New command line option
UseContainerCpuShares
, default true, to consider CPU shares when computing available processors inside a cgroup. This option was backported from OpenJDK 17 and it is important to note that while OpenJDK has a default value of false, the default value in Azul Platform Prime is true.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JAXP (Xalan-J) |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17 |
Note 1 |
|
CVE-2022-25647 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image (Gson) |
None |
No |
6.2 |
Local |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and relies on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
22.06.0.0
Release date: June 30, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15+10 |
13 |
13.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-14341 |
NMT detailed mode allows user to track internal VM memory usage to the granularity of a single callsite. This feature is also very useful in case the user needs to find a memory leak. |
ZVM-24010 |
Optimized layout of GC internal data structure, improving native memory consumption by the garbage collector (GC). |
ZVM-23142 |
Improved virtual memory regions initialization to handle rare situations when there are existing mappings in preferred ranges. In such cases, the JVM previously failed to start with the error "Unable to setup virtual memory region for …". |
ZVM-24118 |
Fixed crashes caused by |
ZVM-23983 |
async-profiler v2.7+ cpu profiling is now working with Prime. |
Known Issues
Issue ID | Description |
---|---|
- |
Aarch64 support is limited to Graviton 2 and 3. Graviton 1 is not yet supported. |
ZVM-20142 |
Async profiler activemq crashed with 'assert(false) failed: Should never reach here' |
ZVM-17531 |
Wildfly app-server hangs when Async Java Profiler is attached. |
ZVM-16393 |
Async profiler does not show object type in "-e alloc" mode on Zulu Prime |
22.05.0.0
Release date: May 31, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15+10 |
13 |
13.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21804 |
In container systems with an elastic CPU definition (CPU min and max both set or cgroups |
22.04.1.0
Release date: May 24, 2022
This release is based on Azul Platform Prime 22.04.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15+10 |
13 |
13.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
22.04.0.0
Release date: May 6, 2022
This CPU and PSU release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15+10 |
13 |
13.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
What’s New
-
April 2022 CPU and PSU security fixes.
-
Enable elimination of safepoint pauses for finding deadlocks operations by first attempting to complete them using a checkpoint using the option
-XX:[+/ -]OptimizeFindDeadlocksWithCheckpoint
. If a deadlock is detected in the checkpoint, it is then confirmed using a safepoint pause.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ZIP |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
17, 15, 13, 11, 8, 7, 6 |
|
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
18, 17, 15 |
Note 1 |
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
High |
None |
None |
18, 17, 15, 13, 11, 8, 7 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
JNDI |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
CVE-2022-0778 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (OpenSSL) |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21804 |
In container systems with an elastic CPU definition (CPU min and max both set or cgroups |
ZVM-23002 |
Added support for cgroups v2. |
ZVM-23091 |
Deadlock detection was being performed using safepoint pauses in prior releases. Starting 22.04 Prime attempts to detect deadlock using checkpoints which do not cause a global pause. If the checkpoint operation indicates the possibility of a deadlock, Prime will resort to a safepoint to confirm the same. |
22.03.0.0
Release date: March 31, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21804 |
In container systems with an elastic CPU definition (CPU min and max both set or cgroups |
22.02.0.0
Release date: February 28, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
22.01.2.0
Release date: February 14, 2022
This PSU release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
22.01.1.0
Release date: February 7, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
22.01.0.0
Release date: January 31, 2022
This PSU release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21048 |
When |
ZVM-22049 |
OldGC is not triggered often enough during idle time when NewGCs are occurring. |
ZVM-22063 |
Map OpenJDK command line option |
ZVM-19635 |
Avoid lock in ByteArrayInputStream.read if it is used as an input of ObjectInputStream. |
ZVM-20678 |
Improved performance of string collation and iteration. |
21.12.0.0
Release date: December 20, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13+8 |
13 |
13.0.9+3 |
15 |
15.0.5+3 |
17 |
17.0.1+12 |
What’s New
-
Photon OS is now supported.
-
Improved performance of string collation and character iteration. You can enable the use of the custom implementation of
RuleBasedCollator
using the option-XX:+UseModifiedRuleBasedCollator
. This option is false by default. -
Docker images for Prime are now available.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21048 |
When |
ZVM-22049 |
OldGC is not triggered often enough during idle time when NewGCs are occurring. |
ZVM-22063 |
Map OpenJDK command line option |
ZVM-19635 |
Avoid lock in |
ZVM-20678 |
Improved performance of string collation and iteration. |
21.10.1.0
Release date: December 14, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13 |
13 |
13.0.9 |
15 |
15.0.5 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21884 |
Failure during startup when the kernel does not have support for Transparent Huge Pages (THP) feature, or does not support making madvise(2) calls with MADV_NOHUGEPAGE. |
ZVM-22052 |
Cassandra fails when ulimit -l unlimited is set to allow more mlock than the Linux default. This issue affected only Prime version 21.10.0.0. |
21.10.0.0
Release date: October 29, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13 |
13 |
13.0.9 |
15 |
15.0.5 |
What’s New
-
Includes all October 2021 CVE fixes.
-
Azul Platform Prime 21.10.0.0 contains the October 2021 CPU release of OpenJDK. Azul Platform Prime 21.10.0.0 brings the associated JDK 7, JDK 8, JDK 11, JDK 13, and JDK 15 versions to October 2021 CPU security update levels.
-
The peak heap occupancy target, used by heuristics to decide when to trigger a garbage collection, is now managed dynamically by default. The dynamic changes can be disabled by setting
GPGCTargetPeakHeapOccupancyPercent
to a desired value. -
Increased parallelism between collectors for the new generation and old generation. Helps reduce the peak duration for a new generation collection and reduce allocation delays during peak load.
-
The number of concurrent GC threads is now changed dynamically when
-Xms
is set to the same value as-Xmx
, or when Azul Zulu Prime System Tools (ZST) is installed. At JVM start a low number of concurrent GC threads is employed. If later during application uptime the GC Time Percent metric increases beyond a threshold, more GC threads are added to reduce the number of GC cycles. The limit for the total number of GC threads is 3/4 of the process' available CPU threads. As of this Prime version, the number of threads will never shrink later.To disable the dynamic handling, use the following on the command line:
-XX:-UseDynamicNumberOfGCThreads
If one of the following flags is set on the command line, the dynamic handling will also be disabled:
-
-XX:GPGCThreads=N
-
-XX:GenPauselessNewThreads=N
-
-XX:GenPauselessOldThreads=N
-
-
General performance improvements.
-
More intrinsics from Java 17.
21.09.1.0
Release date: October 14, 2021
This release is based on Azul Platform Prime 21.09.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
What’s New
-
Initial support for Cloud Native Compiler. Cloud Native Compiler provides a server-side optimization solution that offloads JIT compilation to dedicated hardware, providing more processing power to JIT compilation while freeing your client JVMs from the load of doing JIT compilation.
-
General performance improvements.
21.09.0.0
Release date: September 29, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
What’s New
-
General performance improvements.
-
GC log line has been expanded to include additional information for heap elasticity.
-
Introduces a new JFR event named "Deoptimization" which arises when previously compiled code gets discarded. The event is useful in troubleshooting performance issues including low throughput and high CPU utilization.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21015 |
High pause time during OldGC due to unloading of a long chain of subclasses. |
ZVM-19788 |
Installation packages are now signed. |
ZVM-20927 |
Abort the VM if GC safepoint operation time exceeds a configurable
threshold. See the new GC options: |
ZVM-17584 |
Introduces a new JFR event named "Deoptimization" which arises when previously compiled code gets discarded. The event is useful in troubleshooting performance issues including low throughput and high CPU utilization. |
21.08.0.0
Release date: August 31, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
What’s New
-
Improved performance with large Java heaps on Intel Ice Lake systems with 5-level page tables.
-
Introduces support for Intel’s Ice Lake 5-level paging.
-
Support for dynamically varying garbage collector thread counts with the GPGCDynamicGCThreadCountPolicy option. See command line options for more details.
21.07.0.0
Release date: July 30, 2021
This CPU and PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
What’s New
-
Incorporates all of the changes from the July 2021 CPU release and most of the changes from the July 2021 PSU release.
-
Various performance improvements including improved locking, stack-walking behavior for performance.
-
Loop unrolling improvements.
-
Java heap elasticity is turned on by default when not using the Prime System Tools (ZST). This means that
-Xms
is now recognized along with-Xmx
. The default values also match OpenJDK. For latency sensitive applications it is advised to set-Xms
equal to-Xmx
to preserve the old behaviour. See Recommended Heap Size for more details.
21.06.0.0
Release date: June 30, 2021
This release is based on Azul Platform Prime 21.04.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
What’s New
-
Additional improvements of the Heap Elasticity feature introduced in 21.05.0.0. Improved memory allocation handling in Heap Elasticity mode to avoid exceeding the container/cgroups memory limit.
-
Fixed many issues with Async Profiling.
-
Various performance improvements with Falcon compiler:
-
Fixed extra spills causing performance penalties by supporting live gc values on registers for calls which can throw exceptions
-
Improved performance of applications that frequently use Unsafe.allocateInstance.
-
Implemented nested locks elimination optimization for multiple nested locks on a given object under the condition that the nested lock state is not inspected.
-
Resolved Issues
Issue ID | Description |
---|---|
ZVM-19710 |
Profiling with cpu/wall events yeilds unusable results |
ZVM-20081 |
Startup failure when specifying |
ZVM-19972 |
JVM memory metrics like |
21.05.1.0
Release date: July 12, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
21.05.0.0
Release date: May 31, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
What’s New
-
Non-ZST Heap Elasticity introduced. See Recommended Heap Size for details. When heap elasticity is enabled, the Garbage Collector tries to minimize the memory footprint, keeping it between the user- defined range of -Xms and -Xmx. At the same time, the CPU usage of the Garbage Collector is monitored and the memory minimizing goal relaxed in case the CPU usage increases too much. Heap Elasticity is not available when Azul Zulu System Tools (ZST) is installed.
-
Azul Platform Prime 21.05.0.0 makes the OpenJDK C1 OSR the default OSR for the Falcon compiler. The C1 OSR takes much less time and CPU resources to fully optimize your code to steady-state performance.
-
Stream Builds (previously known as Feature Releases) are now free for use in development and evaluation. As such, the builds no longer check for an evaluation license.
-
Latency improvement for applications with frequent Unsafe.get() and put() calls.
-
Fixed heap dump compatibility issue that prevented opening Azul Zulu Prime head dumps in IntelliJIdea.
-
Enabled jcmd ManagementAgent command option support.
21.04.0.0
Release date: April 30, 2021
This CPU and PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
What’s New
-
April 2021 CPU and PSU fixes.
-
Quicker acquisition of transparent huge pages on Ubuntu, Amazon Linux or similar Linux systems with kernel 4.19.7 or newer in non-ZST mode. This can help get peak performance earlier as well as enable faster java process restart when THP is configured.
-
Default value of Xmx in cgroups is now the minimum of 25% of cgroup memory limit and 32 GB. Prior to 21.04.0.0, it was 25% of cgroup memory limit.
-
Reduced code cache usage for applications with high number of classes or interfaces and a large number of associated methods.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
16, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
High |
None |
Required |
Unchanged |
None |
High |
None |
16, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
CVE-2021-23841 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (OpenSSL) |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2021-3450 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
21.03.0.0
Release date: March 31, 2021
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
13 |
13.0.6+5 |
15 |
15.0.2+7 |
What’s New
-
Enhanced Compatibility With Data Management Platforms
ZVM 21.03.0.0 improves compatibility between the MXBean memory pool names and names expected by in- memory data management systems (e.g., Pivotal GemFire 8.2).
-
JFR Event Streaming allows to asynchronously subscribe to select JFR events and avoid the overhead associated with creating a recording in JDK 15.
-
Various performance improvements, like enhancements to tracking of garbage-collection roots, compiler optimizations for aggressive lock coarsening, and an experimental ReadyNow mode that enables the pre-initialization of a greater number of bootstrap classes.
21.02.0.0
Release date: February 26, 2021
This release is based on Azul Platform Prime 21.01.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
13 |
13.0.6+5 |
15 |
15.0.2+7 |
What’s New
-
Introduces medium-term support (MTS) for Java Standard Edition 15. See Azul Product Support Lifecycle for more information.
-
Additional non-security changes associated with the January 2021 Patch Set Updates (PSU) OpenJDK 7u292, OpenJDK 8u282, OpenJDK 11.0.10, OpenJDK 13.0.6 and OpenJDK 15.0.2 release contents.
-
Load value barriers for reference equality checks are optimized within loops. Azul Zulu Prime JVM also optimizes more such checks aggressively by considering both operands of the equality check.
-
Improved object locking with better monitor inflation behavior.
-
The functionality of
UseCodeCacheFlushing
is offered underUseIncrementalCodeCacheFlushing
in Azul Zulu Prime JVM 21.02.0.0. However, Azul Zulu Prime JVM has emergency code cache flushing turned on by default, seeUseEmergencyCodeCacheFlushing
in Using Azul Zulu Prime JVM Command-Line Options for details. -
Early-access support for ReadyNow Image, an experimental warm-up optimizer based on ReadyNow and Linux Checkpoint/Restore In Userspace (CRIU).
Azul Zulu Prime JVM 21.02.0.0 installation contains ReadyNow Image files in the /etc/rni/ directory:
` `criu
libnet.so.1
libnl-3.so.200
libprotobuf-c.so.1
restore-script
wait-script
-
Azul Zulu Prime JVM 21.02.0.0 includes optional experimental support for interaction with connected runtime services through an emerging protocol in Azul Zulu Prime JVM 13. Note that for Azul Zulu Prime JVM 8 and Azul Zulu Prime JVM 11 this support was introduced in Azul Zulu Prime JVM 21.01.0.0.
Azul Zulu Prime JVM 21.02.0.0 installation contains the following files related to the services:
-
jmods/azul.crs.jfr.access.jmod
-
legal/azul.crs.jfr.access/ADDITIONAL_LICENSE_INFO
-
legal/azul.crs.jfr.access/ASSEMBLY_EXCEPTION
-
legal/azul.crs.jfr.access/CLASSPATH_EXCEPTION_NOTE
-
legal/azul.crs.jfr.access/LICENSE
-
lib/crs-agent.jar
-
21.01.0.0
Release date: January 29, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
13 |
13.0.6+5 |
What’s New
-
C2 Improvement
The default JIT compiler on Azul Zulu Prime JVM JDK 8 and JDK 7 is changed from SeaOfNodesC2 to KestrelC2 when the Azul Zulu Prime JVM C2 mode is enabled with
-XX:+UseC2
.For Azul Zulu Prime JVM JDK 11, this improvement was made in Azul Zulu Prime JVM 20.04.0.0.
KestrelC2 is a C2 implementation introduced to Azul Zulu Prime JVM in 2020. It is based on a lightweight use of the LLVM backend and typically produces faster code than UseSeaOfNodesC2 while keeping compilation effort at similar levels. UseKestrelC2 generally exhibits a significantly lower compilation-time CPU consumption compared to Falcon.
See Using Azul Zulu Prime JVM Command-Line Options for
-XX:[+/-]UseKestrelC2
and-XX:[+/-]UseSeaOfNodesC2
command-line options and details.The default JIT compiler in Azul Zulu Prime JVM is the high-performance Falcon introduced in 2017.
-
New Experimental Features
Azul Zulu Prime JVM 21.01.0.0 includes optional experimental support for interaction with connected runtime services through an emerging protocol in Azul Zulu Prime JVM 11 and Azul Zulu Prime JVM 8.
These experimental capabilities are enabled by the
‑XX:+UseCRS
command-line option and turned off by default. Being an experimental Azul Zulu Prime JVM option, it must be unlocked by preceding‑XX:+UnlockExperimentalVMOptions
. -
Performance Improvement
Azul Zulu Prime JVM 21.01.0.0 introduces an improved escape analysis for arrays in the Falcon compiler.
The improvement includes an optimization for array reallocation pattern (e.g., java.util.Arrays.copyOf) to avoid redundant copying. Notably, this optimization improves the performance of string concatenation using the StringBuilder class by the elimination of excessive reallocations of the underlying StringBuilder buffer.
-
Support for EdDSA Signature Algorithm
Azul Zulu Prime JVM 21.01.0.0 introduces the OpenEdDSA provider which can be used for cryptographic signatures using the Edwards-Curve Digital Signature Algorithm (EdDSA) in Azul Zulu Prime JVM 8 with no application or code changes. See JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA) for details.
The OpenEdDSA public API is provided in the
org.openeddsa.java.security.interfaces
andorg.openeddsa.java.security.spec
packages.To enable the OpenEdDSA provider, do either of the following:
-
configure the Java Runtime Environment for the OpenEdDSA provider by adding the entry below to the
$JAVA_HOME/jre/lib/security/java.security
filesecurity.provider.10=org.openeddsa.security.OpenEdDSA -
add the OpenEdDSA provider directly to your code
// Add OpenEdDSA provider java.security.Security.addProvider(new org.openeddsa.security.OpenEdDSA());
-
20.12.0.0
Release date: December 18, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u285 |
8 |
8u275 |
11 |
11.0.9.1+1 |
13 |
13.0.5.1+1 |
What’s New
-
Azul Zulu Prime JVM 20.12.0.0 incorporates additional non-security changes associated with the October Patch Set Updates (PSU) 2020 OpenJDK 7u285, OpenJDK 8u275, OpenJDK 11.0.9.1, and OpenJDK 13.0.5.1 release contents.
-
Azul Zulu Prime JVM 20.12.0.0 introduces an enhanced induction variable analysis and range checks removal mechanism. Particularly, improved range check elimination capabilities for decrementing loops of the following type:
for (int i = array.length - 1; i >= 0; i--) { array[i] = ... }
Resolved Issues
Issue ID | Description |
---|---|
ZVM-18035 |
Backport of JDK-8202837 and JDK-8214513 to Zing 8. |
ZVM-17938 |
Setting InitalHeapSize and MaxHeapSize the same fails in non-ZST mode. This affects applications such as ElasticSearch which insists that Initial Heap Size be equal to Maximum Heap Size. |
ZVM-17430 |
JarFile constructor exception in JDK 11.0.8. |
ZVM-17346 |
System data collected for GC logging could cause oom-killer invocation and kernel panic when java is launched under the root user. |
ZVM-16051 |
Provide FalconTrustInterfaceTypesForArrayStore to move interface type conformance check from the VM to the application. This can improve throughput variability for some applications. ‑XX:+UnlockExperimentalVMOptions is required to use ‑XX:+FalconTrustInterfaceTypesForArrayStore. |
20.10.0.0
Release date: October 30, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u281 |
8 |
8u271 |
11 |
11.0.8.0.101+5 |
What’s New
-
Azul Zulu Prime JVM 20.10.0.0 brings the associated JDK 7, JDK 8, JDK 11 and JDK 13 versions to October 2020 Critical Patch Update (CPU) security update levels and incorporates changes related to OpenJDK 7u281, OpenJDK 8u271, OpenJDK 11.0.8.0.101, and OpenJDK 13.0.4.0.101 release contents.
-
Azul Zulu Prime JVM 20.10.0.0 includes loop form fixes to increase performance of loops by simplified triggering of enabled vectorization methods. The optimization is enabled by default.
-
Azul Zulu Prime JVM 20.10.0.0 contains an improved allocation mechanism which has a positive impact on the Azul Zulu Prime JVM's performance. The optimization is enabled by default.
-
Azul Zulu Prime JVM 20.10.0.0 introduces method counters across JVM runs, which enables ReadyNow to build a profile over multiple short runs when the number of orders is low.
20.09.1.0
Release date: October 19, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
13 |
13.0.4+8 |
20.09.0.0
Release date: September 30, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
13 |
13.0.4+8 |
What’s New
-
Azul Zulu Prime JVM 20.09.0.0 introduces Medium Term Support for Java SE 13. See Azul Product Support Lifecycle for more information.
-
Azul Zulu Prime JVM 20.09.0.0 includes accelerated copying of large array chunks. The optimization is enabled by default. See
UseArrayCopyChunkingIntrinsics
in Using Azul Zulu Prime JVM Command-Line Options for details. -
Azul Zulu Prime JVM 20.09.0.0 provides a performance improvement for
org.apache.logging.log4j.util.StackLocator.getCallerClass()
, which maximizes logging performance when using log4j versions 2.13.1 - 2.13.3 on Azul Zulu Prime JVM 8 and log4j versions 2.9.0 - 2.13.3 on Azul Zulu Prime JVM 11+. The improvement is disabled by default. SeeUseLog4jGetCallerClassIntrinsic
in Using Azul Zulu Prime JVM Command-Line Options for details. -
Azul Zulu Prime JVM 20.09.0.0 introduces unified Garbage Collection (GC) logging that utilizes unified JVM logging framework (JEP 271: Unified GC Logging). See Unified GC Logging Recommendations to learn more.
Resolved Issues
Issue ID | Description |
---|---|
ZVM-16945 |
Core bundler: pid extraction can select more than one line. |
ZVM-16239 |
Racy initialization logic in GraphBuilder::initialize(): under rare circumstances another thread can observe the _is_initialized flag set before the static fields _can_trap and _is_async are actually initialized. |
20.08.0.0
Release date: August 31, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u262 |
11 |
11.0.8+10 |
What’s New
-
Azul Zulu Prime JVM 20.08.0.0 incorporates additional non-security changes associated with the July Patch Set Updates (PSU) 2020 OpenJDK 7u272, OpenJDK 8u265, and OpenJDK 11.0.8 release contents.
-
NONEwithDSAinP1363Format is included in signature algorithms enabled in Azul Zulu Prime JVM 20.08.0.0 by default. NONEwithDSAinP1363Format is scheduled for removal in the following release of the Azul Zulu Prime JVM Virtual Machine. Since the algorithm is not supported in other JDK 8 virtual machines, it is recommended to migrate to Digital Signature Algorithms with ASN.1 encoded signature bytes.
-
Azul Zulu Prime JVM 20.08.0.0 introduces multiple optimizations that significantly increase performance on a set of Java Stream API scenarios.
-
Azul Zulu Prime JVM 20.08.0.0 introduces a new version string format that includes a matching OpenJDK release number.
-
Version 1 of the GC Log Analyser has reached its end-of-life and is removed from Azul Zulu Prime JVM 20.08.0.0. Version 2 of the GC Log Analyzer is available for download at https://cdn.azul.com/gcla/GCLogAnalyzer2.jar.
20.07.0.0
Release date:
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u262 |
11 |
11.0.8+10 |
What’s New
-
Azul Zulu Prime JVM 20.07.0.0 brings the associated JDK 7, JDK 8, and JDK 11 versions to July 2020 Critical Patch Update (CPU) security update levels and incorporates changes related to OpenJDK 7u271, OpenJDK 8u261, and OpenJDK 11.0.7.0.101 release contents.
-
The lock-less Java Native Interface (JNI) protocol is enabled by default in Azul Zulu Prime JVM 20.07.0.0. See Using Azul Zulu Prime JVM Command-Line Options for the
UseThreadStateNativeWrapperProtocol
option and details. -
Azul Zulu Prime JVM 20.07.0.0 introduces optimization in object allocation (internal new_stub() function) for improved performance in TLAB allocation intensive applications. The optimization is enabled by default.
-
Starting with Azul Zulu Prime JVM 20.07.0.0, Azul Zulu Prime JVM 8 supports TLS 1.3 by default and follows the application programming interface (API) changes introduced by Maintenance Release 3 to the Java SE 8 specification.
20.06.0.0
Release date:
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u262 |
8 |
8u252 |
11 |
11.0.7+10 |
What’s New
-
The release of Azul Zulu Prime JVM 20.06.0.0 includes ReadyNow improvements for faster warmup and smaller footprint.
-
Azul Zulu Prime JVM 20.06.0.0 introduces a JNI exception checking optimization. See Using Azul Zulu Prime JVM Command-Line Options for the
UseFastJNIExceptionCheck
option and details. -
Azul Zulu Prime JVM 20.06.0.0 provides full elasticity support for code cache. See Using Azul Zulu Prime JVM Command-Line Options for the
InitialCodeCacheSize
,ReservedCodeCacheSize
, andCodeCacheOopTableSize
options and details. -
Azul Zulu Prime JVM 20.06.0.0 includes a further improvement of JDK 11
java.lang.StackWalker
which is frequently used by log4j2 and other logging implementations. See also https://openjdk.java.net/jeps/259 andjava.lang.StackStreamFactory$AbstractStackWalker
. -
Azul Zulu Prime JVM 20.06.0.0 introduces new diagnostic Java Flight Recorder (JFR) events to simplify error handling.
-
The lock-less Java Native Interface (JNI) protocol is disabled by default. See Using Azul Zulu Prime JVM Command-Line Options for the UseThreadStateNativeWrapperProtocol option and details.
20.05.0.0
Release date: May 29, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u262 |
8 |
8u252 |
11 |
11.0.7+10 |
What’s New
-
In Azul Zulu Prime JVM 20.05.0.0, the Java Flight Recorder Tick Profiler becomes enabled by default.
-
In Azul Zulu Prime JVM 20.05.0.0, Java monitors are moved from CodeCache to a new dedicated MonitorCache storage.
-
The release of Azul Zulu Prime JVM 20.05.0.0 includes optimizations targeted at accelerating compilation and warmup.
-
Azul Zulu Prime JVM 20.05.0.0 introduces better JDK 11
java.lang.StackWalker
which is frequently used by log4j2 and other logging implementations. See also https://openjdk.java.net/jeps/259 andjava.lang.StackStreamFactory$AbstractStackWalker
. -
Azul Zulu Prime JVM 20.05.0.0 provides a reduction of application exit times in the non-ZST mode when a process uses mlockall().
-
Azul Zulu Prime JVM 20.05.0.0 improves the mitigation strategy used by the Falcon compiler to minimize performance impacts due to Intel's microcode updates in response to Jump Conditional Code (JCC) Erratum SKX102. Previous versions inserted nop instructions for padding; the new version can optionally increase the size of existing instructions in some cases. As before, the mitigation is enabled only on affected processors, and no user action is needed.
-
Azul Zulu Prime JVM 20.05.0.0 introduces a testing grace period mode, under which the Azul Zulu Prime JVM can run for up to 60 minutes (3600 seconds) without requiring a valid license. The testing grace period can be enabled by setting the
ZING_TESTING_GRACE_PERIOD_SEC
environment variable to a number of grace period seconds (up to 3600), or by using the-XX:ZVMTestingGracePeriodSec=N
flag with a similar value.
20.04.0.0
Release date: April 30, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u262 |
8 |
8u252 |
11 |
11.0.7+10 |
What’s New
-
The release of Azul Zulu Prime JVM 20.04.0.0 contains April 2020 critical patch update (CPU) security and critical bug fixes and brings the associated JDK 7, JDK 8, and JDK 11 versions to April 2020 CPU security update levels.
-
Azul Zulu Prime JVM 20.04.0.0 incorporates additional non-security changes associated with the April PSU 2020 OpenJDK 8u252 and OpenJDK 11.0.7 release contents.
-
Starting with Azul Zulu Prime JVM 20.04.0.0, the
-XX:+UseC2
option can use one of two separate implementations of C2 JIT compilation: a traditionalUseSeaOfNodesC2
mode and a newUseKestrelC2
mode. -
The new mode is selected with
+UseKestrelC2
which is on by default for Azul Zulu Prime JVM 11 and off by default for Azul Zulu Prime JVM 8 and Azul Zulu Prime JVM 7. This mode enables a C2 implementation introduced to Azul Zulu Prime JVM in 2020. It is based on a lightweight use of the LLVM backend and typically produces faster code than UseSeaOfNodesC2 while keeping compilation effort at similar levels.UseKestrelC2
generally exhibits a significantly lower compilation-time CPU consumption compared to Falcon.The old mode is selected with
+UseSeaOfNodesC2
which is off by default in Azul Zulu Prime JVM 11 and on by default for Azul Zulu Prime JVM 8 and Azul Zulu Prime JVM 7.See Using Azul Zulu Prime JVM Command-Line Options for
UseKestrelC2
andUseSeaOfNodesC2
command-line options and details. -
Azul Zulu Prime JVM 20.04.0.0 introduces a compilation time improvement.
-
The release of Azul Zulu Prime JVM 20.04.0.0 introduces an increased maximum Java heap size from 1 TB to 2.5 TB in the default non-ZST mode.
The maximum Java heap size for the Azul Zulu Prime JVM Virtual Machine with ZST is 20 TB.
-
In Azul Zulu Prime JVM 20.04.0.0, a new Java Flight Recorder functionality allows you to collect profiling data about applications that use JNI invocations.
-
The release of Azul Zulu Prime JVM 20.04.0.0 includes optimizations targeted at reducing JNI transition costs. The cost of a native call from Java was reduced, and the implementation of the accessor functions used to retrieve fields of Java objects from native code was also improved. Most applications will not be affected, but applications with many native transitions (such as a socket or file IO) may see the marked improvement.
See Using Azul Zulu Prime JVM Command-Line Options for
UseFastJNIAccessors
,UseMembar
, andUseThreadStateNativeWrapperProtocol
command-line options and details. -
Azul Zulu Prime JVM 20.04.0.0 excludes debug symbols embedded in
libjvm.so
, which reduces the filesystem footprint of a Azul Zulu Prime JVM installation by 280 MB.Contact [email protected] if you need to install debug symbols for the Azul Zulu Prime JVM.
20.03.1.0
Release date:
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u252 |
8 |
8u242 |
11 |
11.0.6+10 |
20.03.0.0
Release date:
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u252 |
8 |
8u242 |
11 |
11.0.6+10 |
20.02.1.0
Release date: April 8, 2020
This release is based on Azul Platform Prime 20.02.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u252 |
8 |
8u242 |
11 |
11.0.6+10 |
20.02.0.0
Release date: February 28, 2020
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u252 |
8 |
8u242 |
11 |
11.0.6+10 |
What’s New
-
January 2020 PSU Release.
This version incorporates additional non-security changes associated with the PSU 2020 OpenJDK 8u242 and OpenJDK 11.0.6 release contents.
-
Deprecation of FalconUseLegacyInliner
The
FalconUseLegacyInliner
command-line option is deprecated in Zing 8 and 11 with no replacemen.
20.01.0.0
Release date: January 30, 2020
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u251 |
8 |
8u241 |
11 |
11.0.5.0.101+11 |
What’s New
-
January 2020 CPU Release.
-
InZVM20.01.0.0,
-XX:+FalconCompensateForIntelMCUForErratumSKX102
is an off-by-default option and introduces a nop padding based mitigation for performance regressions seen on some systems following Intel’s microcode updates in response to errata SKX102. This option is expected to become the default in a future Zing release. If enabled, nop padding will be used to align affected branches on systems with the microcode update applied.For testing purposes, the flag
-XX:+ForceFalconCompensateForIntelMCUForErratumSKX102
is also provided. This can be used to force the generation of nop padded code on unaffected systems for performance validation.
Previous Stable Builds
23.02.301.0
Release date: July 25, 2023
This release is based on Azul Platform Prime 23.02.300.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_381-b2 |
11 |
11.0.19.0.101+2-LTS |
17 |
17.0.7.0.101+2-LTS |
23.02.300.0
Release date: July 18, 2023
This CPU release is based on Azul Platform Prime 23.02.202.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_381-b2 |
11 |
11.0.19.0.101+2-LTS |
17 |
17.0.7.0.101+2-LTS |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hotspot |
None |
No |
5.1 |
Local |
High |
None |
None |
Unchanged |
High |
None |
None |
17, 11 |
Note 1 |
|
Utility |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
2D (Harfbuzz) |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Networking |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
17, 11 |
Note 1 |
|
CVE-2023-22043 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
None |
Note 1 |
CVE-2023-22044 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22045 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22051 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
GraalVM Compiler |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2023
23.02.202.0
Release date: July 3, 2023
This release is based on Azul Platform Prime 23.02.201.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_372-b1 |
11 |
11.0.19+7-LTS |
17 |
17.0.7+7-LTS |
23.02.200.0
Release date: May 16, 2023
This PSU release is based on Azul Platform Prime 23.02.101.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_372-b1 |
11 |
11.0.19+7-LTS |
17 |
17.0.7+7-LTS |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JSSE |
TLS |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
17, 11, 8 |
Note 1 |
|
JSSE |
HTTPS |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
None |
High |
17, 11, 8 |
Note 1 |
|
Swing |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Networking |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
CVE-2023-21954 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
High |
None |
None |
None |
Note 1 |
CVE-2023-21986 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image |
None |
No |
5.7 |
Local |
Low |
None |
None |
Changed |
None |
Low |
Low |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for April 2023
-
Some Falcon CPU Budgeting options have been renamed according to the following table:
Changed from: Changed to: CompilerTier2BudgetingThreadsPercent
CompilerTier2BudgetingCPUPercent
CompilerTier2BudgetingWarmupThreadsPercent
CompilerTier2BudgetingWarmupCPUPercent
CompilerTier2BudgetMaxMs
CompilerTier2BudgetWindowDurationMs
For more information on Falcon CPU Budgeting options, see Command Line Options, CPU Budgeting Options
-
The command line option
UseTrueObjectsForUnsafe
has been set totrue
by default. This option forces unsafe objects to be returned in their true object form instead of the equivalent java class object. For example, withUseTrueObjectsForUnsafe
disabled, java.lang.Class can be returned instead of the true klassOop.
23.02.101.0
Release date: May 3, 2023
This release is based on Azul Platform Prime 23.02.100.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_371-b1 |
11 |
11.0.18.0.101+3-LTS |
17 |
17.0.6.0.101+2-LTS |
23.02.100.0
Release date: April 18, 2023
This CPU release is based on Azul Platform Prime 23.02.2.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_371-b1 |
11 |
11.0.18.0.101+3-LTS |
17 |
17.0.6.0.101+2-LTS |
What’s New
-
JDK versions 13, 15 and 19 have reached end of life and are no longer included in Azul Platform Prime builds of OpenJDK.
-
April 2023 CPU release security fixes.
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JSSE |
TLS |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
17, 11, 8 |
Note 1 |
|
JSSE |
HTTPS |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
None |
High |
17, 11, 8 |
Note 1 |
|
Swing |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Networking |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 1 |
|
CVE-2023-21954 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
High |
None |
None |
None |
Note 1 |
CVE-2023-21986 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image |
None |
No |
5.7 |
Local |
Low |
None |
None |
Changed |
None |
Low |
Low |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for April 2023
23.02.2.0
Release date: April 10, 2023
This release is based on Azul Platform Prime 23.02.1.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b2 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
19 |
19.0.2+7-MTS |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-26650 |
Fix corruption of entries in a lock-free list of thread stacks that may be seen with workloads/applications that have a high turnover of threads. |
ZVM-26781 |
Unsafe.getObject() use through Method.invoke() difference in behavior in Prime |
ZVM-26648 |
Missing tag update in HeapRefBufferList::grab() |
23.02.1.0
Release date: March 27, 2023
This release is based on Azul Platform Prime 23.02.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b2 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
19 |
19.0.2+7-MTS |
What’s New
-
Stable release of Azul Platform Prime Builds of OpenJDK, versions 13, 15 and 19, are reaching end of life. Starting from 23.02.100.0, stable releases will only include JDK 8, 11 and 17. Starting from 23.04.0.0, stream releases will include only JDK 8, 11 and 17.
-
The Command Line Option
GPGCUseAllocationPacing
has been disabled by default. -
The Command Line Option
CNCForceLocalCompiler
has been deprecated and replaced with the new optionCNCEnableRemoteCompiler
.
22.08.400.0
Release date: February 21, 2023
This PSU release is based on Azul Platform Prime 22.08.301.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_362-b2 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
Note
|
Version 1 of the GC Log Analyzer has reached its end-of-life and has been replaced with Version 2 of the GC Log Analyzer. GC Log Analyzer 2 is included in Azul Zulu Prime packages and can be found at <installdir>/etc/GCLogAnalyzer2.jar . The latest version of GC Log Analyzer 2 is also available for download at https://docs.azul.com/prime/GC-Log-Analyzer.
|
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
|
|
JSSE |
DTLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
|
|
Sound |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
|
|
CVE-2022-43548 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
None |
|
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for January 2023
22.08.301.0
Release date: February 2, 2023
This release is based on Azul Platform Prime 22.08.300.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_361-b1 |
11 |
11.0.17.0.101+3-LTS |
13 |
13.0.13.0.101+2-MTS |
15 |
15.0.9.0.101+2-MTS |
17 |
17.0.5.0.101+4-LTS |
22.08.300.0
Release date: January 17, 2023
This CPU release is based on Azul Platform Prime 22.08.201.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_361-b2 |
11 |
11.0.17.0.101+3-LTS |
13 |
13.0.13.0.101+2-MTS |
15 |
15.0.9.0.101+2-MTS |
17 |
17.0.5.0.101+4-LTS |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
|
|
JSSE |
DTLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
|
|
Sound |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
|
|
CVE-2022-43548 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
None |
|
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for January 2023
22.08.201.0
Release date: January 9, 2023
This release is based on Azul Platform Prime 22.08.200.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
1.8.0_352-b01 |
11 |
11.0.17+8 |
13 |
13.0.13+5 |
15 |
15.0.9+5 |
17 |
17.0.5+8 |
What’s New
-
Internal bug fixes.
-
Backport issue ZULU-39745 - Support custom security providers in Azul Zulu Prime builds of JDK17.
The Java launcher can be updated to easily configure and enable custom security providers:
-
Add a new java launcher option:
--custom-providers=<custom_provider_name>(,<custom_provider_name>)
-
Azul Zulu Prime JDK will read custom provider configuration from the file located in the
$JAVA_HOME/conf/<custom_provider_name>.properties
Example of the configuration file:
# Add name custom provider jar --module-path=<custom_provider_jar> # The following properties are required to access JDK internal classes from the custom provider --add-exports=java.base/<package>=<custom_provider_module_name> --add-opens=java.base/<package>=<custom_provider_module_name> # The following option allows to access classes from non-modular 3rd party libraries --add-reads=<custom_provider_module_name>=ALL-UNNAMED # The following option reads custom security properties -Djava.security.properties=<security_property_file>Azul Zulu Prime JDK will read
<custom_provider_jar>
and<security_property_file>
from the$JAVA_HOME/conf/<custom_provider_name>
directory.
-
22.08.200.0
Release date: November 15, 2022
This release is based on Azul Platform Prime 22.08.101.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u352 |
11 |
11.0.17 |
13 |
13.0.13 |
15 |
15.0.9 |
17 |
17.0.5 |
What’s New
-
Internal bug fixes.
-
October 2022 PSU release security fixes
-
Important information regarding Java in containers (Docker, Kubernetes, and related) about automatic thread pool size calculation and number of CPUs available to the application:
While in the general October 2022 release of Java 11 and 17, the default calculation of available CPU cores has changed in container environments following JDK-8281181, this change wasn’t made in the Azul Platform Prime stable release 22.08.200.0 to allow seamless transition from previous stable versions.
That means, Azul Platform Prime 22.08 differs in this aspect from current OpenJDK. In practical use, this difference will only affect those situations where a new migration from OpenJDK to Prime 22.08 is started. If you notice your application performance being affected during such a transition from OpenJDK to Prime 22.08 add
-XX:-UseContainerCpuShares
to the Java command line to switch Azul Platform Prime to the same new calculation method as OpenJDK.To check your environment in general about this change, independent of whether it is running on OpenJDK or Azul Platform Prime, run the following command inside your container to display the actual result of the available CPU number calculation:
Save the following code to file AvailableCPUs.java:
public class AvailableCPUs { public static void main(String[] args) { System.out.println("CPUs: " + Runtime.getRuntime().availableProcessors()); } }Run it:
java -showversion AvailableCPUs.java
Resolved Issues
Issue ID | Description |
---|---|
ZVM-25457 |
Backport issue JDK-8208172 which allows for NULL messages in class resolution errors. |
22.08.101.0
Release date: October 27, 2022
This release is based on Azul Platform Prime 22.08.100.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u352b01 |
11 |
11.0.16.1.101+3 |
13 |
13.0.12.0.101+2 |
15 |
15.0.8.0.101+2 |
17 |
17.0.4.1.101+2 |
22.08.100.0
Release date: October 18, 2022
This CPU release is based on Azul Platform Prime 22.08.1.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u351b01 |
11 |
11.0.16.1.101+3 |
13 |
13.0.12.0.101+2 |
15 |
15.0.8.0.101+2 |
17 |
17.0.4.1.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JGSS |
Kerberos |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11 |
Note 2 |
|
Security |
HTTPS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8 |
Note 2 |
|
Lightweight HTTP Server |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7 |
Note 1 |
|
Security |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
JNDI |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
Networking |
HTTP |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11 |
Note 1 |
|
CVE-2022-32215 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
9.1 |
Network |
Low |
None |
None |
Unchanged |
High |
High |
None |
None |
|
CVE-2022-21634 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: LLVM Interpreter |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2022-21597 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: JavaScript |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
22.08.1.0
Release date: September 30, 2022
This release is based on Azul Platform Prime 22.08.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16.1+1 |
13 |
13.0.12+4 |
15 |
15.0.8+4 |
17 |
17.0.4.1+1 |
22.02.501.0
Release date: November 7, 2022
This release is based on Azul Platform Prime 22.02.500.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u351b01 |
11 |
11.0.16.1.101+3 |
13 |
13.0.12.0.101+2 |
17 |
15.0.8.0.101+2 |
17 |
17.0.4.1.101+2 |
22.02.500.0
Release date: October 18, 2022
This CPU release is based on Azul Platform Prime 22.02.401.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u351b01 |
11 |
11.0.16.1.101+3 |
13 |
13.0.12.0.101+2 |
17 |
15.0.8.0.101+2 |
17 |
17.0.4.1.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JGSS |
Kerberos |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11 |
Note 2 |
|
Security |
HTTPS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8 |
Note 2 |
|
Lightweight HTTP Server |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7 |
Note 1 |
|
Security |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
JNDI |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
Networking |
HTTP |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11 |
Note 1 |
|
CVE-2022-32215 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
9.1 |
Network |
Low |
None |
None |
Unchanged |
High |
High |
None |
None |
|
CVE-2022-21634 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: LLVM Interpreter |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2022-21597 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: JavaScript |
HTTP |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
22.02.401.0
Release date: September 30, 2022
This release is based on Azul Platform Prime 22.02.400.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16.1+1 |
13 |
13.0.12+4 |
15 |
15.0.8+4 |
17 |
17.0.4.1+1 |
22.02.400.0
Release date: August 17, 2022
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u345 |
11 |
11.0.16.1+1 |
13 |
13.0.12+4 |
15 |
15.0.8+4 |
17 |
17.0.4.1+1 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-24486 |
Ported issue JDK-8290832 - It was no longer possible to change |
ZVM-24429 |
Using |
ZVM-23590 |
Fixed corruption of Falcon-compiled code in code cache. |
ZVM-24455 |
|
22.02.300.0
Release date: July 19, 2022
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u341 |
11 |
11.0.15.0.101+3 |
13 |
13.0.11.0.101+2 |
15 |
15.0.7.0.101+2 |
17 |
17.0.3.0.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JAXP (Xalan-J) |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17 |
Note 1 |
|
CVE-2022-25647 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image (Gson) |
None |
No |
6.2 |
Local |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and relies on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
22.02.202.0
Release date: July 12, 2022
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15.+10 |
13 |
3.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
What’s New
-
Internal bug fixes.
-
ZVM-24010 - Optimized layout of GC internal data structure, improving native memory consumption by the garbage collector(GC).
-
ZVM-22820 - Put size limit on heap ref buffers during card mark scanning.
22.02.201.0
Release date: June 13, 2022
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15.+10 |
13 |
3.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
22.02.200.0
Release date: May 4, 2022
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
8 |
8u332 |
11 |
11.0.15.+10 |
13 |
3.0.11+4 |
15 |
15.0.7+4 |
17 |
17.0.3+7 |
22.02.100.0
Release date: April 19, 2022
This CPU release is based on Azul Platform Prime 22.02.3.0 and corresponds the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u341 |
8 |
8u331 |
11 |
11.0.14.1.101+3 |
13 |
13.0.10.0.101+2 |
15 |
15.0.6.0.101+2 |
17 |
17.0.2.0.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ZIP |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
17, 15, 13, 11, 8, 7, 6 |
|
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
18, 17, 15 |
Note 1 |
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
High |
None |
None |
18, 17, 15, 13, 11, 8, 7 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
JNDI |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
CVE-2022-0778 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (OpenSSL) |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
22.02.3.0
Release date: April 12, 2022
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
22.02.2.0
Release date: April 4, 2022
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
22.02.1.0
Release date: March 28, 2022
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+9 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
17 |
17.0.2+8 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21804 |
In container systems with an elastic CPU definition (CPU min and max both set or cgroups |
21.08.502.0
Release date: July 4, 2022
This release is based on Azul Platform Prime 21.08.500.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u341 |
8 |
8u331 |
11 |
11.0.14.1.101+3 |
13 |
13.0.10.0.101+2 |
15 |
15.0.6.0.101+2 |
21.08.501.0
Release date: July 4, 2022
This release is based on Azul Platform Prime 21.08.500.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u341 |
8 |
8u331 |
11 |
11.0.14.1.101+3 |
13 |
13.0.10.0.101+2 |
15 |
15.0.6.0.101+2 |
21.08.500.0
Release date: April 19, 2022
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u341 |
8 |
8u331 |
11 |
11.0.14.1.101+3 |
13 |
13.0.10.0.101+2 |
15 |
15.0.6.0.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ZIP |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
17, 15, 13, 11, 8, 7, 6 |
|
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
18, 17, 15 |
Note 1 |
|
Libraries |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
High |
None |
None |
18, 17, 15, 13, 11, 8, 7 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
JNDI |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
18, 17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
CVE-2022-0778 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (OpenSSL) |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
21.08.402.0
Release date: April 5, 2022
This release is based on Azul Platform Prime 21.08.400.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+1 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-23164 |
Constant pool indexes related to the EnclosingMethod class file attribute were not handled correctly at JVMTI redefinition operation. This could in rare cases result in a crash on an attempt to use certain java.lang.Class helpers such as 'getSimpleName' or 'getEnclosingMethod' against the redefined class due to the invalid access to the constant pool using stale indexes. |
ZVM-23089 |
Two additional openjdk 8 symlinks, |
21.08.401.0
Release date: March 7, 2022
This release is based on Azul Platform Prime 21.08.400.0.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+1 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
21.08.400.0
Release date: February 18, 2022
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u332 |
8 |
8u322 |
11 |
11.0.14.1+1 |
13 |
13.0.10+5 |
15 |
15.0.6+5 |
21.08.301.0
Release date: January 18, 2022
This release is based on Azul Platform Prime 21.08.300.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u331 |
8 |
8u321 |
11 |
11.0.13.0.101+2 |
13 |
13.0.9.0.101+1 |
15 |
15.0.5.0.101+2 |
21.08.300.0
Release date: January 18, 2022
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u331 |
8 |
8u321 |
11 |
11.0.13.0.101+2 |
13 |
13.0.9.0.101+1 |
15 |
15.0.5.0.101+2 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8, 7 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8, 7 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
2D |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
8, 7 |
Note 1 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
Note 1 |
|
Serialization |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
CVE-2021-22959 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTP |
Yes |
6.5 |
Network |
Low |
None |
None |
Unchanged |
Low |
Low |
None |
None |
|
CVE-2022-21271 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
None |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java applications, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
21.08.202.0
Release date: January 4, 2022
This release is based on Azul Platform Prime 21.08.200.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13+8 |
13 |
13.0.9+3 |
15 |
15.0.5+3 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-21048 |
When |
ZVM-22049 |
OldGC is not triggered often enough during idle time when NewGCs are occurring. |
21.08.201.0
Release date: December 27, 2021
This release is based on Azul Platform Prime 21.08.200.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13+8 |
13 |
13.0.9+3 |
15 |
15.0.5+3 |
21.08.200.0
Release date: November 15, 2021
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u322 |
8 |
8u312 |
11 |
11.0.13+8 |
13 |
13.0.9+3 |
15 |
15.0.5+3 |
21.08.100.0
Release date: October 19, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u321 |
8 |
8u311 |
11 |
11.0.12.0.101+2 |
13 |
13.0.8.0.101+1 |
15 |
15.0.4.101+1 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JavaFX (libxml) |
Multiple |
Yes |
8.6 |
Network |
Low |
None |
None |
Unchanged |
Low |
Low |
High |
17, 15, 13, 11, 8 |
Note 1 |
|
Libraries |
Kerberos |
No |
6.8 |
Network |
Low |
Low |
Required |
Changed |
High |
None |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
JSSE |
TLS |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
High |
None |
None |
11, 8, 7, 6 |
Note 2 |
|
JavaFX (GStreamer) |
None |
No |
5.5 |
Local |
Low |
None |
Required |
Unchanged |
None |
None |
High |
17, 15, 13, 11, 8 |
Note 1 |
|
Swing |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Swing |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Utility |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Keytool |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
JSSE |
TLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8, 7, 6 |
Note 3 |
|
JSSE |
TLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8 |
Note 3 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
JSSE |
TLS |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Hotspot |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
None |
Low |
8, 7, 6 |
Note 2 |
|
CVE-2021-27290 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2021-35560 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Deployment |
Multiple |
Yes |
7.5 |
Network |
High |
None |
Required |
Unchanged |
High |
High |
High |
None |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
3 |
This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted applications, such as through a web service. |
21.08.1.0
Release date: October 5, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
Resolved Issues
Issue ID | Description |
---|---|
High CPU utilization exists in HeapCommit thread in some specific scenarios. |
|
High pause time during OldGC due to unloading of a long chain of subclasses. |
|
Abort the VM if GC safepoint operation time exceeds a configurable threshold. |
|
Installation packages are now signed. |
21.02.500.0
Release date: October 19, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u321 |
8 |
8u311 |
11 |
11.0.12.0.101+2 |
13 |
13.0.8.0.101+1 |
15 |
15.0.4.101+1 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JavaFX (libxml) |
Multiple |
Yes |
8.6 |
Network |
Low |
None |
None |
Unchanged |
Low |
Low |
High |
17, 15, 13, 11, 8 |
Note 1 |
|
Libraries |
Kerberos |
No |
6.8 |
Network |
Low |
Low |
Required |
Changed |
High |
None |
None |
17, 15, 13, 11, 8 |
Note 2 |
|
JSSE |
TLS |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
High |
None |
None |
11, 8, 7, 6 |
Note 2 |
|
JavaFX (GStreamer) |
None |
No |
5.5 |
Local |
Low |
None |
Required |
Unchanged |
None |
None |
High |
17, 15, 13, 11, 8 |
Note 1 |
|
Swing |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Swing |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Utility |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Keytool |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
JSSE |
TLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8, 7, 6 |
Note 3 |
|
JSSE |
TLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8 |
Note 3 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
JSSE |
TLS |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
Hotspot |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
None |
Low |
8, 7, 6 |
Note 2 |
|
CVE-2021-27290 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2021-35560 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Deployment |
Multiple |
Yes |
7.5 |
Network |
High |
None |
Required |
Unchanged |
High |
High |
High |
None |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |
3 |
This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted applications, such as through a web service. |
21.02.401.0
Release date: September 24, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
21.02.400.0
Release date: August 18, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u312 |
8 |
8u302 |
11 |
11.0.12+7 |
13 |
13.0.8+5 |
15 |
15.0.4+5 |
21.02.300.0
Release date: July 20, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u311 |
8 |
8u301 |
11 |
11.0.11.0.101+2 |
13 |
13.0.7.0.101+1 |
15 |
15.0.3.0.101+1 |
21.02.201.0
Release date: July 5, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
21.02.200.0
Release date: May 21, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u302 |
8 |
8u292 |
11 |
11.0.11+9 |
13 |
13.0.7+5 |
15 |
15.0.3+3 |
21.02.100.0
Release date: April 20, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u301 |
8 |
8u291 |
11 |
11.0.10.0.101+1 |
13 |
13.0.6.0.101+2 |
15 |
15.0.2.0.101+2 |
21.02.2.0
Release date: April 9, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
13 |
13.0.6+5 |
15 |
15.0.2+7 |
21.02.1.0
Release date: March 17, 2021
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
13 |
13.0.6+5 |
15 |
15.0.2+7 |
What’s New
-
Improved compatibility between the MXBean memory pool names and names expected by in-memory data management systems (e.g., Pivotal GemFire 8.2).
See
GPGCReportJavaHeapPoolMXBean
,GPGCHeapJavaPoolMXBeanName
,GPGCNewGenPoolMXBeanName
,GPGCOldGenPoolMXBeanName
,GPGCPermGenPoolMXBeanName
in Using Azul Zulu Prime JVM Command-Line Options for details. -
New Java Flight Recorder feature that allows to asynchronously subscribe to select JFR events and avoid overhead associated with creating a recording in Azul Zulu Prime JVM JDK 15.
See JEP 349: JFR Event Streaming for details.
-
Experimental ReadyNow mode that enables the pre-initialization of a greater number of bootstrap classes.
20.08.501.0
Release date: May 21, 2021
This release is based on Azul Platform Prime 20.08.500.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u301 |
8 |
8u291 |
11 |
11.0.10.0.101+1 |
Resolved Issues
Issue ID | Description |
---|---|
ZVM-19857 |
Setting the JVM options |
20.08.500.0
Release date: April 20, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u301 |
8 |
8u291 |
11 |
11.0.10.0.101+1 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
16, 15, 13, 11, 8, 7, 6 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
High |
None |
Required |
Unchanged |
None |
High |
None |
16, 15, 13, 11, 8, 7, 6 |
Note 2 |
|
CVE-2021-23841 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (OpenSSL) |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
CVE-2021-3450 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
None |
|
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
20.08.400.0
Release date: February 22, 2021
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u292 |
8 |
8u282 |
11 |
11.0.10+9 |
20.08.300.0
Release date: January 19, 2021
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u291 |
8 |
8u281 |
11 |
11.0.9.1.101+5 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7, 6 |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
20.08.202.0
Release date: January 8, 2021
This release is based on Azul Platform Prime 20.08.201.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u285 |
8 |
8u275 |
11 |
11.0.9.1+1 |
20.08.201.0
Release date: December 20, 2020
This release is based on Azul Platform Prime 20.08.200.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u285 |
8 |
8u275 |
11 |
11.0.9.1+1 |
20.08.200.0
Release date: November 20, 2020
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u285 |
8 |
8u275 |
11 |
11.0.9.1+1 |
20.08.101.0
Release date: November 3, 2020
This release is based on Azul Platform Prime 20.08.100.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u281 |
8 |
8u271 |
11 |
11.0.8.0.101+5 |
20.08.100.0
Release date: October 20, 2020
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u281 |
8 |
8u271 |
11 |
11.0.8.0.101+5 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7, 6 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
4.2 |
Network |
High |
None |
Required |
Unchanged |
Low |
Low |
None |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
Serialization |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
JNDI |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
20.08.2.0
Release date: October 8, 2020
This release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
What’s New
-
SHA1withDSAinP1363Format
,NONEwithDSAinP1363Format
,SHA224withDSAinP1363Format
, andSHA256withDSAinP1363Format
are removed from signature algorithms enabled by default in Azul Zulu Prime JVM 20.08.1.0. The algorithms are not supported in other JDK 8 virtual machines.
20.08.1.0
Release date: September 14, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u262 |
11 |
11.0.8+10 |
20.02.501.0
Release date: December 1, 2020
This release is based on Azul Platform Prime 20.02.500.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u281 |
8 |
8u271 |
11 |
11.0.8.0.101+5 |
20.02.500.0
Release date: October 20, 2020
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u281 |
8 |
8u271 |
11 |
11.0.8.0.101+5 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7, 6 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
4.2 |
Network |
High |
None |
Required |
Unchanged |
Low |
Low |
None |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
Serialization |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
JNDI |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7, 6 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
Low |
None |
None |
15, 13, 11, 8, 7 |
Note 1 |
|
Libraries |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
15, 13, 11, 8, 7 |
Note 1 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
20.02.402.0
Release date: October 5, 2020
This release is based on Azul Platform Prime 20.02.401.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
20.02.401.0
Release date: September 21, 2020
This release is based on Azul Platform Prime 20.02.400.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
20.02.400.0
Release date: August 14, 2020
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u272 |
8 |
8u265 |
11 |
11.0.8+10 |
What’s New
-
July PSU 2020.
-
Transport Layer Security Protocol Version 1.3 in Zing 8
Zing 8 supports TLS 1.3 by default and follows the application programming interface (API) changes introduced by Maintenance Release 3 to the Java SE 8 specification.
See Using Version 1.3 of Transport Layer Security (TLS) Protocol for more information.
20.02.300.0
Release date: July 14, 2020
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u271 |
8 |
8u262 |
11 |
11.0.7.0.101+5 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
8.3 |
Network |
High |
None |
Required |
Changed |
High |
High |
High |
14, 13, 11, 8, 7, 6 |
Note 1 |
|
JavaFX |
Multiple |
Yes |
8.3 |
Network |
High |
None |
Required |
Changed |
High |
High |
High |
14, 13, 11, 8 |
Note 1 |
|
2D |
Multiple |
Yes |
7.4 |
Network |
Low |
None |
Required |
Changed |
None |
High |
None |
14, 13, 11, 8, 7, 6 |
Note 1 |
|
ImageIO |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11 |
Note 1 |
|
JAXP |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
14, 13, 11, 8, 7, 6 |
Note 2 |
|
Libraries |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
14, 13, 11, 8 |
Note 3 |
|
JSSE |
TLS |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
8, 7, 6 |
Note 3 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
8, 7, 6 |
Note 3 |
|
2D |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
14, 13, 11 |
Note 3 |
|
CVE-2020-14573 This CVE is not applicable to Azul Prime Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
None |
Note 3 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can only be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
3 |
This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
20.02.201.0
Release date: June 8, 2020
This release is based on Azul Platform Prime 20.02.200.0 and corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u262 |
8 |
8u252 |
11 |
11.0.7+10 |
20.02.200.0
Release date: May 13, 2020
This PSU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u262 |
8 |
8u252 |
11 |
11.0.7+10 |
20.02.101.0
Release date: April 28, 2020
This release corresponds to the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u261 |
8 |
8u251 |
11 |
11.0.6.0.101+11 |
20.02.100.0
Release date: April 14, 2020
This CPU release is based on the following OpenJDK versions:
Major Version | OpenJDK Version |
---|---|
7 |
7u261 |
8 |
8u251 |
11 |
11.0.6.0.101+11 |
CVE fixes
CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Libraries |
Multiple |
Yes |
8.3 |
Network |
High |
None |
Required |
Changed |
High |
High |
High |
14, 13, 11, 8, 7 |
Note 1 |
|
Libraries |
Multiple |
Yes |
8.3 |
Network |
High |
None |
Required |
Changed |
High |
High |
High |
14, 13, 11, 8, 7 |
Note 1 |
|
JavaFX(libxslt) |
Multiple |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
13, 11, 8 |
Note 1 |
|
JSSE |
HTTPS |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
14, 13, 11, 8 |
Note 2 |
|
JSSE |
HTTPS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
Concurrency |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
JSSE |
HTTPS |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
14, 13, 11, 8 |
Note 3 |
|
Lightweight HTTP Server |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
14, 13, 11, 8, 7, 6 |
Note 2 |
|
Scripting |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8 |
Note 3 |
|
Scripting |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8 |
Note 3 |
|
Serialization |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
Serialization |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
Security |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
14, 13, 11, 8, 7, 6 |
Note 3 |
|
JSSE |
HTTPS |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
14, 13, 11, 8 |
Note 3 |
Notes:
ID | Notes |
---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can only be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |
3 |
This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service. |