Visit Azul.com Support

20.02.100.0

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

20.02.100.0

Release Notes PDF

Release date: April 14, 2020

This CPU release is based on the following OpenJDK versions:

Major Version OpenJDK Version

7

7u261

8

8u251

11

11.0.6.0.101+11

What’s New

  • April 2020 CPU security update.

CVE fixes

CVE # Component Protocol Remote Exploit w/o Auth. Base Score Attack Vector Attack Complex Privileges Req’d User Interact Scope Confiden-tiality Integrity Availability Versions Affected Notes

CVE-2020-2803

Libraries

Multiple

Yes

8.3

Network

High

None

Required

Changed

High

High

High

14, 13, 11, 8, 7

Note 1

CVE-2020-2805

Libraries

Multiple

Yes

8.3

Network

High

None

Required

Changed

High

High

High

14, 13, 11, 8, 7

Note 1

CVE-2019-18197

JavaFX(libxslt)

Multiple

Yes

8.1

Network

High

None

None

Unchanged

High

High

High

13, 11, 8

Note 1

CVE-2020-2816

JSSE

HTTPS

Yes

7.5

Network

Low

None

None

Unchanged

None

High

None

14, 13, 11, 8

Note 2

CVE-2020-2781

JSSE

HTTPS

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-2830

Concurrency

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-2767

JSSE

HTTPS

Yes

4.8

Network

High

None

None

Unchanged

Low

Low

None

14, 13, 11, 8

Note 3

CVE-2020-2800

Lightweight HTTP Server

Multiple

Yes

4.8

Network

High

None

None

Unchanged

Low

Low

None

14, 13, 11, 8, 7, 6

Note 2

CVE-2020-2754

Scripting

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

14, 13, 11, 8

Note 3

CVE-2020-2755

Scripting

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

14, 13, 11, 8

Note 3

CVE-2020-2756

Serialization

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-2757

Serialization

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-2773

Security

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-2778

JSSE

HTTPS

Yes

3.7

Network

High

None

None

Unchanged

Low

None

None

14, 13, 11, 8

Note 3

Notes:

ID Notes

1

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

2

This vulnerability can only be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

3

This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

Resolved Issues

There are no resolved issues to report in this release.

Known Issues

There are no new issues to report in this release.