Visit Azul.com Support

20.02.300.0

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

20.02.300.0

Release Notes PDF

Release date: July 14, 2020

This CPU release is based on the following OpenJDK versions:

Major Version OpenJDK Version

7

7u271

8

8u262

11

11.0.7.0.101+5

What’s New

  • July 2020 CPU security updates.

CVE fixes

CVE # Component Protocol Remote Exploit w/o Auth. Base Score Attack Vector Attack Complex Privileges Req’d User Interact Scope Confiden-tiality Integrity Availability Versions Affected Notes

CVE-2020-14583

Libraries

Multiple

Yes

8.3

Network

High

None

Required

Changed

High

High

High

14, 13, 11, 8, 7, 6

Note 1

CVE-2020-14664

JavaFX

Multiple

Yes

8.3

Network

High

None

Required

Changed

High

High

High

14, 13, 11, 8

Note 1

CVE-2020-14593

2D

Multiple

Yes

7.4

Network

Low

None

Required

Changed

None

High

None

14, 13, 11, 8, 7, 6

Note 1

CVE-2020-14562

ImageIO

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

14, 13, 11

Note 1

CVE-2020-14621

JAXP

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

Low

None

14, 13, 11, 8, 7, 6

Note 2

CVE-2020-14556

Libraries

Multiple

Yes

4.8

Network

High

None

None

Unchanged

Low

Low

None

14, 13, 11, 8

Note 3

CVE-2020-14577

JSSE

TLS

Yes

3.7

Network

High

None

None

Unchanged

Low

None

None

14, 13, 11, 8, 7, 6

Note 3

CVE-2020-14578

Libraries

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

8, 7, 6

Note 3

CVE-2020-14579

Libraries

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

None

Low

8, 7, 6

Note 3

CVE-2020-14581

2D

Multiple

Yes

3.7

Network

High

None

None

Unchanged

Low

None

None

14, 13, 11

Note 3

CVE-2020-14573 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Hotspot

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

Low

None

None

Note 3

Notes:

ID Notes

1

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

2

This vulnerability can only be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

3

This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

Resolved Issues

There are no resolved issues to report in this release.

Known Issues

There are no new issues to report in this release.