20.08.500.0

Need help?

Schedule a consultation with an Azul performance expert.

20.08.500.0

Release date: April 20, 2021

This CPU release is based on the following OpenJDK versions:

Major Version	OpenJDK Version
7	7u301
8	8u291
11	11.0.10.0.101+1

What’s New

April 2021 CPU update.

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2021-2161	Libraries	Multiple	Yes	5.9	Network	High	None	None	Unchanged	None	High	None	16, 15, 13, 11, 8, 7, 6	Note 1
CVE-2021-2163	Libraries	Multiple	Yes	5.3	Network	High	None	Required	Unchanged	None	High	None	16, 15, 13, 11, 8, 7, 6	Note 2
CVE-2021-23841 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM Enterprise Edition: Node (OpenSSL)	HTTPS	Yes	7.5	Network	Low	None	None	Unchanged	None	None	High	None
CVE-2021-3450 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM Enterprise Edition: Node (Node.js)	HTTPS	Yes	7.4	Network	High	None	None	Unchanged	High	High	None	None

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2021-2161

Libraries

Multiple

Yes

5.9

Network

High

None

Unchanged

None

High

None

16, 15, 13, 11, 8, 7, 6

Note 1

CVE-2021-2163

Libraries

Multiple

Yes

5.3

Network

High

None

Required

Unchanged

None

High

None

16, 15, 13, 11, 8, 7, 6

Note 2

CVE-2021-23841 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Node (OpenSSL)

HTTPS

Yes

7.5

Network

Low

None

Unchanged

None

High

None

CVE-2021-3450 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Node (Node.js)

HTTPS

Yes

7.4

Network

High

None

Unchanged

High

None

Notes:

ID	Notes
1	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component.
2	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Notes

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component.

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Resolved Issues

There are no resolved issues to report in this release.

Known Issues

There are no new issues to report in this release.