Visit Azul.com Support

21.08.300.0

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

21.08.300.0

Release Notes PDF

Release date: January 18, 2022

This CPU release is based on the following OpenJDK versions:

Major Version OpenJDK Version

7

7u331

8

8u321

11

11.0.13.0.101+2

13

13.0.9.0.101+1

15

15.0.5.0.101+2

What’s New

  • Common Vulnerabilities and Exposure (CVE) fixes for January 2022 OpenJDK.

CVE fixes

CVE # Component Protocol Remote Exploit w/o Auth. Base Score Attack Vector Attack Complex Privileges Req’d User Interact Scope Confiden-tiality Integrity Availability Versions Affected Notes

CVE-2022-21277

ImageIO

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11

Note 1

CVE-2022-21282

JAXP

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

Low

None

None

17, 15, 13, 11, 8, 7

Note 1

CVE-2022-21283

Libraries

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21291

Hotspot

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

Low

None

17, 15, 13, 11

Note 1

CVE-2022-21293

Libraries

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21294

Libraries

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21296

JAXP

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

Low

None

None

17, 15, 13, 11, 8, 7

Note 1

CVE-2022-21299

JAXP

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21305

Hotspot

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

Low

None

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21340

Libraries

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21341

Serialization

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21349

2D

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

8, 7

Note 1

CVE-2022-21360

ImageIO

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21365

ImageIO

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21366

ImageIO

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11

Note 1

CVE-2022-21248

Serialization

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

Low

None

17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2021-22959 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Node (Node.js)

HTTP

Yes

6.5

Network

Low

None

None

Unchanged

Low

Low

None

None

CVE-2022-21271 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Libraries

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

None

Note 1

Notes:

ID Notes

1

This vulnerability applies to Java deployments, typically in clients running sandboxed Java applications, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Resolved Issues

There are no resolved issues associated with this release.

Known Issues

There are no new issues to report in this release.