23.01.0.0
23.01.0.0
Release date: January 31, 2023
This PSU release is based on Azul Prime 22.12.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_362-b3 |
11 |
11.0.18+10-LTS |
13 |
13.0.14+5-MTS |
15 |
15.0.10+5-MTS |
17 |
17.0.6+10-LTS |
|
Note
|
Version 1 of the GC Log Analyzer has reached its end-of-life and has been replaced with Version 2 of the GC Log Analyzer. GC Log Analyzer 2 is included in Zing packages and can be found at <installdir>/etc/GCLogAnalyzer2.jar. The latest version of GC Log Analyzer is also available for download at https://docs.azul.com/prime/gcla/about-gcla.
|
What’s New
-
January 2023 CPU and PSU release security fixes.
-
Cloud Native Compiler (CNC) 1.6 client support.
-
You can now read and write ReadyNow profile logs to Cloud Native Compiler. This simplifies getting ReadyNow profile logs in and out of containers and other environments without persistent storage.
-
Compile stashing has been disabled by default, even when using ReadyNow.
Existing ReadyNow users that want to maintain the same compile stashing behavior as in earlier releases should ensure the
-XX:+FalconUseCompileStashingflag is set.Users who wish to use compile stashing with the new Profile Log Service must ensure both
+FalconUseCompileStashingand+CNCEnableRemoteCompilerflags are set. -
FalconContextReset is now set using ergonomics heuristic based on the number of Falcon compiler threads, unless specified explicitly. Falcon compiler threads reset the internal caches after every
FalconContextResetnumber of compilations. This is a tradeoff between compilation speed and memory consumption. The more often the caches are reset, the less memory is consumed but more time is spent rebuilding the caches.Currently, the value of
FalconContextResetis chosen asFalconContextResetFactor=<number of Falcon threads>nested betweenFalconContextResetLowerLimitandFalconContextResetUpperLimit.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
|
|
JSSE |
DTLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
|
|
Sound |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
|
|
CVE-2022-43548 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
None |
|
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for January 2023