Potential regression in compilation behaviors and times from 23.02.400 to 23.08.01
23.10.0.0
23.10.0.0
Release date: November 2, 2023
This PSU release is based on Azul Prime 23.09.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_392-b3 |
11 |
11.0.21+8-LTS |
17 |
17.0.9+8-LTS |
21 |
21.0.1+11-MTS |
What’s New
-
Zing 23.10.0.0 contains the General Availability (GA) release of Azul Prime Builds of OpenJDK 21.
-
October 2023 CPU and PSU release security fixes, including CPU and PSU fixes for Azul Prime Builds of OpenJDK 21.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CORBA |
CORBA |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
Note 1 |
|
JSSE |
HTTPS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
21, 17, 11, 8 |
Note 2 |
|
CVE-2023-30589 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK: Node (Node.js) |
HTTP |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
None |
|
CVE-2023-22091 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK: Compiler |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
None |
|
CVE-2023-22025 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
None |
Note 3 |
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability can only be exploited by supplying data to APIs in the specified Component, e.g., through a web service. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
3 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for October 2023