[JTReg] jdk/test/jdk/jdk/jfr/startupargs/TestStartDuration.java crashes with 'C (nil)'
24.04.0.0
24.04.0.0
Release date: April 30, 2024
This CPU release is based on the Azul Zing Build of OpenJDK (Zing) 24.03.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_411-b3 |
11 |
11.0.22.0.101+2-LTS |
17 |
17.0.10.0.101+3-LTS |
21 |
21.0.2.0.101+2-LTS |
What’s New
-
Zing 24.04.0.0 implements a new command line option,
MallocArenaMax, which is used to define the maximum amount of memory pools available for glibc. The default value is0. -
The command line option
UseDefensiveHeapShrinkingis now disabled by default in cgroups where memory limiting is set. You can disable this option manually by using-XX:-UseDefensiveHeapShrinking. For more information about defensive heap shrinking, see Command Line Options, Defensive Heap Shrinking. -
Zing 24.04.0.0 implements a more efficient way to encode deopt bundles, improving system performance.
-
Prime JIT compilation logs (LogCompilation) are now fully supported for JITWatch for Zing.
-
April 2024 CPU and PSU release security fixes.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
21, 17, 11, 8 |
Note 2 |
|
Networking |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
21, 17, 11 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
21, 17, 11, 8 |
Note 2 |
|
Concurrency |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
11, 8 |
Note 2 |
|
CVE-2023-41993 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX (WebKitGTK) |
Multiple |
Yes |
7.5 |
Network |
High |
None |
Required |
Unchanged |
High |
High |
High |
None |
Note 1 |
CVE-2024-21892 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK |
None |
No |
7.5 |
Local |
High |
Low |
None |
Changed |
High |
High |
None |
None |
|
CVE-2024-20954 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
CVE-2024-21094 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
None |
|
CVE-2024-21098 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
None |
|
CVE-2024-21003 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
None |
|
CVE-2024-21005 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
None |
|
CVE-2024-21002 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
None |
No |
2.5 |
Local |
High |
None |
Required |
Unchanged |
None |
Low |
None |
None |
|
CVE-2024-21004 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
None |
No |
2.5 |
Local |
High |
None |
Required |
Unchanged |
None |
Low |
None |
None |
|
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for April 2024