Don’t query cgroup_subsytem_path() unless Cgroup support exists
24.07.0.0
24.07.0.0
Release date: July 31, 2024
This CPU release is based on the Azul Zing Build of OpenJDK (Zing) 24.06.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_421-b3 |
11 |
11.0.23.0.101+2-LTS |
17 |
17.0.11.0.101+3-LTS |
21 |
21.0.3.0.101+4-LTS |
What’s New
-
Zing 24.07.0.0 implements an intrinsification of the method java.lang.reflect.Array.get, leading to a significant performance improvement in some cases.
-
The logic around InlineTree has been greatly improved. This change allows the decisions reached by inlining to be reconstructed on request, instead of running through the tree with each query which sometimes leads to bloated recursive inlinings.
-
The MXBean PersistentProfileMXBean has been extended with
getReadyNowTier1CompilesRate()andgetReadyNowTier2CompilesRate(). These methods allow you to see what percentage of compiles are happening in ReadyNow, when compared to all compiles including non-ReadyNow. -
July 2024 CPU release security fixes.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2D |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
21, 17, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
21, 17, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
21, 17, 11, 8 |
Note 1 |
|
Concurrency |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
11, 8 |
Note 2 |
|
CVE-2024-27983 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM for JDK |
HTTP/2 |
Yes |
8.2 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
High |
None |
|
CVE-2024-21147 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
7.4 |
Network |
High |
None |
None |
Unchanged |
High |
High |
None |
None |
Note 1 |
CVE-2024-21140 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
None |
Note 1 |
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
2 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2024
Resolved Issues
| Issue ID | Description |
|---|---|
ZVM-31343 |
|
ZVM-31328 |
Falcon compilation ends with Stack Memory Failure |
ZVM-31299 |
Port JDK-8175318 from OpenJDK to avoid unnecessary cleaning of JNI handles |
ZVM-31265 |
DebugInfo for cc-compiler-engine.zip is incompatible with the debuginfo shipped with the JDK |
ZVM-31239 |
[CNC] java.lang.Object should be always pre-registered in ProtoUniverse |
ZVM-31238 |
Missing RCD debug symbols for release builds |
ZVM-26110 |
[NMT] Make intercepted allocations honor alignment parameter |