24.08.0.0

Need help?

Schedule a consultation with an Azul performance expert.

24.08.0.0

Release date: September 2, 2024

This PSU release is based on the Azul Zing Build of OpenJDK (Zing) 24.07.0.0 and corresponds to the following OpenJDK versions:

Major Version	OpenJDK Version
8	1.8.0_422-b5
11	11.0.24+8-LTS
17	17.0.12+7-LTS
21	21.0.4+4-LTS

What’s New

The command line option ProfileLogName has been deprecated and replaced with ProfileName. ProfileName supports all existing macros available for ProfileLogName, see Substitution Macros in the Optimizer Hub documentation for more info. It is still possible to use ProfileLogName, however, we recommend that you update your configuration in order to guarantee that you have access to all of the latest features implemented in ProfileName.

Note that using ProfileName overrides ProfileLogName, ProfileLogIn, and ProfileLogOut.
Zing 24.08.0.0 introduces a new feature to the Falcon compiler called Multi-Tiering. Multi-Tiering allows Falcon to schedule methods for compilation under different optimization levels, based on method hotness.

Multi-Tiering assigns hot and active methods to final-tier compilation and cold or inactive methods to mid-tier compilation. Final-tier uses the default Falcon optimization level (usually Falcon optimization level 2) while Mid-tier uses Falcon optimization level 0.

Enable Multi-Tiering using the command line option -XX:+UseMultiTiering.

For more information on Multi-Tiering, see Analyzing and Tuning Warm-Up, Using Multiple Compiler Tiers
Zing 24.08.0.0 raises the maximum java heap size (Xmx) supported with non-ZST mode to 14000 GB (14 TB) on Intel Ice Lake and newer x86 processors when 5-level paging (LA57) is enabled at the OS level.
Zing 24.08.0.0 handles requests for PrintJNI without safepoint pause, allowing PrintJNI to run concurrently with your VM process.
July 2024 PSU release security fixes.

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2024-21145	2D	Multiple	Yes	4.8	Network	High	None	None	Unchanged	Low	Low	None	21, 17, 11, 8	Note 1
CVE-2024-21131	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	21, 17, 11, 8	Note 1
CVE-2024-21138	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	21, 17, 11, 8	Note 1
CVE-2024-21144	Concurrency	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	11, 8	Note 2
CVE-2024-27983 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK	HTTP/2	Yes	8.2	Network	Low	None	None	Unchanged	None	Low	High	None
CVE-2024-21147 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Hotspot	Multiple	Yes	7.4	Network	High	None	None	Unchanged	High	High	None	None	Note 1
CVE-2024-21140 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Hotspot	Multiple	Yes	4.8	Network	High	None	None	Unchanged	Low	Low	None	None	Note 1

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2024-21145

Multiple

Yes

4.8

Network

High

None

Unchanged

Low

None

21, 17, 11, 8

Note 1

CVE-2024-21131

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

21, 17, 11, 8

Note 1

CVE-2024-21138

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

21, 17, 11, 8

Note 1

CVE-2024-21144

Concurrency

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

11, 8

Note 2

CVE-2024-27983 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK

HTTP/2

Yes

8.2

Network

Low

None

Unchanged

None

Low

High

None

CVE-2024-21147 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Hotspot

Multiple

Yes

7.4

Network

High

None

Unchanged

High

None

Note 1

CVE-2024-21140 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Hotspot

Multiple

Yes

4.8

Network

High

None

Unchanged

Low

None

Note 1

Notes:

ID	Notes
1	This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.
2	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Notes

This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2024

Zing 24.08.0.0 introduces a new parameter PrintGCHeadersGuaranteedIntervalSecs which can be used to specify a time interval for periodic output of headers in GC log. This helps open partial GC logs in GC log analyzer, for example those pulled from Splunk.
Zing 24.08.0.0 introduces Periodic NMT logging. With this feature, you can output NMT logs to the NMT output folder periodically. Since periodic NMT logging is a diagnostic feature, you must first unlock diagnostic VM Options using -XX:+UnlockDiagnosticVMOptions.

To specify the output directory for NMT logs, use -XX:PrintNMTStatisticsRoot=<dir_name>. Setting this option enables periodic dumping.

To specify the interval for printing the new report to the directory, use -XX:PrintNMTStatisticsAtIntervalSec=<interval in seconds>. The default value is 10 sec.

Example settings for periodic NMT logging:
```
 java -XX:+UnlockDiagnosticVMOptions -XX:NativeMemoryTracking=summary -XX:PrintNMTStatisticsRoot=nmt -XX:PrintNMTStatisticsAtIntervalSec=20 Main
```

Known Issues

There are no new issues to report in this release.

Resolved Issues

Issue ID	Description
ZVM-30741	Don’t disable THP for java heap with -XX:+ThpDisable unless UseTransparentHugePages is also disabled
ZVM-31300	Fix a data race related to java threads interruptions and parking

Issue ID

Description

ZVM-30741

Don’t disable THP for java heap with -XX:+ThpDisable unless UseTransparentHugePages is also disabled

ZVM-31300

Fix a data race related to java threads interruptions and parking