Fix GC log reporting of Tier1 queue depth under the optimized Tier1 queue mode
25.02.0.0
25.02.0.0
Release date: March 6, 2025
This PSU release is based on the Azul Zing Build of OpenJDK (Zing) 25.01.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_442-b2 |
11 |
11.0.26+4-LTS |
17 |
17.0.14+7-LTS |
21 |
21.0.6+7-LTS |
23 |
23.0.2+7-MTS |
What’s New
-
Zing 25.02.0.0 changes the way C1 profiling is performed, improving warmup in most cases. With this change, C1 type profiling is disabled for ReadyNow-matched compiles that are already assigned a profile, reducing compiler overhead during warmup.
-
Zing 25.02.0.0 improves Multi Tiering implementation to further reduce warmup time. For more information about Multi Tiering, see our documentation on Using Multiple Compiler Tiers
-
Zing 25.02.0.0 implements a new optimization which improves the throughput of your JVM application by eliminating cost of the Garbage Collector (GC) barrier instructions when the GC is not running. The optimization comes with the cost of increase in GC CPU usage while the GC is running, so is best suited for cases where the GC time percentage is already low.
This mode is disabled by default and can be enabled by specifying the command line option
-XX:GPGCLvbCodeVersioningMode. You can find more information about this option on the Command Line Options page and more on Hybrid Mode and LVB Code Versioning on the C4 Garbage Collector page. -
Zing 25.02.0.0 introduces a new command line option,
-XX:+UseTaggedAddressForJavaHeap, which enables the “tagged address for java heap” feature for modern ARM64 systems. This feature provides better out-of-the-box performance and improved memory reporting when you are running Zing in non-ZST mode.GC logs include a new line in the header,
Use address tag bits, which indicates if this feature is enabled or disabled.This feature is compatible with systems using ARMv8 system architecture or higher and Linux kernel versions 5.4 or higher.
This feature is disabled by default. You can enable it using
-XX:+UseTaggedAddressForJavaHeap. -
You can now use the command
update-alternativesto switch between Zing versions when you have multiple versions of Java installed on your system. For more information, see Get Started with Azul Prime on APT Systems, Switching Between Zing Installations. -
A new option,
-XX:+UseUnifiedCompilerFrontendhas been introduced which allows CNC and Falcon to share the same frontend, enabling the CNC UnifiedCompiler directly in the VM. This option is disabled by default. -
January 2025 PSU release security fixes.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2025-0509 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Install (Sparkle) |
Multiple |
No |
7.3 |
Adjacent Network |
High |
High |
Required |
Changed |
High |
High |
High |
None |
|
CVE-2025-21502 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
4.8 |
Network |
High |
None |
None |
Unchanged |
Low |
Low |
None |
None |
Note 1 |
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for January 2025