From 385e361fe5187b6e8909f90d07324c3dffa09c59 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 28 Oct 2024 11:22:13 +0000 Subject: [PATCH 1/6] add October release blog post --- .../index.md | 2 +- .../index.md | 67 +++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md diff --git a/content/blog/eclipse-temurin-8u422-11024-1712-2104-2202-available/index.md b/content/blog/eclipse-temurin-8u422-11024-1712-2104-2202-available/index.md index 425ca35da..f67696594 100644 --- a/content/blog/eclipse-temurin-8u422-11024-1712-2104-2202-available/index.md +++ b/content/blog/eclipse-temurin-8u422-11024-1712-2104-2202-available/index.md @@ -36,7 +36,7 @@ This release contains the following fixes and updates. * [Temurin 11.0.24 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-11.0.24+8), including [fixes in OpenJDK 11.0.24](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+11.0.24) -* [Temurin 17.0.11 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.12+7), including [fixes in OpenJDK 17.0.12](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.12) +* [Temurin 17.0.12 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.12+7), including [fixes in OpenJDK 17.0.12](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.12) * [Temurin 21.0.4 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-21.0.4+7), including [fixes in OpenJDK 21.0.4](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+21.0.4) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md new file mode 100644 index 000000000..defebab36 --- /dev/null +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -0,0 +1,67 @@ +--- +title: Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1 Available +date: "2024-07-26" +author: pmc +description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. +tags: + - temurin + - announcement + - release-notes +--- + +Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432-b06, 11.0.25+9, 17.0.13+11, 21.0.5+11 and 23.0.1+11. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases), [official container images](https://hub.docker.com/_/eclipse-temurin) are available at DockerHub, and [installable packages](https://adoptium.net/installation/) are available for various operating systems. + +## Security Vulnerabilities Resolved + +The following table summarizes security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document) provided by the [OpenJDK Vulnerability Group](https://openjdk.org/groups/vulnerability/). Note that defense-in-depth issues are not assigned CVEs. + +| CVE Identifier | Component | CVSS Score | v8 | v11 | v17 | v21 | v23 | +| :-------------- | :------------------------------ | :--------: | :-: | :-: | :-: | :-: | :-: | +| [CVE-2024-21235](https://nvd.nist.gov/vuln/detail/CVE-2024-21235) | hotspot/compiler | Medium ([4.8](https://nvd.nist.gov/vuln/detail/CVE-2024-21235)) | X | X | X | X | X | +| [CVE-2024-21208](https://nvd.nist.gov/vuln/detail/CVE-2024-21208) | core-libs/java.net | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21208)) | X | X | X | X | X | +| [CVE-2024-21210](https://nvd.nist.gov/vuln/detail/CVE-2024-21210) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21210)) | X | X | X | X | X | +| [CVE-2024-21217](https://nvd.nist.gov/vuln/detail/CVE-2024-21217) | core-libs/java.io:serialization | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21217)) | X | X | X | X | X | + +Users should follow the [Adoptium policy for reporting vulnerability concerns](https://github.com/adoptium/adoptium/security/policy#security-policies-and-procedures) with this release. + +## Fixes and Updates + +This release contains the following fixes and updates. + +* [Temurin 8u432 release notes](https://adoptium.net/temurin/release-notes/?version=jdk8u432-b06), including [fixes in OpenJDK 8u422](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+openjdk8u422) + +* [Temurin 11.0.25 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-11.0.25+9), including [fixes in OpenJDK 11.0.25](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+11.0.25) + +* [Temurin 17.0.13 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.13+11), including [fixes in OpenJDK 17.0.13](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.13) + +* [Temurin 21.0.5 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-21.0.5+11), including [fixes in OpenJDK 21.0.5](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+21.0.5) + +* [Temurin 23.0.1 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-23.0.1+11), including [fixes in OpenJDK 23.0.1](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+23.0.1) + +## New and Noteworthy + +### Windows aarch64 support + +Starting with Eclipse Temurin versions 21.0.5 and 23.0.1, Windows aarch64 (ARM64) is now officially supported. This addition brings enhanced flexibility and performance improvements for developers working on ARM-based Windows systems. Users can now benefit from Temurin’s robust, high-performance JDK distribution on an expanded range of Windows hardware, continuing our commitment to broad platform compatibility and support for modern architectures. + +### Container Updates + +#### General availability of RISC-V container images + +In this release, we are introducing support for RISC-V (riscv64) architecture with new Docker images for Eclipse Temurin, available from JDK 17 onwards. This addition enables broader compatibility and performance on RISC-V platforms, furthering our commitment to supporting diverse architectures in the open-source ecosystem. + +#### Changes to Docker image external CA certs handling + +A recent fix has been applied across all eclipse-temurin container tags to resolve an issue with the `__cacert_entrypoint.sh` script during certificate renewals. Previously, the script generated certificate aliases using only the Subject CN, which led to alias duplication errors when both old and new intermediate certificates with the same CN were present. This affected the keytool import process, causing it to fail. The fix now appends the certificate's serial number to the alias if a duplicate CN is detected, ensuring unique aliases and allowing both certificates to coexist during transitional periods without error. + +See more details about the fix [here](https://github.com/adoptium/containers/pull/642). + +#### (Re)Introduction of Windows Nanoserver images for JDK23 + +With the release of Eclipse Temurin 23.0.1, we are pleased to announce that Windows NanoServer images are now available, though this was skipped for the initial JDK 23 release. Currently, when running JDK 23+37 on Windows NanoServer containers, users may encounter the warning: + +``` +OpenJDK 64-Bit Server VM warning: Failed to determine whether the OS can retrieve version information from kernel32.dll: The system cannot find the file specified +``` + +This warning is due to an ongoing issue with kernel version retrieval, and we anticipate it will be resolved in JDK 23.0.2. For more details, please refer to the [upstream issue](https://bugs.openjdk.org/browse/JDK-8340383). From 79510d7551fb61709dcee3eeb182650a466e111e Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 28 Oct 2024 11:23:04 +0000 Subject: [PATCH 2/6] Update index.md --- .../index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md index defebab36..a02e9dc72 100644 --- a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -1,6 +1,6 @@ --- title: Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1 Available -date: "2024-07-26" +date: "2024-10-28" author: pmc description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. tags: From d967cfea193628700f527d1279394dfc9a7db942 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 28 Oct 2024 11:27:50 +0000 Subject: [PATCH 3/6] mention GPG change --- .../index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md index a02e9dc72..ccdfa7ac1 100644 --- a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -46,6 +46,10 @@ Starting with Eclipse Temurin versions 21.0.5 and 23.0.1, Windows aarch64 (ARM64 ### Container Updates +#### GPG Verification Added to Eclipse Temurin images + +This release introduces GPG verification for Eclipse Temurin container downloads, adding integrity and authenticity checks for greater security. As part of this enhancement, the `gnupg` package is now included in all Ubuntu and Alpine-based container images, which could be a breaking change for some workflows. This adjustment ensures that users receive verified binaries but may impact containers that previously operated without gnupg installed. For further details, refer to [PR #673](https://github.com/adoptium/containers/pull/673). + #### General availability of RISC-V container images In this release, we are introducing support for RISC-V (riscv64) architecture with new Docker images for Eclipse Temurin, available from JDK 17 onwards. This addition enables broader compatibility and performance on RISC-V platforms, furthering our commitment to supporting diverse architectures in the open-source ecosystem. From 6765c8c8033af708f10068ea14b127ed619a4831 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 28 Oct 2024 11:32:25 +0000 Subject: [PATCH 4/6] Update index.md --- .../index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md index ccdfa7ac1..df61ba5a6 100644 --- a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -62,9 +62,9 @@ See more details about the fix [here](https://github.com/adoptium/containers/pul #### (Re)Introduction of Windows Nanoserver images for JDK23 -With the release of Eclipse Temurin 23.0.1, we are pleased to announce that Windows NanoServer images are now available, though this was skipped for the initial JDK 23 release. Currently, when running JDK 23+37 on Windows NanoServer containers, users may encounter the warning: +With the release of Eclipse Temurin 23.0.1, we are pleased to announce that Windows NanoServer images are now available, though this was skipped for the initial JDK 23 release. Currently, when running JDK 23+37 on Windows NanoServer containers, users may encounter the warning: -``` +```output OpenJDK 64-Bit Server VM warning: Failed to determine whether the OS can retrieve version information from kernel32.dll: The system cannot find the file specified ``` From ddb8dcbed9a88f05fbaad2f85c8df49467a1c681 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 28 Oct 2024 11:54:12 +0000 Subject: [PATCH 5/6] Update index.md --- .../index.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md index df61ba5a6..fafd1d016 100644 --- a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -44,6 +44,14 @@ This release contains the following fixes and updates. Starting with Eclipse Temurin versions 21.0.5 and 23.0.1, Windows aarch64 (ARM64) is now officially supported. This addition brings enhanced flexibility and performance improvements for developers working on ARM-based Windows systems. Users can now benefit from Temurin’s robust, high-performance JDK distribution on an expanded range of Windows hardware, continuing our commitment to broad platform compatibility and support for modern architectures. +### Windows Updated Microsoft STL Redistributable Included in Eclipse Temurin + +We have addressed an issue in Eclipse Temurin regarding the inclusion of an outdated Microsoft STL redistributable (`msvcp140.dll`) in the JDK's bin directory, as noted in [issue #3887](https://github.com/adoptium/temurin-build/issues/3887). This issue led to crashes for applications using C++ libraries from Java that relied on the updated mutex behavior in the latest Microsoft toolset. The outdated DLL version caused mutex initialization errors, impacting multi-threaded functionality. With this fix, Temurin now includes the latest Microsoft redistributables, ensuring compatibility and stability for applications requiring the updated runtime. + +### Missing AIX 8u432 Release + +The AIX build for Eclipse Temurin 8u342 has been temporarily skipped due to a compilation error introduced in the upstream OpenJDK codebase. We have reported the issue in [JDK-8342822](https://bugs.openjdk.org/browse/JDK-8342822) and are actively working toward a resolution. We anticipate that the AIX JDK8u build will be available in the next quarterly release. + ### Container Updates #### GPG Verification Added to Eclipse Temurin images From d3cdfe26300dbd5ea674b9766984da10a7b5cb96 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 4 Nov 2024 19:06:57 +0000 Subject: [PATCH 6/6] Update index.md --- .../index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md index fafd1d016..90b1dfa43 100644 --- a/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md +++ b/content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md @@ -1,6 +1,6 @@ --- title: Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1 Available -date: "2024-10-28" +date: "2024-11-04" author: pmc description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. tags: