From ff62813ebbba635a88b0b988de23c9212746bad3 Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Tue, 25 Jul 2023 16:53:53 +0100 Subject: [PATCH 1/7] Create index.md Initial draft --- .../index.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md new file mode 100644 index 000000000..22ed69eb8 --- /dev/null +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -0,0 +1,42 @@ +--- +title: Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2 Available +date: "2023-07-28T12:00:00+00:00" +author: pmc +description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. +tags: + - temurin + - announcement + - release-notes +--- + +Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases). + +## Security Vulerabilities Resolved in this Release + +| CVE ID | Component | [CVSSv3.1 Base Score](https://www.first.org/cvss/v3.1/specification-document) | Temurin 8 | Temurin 11 | Temurin 17 | Temurin 20 | +| :--- | :--- | :----: | :----: | :----: | :----: | :----: | +| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High (7.5) | | :x: | :x: | :x: | +| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium (5.1) | | :x: | :x: | :x: | +| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low (3.7) | | | :x: | :x: | +| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low (3.7) | :x: | :x: | :x: | :x: | +| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low (3.7) | :x: | :x: | :x: | :x: | +| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low (3.7) | | :x: | :x: | :x: | +| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low (3.1) | | :x: | :x: | :x: | + +## Fixes and Updates + +This release contains the following fixes and updates. + +* [Temurin 8u382 release notes](https://adoptium.net/temurin/release-notes/?version=jdk8u382-b05), including [fixes in OpenJDK 8u382](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+openjdk8u382) + +* [Temurin 11.0.20 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-11.0.20+8), including [fixes in OpenJDK 11.0.20](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+11.0.20) + +* [Temurin 17.0.8 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.8+7), including [fixes in OpenJDK 17.0.8](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.8) + +* [Temurin 20.0.2 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-20.0.2+9), including [fixes in OpenJDK 20.0.2](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+20.0.2) + +## New and Noteworthy + +### No JDK 20 binaries for Linux PPC64le, s390x, arm32, and AIX ppc64 + +Adoptium will not be releasing JDK 20.0.2 for Linux PPC64le, s390x, arm32, and AIX ppc64 due to issues found in testing. These platforms may be released at a later date if the issues are resolved in the implementation. From cd0e54c59364c016bcf53e84232748af89f35813 Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Wed, 26 Jul 2023 09:51:16 +0100 Subject: [PATCH 2/7] Update index.md Fix-up some layout problems and fix linter --- .../index.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index 22ed69eb8..c4db278e4 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -13,15 +13,17 @@ Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u38 ## Security Vulerabilities Resolved in this Release -| CVE ID | Component | [CVSSv3.1 Base Score](https://www.first.org/cvss/v3.1/specification-document) | Temurin 8 | Temurin 11 | Temurin 17 | Temurin 20 | +The following table summaries security vulnerabilities fixed in this release cycle for each Temurin version. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document). + +| CVE ID | Component | CVSSv3.1 Base Score | Temurin 8 | Temurin 11 | Temurin 17 | Temurin 20 | | :--- | :--- | :----: | :----: | :----: | :----: | :----: | -| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High (7.5) | | :x: | :x: | :x: | -| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium (5.1) | | :x: | :x: | :x: | -| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low (3.7) | | | :x: | :x: | -| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low (3.7) | :x: | :x: | :x: | :x: | -| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low (3.7) | :x: | :x: | :x: | :x: | -| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low (3.7) | | :x: | :x: | :x: | -| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low (3.1) | | :x: | :x: | :x: | +| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High (7.5) | | X | X | X | +| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium (5.1) | | X | X | X | +| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low (3.7) | | | X | X | +| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low (3.7) | X | X | X | X | +| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low (3.7) | X | X | X | X | +| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low (3.7) | | X | X | X | +| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low (3.1) | | X | X | X | ## Fixes and Updates From f351c850bf65c9d3b4e0166bca756b9595284da1 Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Wed, 26 Jul 2023 10:07:26 +0100 Subject: [PATCH 3/7] Update index.md Tweak CVE wording --- .../index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index c4db278e4..8dd808ba0 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -11,11 +11,11 @@ tags: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases). -## Security Vulerabilities Resolved in this Release +## Security Vulerabilities Resolved -The following table summaries security vulnerabilities fixed in this release cycle for each Temurin version. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document). +The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document). Note that defense-in-depth issues are not assigned CVEs. -| CVE ID | Component | CVSSv3.1 Base Score | Temurin 8 | Temurin 11 | Temurin 17 | Temurin 20 | +| CVE ID | Component | CVSSv3.1 Base Score | v8 | v11 | v17 | v20 | | :--- | :--- | :----: | :----: | :----: | :----: | :----: | | [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High (7.5) | | X | X | X | | [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium (5.1) | | X | X | X | From 3b9698c46a682bbdc5a843e45744e5cd3c1fb3e5 Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Wed, 26 Jul 2023 10:18:08 +0100 Subject: [PATCH 4/7] Link to CVSS calculation --- .../index.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index 8dd808ba0..0a4852aca 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -15,15 +15,15 @@ Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u38 The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document). Note that defense-in-depth issues are not assigned CVEs. -| CVE ID | Component | CVSSv3.1 Base Score | v8 | v11 | v17 | v20 | +| CVE Identifier | Component | CVSS Score | v8 | v11 | v17 | v20 | | :--- | :--- | :----: | :----: | :----: | :----: | :----: | -| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High (7.5) | | X | X | X | -| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium (5.1) | | X | X | X | -| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low (3.7) | | | X | X | -| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low (3.7) | X | X | X | X | -| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low (3.7) | X | X | X | X | -| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low (3.7) | | X | X | X | -| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low (3.1) | | X | X | X | +| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High ([7.5](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-25193)) | | X | X | X | +| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium ([5.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22041)) | | X | X | X | +| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22044)) | | | X | X | +| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22045)) | X | X | X | X | +| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22049)) | X | X | X | X | +| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22036)) | | X | X | X | +| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low ([3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22006)) | | X | X | X | ## Fixes and Updates From 47e69a613cc073990a4771b087e36ff042e1d32a Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Fri, 28 Jul 2023 16:34:00 +0100 Subject: [PATCH 5/7] Update index.md Match OJVG CVSS score on CVE-2023-25193 until we hear otherwise. --- .../index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index 0a4852aca..46b9bc2dc 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -13,12 +13,12 @@ Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u38 ## Security Vulerabilities Resolved -The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document). Note that defense-in-depth issues are not assigned CVEs. +The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document) provided by the [OpenJDK Vulnerability Group](https://openjdk.org/groups/vulnerability/). Note that defense-in-depth issues are not assigned CVEs. | CVE Identifier | Component | CVSS Score | v8 | v11 | v17 | v20 | | :--- | :--- | :----: | :----: | :----: | :----: | :----: | -| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | High ([7.5](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-25193)) | | X | X | X | | [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium ([5.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22041)) | | X | X | X | +| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-25193)) | | X | X | X | | [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22044)) | | | X | X | | [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22045)) | X | X | X | X | | [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22049)) | X | X | X | X | From 65ac5189b798375d2bbe5f922ec8de7b5f252404 Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Fri, 28 Jul 2023 17:00:50 +0100 Subject: [PATCH 6/7] Update index.md Change score link to calculator based upon OJVG vector rather than NIST result. --- .../index.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index 46b9bc2dc..99fc45c6e 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -17,13 +17,13 @@ The following table summaries security vulnerabilities fixed in this release cyc | CVE Identifier | Component | CVSS Score | v8 | v11 | v17 | v20 | | :--- | :--- | :----: | :----: | :----: | :----: | :----: | -| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium ([5.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22041)) | | X | X | X | -| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-25193)) | | X | X | X | -| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22044)) | | | X | X | -| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22045)) | X | X | X | X | -| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22049)) | X | X | X | X | -| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low ([3.7](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22036)) | | X | X | X | -| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low ([3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-22006)) | | X | X | X | +| [CVE-2023-22041](https://nvd.nist.gov/vuln/detail/CVE-2023-22041) | hotspot/compiler | Medium ([5.1](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)) | | X | X | X | +| [CVE-2023-25193](https://nvd.nist.gov/vuln/detail/CVE-2023-25193) | client-libs/2d | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)) | | X | X | X | +| [CVE-2023-22044](https://nvd.nist.gov/vuln/detail/CVE-2023-22044) | hotspot/compiler | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)) | | | X | X | +| [CVE-2023-22045](https://nvd.nist.gov/vuln/detail/CVE-2023-22045) | hotspot/compiler | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)) | X | X | X | X | +| [CVE-2023-22049](https://nvd.nist.gov/vuln/detail/CVE-2023-22049) | core-libs/java.io | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)) | X | X | X | X | +| [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)) | | X | X | X | +| [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low ([3.1](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)) | | X | X | X | ## Fixes and Updates From 5c3887f3039560cf63b1dd817a4337202e24c6ac Mon Sep 17 00:00:00 2001 From: Tim Ellison Date: Thu, 3 Aug 2023 12:48:27 +0100 Subject: [PATCH 7/7] Update index.md --- .../index.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md index 99fc45c6e..3d5f16686 100644 --- a/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md +++ b/content/blog/eclipse-temurin-8u382-11020-1708-and-2002-available/index.md @@ -1,6 +1,6 @@ --- title: Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2 Available -date: "2023-07-28T12:00:00+00:00" +date: "2023-08-04T12:00:00+00:00" author: pmc description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. tags: @@ -9,7 +9,7 @@ tags: - release-notes --- -Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases). +Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases), [official container images](https://hub.docker.com/_/eclipse-temurin) are available at DockerHub, and [installable packages](https://adoptium.net/installation/) are available for various operating systems. ## Security Vulerabilities Resolved @@ -25,6 +25,8 @@ The following table summaries security vulnerabilities fixed in this release cyc | [CVE-2023-22036](https://nvd.nist.gov/vuln/detail/CVE-2023-22036) | core-libs/java.util | Low ([3.7](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)) | | X | X | X | | [CVE-2023-22006](https://nvd.nist.gov/vuln/detail/CVE-2023-22006) | core-libs/java.net | Low ([3.1](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)) | | X | X | X | +Users should follow the [Adoptium policy for reporting vulnerability concerns](https://github.com/adoptium/adoptium/security/policy#security-policies-and-procedures) with this release. + ## Fixes and Updates This release contains the following fixes and updates. @@ -39,6 +41,10 @@ This release contains the following fixes and updates. ## New and Noteworthy -### No JDK 20 binaries for Linux PPC64le, s390x, arm32, and AIX ppc64 +### New Container Functionality + +Temurin container images now have the ability to add additional Certificate Authority (CA) certificates to the truststore at runtime. This is useful for applications that wish to manage a custom list of CA's. This feature is being rolled out across all official images except Windows-based images. + +### No JDK 20 binaries for Linux PPC64le, s390x, arm32, and limited AIX ppc64 releases -Adoptium will not be releasing JDK 20.0.2 for Linux PPC64le, s390x, arm32, and AIX ppc64 due to issues found in testing. These platforms may be released at a later date if the issues are resolved in the implementation. +Adoptium is not releasing Temurin 20.0.2 for Linux PPC64le, s390x, arm32, and AIX ppc64 due to issues found in testing. In addition, Adoptium is only be releasing Temurin 8u832 for AIX ppc64 at present as other Java versions on AIX ppc64 have a known issue that is being resolved by a dependency. These platforms may be released at a later date if the issues are resolved in the upstream implementations.