惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
LangChain Blog
W
WeLiveSecurity
P
Proofpoint News Feed
月光博客
月光博客
NISL@THU
NISL@THU
L
LINUX DO - 最新话题
Webroot Blog
Webroot Blog
T
Threatpost
Y
Y Combinator Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Vercel News
Vercel News
Jina AI
Jina AI
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
J
Java Code Geeks
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
MyScale Blog
MyScale Blog
N
News and Events Feed by Topic
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
Schneier on Security
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Help Net Security
Help Net Security
Recent Announcements
Recent Announcements
S
Security @ Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Securelist
T
The Exploit Database - CXSecurity.com
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
雷峰网
雷峰网
量子位
Google DeepMind News
Google DeepMind News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Spread Privacy
Spread Privacy
L
Lohrmann on Cybersecurity
I
Intezer
T
The Blog of Author Tim Ferriss
G
GRAHAM CLULEY
D
DataBreaches.Net
V
Vulnerabilities – Threatpost
P
Privacy & Cybersecurity Law Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
罗磊的独立博客

Adoptium Blog

Eclipse Temurin 8u492, 11.0.31, 17.0.19, 21.0.11, 25.0.3 and 26.0.1 Available Exploring Packaging Changes to Temurin JDK on AIX, Linux ppc64le and Linux s390x Eclipse Temurin 26 Available Celebrating Technical Achievements: 2025 Q4 Engineering milestones and community contributions Eclipse Temurin 8u482, 11.0.30, 17.0.18, 21.0.10 and 25.0.2 Available Adoptium's Plan to End Support for Solaris and Windows 32-bit Platforms Eclipse Temurin 8u472, 11.0.29, 17.0.17, 21.0.9 and 25.0.1 Available Eclipse Temurin 25 Available Eclipse Temurin JDK 24 enables JEP 493 Eclipse Temurin 8u462, 11.0.28, 17.0.16, 21.0.8 and 24.0.2 Available AQAvit in 2025 Eclipse Temurin 8u452, 11.0.27, 17.0.15, 21.0.7 and 24.0.1 Available Eclipse Temurin 24 Available Eclipse Temurin 8u442, 11.0.26, 17.0.14, 21.0.6 and 23.0.2 Available Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1 Available Eclipse Temurin 23 Available Eclipse Temurin Reproducible Verification Builds for Secure Supply Chain Validation Eclipse Temurin 8u422, 11.0.24, 17.0.12, 21.0.4 and 22.0.2 Available Important Update: Removal of CentOS 7 Eclipse Temurin Images External audit of Temurin build and distribution processes The Scope of AQAvit Eclipse Temurin 8u412, 11.0.23, 17.0.11, 21.0.3 and 22.0.1 Available Eclipse Temurin 21 and 22 Available on RISC-V Eclipse Temurin 22 Available AQAvit Graduation Ceremony Tagged early access builds for all releases SLSA build level 3 compliance on Linux and macOS for Eclipse Temurin Eclipse Temurin 8u392, 11.0.21, 17.0.9 and 21.0.1 Available Reproducible Comparison Builds Eclipse Temurin 21 release delay Eclipse Temurin 11.0.20.1, 17.0.8.1 now available Early access builds for JDK21+ Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2 Available Peeling the Big Onion - Stripping out layers of indirection from test frameworks AdoptOpenJDK.jfrog.io has been deprecated! Adoptium Automated Deployment Of Nagios Eclipse Temurin 8u372, 11.0.19, 17.0.7 and 20.0.1 Available Adoptium Infrastructure Management With Nagios Eclipse Temurin 8u362, 11.0.18, 17.0.6 and 19.0.2 Available EMT4J – An Easier Upgrade for Java Applications Secure Software Development Framework (SSDF) at Adoptium SLSA level 2 compliance for Eclipse Temurin A month after EclipseCon - Adoptium Community day summary, and more. Adoptium Welcomes Rivos A Short Exploration of Java Class Pre-Initialization Adoptium Welcomes Google Eclipse Temurin 19 Available Availability of JDK 8u352-b05 Early Access Build A Summary of the July 2022 Retrospectives Eclipse Temurin 8u342, 11.0.16, 17.0.4 and 18.0.2 Available Verifying GPG signatures for Temurin downloads Reproducible Builds at Eclipse Adoptium Eclipse Temurin Linux (RPM/DEB) installer packages Eclipse Temurin JREs are back! Eclipse Temurin 8u312, 11.0.13, and 17.0.1 Available Creating your own runtime using jlink Eclipse Temurin 17 Available Using Jlink in Dockerfiles instead of a JRE Adoptium Celebrates First Release Adoptium to Promote Broad Range of Compatible OpenJDK Builds Eclipse Adoptium Welcomes You
Eclipse Temurin 8u402, 11.0.22, 17.0.10 and 21.0.2 Available
Adoptium PMC · 2024-01-26 · via Adoptium Blog

Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u402, 11.0.22, 17.0.10 and 21.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the Temurin download page, official container images are available at DockerHub, and installable packages are available for various operating systems.

Security Vulerabilities Resolved

The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the Common Vulnerabilities and Exposures (CVE) vulnerability database reference and Common Vulnerability Scoring System (CVSS) v3.1 base score provided by the OpenJDK Vulnerability Group. Note that defense-in-depth issues are not assigned CVEs.

CVE IdentifierComponentCVSS Scorev8v11v17v21
CVE-2024-20932security-libs/java.securityHigh (7.5)X
CVE-2024-20918hotspot/compilerHigh (7.4)XXXX
CVE-2024-20952security-libs/java.securityHigh (7.4)XXXX
CVE-2024-20926core-libs/javax.scriptMedium (5.9)XX
CVE-2024-20919hotspot/runtimeReserved (5.9)XXXX
CVE-2024-20921hotspot/runtimeReserved (5.9)XXXX
CVE-2024-20945security-libs/javax.xml.cryptoReserved (4.7)XXXX

Users should follow the Adoptium policy for reporting vulnerability concerns with this release.

Fixes and Updates

This release contains the following fixes and updates.

New and Noteworthy

No Temurin Arm 32-bit Linux binaries for JDK 21 and up

As per the Eclipse Adoptium PMC decision, the project will not produce Temurin binaries for Arm 32-bit Linux for JDK 21 and up. This decision is based on several criteria, including download statistics, level of support for the platform in the upstream OpenJDK project and interest from Adoptium Working Group members.

Availability of s390x Linux and ppc64 AIX in JDK 21.0.2+13

We are pleased to announce the availability of these 2 platforms for JDK 21.0.2+13. We were unable to release them during our October 2023 release period, so this is the first time that production-ready JDK 21 Temurin binaries have been published out of the project.

aarch64 macOS Respin

Eclipse Temurin 11.0.22 aarch64 macOS binaries are in a separate release named jdk-11.0.22+7.1 due to a respin that was required to fix a linking issue introduced in a compiler upgrade for that platform.

ppc64 AIX JDK11 and JDK17 Unavailable

Temurin 11 and 17 on AIX remain unavailable due to an issue with Harfbuzz. Fortunately, an update to the version of Harfbuzz is targeted for April 2024.

Refinements to SBOM Contents

As of this release, extra details relating to Windows and Mac compiler versions are being recorded in the Software Bill of Materials (SBOM) for those platforms (details can be found in temurin-build PR 3606).

Confirmation of Reproducible Builds for JDK 21 Temurin binaries

Now that we have created pipelines that verify the Temurin binaries we produce are reproducible, we have an effective way to confirm that this 'feature' does not regress. As indicated in the diagram below, for all primary platforms on JDK 21.0.2+13, we confirm those binaries are reproducible.

Reproducible jdk21u

SLSA Level 3 for Majority of platforms

Since our previous release, we have been diligently been working at closing the last issues required for us to declare SLSA Level 3 compliance for Linux and macOS Temurin binaries. This is a lauded accomplishment for the project, though our work is ongoing. Our 2024 plan sees us continue to focus on secure development best practices.