The Liberty-for-Java Buildpack v3.56 adds Liberty runtime 21.0.0.4 as the alternate runtime and keeps 21.0.0.3 as the default runtime.
The AdoptOpenJDK Openj9 alternate JRE (11.0.10_9_openj9-0.24.0) and IBM JRE (8 SR6 FP26) remain the same.
The monthly runtime 21.0.0.4 addresses the following PSIRT security vulnerability: Vulnerability in Apache MyFaces used by WebSphere Application Server (CVE-2021-26296).
To specify the monthly runtime, two variables need to be set:
- ibmcloud cf set-env <yourappname> JBP_CONFIG_LIBERTY “version: +”
- ibmcloud cf set-env <yourappname> IBM_LIBERTY_MONTHLY true
This buildpack contains two production versions of Liberty — a default version that remains constant for approximately three months and the latest version, as an alternate.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run “as is” without any additional changes. New applications will automatically use the new buildpack.