The Liberty-for-Java Buildpack v3.45 now includes Liberty runtime 220.127.116.11.
This buildpack contains two production versions of Liberty—a default version that remains constant for approximately three months and the latest version, as an alternate.
In this new buildpack, both the default and alternate versions are 18.104.22.168.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run "as is" without any additional changes. New applications will automatically use the new buildpack.
This buildpack contains fixes for the following security vulnerabilities:
- Information disclosure in WebSphere Application Server (CVE-2020-4329)
- CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition
- Potential spoofing attack in Webshere Application Server (CVE-2020-4421)
- Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654