The Liberty-for-Java Buildpack v3.48 now includes Liberty runtime 184.108.40.206 as the alternate and default runtime and an updated IBM JRE 220.127.116.11.
The updated 18.104.22.168 includes the following three PSIRT security vulnerabilities:
- CVE-2020-2590 was disclosed as part of the Oracle January 2020 Critical Patch Update.
- CVE-2020-2601 was also disclosed as part of the Oracle January 2020 Critical Patch Update.
- IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020
This buildpack contains two production versions of Liberty—a default version that remains constant for approximately three months and the latest version, as an alternate.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run "as is" without any additional changes. New applications will automatically use the new buildpack.