The Liberty-for-Java Buildpack v3.48 now includes Liberty runtime 18.104.22.168 as the alternate and default runtime and an updated IBM JRE 22.214.171.124.
The updated 126.96.36.199 includes the following three PSIRT security vulnerabilities:
- CVE-2020-2590 was disclosed as part of the Oracle January 2020 Critical Patch Update.
- CVE-2020-2601 was also disclosed as part of the Oracle January 2020 Critical Patch Update.
- IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020
This buildpack contains two production versions of Liberty—a default version that remains constant for approximately three months and the latest version, as an alternate.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run "as is" without any additional changes. New applications will automatically use the new buildpack.