The Liberty-for-Java Buildpack v3.55 adds Liberty runtime 126.96.36.199 as the default and alternate runtime and an updated IBM JRE 188.8.131.52.
The AdoptOpenJDK Open J9 alternate JRE remains the same 11.0.10_9_openj9-0.24.0. The updated 184.108.40.206 addresses the following PSIRT security vulnerabilities:
- Vulnerability in Java SE related to the Libraries component (CVE-2020-14782)
- Vulnerability in Java SE related to JNDI component (CVE-2020-14781)
- Unspecified vulnerability in Java SE (CVE-2020-14803)
- Eclipse OpenJ9 vulnerable to stack-based buffer overflow (CVE-2020-27221)
- Vulnerability in Java SE related to Java SE Security component (CVE-2020-2773)
This buildpack contains two production versions of Liberty — a default version that remains constant for approximately three months and the latest version, as an alternate.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run "as is" without any additional changes. New applications will automatically use the new buildpack.