The Liberty-for-Java Buildpack v3.58 adds Liberty runtime 126.96.36.199 as the default and alternate runtime and an updated IBM JRE 188.8.131.52.
The AdpotOpenJDK Open J9 alternate JRE remains the same 11.0.11_9_openj9-0.26.0. The updated 184.108.40.206 addresses the following PSIRT security vulnerability:
- WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)
This buildpack contains two production versions of Liberty — a default version that remains constant for approximately three months and the latest version, as an alternate.
An existing application will not be affected by the new buildpack until you redeploy or restage it. After redeployment, existing applications should continue to run "as is" without any additional changes. New applications will automatically use the new buildpack.