News article
Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2 Available
Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are…

Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u382, 11.0.20, 17.0.8 and 20.0.2. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the Temurin download page, official container images are available at DockerHub, and installable packages are available for various operating systems.

Security Vulerabilities Resolved

The following table summaries security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an ‘X’ in the table. Each line shows the Common Vulnerabilities and Exposures (CVE) vulnerability database reference and Common Vulnerability Scoring System (CVSS) v3.1 base score provided by the OpenJDK Vulnerability Group. Note that defense-in-depth issues are not assigned CVEs.

CVE IdentifierComponentCVSS Scorev8v11v17v20
CVE-2023-22041hotspot/compilerMedium (5.1)XXX
CVE-2023-25193client-libs/2dLow (3.7)XXX
CVE-2023-22044hotspot/compilerLow (3.7)XX
CVE-2023-22045hotspot/compilerLow (3.7)XXXX
CVE-2023-22049core-libs/java.ioLow (3.7)XXXX
CVE-2023-22036core-libs/java.utilLow (3.7)XXX
CVE-2023-22006core-libs/java.netLow (3.1)XXX

Users should follow the Adoptium policy for reporting vulnerability concerns with this release.

Fixes and Updates

This release contains the following fixes and updates.

New and Noteworthy

New Container Functionality

Temurin container images now have the ability to add additional Certificate Authority (CA) certificates to the truststore at runtime. This is useful for applications that wish to manage a custom list of CA’s. This feature is being rolled out across all official images except Windows-based images.

Further details about “Can I add my internal CA certificates to the truststore?” are described on the Dockerhub documentation page.

No JDK 20 binaries for Linux PPC64le, s390x, arm32, and limited AIX ppc64 releases

Adoptium is not releasing Temurin 20.0.2 for Linux PPC64le, s390x, arm32, and AIX ppc64 due to issues found in testing. In addition, Adoptium is only be releasing Temurin 8u832 for AIX ppc64 at present as other Java versions on AIX ppc64 have a known issue that is being resolved by a dependency. These platforms may be released at a later date if the issues are resolved in the upstream implementations.

New AIX version requirement

From this release onwards, all Temurin versions published for AIX now require AIX OS version 7.2.

temurinannouncementrelease-notes

Do you have questions or want to discuss this post? Hit us up on the Adoptium Slack workspace!


Adoptium PMC

Posted by Adoptium PMCCollective of Adoptium Project Management Committee members

Thank you to our 300+contributors