openjdk team mailing list archive

Thread
Date

[Bug 1934895] Re: Improve understandability of package versions for JDK Early Access

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1934895@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Jul 2021 22:22:55 -0000
Reply-to: Bug 1934895 <1934895@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package openjdk-lts - 11.0.12+7-0ubuntu1

---------------
openjdk-lts (11.0.12+7-0ubuntu1) impish; urgency=high

  * OpenJDK 11.0.12+7 build (release).
  * Security fixes:
    - JDK-8256157: Improve bytecode assembly.
    - JDK-8256491: Better HTTP transport.
    - JDK-8258432, CVE-2021-2341: Improve file transfers.
    - JDK-8260453: Improve Font Bounding.
    - JDK-8260960: Signs of jarsigner signing.
    - JDK-8260967, CVE-2021-2369: Better jar file validation.
    - JDK-8262380: Enhance XML processing passes.
    - JDK-8262403: Enhanced data transfer.
    - JDK-8262410: Enhanced rules for zones.
    - JDK-8262477: Enhance String Conclusions.
    - JDK-8262967: Improve Zip file support.
    - JDK-8264066, CVE-2021-2388: Enhance compiler validation.
    - JDK-8264079: Improve abstractions.
    - JDK-8264460: Improve NTLM support.
  * Sync packages with 11.0.12+7-1:
    - Encode the early-access status into the package version. LP: #1934895.

 -- Matthias Klose <doko@xxxxxxxxxx>  Wed, 21 Jul 2021 10:56:45 +0200

** Changed in: openjdk-lts (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2341

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2369

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2388

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-lts in Ubuntu.
https://bugs.launchpad.net/bugs/1934895

Title:
  Improve understandability of package versions for JDK Early Access

Status in openjdk-17 package in Ubuntu:
  Fix Released
Status in openjdk-lts package in Ubuntu:
  Fix Released

Bug description:
  The current package version of the OpenJDK 17, currently in Early
  Access, looks as follows:

    openjdk-17-jdk/hirsute-updates,hirsute-security,now 17~19-1ubuntu1
  amd64

  The `~` in 17~19 should indicate that it is an Early Access, but it is
  not understandable for Java developers not acquainted with Debian
  package version rules.

  The proposal is to add the `ea` suffix to Early Build package version,
  so that the 19th EA build of OpenJDK 17, would be:

    openjdk-17-jdk/hirsute-updates,hirsute-security,now 17~19ea-1ubuntu1
  amd64

  The above, adds the `ea` marker that is understandable to Java people
  without compromising the structure of the package version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-17/+bug/1934895/+subscriptions