← Back to team overview

openjdk team mailing list archive

[Bug 2045330] [NEW] Please remove these packages before 24.04 LTS release

 

*** This bug is a security vulnerability ***

Public security bug reported:

Hello, we surely don't need all these OpenJDK releases in 24.04 LTS. We
should figure out which ones are worth keeping and which ones are worth
removing.

$ gzip -cd /srv/mirror/ubuntu/dists/noble/*/source/Sources.gz | grep '^Package: openjdk' | sort -n
Package: openjdk-11-jre-dcevm
Package: openjdk-17
Package: openjdk-19
Package: openjdk-20
Package: openjdk-21
Package: openjdk-22
Package: openjdk-8
Package: openjdk-lts

(I've not included openjdk-lts in the list on the assumption that we
want to keep that one. If that's a wrong assumption, please do whatever
needs doing.)

Thanks

** Affects: openjdk-11-jre-dcevm (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-17 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-19 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-20 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-21 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-22 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openjdk-8 (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: openjdk-11-jre-dcevm (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-17 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-19 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-20 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-21 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openjdk-22 (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

  Hello, we surely don't need all these OpenJDK releases in 24.04 LTS. We
  should figure out which ones are worth keeping and which ones are worth
  removing.
  
  $ gzip -cd /srv/mirror/ubuntu/dists/noble/*/source/Sources.gz | grep '^Package: openjdk' | sort -n
  Package: openjdk-11-jre-dcevm
  Package: openjdk-17
  Package: openjdk-19
  Package: openjdk-20
  Package: openjdk-21
  Package: openjdk-22
  Package: openjdk-8
  Package: openjdk-lts
+ 
+ (I've not included openjdk-lts in the list on the assumption that we
+ want to keep that one. If that's a wrong assumption, please do whatever
+ needs doing.)
+ 
+ Thanks

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/2045330

Title:
  Please remove these packages before 24.04 LTS release

Status in openjdk-11-jre-dcevm package in Ubuntu:
  New
Status in openjdk-17 package in Ubuntu:
  New
Status in openjdk-19 package in Ubuntu:
  New
Status in openjdk-20 package in Ubuntu:
  New
Status in openjdk-21 package in Ubuntu:
  New
Status in openjdk-22 package in Ubuntu:
  New
Status in openjdk-8 package in Ubuntu:
  New

Bug description:
  Hello, we surely don't need all these OpenJDK releases in 24.04 LTS.
  We should figure out which ones are worth keeping and which ones are
  worth removing.

  $ gzip -cd /srv/mirror/ubuntu/dists/noble/*/source/Sources.gz | grep '^Package: openjdk' | sort -n
  Package: openjdk-11-jre-dcevm
  Package: openjdk-17
  Package: openjdk-19
  Package: openjdk-20
  Package: openjdk-21
  Package: openjdk-22
  Package: openjdk-8
  Package: openjdk-lts

  (I've not included openjdk-lts in the list on the assumption that we
  want to keep that one. If that's a wrong assumption, please do
  whatever needs doing.)

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-11-jre-dcevm/+bug/2045330/+subscriptions



Follow ups