java-latest-openjdk needs to switch from java 21 to 22 (Cauldron and Mageia 9).

For Cauldron, the default java needs to switch from java 17 to 21.

To summarise the java versions for M9:

java-1.8.0-openjdk
 java-1.8.0-openjdk-1.8.0.402.b06-1.mga9.src.rpm
java-11-openjdk
 java-11-openjdk-11.0.22.0.7-1.mga9.src.rpm
java-17-openjdk
 java-17-openjdk-17.0.10.0.7-1.mga9.src.rpm
java-latest-openjdk
 java-latest-openjdk-21.0.2.0.13-1.rolling.1.mga9.src.rpm

Following the links, many of the CVEs seem to be fixed by the following Java varsions;
 OpenJDK 11.0.23
 OpenJDK 17.0.11
 OpenJDK 21.0.3
but there are many references to less obvious RedHat fixes.

Assignee: bugsquad => java

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Long Exception message leading to crash. (CVE-2024-21011)

HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012)

Integer overflow in C1 compiler address generation. (CVE-2024-21068)

Pack200 excessive memory allocation. (CVE-2024-21085)

C2 compilation fails with "Exceeded _node_regs array". (CVE-2024-21094)

References:
https://access.redhat.com/errata/RHSA-2024:1817
https://access.redhat.com/errata/RHSA-2024:1819
https://access.redhat.com/errata/RHSA-2024:1823
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
========================

Updated packages in core/updates_testing:
========================
java-1.8.0-openjdk-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-javadoc-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-src-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-1.mga9
java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-1.mga9

java-11-openjdk-11.0.23.0.9-1.mga9
java-11-openjdk-demo-11.0.23.0.9-1.mga9
java-11-openjdk-demo-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-demo-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-devel-11.0.23.0.9-1.mga9
java-11-openjdk-devel-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-devel-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-headless-11.0.23.0.9-1.mga9
java-11-openjdk-headless-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-headless-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-javadoc-11.0.23.0.9-1.mga9
java-11-openjdk-javadoc-zip-11.0.23.0.9-1.mga9
java-11-openjdk-jmods-11.0.23.0.9-1.mga9
java-11-openjdk-jmods-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-jmods-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-src-11.0.23.0.9-1.mga9
java-11-openjdk-src-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-src-slowdebug-11.0.23.0.9-1.mga9
java-11-openjdk-static-libs-11.0.23.0.9-1.mga9
java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-1.mga9
java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-1.mga9

java-17-openjdk-17.0.11.0.9-1.mga9
java-17-openjdk-demo-17.0.11.0.9-1.mga9
java-17-openjdk-demo-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-demo-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-devel-17.0.11.0.9-1.mga9
java-17-openjdk-devel-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-devel-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-headless-17.0.11.0.9-1.mga9
java-17-openjdk-headless-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-headless-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-javadoc-17.0.11.0.9-1.mga9
java-17-openjdk-javadoc-zip-17.0.11.0.9-1.mga9
java-17-openjdk-jmods-17.0.11.0.9-1.mga9
java-17-openjdk-jmods-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-jmods-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-src-17.0.11.0.9-1.mga9
java-17-openjdk-src-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-src-slowdebug-17.0.11.0.9-1.mga9
java-17-openjdk-static-libs-17.0.11.0.9-1.mga9
java-17-openjdk-static-libs-fastdebug-17.0.11.0.9-1.mga9
java-17-openjdk-static-libs-slowdebug-17.0.11.0.9-1.mga9

java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-demo-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-demo-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-devel-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-devel-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-headless-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-headless-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-javadoc-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-javadoc-zip-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-jmods-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-jmods-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-src-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-src-slowdebug-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-static-libs-22.0.1.0.8-1.rolling.1.mga9
java-latest-openjdk-static-libs-slowdebug-22.0.1.0.8-1.rolling.1.mga9

from SRPMS:
java-1.8.0-openjdk-1.8.0.412.b08-1.mga9.src.rpm
java-11-openjdk-11.0.23.0.9-1.mga9.src.rpm
java-17-openjdk-17.0.11.0.9-1.mga9.src.rpm
java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9.src.rpm

Source RPM: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, java-latest-openjdk => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk
Status: NEW => ASSIGNED
Version: Cauldron => 9
Assignee: java => qa-bugs
Whiteboard: MGA9TOO => (none)
Summary: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and java-latest-openjdk new security issues => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk and java-latest-openjdk new security issues

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Configured LO to run java1.8.0 , and run my LO  Base application: forms run OK but on a report I get error:

BASIC runtime error.
An exception occurred 
Type: com.sun.star.uno.RuntimeException
Message: [jni_uno bridge error] UNO calling Java method execute: non-UNO exception occurred: java.lang.UnsupportedClassVersionError: org/jfree/report/JFreeReportBoot has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0

CC: (none) => herman.viaene

Java 11, similar error.

BASIC runtime error.
An exception occurred 
Type: com.sun.star.uno.RuntimeException
Message: [jni_uno bridge error] UNO calling Java method execute: non-UNO exception occurred: java.lang.UnsupportedClassVersionError: org/jfree/layouting/LibLayoutInfo has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes class file versions up to 55.0

Java 17, application runs OK, report shows up with  the old Mageia-related LO bug on the layout of the report.

Java latest 22, same result as above.

All in all, the errors foe versions java1.8.0 and java 11 are of the same order as the previous update 32724, so no regression. Though I wonder why we get into this situation.
For me in view of all that, good to go.

Whiteboard: (none) => MGA9-64-OK

I keep wondering if the report error comes because we are supporting both arches, where the LO folks only issue 64-bit versions. But then, I am no developer.

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0179.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED