Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5701: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859)
  • CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
  • CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-07-25

Updated:

2022-07-25

RHSA-2022:5701 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: java-1.8.0-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
  • OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)
  • OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)
  • BZ - 2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
  • BZ - 2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

java-1.8.0-openjdk-1.8.0.342.b07-1.el8_1.src.rpm

SHA-256: 680cc1393646c23c3fcf4b0802a8c671b6b6031b9ce0c01f1398d4e80816e372

ppc64le

java-1.8.0-openjdk-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 605f1015861e7a7db069eee9a39538fc92098b120ac390c55f23ecfe874ec007

java-1.8.0-openjdk-accessibility-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: a9dc7bb74b445c3978cb1e40753f49b04e5cfa6fce789005a937a91d2f9fb439

java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: a4147c3b26df50f9e20fd4164c0c41f17d408a38b3f7be13f6d40178c6356e11

java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 0da61a8ea094bcaf1a733e88587dae09dbba86f684036e51b7ce581011b806dd

java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 5dfaf4ea0e21b68c6ce0fe2325ccfcae2f4d6928919bcaaf267c77ff7baba785

java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: d324538fad36457d9b82629488cbb1881637e1623a8588040ef964a05b6e4890

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 92220c7ae826c70536834404aa7441fb1c9b0fa439cb84c98692c33cfa537670

java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 2c4790586d6b69fd2741b9494e1b643ee10182ec3b28294f6280d016c8d82dab

java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 2645841f486053f9dc35751f09be2e82c2d0d39889c67f2fd9c6cc96a1dcf406

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 7845b20f3f8b8a1802d1eee6212445d4c63038c37d937ce41bf70dbcd7c36bc3

java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 721bf94c573efe5eb5d74ad43aef060869f8a2b311d352411b92604a0f8c5e51

java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 0fa50b2fb6312ea16eaf0cffbdfc0516f6f26dac3d54f73b97af1d71dc15fb48

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: d901092f10bc2fe214e6afa0a4f1cd29e91ef04c8c754357559ec5ebdee6250b

java-1.8.0-openjdk-javadoc-1.8.0.342.b07-1.el8_1.noarch.rpm

SHA-256: 0fef1786b6f29373703405483a92ad808bda25d348b83bf67bab109ac30bff87

java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-1.el8_1.noarch.rpm

SHA-256: 3c9d046f5d5c75bedd803250d9b11ff690c8c00a28b557977c360ff683cb7b8d

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: 5a02c5117b35f1d22f8a4bb2654df6ecd58b872cb0a72e55b9c4257b7f714d36

java-1.8.0-openjdk-src-1.8.0.342.b07-1.el8_1.ppc64le.rpm

SHA-256: c34d7d338e43728283a1fbd6b97460c7c39c7b72b837c064171dd72c3d87db58

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

java-1.8.0-openjdk-1.8.0.342.b07-1.el8_1.src.rpm

SHA-256: 680cc1393646c23c3fcf4b0802a8c671b6b6031b9ce0c01f1398d4e80816e372

x86_64

java-1.8.0-openjdk-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: b82701c59459d16f37fda744733167f78c488a066fe0e49e24b02b3e8224c4b7

java-1.8.0-openjdk-accessibility-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: f7118f1ab7be4d4e8f7a4b503ff709d3adfd4c98fd14399276dd2b213629da0c

java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: bb383e262ea3940bce4029c0bb12959bfba9056b4b4d7f9ee5246d6014fdf193

java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: a1214ed285d8226dd18dd82ec6526da3b2bba4459ca628bd24f25a67db8f9014

java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 0a502f5159167b7031b36a94b1fae629da176c2ccbe2fae471124567f91dbf55

java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 33030503811fa0cf7738691fb9d6ce0e0445bcc7a461aec92244fb43d90fc3ae

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 3dc3a63de0bbd7dc4c7a96768df4c726daa72779f864ed22387d39a592afe3ab

java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: a7caf495a9ecbb98ad42e5ad8425fed4a95bdef0b61d08759c807788479397b5

java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 1f6b0a2c758a622f558ad377929559871edde5542d6c56c421f75ad300ee13fd

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 418f17dac0f813ccf5d7b07950aaffc8023bbb64a65c82b984ad3937db976960

java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: b4d4fb43a182a90b66f6ed26b1eac5279ce60a29336d70d7d7c0b3fd49a0e6ab

java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: 61e637fd50a5f5720d027c7fbd63bfe8f3a659736177f3e658591f0258825976

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: b7f9fffe5dd5ff14f548282ca8eb87c24a37ce17119239e354df2221be2bda5d

java-1.8.0-openjdk-javadoc-1.8.0.342.b07-1.el8_1.noarch.rpm

SHA-256: 0fef1786b6f29373703405483a92ad808bda25d348b83bf67bab109ac30bff87

java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-1.el8_1.noarch.rpm

SHA-256: 3c9d046f5d5c75bedd803250d9b11ff690c8c00a28b557977c360ff683cb7b8d

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: c44431b155894712948251b90dd2766ab6fb244d833ee343e929c4cedd238781

java-1.8.0-openjdk-src-1.8.0.342.b07-1.el8_1.x86_64.rpm

SHA-256: c4ff26e9a1589fa78b0e72d6852367e66b3032e6585fb20fee96eb2a8cd1e805

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202405-16

Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2022-41299: Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214.

Red Hat Security Advisory 2022-6262-01

Red Hat Security Advisory 2022-6262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include a bypass vulnerability.

RHSA-2022:6252: Red Hat Security Advisory: OpenShift Container Platform 3.11.784 security update

Red Hat OpenShift Container Platform release 3.11.784 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass

Red Hat Security Advisory 2022-6053-01

Red Hat Security Advisory 2022-6053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.56.

Ubuntu Security Notice USN-5546-1

Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.

Ubuntu Security Notice USN-5546-2

Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.

RHSA-2022:5908: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.3.10)

Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5756-01

Red Hat Security Advisory 2022-5756-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2022:5730: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...

Red Hat Security Advisory 2022-5754-01

Red Hat Security Advisory 2022-5754-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2022:5758: Red Hat Security Advisory: OpenJDK 17.0.4 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5757: Red Hat Security Advisory: OpenJDK 17.0.4 security update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5755: Red Hat Security Advisory: OpenJDK 11.0.16 Security Update for Portable Linux Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5754: Red Hat Security Advisory: OpenJDK 8u342 security update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

Red Hat Security Advisory 2022-5709-01

Red Hat Security Advisory 2022-5709-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2022-5687-01

Red Hat Security Advisory 2022-5687-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Red Hat Security Advisory 2022-5685-01

Red Hat Security Advisory 2022-5685-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

RHSA-2022:5736: Red Hat Security Advisory: java-17-openjdk security, bug fix, and enhancement update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5726: Red Hat Security Advisory: java-17-openjdk security, bug fix, and enhancement update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5709: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5698: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5696: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5697: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5700: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5695: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5687: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5687: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5687: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5684: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5684: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5684: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5685: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5685: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5685: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

GHSA-9339-86wc-4qgf: Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.