[jdk8u-dev] RFR: 8295530: Update Zlib Data Compression Library to Version 1.2.13 [v4]
Stewart X Addison
duke at openjdk.org
Wed Mar 15 15:19:40 UTC 2023
On Wed, 8 Mar 2023 12:40:59 GMT, Stewart X Addison <duke at openjdk.org> wrote:
>> As per https://github.com/openjdk/jdk11u-dev/pull/1788 which backported this to 11.
>>
>> Backporting zlib 1.2.13 due to https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (9.8 CVSS score)
>> As per the JDK11u change this makes the zlib directory in the source identical to the one for JDK17u so I do not anticipate any problems.
>>
>> I've run a test build on one Linux/mac/windows version and will run the same set of tier1 testing that I did on the 11 PR, plus some others. I'll probably try to run on some other platforms before requesting an integrate, but I'll also need a sponsor to add the appropriate tags to [JDK-8295530](https://bugs.openjdk.org/browse/JDK-8295530) so I'm opening this now.
>>
>> - Tier 1 (Linux/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_linux/1019/testReport/
>> - Tier 1 (macOS/x64): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-64_mac/778/testReport/
>> - Tier 1 (Windows/x32): https://ci.adoptium.net/job/Test_openjdk8_hs_sanity.openjdk_x86-32_windows/719/testReport/
>>
>> This is the first time I've backported to 8 with skara - I'm assuming the process is now the same as 11. If not, please let me know and I will adjust accordingly.
>
> Stewart X Addison has updated the pull request incrementally with one additional commit since the last revision:
>
> Update line for zlib 1.2.13
>
> Signed-off-by: Stewart X Addison <sxa at redhat.com>
Based on the above discussions targetting 8u382 sounds good to me, so are ok to get this tagged appropriately so it can be integrated? (I don't have author privileges so can't tag it myself)
-------------
PR: https://git.openjdk.org/jdk8u-dev/pull/277
More information about the jdk8u-dev
mailing list