OpenJDK Vulnerability CVE-2021-2388

I tried to create a issue on this , but I  can't create as I do not have the permissions to.

If possible, can someone help to create a issue on this?

Thanks.

I installed the latest version 8.19.1, and check it is using AdoptOpenJDK11.0.11 , which is still affected by the CVE.

Hi everyone, thank you for reporting this. 

I have raised the bug here :

•  https://jira.atlassian.com/browse/JRASERVER-72880

I like to ask on the workaround,

Install/download the version of Java required by JIRA (see Supported Platforms); - Install OpenJDK 11 RHEL rpm , is that OK?
Stop JIRA;
Set the path where you installed Java as the JAVA_HOME (JDK) or JRE_HOME (JRE) variables for JIRA (see instructions below);

Note: If JRE_HOME is not defined, Jira will define its value using the JAVA_HOME value

Go to the location where you installed JIRA, then to the bin folder;
Edit the setenv.sh file and add the line at the initial lines:

JAVA_HOME="/path/to/new/jdk"
Set PATH  to include the <Java>/bin folder
PATH="/path/to/new/jdk
 

After that the bin installer, should use the rpm OpenJDK instead of the bin installer AdoptOpenJDK?

i am using the bin installer and  I tried to change the JAVA_HOME last time but didnt work.

This was the last error faced:

check-java.sh

line 31:

if [ $java_version -ne 8]  && [ $java_version -ne 11]

I am using:

OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)

OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

I have updated to 8.21.1 and it's still using OpenJDK 11.0.11. In this link, https://jira.atlassian.com/browse/JRASERVER-72880?jql=text%20~%20CVE-2021-2388

it mentions that it was fixed in 8.20.4?

Any plans to fix this?

will like to check if  there is going to be fixed:

OpenJDK installed version: 11.0.11