Liberica Native Image Kit 23.0.4+1 (17.0.11+10): Release Notes

1. Introduction

This document provides the late-breaking information about Liberica NIK 23.0.4 release.

This particular version of Liberica NIK 23.0.4+1 is based on Liberica JDK 17.0.11+10. For more information about Liberica JDK release, see Liberica JDK Release Notes.

2. Liberica NIK 23.0.4+1

Liberica Native Image Kit is a utility Based on GraalVM Open Source that is capable of converting your JVM-based application into a fully compiled native executable ahead-of-time under the closed-world assumption with an almost instant startup time.

Liberica NIK supports the following platforms:

  • Linux x86_64 (glibc)

  • Linux Alpine x86_64 (musl)

  • Linux AArch64 (glibc)

  • Linux Alpine AArch64 (musl)

  • Mac OS x86_64

  • Mac OS AArch64

  • Windows x86_64

3. Liberica NIK distribution

Liberica NIK is distributed as .apk, .deb, .dmg, .msi, .pkg, .rpm, .tar.gz, and .zip packages. Please select the most appropriate for your purposes.

Liberica NIK 23.0.4 supports the following languages and frameworks:

  • LLVM - 15.0.6 (GraalVM CE Native 23.0.4)

  • Python - 3.10.8 (GraalVM CE Native 23.0.4)

  • Node.js - v18.19.1

  • Java - Liberica JDK 17.0.11+10

  • Java Script - GraalVM JavaScript (GraalVM CE Native 23.0.4)

  • TruffleRuby - 23.0.4 (Ruby 3.0.3)

  • Native Image - GraalVM Version 23.0.4 (Liberica JDK 17.0.11+10, LTS)

  • Wasm - WebAssembly (GraalVM CE Native 23.0.4)

4. Known Issues

This release does not contain any known issues. For the list of Liberica JDK known issues, see Liberica JDK Release Notes

5. CVEs

This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.

CVE IDCVSS scoreComponentModuleAttack VectorComplexityPrivilegesUser InteractionScopeConfidentialityIntegrityAvailability

CVE-2023-46809

6.8

node.js

crypto

network

high

low

none

unchanged

high

high

none

CVE-2023-5678

5.3

node.js

openssl

network

low

none

none

unchanged

none

none

low

CVE-2023-6129

6.5

node.js

openssl

network

high

none

none

unchanged

none

low

high

CVE-2024-0727

5.5

node.js

openssl

local

low

none

required

unchanged

none

none

high

CVE-2024-21011

3.7

hotspot

runtime

network

high

none

none

unchanged

none

none

low

CVE-2024-21012

3.7

core-libs

java.net

network

high

none

none

unchanged

none

low

none

CVE-2024-21068

3.7

hotspot

compiler

network

high

none

none

unchanged

none

low

none

CVE-2024-21094

3.7

hotspot

compiler

network

high

none

none

unchanged

none

low

none

CVE-2024-21892

7.5

node.js

credentials

local

high

low

none

changed

high

high

none

CVE-2024-22019

7.5

node.js

llhttp

network

low

none

none

unchanged

none

none

high

CVE-2024-22025

6.5

node.js

zlib

network

low

none

required

unchanged

none

none

high

CVE-2024-24758

3.9

node.js

undici

network

high

high

required

unchanged

low

low

low

CVE-2024-24806

7.3

node.js

libuv

network

low

none

none

unchanged

low

low

low

6. Notable Issues

This release does not contain any notable issues. For the list of Liberica JDK notable issues, see Liberica JDK Release Notes

7. Resolved Issues

Liberica NIK issues

This is the list of Liberica NIK issues fixed in this release.

Issue IDSummary

GR-48705

Fix stamp inversion for ZeroExtend and SignExtend operations.

GR-48705

Incorporate the bounds of stampToInvert when calculating the bounds of the inverted stamp.

GR-48705

Infer input msb during stamp inversion for integer SignExtend.

GR-48705

Unittests for stamp inversion during conditional elimination.

GR-49573

Clean unsupported gate jobs

GR-50803

Backport to 23.0: Minor fixes and cleanups.

GR-50823

Backport to 23.0: Fix stamp inversion for ZeroExtend and SignExtend operations.

GR-50823

Fix stamp inversion for ZeroExtend and SignExtend operations.

GR-50823

Incorporate the bounds of stampToInvert when calculating the bounds of the inverted stamp.

GR-50823

Infer input msb during stamp inversion for integer SignExtend.

GR-50823

Unittests for stamp inversion during conditional elimination.

GR-50824

Backport to 23.0.3 : Fix stamp inversion for ZeroExtend and SignExtend operations.

GR-50834

Fix intrinsic frame states

GR-50879

Backport 23.0 : Use unsigned monitor and identity hash offsets and guarantee they are valid.

GR-50880

Backport to 23.0: Correctly handle printing certain JSON values in agent trace files.

GR-50915

Backport to 23.0: Fix Thread.getStackTrace() right after Thread.start().

GR-50965

Backport to 23.0: Print crash log when exception handling fails.

GR-50972

Backport to 23.0: Make segfault handler more robust.

GR-51029

Backport to 23.0: Constant fold reflection lookups in sun.nio.ch.Reflect.

GR-51089

Backport to 23.0: Preprocess _MSC_FULL_VER to detect cl.exe version info.

GR-51092

Backport to 23.0: Fix debug section alignment which can lead to corrupt debug info

GR-51095

Speedup method verification.

GR-51110

Could not load library @rpath/libjsig.dylib for nodejs native standalone on GraalVM for JDK17.

GR-51176

Remove Heap.allowPageSizeMismatch() and provide a method to set the physical memory size.

GR-51230

Backport to 23.0: Build GraalVM on Big Sur

GR-51312

Backport to 23.0: Crash log improvements.

GR-51332

Update JVMCI to jvmci-23.0-b28

GR-51378

Backport to 23.0: Fix Cpuid1Ecx feature parsing for AMD CPUs.

GR-51426

Backport to 23.0: Only use -H:Path validation in non-bundle mode.

GR-51482

Update JVMCI to jvmci-23.0-b29

GR-51484

Backport to 23.0: Fix a bug in the IsolateArgumentParser.

GR-51583

Backport to 23.0: induction variables: only non overflowing constant properties should be considered constant properties

GR-51592

Backport to 23.0: Don’t try to incorrectly move virtual state inputs out of loops

GR-51631

Update JVMCI to jvmci-23.0-b30

GR-51690

Backport to 23.0: Avoid deadlocks when the VM is out-of-memory and other threading-related fixes.

GR-51798

Backport to 23.0: Handle recently started threads without Thread object and NPE during VMOperation.

GR-51824

Backport to 23.0: Guard against deleting canonicalizer replacement.

GR-51830

Backport to 23.0: Cleanups and minor fixes.

GR-51834

Remove GU catalogs for CE

GR-51870

Backport to 23.0: Fixed read nodes must only be removed if they are not used as null checks.

GR-51927

Backport to 23.0: Ensure CompilationResult.methods does not contain duplicates.

GR-51958

Backport to: 20.3 Fix a deadlock in IsolateAwareTruffleCompiler.tearDownIsolateOnShutdown.

GR-51970

Backport to 23.0: Fix MacOS-specific perf data issue.

GR-52020

Backport to 23.0: Improve uncaught exception handler and error handling in CEntryPointSnippets.initializeIsolate().

GR-52064

Backport to 23.0: Workaround for a build-time crash.

GR-52106

Backport to 23.0: Don’t optimize away Narrow in comparisons with mixed signedness

GR-52179

Backport to 23.0: Fix FrameStates for unresolved deopts with incorrect stack size.

GR-52226

Backport to 23.0: Loop fragment: ensure we are not killing control flow when we have nodes in head position not in counted position.

GR-52245

Update JVMCI to jvmci-23.0-b32

GR-52290

Backport to 23.0: Regex language connot be used with UNTRUSTED sandbox policy.

GR-52326

Backport to 23.0: Deopt loops in NetSuite JS code.

GR-52343

Fixes for new class initialization strategy.

GR-52399

Update JVMCI to jvmci-23.0-b33

GR-52464

Backport to 23.0: Upgrading the underlying Node.js to version 18.19.1.

GR-52615

Improve a code installation error message.

GR-52618

Add option ImplicitExceptionWithoutStacktraceIsFatal.

GR-52618

Backport to 23.0: Small fixes and improvements.

GR-52618

Improve uncaught exception handler and error handling in CEntryPointSnippets.initializeIsolate().

GR-52667

Update JVMCI to jvmci-23.0-b34

GR-52677

Backport to 23.0: Fix for birth time support-ing JDKs.

ON THIS PAGE