Liberica Native Image Kit 23.1.3+2 (21.0.3+10): Release Notes

1. Introduction

This document provides the late-breaking information about Liberica NIK 23.1.3 release.

This particular version of Liberica NIK 23.1.3+2 is based on Liberica JDK 21.0.3+10. For more information about Liberica JDK release, see Liberica JDK Release Notes.

2. Liberica NIK 23.1.3+2

Liberica Native Image Kit is a utility Based on GraalVM Open Source that is capable of converting your JVM-based application into a fully compiled native executable ahead-of-time under the closed-world assumption with an almost instant startup time.

Liberica NIK supports the following platforms:

Linux x86_64 (glibc)
Linux Alpine x86_64 (musl)
Linux AArch64 (glibc)
Linux Alpine AArch64 (musl)
Mac OS x86_64
Mac OS AArch64
Windows x86_64

3. Liberica NIK distribution

Liberica NIK is distributed as .apk, .deb, .dmg, .msi, .pkg, .rpm, .tar.gz, and .zip packages. Please select the most appropriate for your purposes.

Liberica NIK 23.1.3 supports the following languages and frameworks:

LLVM - 16.0.1 (GraalVM CE Native 23.1.3)
Python - 3.10.8 (GraalVM CE Native 23.1.3)
Node.js - v18.19.1
Java - Liberica JDK 21.0.3+10
Java Script - GraalVM JavaScript (GraalVM CE Native 23.1.3)
TruffleRuby - 23.1.3 (Ruby 3.0.3)
Native Image - GraalVM Version 23.1.3 (Liberica JDK 21.0.3+10, LTS)
Wasm - WebAssembly (GraalVM CE Native 23.1.3)

4. Known Issues

This release does not contain any known issues. For the list of Liberica JDK known issues, see Liberica JDK Release Notes

5. CVEs

This is the list of the security issues fixed in this release. CVSS scores are provided using the CVSS version 3.1 scoring system.

CVE ID	CVSS score	Component	Module	Attack Vector	Complexity	Privileges	User Interaction	Scope	Confidentiality	Integrity	Availability
CVE-2023-46809	6.8	node.js	crypto	network	high	low	none	unchanged	high	high	none
CVE-2023-5678	5.3	node.js	openssl	network	low	none	none	unchanged	none	none	low
CVE-2023-6129	6.5	node.js	openssl	network	high	none	none	unchanged	none	low	high
CVE-2024-0727	5.5	node.js	openssl	local	low	none	required	unchanged	none	none	high
CVE-2024-21892	7.5	node.js	credentials	local	high	low	none	changed	high	high	none
CVE-2024-22019	7.5	node.js	llhttp	network	low	none	none	unchanged	none	none	high
CVE-2024-22025	6.5	node.js	zlib	network	low	none	required	unchanged	none	none	high
CVE-2024-24758	3.9	node.js	undici	network	high	high	required	unchanged	low	low	low
CVE-2024-24806	7.3	node.js	libuv	network	low	none	none	unchanged	low	low	low

CVE ID

CVSS score

Component

Module

Attack Vector

Complexity

Privileges

User Interaction

Scope

Confidentiality

Integrity

Availability

CVE-2023-46809

6.8

node.js

crypto

network

high

low

none

unchanged

high

none

CVE-2023-5678

5.3

node.js

openssl

network

low

none

unchanged

none

low

CVE-2023-6129

6.5

node.js

openssl

network

high

none

unchanged

none

low

high

CVE-2024-0727

5.5

node.js

openssl

local

low

none

required

unchanged

none

high

CVE-2024-21892

7.5

node.js

credentials

local

high

low

none

changed

high

none

CVE-2024-22019

7.5

node.js

llhttp

network

low

none

unchanged

none

high

CVE-2024-22025

6.5

node.js

zlib

network

low

none

required

unchanged

none

high

CVE-2024-24758

3.9

node.js

undici

network

high

required

unchanged

low

CVE-2024-24806

7.3

node.js

libuv

network

low

none

unchanged

low

6. Notable Issues

This release does not contain any notable issues. For the list of Liberica JDK notable issues, see Liberica JDK Release Notes

7. Resolved Issues

Liberica NIK issues

This is the list of Liberica NIK issues fixed in this release.

Issue ID	Summary
GR-49301	Workaround CPU features Xcode 15 miscomp issue (GR-49301)
GR-51022	Backport to 23.1: Built-ins for the current time should reflect the changes in system time.
GR-51294	Backport to 23.1: Deprecate ZeroExtendNode.inputAlwaysPositive.
GR-51438	[GR-51888] Backport to 23.1: Don’t rethrow internal parser errors as SyntaxError.
GR-51667	Backport to 23.1: Use safe abs in loop opts.
GR-51744	Backport to 23.1: Fix possible infinite recursion in AbstractJSObjectArray.setElementImpl.
GR-52325	Backport to 23.1: Deopt loops in NetSuite JS code.
GR-52396	Backport to 23.1: Fix wasm.jar not being included in nodejs jvm standalone.
GR-52465	Backport to 23.1: Upgrading the underlying Node.js to version 18.19.1.
GR-52692	Backport to 23.1: CInterfaceWrapper Hooks
GR-52947	Backport to 23.1: GH-8638: Correctness problem when System.arraycopy a byte array.
GR-53048	Backport 23.1: Workaround CPU features Xcode 15 miscomp issue.
GR-53188	Release GraalVM 23.1.3

Issue ID

Summary

GR-49301

Workaround CPU features Xcode 15 miscomp issue (GR-49301)

GR-51022

Backport to 23.1: Built-ins for the current time should reflect the changes in system time.

GR-51294

Backport to 23.1: Deprecate ZeroExtendNode.inputAlwaysPositive.

GR-51438

[GR-51888] Backport to 23.1: Don’t rethrow internal parser errors as SyntaxError.

GR-51667

Backport to 23.1: Use safe abs in loop opts.

GR-51744

Backport to 23.1: Fix possible infinite recursion in AbstractJSObjectArray.setElementImpl.

GR-52325

Backport to 23.1: Deopt loops in NetSuite JS code.

GR-52396

Backport to 23.1: Fix wasm.jar not being included in nodejs jvm standalone.

GR-52465

Backport to 23.1: Upgrading the underlying Node.js to version 18.19.1.

GR-52692

Backport to 23.1: CInterfaceWrapper Hooks

GR-52947

Backport to 23.1: GH-8638: Correctness problem when System.arraycopy a byte array.

GR-53048

Backport 23.1: Workaround CPU features Xcode 15 miscomp issue.

GR-53188

Release GraalVM 23.1.3

Alpaquita Cloud
Native Platform

Pricing

Alpaquita

Alpaquita Container

Liberica JDK

Liberica JDK 6&7

Liberica JDK for Embedded

Liberica JDK
Performance Edition

Liberica JDK with CRaC