3

The context: I want to be sure that Java installed on our system is not affected by CVE-2022-21449.

java -version gives

  openjdk version "11.0.7" 2020-04-14 LTS
  OpenJDK Runtime Environment 18.9 (build 11.0.7+10-LTS)
  OpenJDK 64-Bit Server VM 18.9 (build 11.0.7+10-LTS, mixed mode, sharing)

what meaning does "18.9" have? (java 11 is not listed as affected by CVE-2022-21449, java 18 on the other hand is).

John Donn
  • 1,718
  • 2
  • 19
  • 45
  • According to [this OpenJDK page](https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19), only `11.0.4` is affected, not `11.0.7` – Turing85 Apr 21 '22 at 07:34
  • maybe you meant 11.0.14; however 11.0.14 refers to "OpenJDK Vulnerability Advisory: 2022/04/19" and not to CVE-2022-21449, if one looks more carefully. – John Donn Apr 21 '22 at 07:37

1 Answers1

3

"18.9" refers to the release date (year and month).

https://en.wikipedia.org/wiki/Java_version_history#Java_11 notes that Java 11 was released in September of 2018.

Zephyr
  • 226
  • 1
  • 5