Merge branch 'main' into main

.github/workflows/check-adopters.yml

@@ -23,7 +23,7 @@ jobs:
 
     - run: python3 .github/workflows/fetch-adopters.py
 
-    - uses: gr2m/create-or-update-pull-request-action@488876a65a2ca38b7eb05e9086166337087f5323 # v1.10.0
+    - uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
       env:
         GITHUB_TOKEN: ${{ secrets.ADOPTIUM_BOT_TOKEN }}
       with:

.github/workflows/check-contributors.yml

@@ -68,7 +68,7 @@ jobs:
           done
         fi
 
-    - uses: gr2m/create-or-update-pull-request-action@488876a65a2ca38b7eb05e9086166337087f5323 # v1.10.0
+    - uses: gr2m/create-or-update-pull-request-action@b65137ca591da0b9f43bad7b24df13050ea45d1b # v1.10.1
       env:
         GITHUB_TOKEN: ${{ secrets.ADOPTIUM_BOT_TOKEN }}
       with:

.github/workflows/ci.yml

@@ -27,6 +27,6 @@ jobs:
       - run: npm run coverage
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+        uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -45,7 +45,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+      uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+      uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -70,4 +70,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+      uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9

.github/workflows/dependabot-auto-merge.yml

@@ -1,10 +1,12 @@
+# This is a templated file from https://github.com/adoptium/.eclipsefdn/tree/main/otterdog/blueprints/require_dependabot_auto_merge.yml
 name: Dependabot auto-merge
 on: pull_request_target
 
-permissions:
-  contents: write
-  pull-requests: write
+permissions: read-all
 
 jobs:
   dependabot:
+    permissions:
+      contents: write
+      pull-requests: write
     uses: adoptium/.github/.github/workflows/dependabot-auto-merge.yml@main

.github/workflows/ossf-scorecard.yml

@@ -30,11 +30,11 @@ jobs:
         results_file: results.sarif
         results_format: sarif
         publish_results: true
-    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+    - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: SARIF file
         path: results.sarif
         retention-days: 5
-    - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+    - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
       with:
         sarif_file: results.sarif

content/asciidoc-pages/support/_partials/support-table.adoc

@@ -5,10 +5,10 @@
 
 | Java 23
 | Sep 2024
-| 17 Sep 2024 +
-[.small]#jdk-23+37#
 | 15 Oct 2024 +
-[.small]#jdk-23.0.1#
+[.small]#jdk-23.0.1+11#
+| 21 Jan 2025 +
+[.small]#jdk-23.0.2#
 | Expected Mar 2025
 
 | Java 22
@@ -20,10 +20,10 @@
 
 | Java 21 (LTS)
 | Sep 2023
-| 16 Jul 2024 +
-[.small]#jdk-21.0.4+7#
 | 15 Oct 2024 +
-[.small]#jdk-21.0.5#
+[.small]#jdk-21.0.5+11#
+| 21 Jan 2025 +
+[.small]#jdk-21.0.6#
 | At least Dec 2029
 
 | Java 20
@@ -49,26 +49,26 @@
 
 | Java 17 (LTS)
 | Sep 2021
-| 16 Jul 2024 +
-[.small]#jdk-17.0.12+7#
 | 15 Oct 2024 +
-[.small]#jdk-17.0.13#
+[.small]#jdk-17.0.13+11#
+| 21 Jan 2025 +
+[.small]#jdk-17.0.14#
 | At least Oct 2027
 
 | Java 11 (LTS)
 | Sep 2018
-| 16 Jul 2024 +
-[.small]#jdk-11.0.24+8#
 | 15 Oct 2024 +
-[.small]#jdk-11.0.25#
+[.small]#jdk-11.0.25+9#
+| 21 Jan 2025 +
+[.small]#jdk-11.0.26#
 | At least Oct 2027
 
 | Java 8 (LTS)
 | Mar 2014
-| 16 Jul 2024 +
-[.small]#jdk8u422-b05#
 | 15 Oct 2024 +
-[.small]#jdk8u431#
+[.small]#jdk8u432-b06#
+| 21 Jan 2025 +
+[.small]#jdk8u441#
 | At least Nov 2026
 
 |===

content/asciidoc-pages/supported-platforms/index.adoc

@@ -22,6 +22,10 @@ icon:check[] - Supported, icon:docker[] - Docker image available, icon:times[] -
 | Windows 11 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | Windows 10 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 
+6+h| Windows (aarch64)
+| Windows Server 2022 | icon:times[] | icon:times[] | icon:times[] | icon:check[] | icon:check[]
+| Windows 11 | icon:times[] | icon:times[] | icon:times[] | icon:check[] | icon:check[]
+
 6+h| Windows (x86)
 | Windows Server 2022 | icon:check[] icon:docker[] | icon:check[] icon:docker[] | icon:check[] icon:docker[] | icon:times[] | icon:times[]
 | Windows Server 2019 | icon:check[] icon:docker[] | icon:check[] icon:docker[] | icon:check[] icon:docker[] | icon:times[] | icon:times[]
@@ -77,12 +81,13 @@ icon:check[] - Supported, icon:docker[] - Docker image available, icon:times[] -
 | Ubuntu 20.04 | icon:times[] | icon:times[] | icon:times[] | icon:check[] | icon:check[]
 
 6+h| macOS (x64)
+| macOS 15 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 14 | icon:times[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 13 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 12 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
-| macOS 11 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 
 6+h| macOS (Apple Silicon)
+| macOS 15 | icon:check[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 14 | icon:times[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 13 | icon:times[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]
 | macOS 12 | icon:times[] | icon:check[] | icon:check[] | icon:check[] | icon:check[]

content/blog/eclipse-temurin-8u422-11024-1712-2104-2202-available/index.md

@@ -36,7 +36,7 @@ This release contains the following fixes and updates.
 
 * [Temurin 11.0.24 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-11.0.24+8), including [fixes in OpenJDK 11.0.24](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+11.0.24)
 
-* [Temurin 17.0.11 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.12+7), including [fixes in OpenJDK 17.0.12](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.12)
+* [Temurin 17.0.12 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.12+7), including [fixes in OpenJDK 17.0.12](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.12)
 
 * [Temurin 21.0.4 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-21.0.4+7), including [fixes in OpenJDK 21.0.4](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+21.0.4)
 

content/blog/eclipse-temurin-8u432-11025-1713-2105-2301-available/index.md

@@ -0,0 +1,79 @@
+---
+title: Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1 Available
+date: "2024-11-04"
+author: pmc
+description: Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432, 11.0.25, 17.0.13, 21.0.5 and 23.0.1. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms.
+tags:
+  - temurin
+  - announcement
+  - release-notes
+---
+
+Adoptium is happy to announce the immediate availability of Eclipse Temurin 8u432-b06, 11.0.25+9, 17.0.13+11, 21.0.5+11 and 23.0.1+11. As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries, installers, and source code are available from the [Temurin download page](https://adoptium.net/temurin/releases), [official container images](https://hub.docker.com/_/eclipse-temurin) are available at DockerHub, and [installable packages](https://adoptium.net/installation/) are available for various operating systems.
+
+## Security Vulnerabilities Resolved
+
+The following table summarizes security vulnerabilities fixed in this release cycle. The affected Temurin version streams are noted by an 'X' in the table. Each line shows the [Common Vulnerabilities and Exposures (CVE) vulnerability database](https://nvd.nist.gov/vuln) reference and [Common Vulnerability Scoring System (CVSS) v3.1 base score](https://www.first.org/cvss/v3.1/specification-document) provided by the [OpenJDK Vulnerability Group](https://openjdk.org/groups/vulnerability/). Note that defense-in-depth issues are not assigned CVEs.
+
+| CVE Identifier  | Component                       | CVSS Score | v8 | v11 | v17 | v21 | v23 |
+| :-------------- | :------------------------------ | :--------: | :-: | :-: | :-: | :-: | :-: |
+| [CVE-2024-21235](https://nvd.nist.gov/vuln/detail/CVE-2024-21235) | hotspot/compiler              | Medium ([4.8](https://nvd.nist.gov/vuln/detail/CVE-2024-21235)) |  X  |  X  |  X  |  X  |  X  |
+| [CVE-2024-21208](https://nvd.nist.gov/vuln/detail/CVE-2024-21208) | core-libs/java.net           | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21208))    |  X  |  X  |  X  |  X  |  X  |
+| [CVE-2024-21210](https://nvd.nist.gov/vuln/detail/CVE-2024-21210) | hotspot/compiler              | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21210))    |  X  |  X  |  X  |  X  |  X  |
+| [CVE-2024-21217](https://nvd.nist.gov/vuln/detail/CVE-2024-21217) | core-libs/java.io:serialization | Low ([3.7](https://nvd.nist.gov/vuln/detail/CVE-2024-21217)) |  X  |  X  |  X  |  X  |  X  |
+
+Users should follow the [Adoptium policy for reporting vulnerability concerns](https://github.com/adoptium/adoptium/security/policy#security-policies-and-procedures) with this release.
+
+## Fixes and Updates
+
+This release contains the following fixes and updates.
+
+* [Temurin 8u432 release notes](https://adoptium.net/temurin/release-notes/?version=jdk8u432-b06), including [fixes in OpenJDK 8u422](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+openjdk8u422)
+
+* [Temurin 11.0.25 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-11.0.25+9), including [fixes in OpenJDK 11.0.25](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+11.0.25)
+
+* [Temurin 17.0.13 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-17.0.13+11), including [fixes in OpenJDK 17.0.13](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+17.0.13)
+
+* [Temurin 21.0.5 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-21.0.5+11), including [fixes in OpenJDK 21.0.5](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+21.0.5)
+
+* [Temurin 23.0.1 release notes](https://adoptium.net/temurin/release-notes/?version=jdk-23.0.1+11), including [fixes in OpenJDK 23.0.1](https://bugs.openjdk.org/issues/?jql=project+%3D+JDK+AND+fixVersion+%3D+23.0.1)
+
+## New and Noteworthy
+
+### Windows aarch64 support
+
+Starting with Eclipse Temurin versions 21.0.5 and 23.0.1, Windows aarch64 (ARM64) is now officially supported. This addition brings enhanced flexibility and performance improvements for developers working on ARM-based Windows systems. Users can now benefit from Temurin’s robust, high-performance JDK distribution on an expanded range of Windows hardware, continuing our commitment to broad platform compatibility and support for modern architectures.
+
+### Windows Updated Microsoft STL Redistributable Included in Eclipse Temurin
+
+We have addressed an issue in Eclipse Temurin regarding the inclusion of an outdated Microsoft STL redistributable (`msvcp140.dll`) in the JDK's bin directory, as noted in [issue #3887](https://github.com/adoptium/temurin-build/issues/3887). This issue led to crashes for applications using C++ libraries from Java that relied on the updated mutex behavior in the latest Microsoft toolset. The outdated DLL version caused mutex initialization errors, impacting multi-threaded functionality. With this fix, Temurin now includes the latest Microsoft redistributables, ensuring compatibility and stability for applications requiring the updated runtime.
+
+### Missing AIX 8u432 Release
+
+The AIX build for Eclipse Temurin 8u342 has been temporarily skipped due to a compilation error introduced in the upstream OpenJDK codebase. We have reported the issue in [JDK-8342822](https://bugs.openjdk.org/browse/JDK-8342822) and are actively working toward a resolution. We anticipate that the AIX JDK8u build will be available in the next quarterly release.
+
+### Container Updates
+
+#### GPG Verification Added to Eclipse Temurin images
+
+This release introduces GPG verification for Eclipse Temurin container downloads, adding integrity and authenticity checks for greater security. As part of this enhancement, the `gnupg` package is now included in all Ubuntu and Alpine-based container images, which could be a breaking change for some workflows. This adjustment ensures that users receive verified binaries but may impact containers that previously operated without gnupg installed. For further details, refer to [PR #673](https://github.com/adoptium/containers/pull/673).
+
+#### General availability of RISC-V container images
+
+In this release, we are introducing support for RISC-V (riscv64) architecture with new Docker images for Eclipse Temurin, available from JDK 17 onwards. This addition enables broader compatibility and performance on RISC-V platforms, furthering our commitment to supporting diverse architectures in the open-source ecosystem.
+
+#### Changes to Docker image external CA certs handling
+
+A recent fix has been applied across all eclipse-temurin container tags to resolve an issue with the `__cacert_entrypoint.sh` script during certificate renewals. Previously, the script generated certificate aliases using only the Subject CN, which led to alias duplication errors when both old and new intermediate certificates with the same CN were present. This affected the keytool import process, causing it to fail. The fix now appends the certificate's serial number to the alias if a duplicate CN is detected, ensuring unique aliases and allowing both certificates to coexist during transitional periods without error.
+
+See more details about the fix [here](https://github.com/adoptium/containers/pull/642).
+
+#### (Re)Introduction of Windows Nanoserver images for JDK23
+
+With the release of Eclipse Temurin 23.0.1, we are pleased to announce that Windows NanoServer images are now available, though this was skipped for the initial JDK 23 release. Currently, when running JDK 23+37 on Windows NanoServer containers, users may encounter the warning:
+
+```output
+OpenJDK 64-Bit Server VM warning: Failed to determine whether the OS can retrieve version information from kernel32.dll: The system cannot find the file specified
+```
+
+This warning is due to an ongoing issue with kernel version retrieval, and we anticipate it will be resolved in JDK 23.0.2. For more details, please refer to the [upstream issue](https://bugs.openjdk.org/browse/JDK-8340383).

locales/fr/asciidoc.json

@@ -1,6 +1,6 @@
 {
     "asciidoc.template.warn.default.locale": "Cette page est la <englishVersionLink>version en anglais</englishVersionLink> car elle n'existe pas dans votre langue. Aidez-nous à la traduire en français. Consultez notre <translationGuideLink>guide de traduction</translationGuideLink> pour plus d'informations.",
-    "asciidoc.template.warn.outdated": "Cette page est la <englishVersionLink>version en anglais</englishVersionLink> car elle n'existe pas dans votre langue. Aidez-nous à traduire la dernière <englishVersionLink>version en anglais</englishVersionLink>. Consultez notre <translationGuideLink>guide de traduction</translationGuideLink> pour plus d'informations.",
+    "asciidoc.template.warn.outdated": "La traduction de cette page est basée sur une <previousEnglishVersionLink>version précédente de la page en anglais</previousEnglishVersionLink> et peut être inexacte. Aidez-nous en mettant à jour cette page pour qu'elle corresponde à la <lastEnglishVersionLink>dernière version de la page en anglais</lastEnglishVersionLink>. Consultez notre <translationGuideLink>guide de traduction</translationGuideLink> pour plus d'informations.",
     "asciidoc.author.list.title": "Auteurs de la documentation",
     "asciidoc.edit.link.title": "Aidez-nous à rendre ces documents géniaux !",
     "asciidoc.edit.link.content": "Tous les documents Adoptium sont open source. Vous voyez quelque chose qui ne va pas ou qui n'est pas clair ?",