OpenJDK Vulnerability Advisory: 2026/01/20

OpenJDK has issued a vulnerability advisory dated 2026/01/20. The advisory states that vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 25.0.1, 21.0.9, 17.0.17, 11.0.29, 8u472 and earlier. The advisory notes that defense-in-depth issues are not assigned CVEs. It recommends that users upgrade as soon as possible. Current and previous advisories are available for reference. OpenJDK and OpenJFX risk matrices are included. The advisory acknowledges the following parties for their reports and contributions: 1UE B1U3R, Ben Smith, Luca Kellermann and Mingijung. It also thanks the leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, JDK 21 Updates and OpenJFX Projects for providing the risk matrix information. The advisory provides instructions for reporting a vulnerability.