Merge pull request #4516 from OpenLiberty/25.0.0.9-post

navaneethsnair1 · web-flow · commit 740c99493b09 · 2025-09-08T15:08:33.000+05:30
Update 25.0.0.9-post into draft
diff --git a/blog_tags.json b/blog_tags.json
@@ -2,7 +2,8 @@
     "blog_tags": [
         {
             "name": "announcements",
-            "posts": ["25.0.0.9-beta", "25.0.0.8", "25.0.0.7", 
+            "posts": ["25.0.0.9", "25.0.0.9-beta", 
+                      "25.0.0.8", "25.0.0.7", 
                       "25.0.0.7-beta", "25.0.0.6", 
                       "25.0.0.6-beta", "25.0.0.5", 
                       "25.0.0.4", "25.0.0.4-beta", 
@@ -187,7 +188,8 @@
         },
         {
             "name": "release",
-            "posts": ["25.0.0.9-beta", "25.0.0.8", "25.0.0.7", 
+            "posts": ["25.0.0.9", "25.0.0.9-beta", 
+                      "25.0.0.8", "25.0.0.7", 
                       "25.0.0.7-beta", "25.0.0.6", 
                       "25.0.0.6-beta", "25.0.0.5", 
                       "25.0.0.4", "25.0.0.4-beta",
@@ -311,7 +313,8 @@
         },
         {
             "name": "security",
-            "posts": ["25.0.0.9-beta", "25.0.0.3", "25.0.0.3-beta",
+            "posts": ["25.0.0.9", "25.0.0.9-beta", 
+                      "25.0.0.3", "25.0.0.3-beta",
                       "25.0.0.2", "25.0.0.1-beta",
                       "24.0.0.12", "zero-migration",
                       "24.0.0.10-beta", "liberty-olo-rh-sso",
diff --git a/posts/2025-09-09-25.0.0.9.adoc b/posts/2025-09-09-25.0.0.9.adoc
@@ -68,7 +68,6 @@ In link:{url-about}[Open Liberty] 25.0.0.9:
 
 * <<ECDH_ES, Add ECDH-ES support to JWT Builder>>
 * <<CVEs, Security Vulnerability (CVE) Fixes>>
-* <<bugs, Notable bug fixes>>
 
 // // // // // // // //
 // In the preceding section:
@@ -158,9 +157,9 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent
 [#ECDH_ES]
 == Add ECDH-ES support to JWT Builder
 
-Open Liberty has enhanced its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the JWT Builder configuration. This update allows application developers to use Elliptic Curve (EC)Cryptography to determine the Content Encryption Key (CEK) of a JSON Web Encryption (JWE) token, providing a modern alternative to the previously supported RSA-OAEP with enhanced security. 
+Open Liberty enhances its JSON Web Token 1.0 (`jwt-1.0`) feature by introducing support for ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static) as a key management algorithm in the `jwtBuilder` configuration. This update allows application developers to use Elliptic Curve Cryptography to determine the Content Encryption Key (CEK) of a JSON Web Encryption (JWE) token, providing a modern alternative to the previously supported RSA-OAEP with enhanced security. 
 
-To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using securityUtility or keytool, for example:
+To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the `keyManagementKeyAlias` attribute. The EC public and private key pair can be generated using the securityUtility or the keytool, for example:
 
 ----
 ./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password
@@ -170,9 +169,9 @@ To use ECDH-ES, developers must define an Elliptic Curve (EC) public key in the
 keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password
 ----
 
-ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in aJWT Builder element of `JSON Web Token 1.0` (jwt-1.0) feature. The EC public key used for encryption must be referenced by its alias in `keyManagementKeyAlias`, and the keystore must be specified using the `trustStoreRef` attribute.
+ECDH-ES can be configured under the `keyManagementKeyAlgorithm` attribute in a `jwtBuilder` element of `JSON Web Token 1.0` (jwt-1.0) feature. Reference the EC public key used by the ECDH-ES key management algorithm by its alias in `keyManagementKeyAlias`, and specify the keystore using the `trustStoreRef` attribute.
 
-Sample server.xml configuration:
+Sample `server.xml` configuration:
 [source, xml]
 ----
 <jwtBuilder
@@ -181,7 +180,7 @@ Sample server.xml configuration:
     trustStoreRef="myTrustStore" ... />
 ----
 
-For more details on configuring `JWT Builder`, check the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
+For more details on configuring `jwtBuilder`, check the link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Liberty documentation].
     
 // DO NOT MODIFY THIS LINE. </GHA-BLOG-TOPIC> 
 
@@ -236,58 +235,6 @@ For more details on configuring `JWT Builder`, check the link:https://openlibert
 // // // // // // // //
 For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list].
 
-
-[#bugs]
-== Notable bugs fixed in this release
-
-
-We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the  link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A25009+label%3A%22release+bug%22[full list of bugs fixed in 25.0.0.9].
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32507[IBM WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32497[`CORBA MARSHAL` when sending a `Comparable` field containing a `String`]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32487[IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124 CVSS 5.9)]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32478[Address CVE-2025-36000]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32446[IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047 CVSS 5.3)]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32197[MP OpenAPI does not preserve the order of maps when merging documents]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32151[Using parentLast delegation causes inconsistent parent delegation when using common library references]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/32118[DuplicateHomeNameException occurs during EJB application restart after an error occurs during the application start]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/31962[openidConnectClient cannot handle low case "bearer" as token_type]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/31949[Cannot stop generating `trace.log` file]
-+
-
-* link:https://github.com/OpenLiberty/open-liberty/issues/31374[For HTTP stats, the http route attribute is not merging/abstracting requests that contain Path params for springboot application]
-+
-
-
-// // // // // // // //
-// In the preceding section:
-// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release.
-// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution.
-// If the issue on Github is missing any information, leave a comment in the issue along the lines of:
-// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" 
-// Feel free to message the owner(s) directly as well, especially if no action has been taken by them.
-// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs)
-// // // // // // // //
-
-
 == Get Open Liberty 25.0.0.9 now
 
 Available through <<run,Maven, Gradle, Docker, and as a downloadable archive>>.
