{"id":82014,"date":"2025-03-26T12:00:42","date_gmt":"2025-03-26T12:00:42","guid":{"rendered":"https:\/\/www.azul.com\/blog\/openjdk-security-improvements-are-making-java-safer\/"},"modified":"2025-05-13T13:07:16","modified_gmt":"2025-05-13T13:07:16","slug":"openjdk-security-improvements-are-making-java-safer","status":"publish","type":"post","link":"https:\/\/www.azul.com\/zh-hans\/blog\/openjdk-security-improvements-are-making-java-safer\/","title":{"rendered":"OpenJDK \u5b89\u5168\u6539\u8fdb\u8ba9 Java \u66f4\u5b89\u5168"},"content":{"rendered":"\n

OpenJDK <\/em>\u7684\u5b89\u5168\u6539\u8fdb\u4f7f<\/em> Java <\/em>\u5bf9\u7528\u6237\u66f4\u52a0\u5b89\u5168\uff0c\u5e76\u5e2e\u52a9\u8f6f\u4ef6\u5de5\u7a0b\u5e08\u7b80\u5316\u4e86\u5f00\u53d1\u6d41\u7a0b\u3002\u4fee\u8865\u6f0f\u6d1e\u3001\u51cf\u5c11\u653b\u51fb\u9762\u548c\u7ef4\u62a4\u793e\u533a\u90fd\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u3002\u5728\u8fd9\u7bc7\u535a\u6587\u4e2d\uff0c<\/em>Erik Costlow <\/em>\u89e3\u91ca\u4e86\u8fd9\u4e9b\u6539\u8fdb\u4ee5\u53ca<\/em> Azul <\/em>\u5982\u4f55\u5e2e\u52a9\u63d0\u9ad8\u5f00\u53d1\u4eba\u5458\u7684\u5de5\u4f5c\u6548\u7387\u3002<\/em><\/p>\n\n\n\n

\u5728\u8fc7\u53bb\u7684\u5341\u5e74\u4e2d\uff0cOpenJDK \u793e\u533a\u5728\u7b80\u5316\u8f6f\u4ef6\u5de5\u7a0b\u5e08\u5f00\u53d1\u6d41\u7a0b\u7684\u540c\u65f6\uff0c\u4e5f\u5927\u5927\u63d0\u9ad8\u4e86 Java \u5bf9\u7528\u6237\u7684\u5b89\u5168\u6027\u3002OpenJDK \u5b89\u5168\u6539\u8fdb\u7684\u7efc\u5408\u7ed3\u679c\u662f\uff0c\u5b89\u5168\u95ee\u9898\u51cf\u5c11\u4e86\uff0c\u5904\u7406\u6240\u6709\u8f6f\u4ef6\u4e2d\u4e0d\u53ef\u907f\u514d\u7684\u5b89\u5168\u95ee\u9898\u7684\u6d41\u7a0b\u4e5f\u66f4\u6e05\u6670\u4e86\u3002<\/p>\n\n\n\n

\u5177\u4f53\u6765\u8bf4\uff0c\u6709\u4e09\u70b9\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u6539\u8fdb\uff1a<\/p>\n\n\n\n

    \n
  1. \u5b89\u5168\u7684 Java \u5f00\u53d1\u5de5\u5177\u5305 (JDK)\uff0c\u80fd\u53ca\u65f6\u4fee\u8865\u6f0f\u6d1e\u5e76\u6309\u8ba1\u5212\u53d1\u5e03\u3002<\/li>\n\n\n\n
  2. \u6a21\u5757\u5316\u7684 JDK\uff0c\u901a\u8fc7\u521b\u5efa\u4fe1\u4efb\u8fb9\u754c\u5e76\u5e2e\u52a9\u5220\u9664\u4e0d\u5fc5\u8981\u7684\u6a21\u5757\u6765\u51cf\u5c11\u653b\u51fb\u9762\u3002<\/li>\n\n\n\n
  3. \u7ba1\u7406\u826f\u597d\u7684\u793e\u533a\uff0c\u5bf9\u8f6f\u4ef6\u5e93\u5177\u6709\u660e\u786e\u7684\u6240\u6709\u6743\u3002<\/li>\n<\/ol>\n\n\n\n

    \u53ca\u65f6\u66f4\u65b0\u7684\u5b89\u5168 JDK<\/strong><\/h2>\n\n\n\n

    Java \u5f00\u53d1\u5de5\u5177\u5305\u6309\u7167\u4e8b\u5148\u516c\u5e03\u7684\u8ba1\u5212\u6bcf\u5e74\u53d1\u5e03\u56db\u6b21\u3002\u6bcf\u6b21\u53d1\u5e03\u90fd\u4f1a\u8fdb\u884c\u6807\u51c6\u6539\u8fdb\uff0c\u5e76\u4fee\u8865\u4efb\u4f55\u65b0\u7684\u5b89\u5168\u98ce\u9669\u3002\u4e13\u95e8\u7684 OpenJDK \u6f0f\u6d1e\u5c0f\u7ec4\u4f1a\u5bf9\u6f0f\u6d1e\u8fdb\u884c\u5206\u7c7b\u5e76\u8fdb\u884c\u4f18\u5148\u7ea7\u6392\u5e8f\uff0c\u4ee5\u4fbf\u80fd\u591f\u4ee5\u9002\u5f53\u7684\u901f\u5ea6\u4fee\u590d\u8fd9\u4e9b\u6f0f\u6d1e\u3002\u4e0e\u62a5\u544a\u6f0f\u6d1e\u7684\u7814\u7a76\u4eba\u5458\u8fdb\u884c\u7684\u8fd9\u79cd\u534f\u8c03\uff0c\u786e\u4fdd\u4e86\u8865\u4e01\u80fd\u591f\u53ca\u65f6\u5f97\u5230\u5e94\u7528\u3002<\/p>\n\n\n\n

    \u5b89\u5168\u7684 JDK \u5e76\u4e0d\u610f\u5473\u7740\u4e0d\u4f1a\u51fa\u73b0\u6f0f\u6d1e\uff1b\u5b83\u610f\u5473\u7740\u4e00\u65e6\u51fa\u73b0\u6f0f\u6d1e\uff0c\u5c31\u80fd\u53ca\u65f6\u3001\u6b63\u786e\u5730\u89e3\u51b3\u3002<\/p>\n\n\n\n

    \u8ba1\u5212\u5b89\u6392\u7684\u8865\u4e01<\/strong><\/strong><\/h3>\n\n\n\n

    \u5b89\u5168\u8865\u4e01\u548c\u6539\u8fdb\u7a0b\u5e8f\u6bcf\u5e74\u53d1\u5e03\u56db\u6b21\uff0c\u5747\u5728\u9884\u5148\u516c\u5e03\u7684\u65e5\u671f\u53d1\u5e03\u3002\u901a\u8fc7\u8fd9\u4e9b\u65e5\u671f\uff0c\u9879\u76ee\u7ecf\u7406\u548c\u5176\u4ed6\u4eba\u5458\u53ef\u4ee5\u5c06 Java \u8865\u4e01\u5e94\u7528\u5b89\u6392\u4e3a\u5df2\u77e5\u7684\u5b63\u5ea6\u6d3b\u52a8\u3002\u7528\u6237\u53ef\u4ee5\u5728\u6bcf\u4e09\u4e2a\u6708\u7684\u7b2c\u4e09\u4e2a\u661f\u671f\u4e8c\u6216\u4e4b\u540e\u5b89\u6392\u65f6\u95f4\uff0c\u800c\u4e0d\u662f\u8ba2\u9605\u7535\u5b50\u90ae\u4ef6\u5217\u8868\u5e76\u5bf9\u8b66\u62a5\u505a\u51fa\u56de\u5e94\uff1a\u4e00\u6708\u3001\u56db\u6708\u3001\u4e03\u6708\u548c\u5341\u6708\u3002<\/p>\n\n\n\n

    \u5904\u7406\u548c\u4fee\u8865\u6f0f\u6d1e\u7684\u4e00\u4e2a\u5173\u952e\u90e8\u5206\u662f\u8ddf\u8e2a\u6f0f\u6d1e\u5e76\u544a\u77e5\u4eba\u4eec\u3002\u793e\u533a\u5de5\u4f5c\u7684\u4e00\u4e2a\u5173\u952e\u90e8\u5206\u662f\u5bf9\u53d1\u73b0\u5b89\u5168\u95ee\u9898\u5e76\u9002\u5f53\u62ab\u9732\u8fd9\u4e9b\u95ee\u9898\u4ee5\u5e2e\u52a9\u5f00\u6e90\u9879\u76ee\u7684\u7814\u7a76\u4eba\u5458\u7ed9\u4e88\u8ba4\u53ef\u3002<\/p>\n\n\n\n

    \u5e38\u89c1\u6f0f\u6d1e\u548c\u66b4\u9732<\/strong> (CVE) <\/strong>\u516c\u544a<\/strong><\/strong><\/h3>\n\n\n\n

    OpenJDK \u6f0f\u6d1e\u5c0f\u7ec4\u7ef4\u62a4\u7740\u6bcf\u4e2a Java \u7248\u672c\u4e2d\u5df2\u4fee\u8865\u7684 CVE \u7684\u5217\u8868<\/a>\uff0c\u5e76\u5bf9\u90a3\u4e9b\u4ee5\u8d1f\u8d23\u4efb\u7684\u6001\u5ea6\u8fdb\u884c\u6f0f\u6d1e\u62ab\u9732\u7684\u4e0d\u540c\u7814\u7a76\u4eba\u5458\u8868\u793a\u611f\u8c22\u3002\u8fd9\u4e3a\u4e0b\u6e38 Java \u7528\u6237\u63d0\u4f9b\u4e86\u56de\u7b54\u7b80\u5355\u95ee\u9898\u7684\u80fd\u529b\uff1a\u5982\u679c\u6211\u4f7f\u7528\u4ee5\u524d\u7248\u672c\u7684 Java\uff0c\u8fd9\u6837\u505a\u4f1a\u6709\u4ec0\u4e48\u98ce\u9669\uff1f<\/p>\n\n\n\n

    OpenJDK \u6f0f\u6d1e\u5c0f\u7ec4\u5728\u8fd9\u4e9b\u516c\u544a\u4e2d\u6240\u505a\u7684\u53e6\u4e00\u9879\u51fa\u8272\u5de5\u4f5c\u662f\u6309\u7ec4\u4ef6\u8ddf\u8e2a CVE\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709 Java \u7528\u6237\u90fd\u4f7f\u7528\u6bcf\u4e2a\u7ec4\u4ef6\u3002<\/p>\n\n\n\n

    \u7b80\u800c\u8a00\u4e4b\uff0c\u4ec5\u4ec5\u8bf4\u65e7\u7248 Java \u5b89\u88c5\u5305\u542b CVE \u5e76\u4e0d\u8db3\u4ee5\u8bf4\u660e\u8be5\u7cfb\u7edf\u5b58\u5728\u8be5\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

    \u4e00\u81f4\u7684\u547d\u540d<\/strong><\/strong><\/h3>\n\n\n\n

    2019 \u5e74\u521d\uff0cDocker \u4e0a\u7684\u4e3b\u8981 OpenJDK \u53d1\u884c\u7248\u63d0\u4f9b\u7684\u662f\u201c\u795e\u79d8\u8089 Java<\/a>\u201d\uff0c\u8fd9\u662f\u4e00\u4e2a\u4e0e\u4fee\u8865\u7a0b\u5e8f\u8ba1\u5212\u4e0d\u540c\u6b65\u7684\u6e90\u4ee3\u7801\u7248\u672c\uff0c\u9519\u8fc7\u4e86\u5404\u79cd\u5b89\u5168\u4fee\u8865\u7a0b\u5e8f\uff0c\u4f46\u4ecd\u7136\u4f7f\u7528\u4e86\u5305\u542b\u5b89\u5168\u6f0f\u6d1e\u7684 JDK \u7248\u672c\u53f7\u3002\u7ed3\u679c\uff0cDocker \u6620\u50cf\u7684\u7528\u6237\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u800c\u5df2\u77e5\u4e0b\u6e38 Java \u5206\u53d1\u7684\u7528\u6237\u662f\u5b89\u5168\u7684\u3002<\/p>\n\n\n\n

    \u901a\u8fc7\u8ba4\u8bc6\u5230\u6f0f\u6d1e\u62ab\u9732\u7684\u5fc5\u8981\u6027\u5e76\u4f7f\u7528\u9884\u5148\u53d1\u5e03\u7684\u5b63\u5ea6\u4fee\u8865\u7a0b\u5e8f\u8282\u594f\uff0c\u5728 OpenJDK \u4e0a\u5de5\u4f5c\u7684 Java \u4f9b\u5e94\u5546\u901a\u8fc7 JEP 322<\/a>\uff08\u57fa\u4e8e\u65f6\u95f4\u7684\u53d1\u5e03\u7248\u672c\uff09\u56f4\u7ed5\u76f8\u540c\u7684\u7f16\u53f7\u65b9\u6848\u8fdb\u884c\u5de5\u4f5c\u3002\u901a\u8fc7\u534f\u8c03\u56f4\u7ed5\u5b63\u5ea6\u4fee\u8865\u7a0b\u5e8f\u8ba1\u5212\u7684\u7248\u672c\u53f7\uff0c\u5927\u591a\u6570 Java \u4f9b\u5e94\u5546\u4f7f\u7528\u76f8\u540c\u7684\u6570\u5b57\uff0c\u8fd9\u4e9b\u6570\u5b57\u53ef\u4ee5\u76f8\u4e92\u7406\u89e3\u548c\u6bd4\u8f83\uff0c\u4ee5\u4e86\u89e3\u54ea\u4e2a\u7248\u672c\u53d1\u5e03\u8f83\u665a\u4ee5\u53ca\u8be5\u7248\u672c\u4e2d\u5b58\u5728\u54ea\u4e9b\u5b89\u5168\u4fee\u8865\u7a0b\u5e8f\u3002<\/p>\n\n\n\n

    \u8fd9\u79cd\u534f\u8c03\u7684\u66ff\u4ee3\u65b9\u6848\u5c06\u662f\u534a\u53ef\u9884\u6d4b\u4f46\u6beb\u65e0\u610f\u4e49\u7684\u6570\u5b57\uff0c\u8fd9\u9700\u8981\u7279\u6b8a\u7684\u67e5\u627e\u8868\u6765\u4e86\u89e3\u54ea\u4e9b\u5b89\u5168\u4fee\u8865\u7a0b\u5e8f\u5b58\u5728\u4e8e\u54ea\u91cc\u3002<\/p>\n\n\n\n

    \u57fa\u4e8e\u6a21\u5757\u7684<\/strong> JDK <\/strong>\u51cf\u5c11\u4e86\u653b\u51fb\u9762<\/strong><\/strong><\/h2>\n\n\n\n

    Java 8 \u53ca\u4ee5\u4e0b\u7248\u672c\u7684\u539f\u59cb\u6587\u6863\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6982\u5ff5\u56fe<\/a>\uff0c\u8bf4\u660e\u67d0\u4e9b\u529f\u80fd\u4f4d\u4e8e\u4f55\u5904\u3002\u4ece\u5a01\u80c1\u5efa\u6a21\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u8fd9\u4e5f\u662f\u6f0f\u6d1e\u5b58\u5728\u7684\u4f4d\u7f6e\u3002<\/p>\n\n\n\n

    \u4e00\u4e9b\u7247\u6bb5\u5f88\u5bb9\u6613\u8bc6\u522b\uff1a<\/p>\n\n\n\n