Create Jan 2024 CPU release post

[smlambert]

Description of change

Checklist

• npm test passes
• documentation is changed or added (if applicable)
• permission has been obtained to add new logo (if applicable)
• contribution guidelines followed here

[netlify]

✅ Deploy Preview for eclipsefdn-adoptium ready!

Name	Link
🔨 Latest commit
🔍 Latest deploy log	https://app.netlify.com/sites/eclipsefdn-adoptium/deploys/65b3cca27a782b2492dbc38e
😎 Deploy Preview	https://deploy-preview-2570--eclipsefdn-adoptium.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[smlambert]

New & Noteworthy Notes:

• no arm32 for JDK21 and onwards (reference PMC decision)
• updates/refinements to SBOM contents (Add Windows & Mac Compiler Fields To SBOM temurin-build#3608)
• ensure we run reproducible test against JDK21 and make a statement on reproducibility (and the fact that we have a repeatable test being added into our pipeline)
• reference SLSA level 3 compliance for Linux & Mac (https://adoptium.net/blog/2024/01/slsabuild3-temurin/)

[smlambert]

Release Notes:

• jdk17 - create_release_notes/67/
• jdk11 - create_release_notes/69/
• jdk21 - create_release_notes/70/
• jdk8 - create_release_notes/71/

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (c523909) 99.27% compared to head (d670717) 99.28%.
Report is 50 commits behind head on main.

❗ Current head d670717 differs from pull request most recent head 611bf7c. Consider uploading reports for the commit 611bf7c to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2570   +/-   ##
=======================================
  Coverage   99.27%   99.28%           
=======================================
  Files          87       87           
  Lines        6622     6680   +58     
  Branches      574      582    +8     
=======================================
+ Hits         6574     6632   +58     
  Misses         48       48           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[smlambert]

Amalgate info from https://openjdk.org/groups/vulnerability/advisories/2024-01-16 and NIST.

[smlambert]

https://nvd.nist.gov/vuln/detail/CVE-2024-20945 not found ->
https://security.snyk.io/vuln/SNYK-ALMALINUX8-JAVA21OPENJDKHEADLESS-6182660

[sxa]

A few minor comments which you can take or leave, but I'm only giving this as 'request changes' because of the "Diagram X" ambiguity to make sure that's considered before this is merged. Otherwise this LGTM

[sxa]

Suggested change

	As of this release, extra details relating to Windows and Mac compiler versions are being recorded in the Software Bill of Materials (SBOM) for those platforms (details can be found in temurin-build [PR 3606](https://github.com/adoptium/temurin-build/pull/3606)).
	As of this release, extra details relating to Windows and Mac compiler versions are being recorded in the Software Bill of Materials (SBoM) for those platforms (details can be found in temurin-build [PR 3606](https://github.com/adoptium/temurin-build/pull/3606)).

[sxa]

SBoM

[smlambert]

I don't think I 've seen it represented that way, always see it referenced as SBOM (including at NIST glossary).

[sxa]

Suggested change

	### Dropping Temurin ARM 32bit Linux binaries for JDK 21 and up
	### Dropping Temurin Arm 32bit Linux binaries for JDK 21 and up

[sxa]

Suggested change

	As per the Eclipse Adoptium PMC decision (minuted here), the project will not produce Temurin binaries for ARM 32bit Linux for JDK 21 and up. This decision is based on several criteria, including download statistics, level of support for the platform in the upstream OpenJDK project and interest from Adoptium Working Group members.
	As per the Eclipse Adoptium PMC decision (minuted here), the project will not produce Temurin binaries for Arm 32-bit Linux for JDK 21 and up. This decision is based on several criteria, including download statistics, level of support for the platform in the upstream OpenJDK project and interest from Adoptium Working Group members.

[sxa]

Suggested change

	Since our previous release, we have been diligently been working at closing the last issues required for us to declare [SLSA Level 3 compliance for Linux and macOS Temurin binaries](https://adoptium.net/blog/2024/01/slsabuild3-temurin/). This is a lauded accomplishment for the project, though our work is on-going. Our 2024 plan sees us continue to focus on secure development best practices.
	Since our previous release, we have been diligently been working at closing the last issues required for us to declare [SLSA Level 3 compliance for Linux and macOS Temurin binaries](https://adoptium.net/blog/2024/01/slsabuild3-temurin/). This is a lauded accomplishment for the project, though our work is ongoing. Our 2024 plan sees us continue to focus on secure development best practices.

[sxa]

I presume "Diagram X" is intended to be replaced by something here?

[smlambert]

Yes, I will be pushing an additional file shortly and updating this reference, thanks!

[jerboaa]

LGTM. Thanks for doing this!

[jerboaa]

There are some linter errors, though.

[smlambert]

Linter errors fixed, not sure I understand the CI / code cov failure or if it is specific to this PR or a general problem, ReferenceError: jest is not defined.

[smlambert]

Raised #2624 since CI failure appears to affect all PRs in this repo, not related to this one specifically.