OpenLiberty · navaneethsnair1 · Nov 17, 2025 · Oct 29, 2025 · Oct 28, 2025 · Nov 4, 2025
diff --git a/posts/2025-09-09-25.0.0.9.adoc b/posts/2025-09-09-25.0.0.9.adoc
@@ -13,6 +13,8 @@ open-graph-image-alt: Open Liberty Logo
 blog-available-in-languages:
 - lang: zh-Hans
   path: /zh-Hans/blog/2025/09/09/25.0.0.9.html
+- lang: ja
+  path: /ja/blog/2025/09/09/25.0.0.9.html  
 ---
 = ECDH-ES support added to JWT Builder in 25.0.0.9
 Ismath Badsha <https://github.com/IsmathBadsha>

diff --git a/posts/2025-10-23-mcp-standalone-blog.adoc b/posts/2025-10-23-mcp-standalone-blog.adoc
@@ -32,7 +32,15 @@ Consider a scenario where your company provides weather forecasting services tha
 A more effective solution is to enable the AI to access current weather data through tools exposed by your Liberty application. This allows the AI to retrieve up-to-date forecast information whenever needed, ensuring responses are always based on the most current data available, without the need for AI model retraining.
 
 == How to Use the Liberty MCP Server Feature
-The Liberty MCP Server feature enables a Liberty server to communicate with agentic AI workflows using the MCP protocol with https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#streamable-http[streamable HTTP]. Using the MCP protocol provides a standardized way for any AI application to be able to discover and utilize the business logic within your application.
+The Liberty MCP Server feature enables a Liberty server to communicate with agentic AI workflows through the MCP protocol. This protocol provides a standardized way for AI applications to discover and utilize the business logic within your application.
+
+The MCP endpoint is available at `/mcp` under your application's context root. For example, if you see this in your logs:
+```
+CWWKT0016I: Web application available (default_host): http://localhost:9080/myMcpApp/
+```
+Then your MCP endpoint can be accessed at `http://localhost:9080/myMcpApp/mcp`. You can connect any MCP client that supports the https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#streamable-http[Streamable HTTP transport].
+
+To test your MCP server, you can use the https://modelcontextprotocol.io/docs/tools/inspector[MCP Inspector]. With `npm` installed, simply run `npx @modelcontextprotocol/inspector` to download and run it.
 
 === Declaring an MCP Tool
 To expose your business logic to authorized AI applications, you'll need to declare it as an https://modelcontextprotocol.io/specification/2025-06-18/server/tools[MCP tool]. In this context, a tool is a function or operation that the AI can invoke to perform a specific task.

diff --git a/posts/ja/2025-09-09-25.0.0.9.adoc b/posts/ja/2025-09-09-25.0.0.9.adoc
@@ -0,0 +1,248 @@
+---
+layout: post
+title: "25.0.0.9でJWT BuilderにECDH-ESサポートが追加されました"
+# Do NOT change the categories section
+categories: blog
+author_picture: https://avatars3.githubusercontent.com/IsmathBadsha
+author_github: https://github.com/IsmathBadsha
+seo-title: ECDH-ES サポートを 25.0.0.9 の JWT Builder に追加 — OpenLiberty.io
+seo-description: 'このリリースでは、JWT Builder に鍵管理アルゴリズムとして ECDH-ES のサポートを導入し、RSA-OAEP に代わるより安全な選択肢を提供します。'
+blog_description: 'このリリースでは、JWT Builder に鍵管理アルゴリズムとして ECDH-ES のサポートを導入し、RSA-OAEP に代わるより安全な選択肢を提供します。'
+open-graph-image: https://openliberty.io/img/twitter_card.jpg
+open-graph-image-alt: Open Liberty Logo
+additional_authors:
+- name: 佐野 剛（翻訳）
+  github: https://github.com/TSA0001
+  image: https://avatars.githubusercontent.com/u/56730221
+blog-available-in-languages:
+- lang: en
+  path: /blog/2025/09/09/25.0.0.9.html
+---
+= ECDH-ES サポートを 25.0.0.9 の JWT Builder に追加
+Ismath Badsha <https://github.com/IsmathBadsha>
+:imagesdir: /
+:url-prefix:
+:url-about: /
+//Blank line here is necessary before starting the body of the post.
+
+// // // // // // // //
+// In the preceding section:
+// Do not insert any blank lines between any of the lines.
+// Do not remove or edit the variables on the lines beneath the author name.
+//
+// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it
+// can be left empty which will set it to the default
+//
+// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to
+// a custom picture, you must provide a custom string for "open-graph-image-alt".
+//
+// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4
+// Replace IsmathBadsha with your GitHub username eg: lauracowen
+// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post).
+// Replace Ismath Badsha with your name as you'd like it to be displayed, eg: Laura Cowen
+//
+// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc
+//
+// If adding image into the post add :
+// -------------------------
+// [.img_border_light]
+// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"]
+// -------------------------
+// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not           
+// around diagrams. Then double check how it looks.
+// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark
+// backgrounds.
+// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog
+// change the "IMAGE CAPTION" to a couple words of what the image is
+// // // // // // // //
+
+本リリースでは、JWT Builderに鍵管理アルゴリズムとしてECDH-ESのサポートが導入され、RSA-OAEPに代わるより安全な選択肢を提供します。
+
+// // // // // // // //
+// In the preceding section:
+// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are.
+//
+// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review.
+// // // // // // // //
+
+// // // // // // // //
+// Replace the following throughout the document:
+//   Replace 25.0.0.9 with the version number of Open Liberty, eg: 22.0.0.2
+//   Replace 25009 with the version number of Open Liberty wihtout the periods, eg: 22002
+// // // // // // // //
+
+In link:{url-about}[Open Liberty] 25.0.0.9:
+
+* <<ECDH_ES, JWT Builderに対するECDH-ESサポートの追加>>
+* <<CVEs, セキュリティ脆弱性(CVE)の修正>>
+
+// // // // // // // //
+// In the preceding section:
+// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3
+// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3
+// Where the updates are grouped as sub-headings under a single heading 
+//   (eg all the features in a MicroProfile release), provide sub-entries in the list; 
+//   eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with 
+//   Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4)
+// // // // // // // //
+
+修正されたバグの一覧は、link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A25009+label%3A%22release+bug%22[25.0.0.9のリリースノート]で確認できます。
+
+その他の情報は、link:{url-prefix}/blog/?search=release&search!=beta[過去のOpen Liberty GAリリースブログ記事]をチェックしてください。
+
+
+[#run]
+
+// // // // // // // //
+// LINKS
+//
+// OpenLiberty.io site links:
+// link:{url-prefix}/guides/maven-intro.html[Maven]
+// 
+// Off-site links:
+//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions]
+//
+// IMAGES
+//
+// Place images in ./img/blog/
+// Use the syntax:
+// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"]
+// // // // // // // //
+
+== 25.0.0.9 を使いアプリを開発・実行するには
+
+link:{url-prefix}/guides/maven-intro.html[Maven] を使っている場合は、pom.xml に以下を含めてください：
+
+[source,xml]
+----
+<plugin>
+    <groupId>io.openliberty.tools</groupId>
+    <artifactId>liberty-maven-plugin</artifactId>
+    <version>3.11.5</version>
+</plugin>
+----
+
+link:{url-prefix}/guides/gradle-intro.html[Gradle] を使っている場合は、build.gradleに以下のように含めてください：
+
+[source,gradle]
+----
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'io.openliberty.tools:liberty-gradle-plugin:3.9.5'
+    }
+}
+apply plugin: 'liberty'
+----
+// // // // // // // //
+// In the preceding section:
+// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin
+// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin
+// TODO: Update GHA to automatically do the above.  If the maven.org is problematic, then could fallback to using the GH Releases for the plugins
+// // // // // // // //
+
+ さらに、link:{url-prefix}/docs/latest/container-images.html[コンテナイメージ]を使う場合はこちら：
+
+[source]
+----
+FROM icr.io/appcafe/open-liberty
+----
+
+あるいは、link:{url-prefix}/start/[ダウンロードページ]をご覧ください。
+
+link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA]、 link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code]、link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE]に対しても、に対しても、link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Open Liberty の開発者ツール]を使って IDE内からの開発・テスト・デバッグ・アプリ管理が可能です。
+
+[link=https://stackoverflow.com/tags/open-liberty]
+image::img/blog/blog_btn_stack_ja.svg[Stack Overflowで質問する, align="center"]
+
+// // // // DO NOT MODIFY THIS COMMENT BLOCK <GHA-BLOG-TOPIC> // // // // 
+// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/32660
+// Contact/Reviewer: tloodu
+// // // // // // // // 
+[#ECDH_ES]
+== JWT Builder に ECDH-ES サポートを追加する
+
+Open Liberty は JSON Web Token 1.0 (jwt-1.0) 機能を拡張し、jwtBuilder の鍵管理アルゴリズムとして ECDH-ES をサポートするようになりました。これにより、アプリ開発者は JSON Web Encryption (JWE) トークンの Content Encryption Key (CEK) を決定する際に、楕円曲線暗号を使えるようになります。これまでサポートされていた RSA-OAEP に比べ、よりモダンな代替手段を提供します。
+
+ECDH-ES を使うには、keyManagementKeyAlias 属性で楕円曲線 (EC) 公開鍵のエイリアスを定義しておく必要があります。EC 公開鍵／秘密鍵ペアは securityUtility や keytool を使って作成できます。例えば次のコマンド：
+
+----
+./securityUtility createSSLCertificate --sigAlg=SHA256withECDSA --keySize=256 --server=myServer --validity=3650 --password=password
+----
+
+----
+keytool -genkeypair -alias eccert -keyalg EC -groupname secp256r1 -validity 3650 -storetype pkcs12 -keystore myKeystore.p12 -storepass password
+----
+
+jwtBuilder 要素の keyManagementKeyAlgorithm 属性に ECDH-ES を指定して設定できます（この属性は JSON Web Token 1.0 (jwt-1.0) 機能の一部です）。
+ECDH-ES 鍵管理アルゴリズムで使われる EC（楕円曲線）公開鍵は、keyManagementKeyAlias 属性でそのエイリアスを参照し、trustStoreRef 属性でキーストアを指定します。
+
+jwtBuilder 要素の設定例（server.xml 内）：
+[source, xml]
+----
+<jwtBuilder
+    keyManagementKeyAlgorithm="ECDH-ES"
+    keyManagementKeyAlias="myECPublicKey"
+    trustStoreRef="myTrustStore" ... />
+----
+
+jwtBuilderの設定方法の詳細は、link:https://openliberty.io/docs/latest/reference/config/jwtBuilder.html[Open Libertyのドキュメント]を参照してください。
+
+// DO NOT MODIFY THIS LINE. </GHA-BLOG-TOPIC> 
+
+// // // // // // // //
+// In the preceding section:
+// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list
+// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list 
+// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4
+// Replace LINK with the link for extra information given for the feature
+// Replace LINK_DESCRIPTION with a readable description of the information
+// // // // // // // //
+
+[#CVEs]
+== このリリースでのセキュリティ脆弱性 (CVE) 修正
+[cols="5*"]
+|===
+|CVE |CVSS スコア |脆弱性内容 |影響を受けるバージョン |備考
+
+|https://www.cve.org/CVERecord?id=CVE-2025-36000[CVE-2025-36000]
+|4.4
+|ストアド型クロスサイトスクリプティング (Stored XSS)
+|17.0.0.3-25.0.0.8
+|adminCenter-1.0 機能に影響
+
+|https://www.cve.org/CVERecord?id=CVE-2025-36047[CVE-2025-36047]
+|5.3
+|DoS（サービス拒否）
+|18.0.0.2-25.0.0.8
+|servlet-3.1, servlet-4.0, servlet-5.0, servlet-6.0 機能に影響
+
+|https://www.cve.org/CVERecord?id=CVE-2025-48976[CVE-2025-48976]
+|7.5
+|DoS（サービス拒否）
+|17.0.0.3-25.0.0.8
+|上記と同じ
+
+|https://www.cve.org/CVERecord?id=CVE-2025-36124[CVE-2025-36124]
+|5.9
+|セキュリティのバイパス
+|17.0.0.3-25.0.0.8
+|wasJmsServer‐1.0, wasJmsSecurity‐1.0, wasJmsClient‐2.0, messagingServer‐3.0, messagingSecurity‐3.0, messagingClient‐3.0 機能に関連
+|===
+// // // // // // // //
+// In the preceding section:
+// If there were any CVEs addressed in this release, fill out the table.  For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc.  If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz.
+// Note: When linking to features, use the 
+// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and 
+// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[])
+//
+// If there are no CVEs fixed in this release, replace the table with: 
+// "There are no security vulnerability fixes in Open Liberty [25.0.0.9]."
+// // // // // // // //
+過去の脆弱性修正の一覧については、Open Liberty の link:{url-prefix}/docs/latest/security-vulnerabilities.html[セキュリティ脆弱性(CVE)のリスト]を参照してください。
+
+== Open Liberty 25.0.0.9を今すぐ入手
+
+このバージョンは<<run,Maven, Gradle, Docker、またはアーカイブ>>からダウンロード可能です。