[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [technology-pmc] Eclipse JustJ 1.0 Release
|
Gunnar,
The only alternative I have is to use JDK 14.0.2, which is not so ideal
because it doesn't include unpack200 and of course the installer is
heavily focused on downloading artifacts. (And of course no one has the
resource to try to address this deficiency with an unpack200 open-source
library).
There is no newer version of Java 11 from the approved source:
https://jdk.java.net/archive/
We'll have to wait for Eclipse Adoptium for better sources...
So perhaps it's best to switch to Java 14.0.0 to avoid any potential
problems?
(Thanks for your insight!)
Regards,
Ed
On 29.08.2020 11:35, Gunnar Wagenknecht wrote:
+1
Ed, are you aware that 11.0.2 has a few CVEs logged?
https://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/version_id-281792/Oracle-JDK-11.0.2.html
As such it will be reported/blocked as insecure software by security scanning software installed on corporate machines. This might effect Eclipse packages and installer distributed with such vulnerable JREs. I experienced this myself with other applications shipping/embedding a JRE.
I'd like to encourage you to provide a 1.0.x release soon with updated JRE versions.
-Gunnar