Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [technology-pmc] Eclipse JustJ 1.0 Release 
Hi Ed,

Question: Is this really limited to this particular source (url)? 

I thought the limitation was "OpenJDK", which would include the Zulu builds:
https://www.azul.com/downloads/zulu-community/?architecture=x86-64-bit&package=jdk



-Gunnar

-- 
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx, http://guw.io/


> On Aug 29, 2020, at 11:58, Ed Merks <ed.merks@xxxxxxxxx> wrote:
> 
> Gunnar,
> 
> The only alternative I have is to use JDK 14.0.2, which is not so ideal because it doesn't include unpack200 and of course the installer is heavily focused on downloading artifacts.  (And of course no one has the resource to try to address this deficiency with an unpack200 open-source library).
> 
> There is no newer version of Java 11 from the approved source:
> 
>   https://jdk.java.net/archive/
> 
> We'll have to wait for Eclipse Adoptium  for better sources...
> 
> So perhaps it's best to switch to Java 14.0.0 to avoid any potential problems?
> 
> (Thanks for your insight!)
> 
> Regards,
> Ed
> 
> On 29.08.2020 11:35, Gunnar Wagenknecht wrote:
>> +1
>> 
>> Ed, are you aware that 11.0.2 has a few CVEs logged?
>> https://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/version_id-281792/Oracle-JDK-11.0.2.html
>> 
>> As such it will be reported/blocked as insecure software by security scanning software installed on corporate machines. This might effect Eclipse packages and installer distributed with such vulnerable JREs. I experienced this myself with other applications shipping/embedding a JRE.
>> 
>> I'd like to encourage you to provide a 1.0.x release soon with updated JRE versions.
>> 
>> -Gunnar
>>

Back to the top