[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [aspectj-users] AspectJ versioning question
|
- From: "Mclachlan, Alan" <alan.mclachlan@xxxxxxxxxxxxxxxx>
- Date: Thu, 2 May 2024 09:11:44 +0000
- Accept-language: en-ZA, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aciworldwide.com; dmarc=pass action=none header.from=aciworldwide.com; dkim=pass header.d=aciworldwide.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/HJFUOTWo9TaildvMIWeZUVYT3Cnzwv07cVANd3HWsk=; b=NZCvE7eVgRC81GR02MehVJp0Nnk9IkRuqbl05pxxl4F8nuwgaz2YR3LMT8JYxfv5qa8cmbqwRySaPbNX48YD1wVOixK/uQI9v5pDxFiHw+TrR98WvQ8miRa4Iw2g++ZmSk0XejCrakLMRMUXHT8jx6036jEo8WjqUeaRqOBdi0GOd8FxklkCnRSe6ExbMwHjgpA6qN33fo/gFi3059fJlqNCMSiDNTrDNu+gM7kDrB7Khl/S4YPKITeaUnmGexHgGci46HtR9XLzsqGR/IiVMa4fP2+KZFnnPfFbPwML3Dbe7dPt6ABo62Ite2ETJmn22+vWBjsDdoccfgJfvWR5jw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SqUYT01ydX7I3xFFzhKOoK2mVyUy5gL59DH1mQbqglQ67cpWWS6/oWxiliT7ObCsw1pZA2NXnlP6I2SCtG7UPHxqsLJIz2iW4qNUeL51eV4X8oaAT5QU13vin1yLFrY5COEA84KxKsRYE9dP2fug2s9orTmuB+7RzD21bYMIUeFKOWbBfms0RXw6vlu7YXt02ao844G3ITBSXEEgodPBDWPZ8zha7kTjZgmoyPaB/tY+09o09+/2uHl4act/wYzWypVwX58MubvjHaR8E8It2h90M1YKIF9eDAVKGcCLFgu+G0DOdckXqFxyFK7jlpf+jXfHgB7q6Bp2WFmBP8b99Q==
- Delivered-to: aspectj-users@xxxxxxxxxxx
- List-archive: <https://www.eclipse.org/mailman/private/aspectj-users/>
- List-help: <mailto:aspectj-users-request@eclipse.org?subject=help>
- List-subscribe: <https://www.eclipse.org/mailman/listinfo/aspectj-users>, <mailto:aspectj-users-request@eclipse.org?subject=subscribe>
- List-unsubscribe: <https://www.eclipse.org/mailman/options/aspectj-users>, <mailto:aspectj-users-request@eclipse.org?subject=unsubscribe>
- Thread-index: Adqa7bx3/11C5gypS2WWeSvbHZ+J/wABA7eAAAMxT/AAKV8rAAAALQEAADL96kA=
- Thread-topic: [aspectj-users] AspectJ versioning question
Hi Alexander
Thanks for the feedback!
> It should be super easy to upgrade. Have you tried?
I have not, that's on the list.
I think I have what I need for now though.
Thanks again, I appreciate the engagement.
regards
Alan McLachlan
ACI Worldwide
http://www.aciworldwide.com/
-----Original Message-----
From: aspectj-users <aspectj-users-bounces@xxxxxxxxxxx> On Behalf Of Alexander Kriegisch via aspectj-users
Sent: Wednesday, May 1, 2024 10:51 AM
To: aspectj-users@xxxxxxxxxxx
Cc: Alexander Kriegisch <Alexander@xxxxxxxxxxxxxx>
Subject: Re: [aspectj-users] AspectJ versioning question
EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe.
Here is the CVE I was talking about, just found it again. It was in 1.9.19:
https://github.com/eclipse-aspectj/aspectj/issues/192
--
Alexander Kriegisch
https://scrum-master.de/
Alexander Kriegisch via aspectj-users schrieb am 01.05.2024 um 10:46:
> Yes, 1.8.14 was unusual. That was before UI was an AspectJ committer,
> though.
>
> Concerning the hypothetical CVE report, let us walk through that door
> if and when we stand in front of it. It always depends on the
> circumstances, but actually I see no reason why Java 8 users should
> not use e.g. 1.9.22. Installing an extra JDK on the build machine and
> pointing to that during compile-time weaving is not rocket science and
> in no way impedes you in using the compile results on Java 8. Besides,
> many bugs and even one CVE I personally remember were fixed in more
> recent versions, i.e. it might be beneficial even for legacy projects
> to recompile and use more recent AspectJ dependencies.
>
> It should be super easy to upgrade. Have you tried?
>
>
> Mclachlan, Alan via aspectj-users schrieb am 30.04.2024 um 15:02:
>
>> 1.8.14 must have been unusual then, because I did see it released
>> after the 1.9.xx branch was in progress.
>>
>> For a team on 1.8.x facing a hypothetical CVE report, how hard is the
>> upgrade to 1.9.22 likely to be? Sounds like a Java build time version
>> upgrade may be needed.
>>
>>
>> From: Alexander Kriegisch
>>
>>> Thanks for your inquiry.
>>>
>>> AspectJ generally does not release updates for older versions.
>>> Usually, more recent versions are backward compatible. E.g., you can
>>> use the current 1.9.22 to compile with 1.8 source/target or use LTW
>>> on Java 8. Only in your build environment when using AJC directly or
>>> aspectjtools.jar via Maven oder Gradle plugin, you would need Java
>>> 17, because the upstream Eclipse compiler requires it.
>>>
>>>
>>> Mclachlan, Alan via aspectj-users schrieb am 30.04.2024 um
>>> 13:13:
>>>
>>>> I read up on the supported Java versions situation on the github
>>>> issue tracker. I have some related questions around the v1.8.x
>>>> line:
>>>>
>>>> 1. Is the project still releasing fixes on the 1.8.x line, at least
>>>> while Java 8 is still in support? I ask because I think the last
>>>> one was 1.8.14 in 2019. Say a CVE shows up, would you be likely to
>>>> release a 1.8.15 with a fix?
>>>>
>>>> 2. Are the 1.8.x minor releases compatible, in the
>>>> semantic-versioning sense of the word? i.e would a hypothetical
>>>> 1.8.15 be a drop-in replacement? I ask because this project doesn't
>>>> explicitly follow semantic versioning, although I suspect it may
>>>> have back in the 1.8 days?
>>>>
>>>> Apologies if these are answered elsewhere, if so I didn't manage to
>>>> find them on the website.
>>>>
>>>> The context of my ask is OWASP A06 analysis of our SBOM, not to
>>>> motivate for any project action.
_______________________________________________
aspectj-users mailing list
aspectj-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/aspectj-users
________________________________
[https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com/>
This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally.
