Re: compile recent version for older jre

Wed, 26 Feb 2025 11:36:36 -0800

I believe that you are referring to the LDAP vulnerability addressed by https://issues.apache.org/jira/browse/DERBY-7147
The fix was backported to the 10.14 (java 8), 10.15 (java 9), and 10.16 (java 17) branches. If you want a fix-bearing Derby version which runs on Java 8, then you need to build the head of the 10.14 branch as follows: 


o Use subversion to grab a copy of the 10.14 source from 
https://svn.apache.org/repos/asf/db/derby/code/branches/10.14/



o Build the 10.14 jars by following the instructions at 
https://svn.apache.org/repos/asf/db/derby/code/branches/10.14/BUILDING.html



I think that you will run into problems if you try to hack the build 
scripts in order to produce a Java 8 compatible version from the 
development mainline.


Hope this helps,
-Rick

On 2/26/25 10:37 AM, Jacques Klein wrote:

Hello, my problem is the following, I wonder if recompiling the sources
could be a solution.

Some user requests a .jar update because of "the vulnerabilities".
  - only one version without (identified) vulnerabilies: 10.17.1.0
  - no luck, this new version must work on a JRE 1.8 but the maven
provided .jar contains class files with class file version 63.0

Is there some chance by tweaking the compiler's options to get him
producing 52.0 version class files ?, or is the source incompatible for
that ?

Alternatively, would it be possible to "re-inject" into version
10.14.2.0 the fix of the "1 vulnerability" which has been solved in
10.17.1.0 ?.
The caveat being than to convince the user...

Thanks for any hint,
Jacques K.



Jacques Klein
Lead Software Engineer
jacques.kl...@dalim.com

t.  +49 7851 91 96 39
DALIM SOFTWARE GmbH
Strassburger Strasse 6
77694 Kehl, Germany

www.dalim.com
i...@dalim.com  [DALIM SOFTWARE GmbH - Logo]
[DALIM ISO-27001 Certified - Logo]

Geschäftsführer (CEO): Dr. Carol Werlé • Vorsitzender des 
Aufsichtsrats (Chairman): Charles S. Blanchard
Ust-IdNr. (VAT-Nr.): DE 195 290 616 • Sitz der Gesellschaft 
(Location): Kehl, Amtsgericht Freiburg, HRB 371620



Explore our commitment to data privacy here: 
https://assets.dalim.com/gdpr/partner.html
[facebook] <https://www.facebook.com/DALIMSOFTWARE> [instagram] 
<https://www.instagram.com/dalim_software/> [linkendin] 
<https://www.linkedin.com/company/dalim-software-gmbh/> [x]  
<https://x.com/DalimSoftware>      [youtube] 
<https://www.youtube.com/@DALIMSOFTWARE>


























					Reply via email to