Regarding the export/import issue (DERBY-2436 / 2437) & possibility of holding up the release for it I have to bring this up: we could choose to switch off the blob/clob import/export functionality. That still leaves the security hole. I tend to think that the added benefit of the having blob/clob import/export functionality does outweigh the increase in impact of the pre-existing security hole in import/export.
Myrna
