Several OpenJPA developers have the ability to update the Serp repository. And, as Jody pointed out, we have had to do that from time to time for Java class file format updates. I would expect that Java 9 would need some similar updates. Serp has needed very little maintenance over the years. So I am not understanding the concern....
Kevin On Mar 20, 2017 11:19, "Jody Grassel" <[email protected]> wrote: > Hello. SERP is more or less a third party library hosted on SourceForge > that is in maintenance mode. The last activity with SERP were updates to > support Java 8 JVM instruction set additions and constant pool types, and > it is likely that there will be updates to support such new additions to > Java 9 once the Virtual Machine Specification has been finalized and > released. > > You speak of security concerns, have you found a security/integrity bug in > the SERP code that needs to be reported and corrected? > > On Mon, Mar 20, 2017 at 12:31 PM, Romain Manni-Bucau < > [email protected]> > wrote: > > > Hi Anneliese, > > > > last time we asked and got upgrades in serp when we needed but plan is to > > use ASM instead of serp for these parts. > > > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://blog-rmannibucau.rhcloud.com> | Old Blog > > <http://rmannibucau.wordpress.com> | Github > > <https://github.com/rmannibucau> | LinkedIn > > <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory > > <https://javaeefactory-rmannibucau.rhcloud.com> > > > > 2017-03-20 10:06 GMT+01:00 Anneliese Leipold < > [email protected] > > >: > > > >> Hi, > >> > >> we are using OpenJPA in our product. Checking for security we found that > >> Serp which is a 3rd party component of OpenJPA is no longer supported. > >> This represents a security risk. So how do you address this issue? Do > you > >> take over ownership for it? Otherwise – probably not only we - would be > >> forced to replace OpenJPA. > >> > >> Looking forward to your answer > >> > >> Best regards, > >> > >> Anneliese > >> > >> > >> > >> [image: Oracle] <http://www.oracle.com/> > >> ANNELIESE LEIPOLD | Software Development Manager > >> Phone: ++467216291509 > >> Oracle Agile A9 > >> > >> ORACLE Deutschland B.V. & Co. KG > >> > >> ORACLE Deutschland B.V. & Co. KG > >> Hauptverwaltung: Riesstr. 25, D-80992 München > >> Registergericht: Amtsgericht München, HRA 95603 > >> > >> Komplementärin: ORACLE Deutschland Verwaltung B.V. > >> Hertogswetering 163/167, 3543 AS Utrecht, Niederlande > >> Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 > >> Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher > >> > >> [image: Green Oracle] <http://www.oracle.com/commitment> > >> > >> Oracle is committed to developing practices and products that help > >> protect the environment > >> > >> > >> > >> > >> > > > > >
