I understand that upgrading Java is not easy in some cases. However, for users who still need to update dependencies to solve CVE, I think it is important to remind them that Java 7 has ended its support.
On Thu, Jan 12, 2023 at 8:24 PM Gary Gregory <garydgreg...@gmail.com> wrote: > Hopefully there is no lost irony of updating a jar to a version that > requires Java 8 when the target Jaav 7 underlying platform has it's own > issues ;-) but it's not always simple to upgrade Java versions for some > customers... > > Gary > > On Thu, Jan 12, 2023, 06:16 Glavo <zjx001...@gmail.com> wrote: > > > Retrolambda may be able to help you: > > > > https://github.com/luontola/retrolambda > > > > But I think the best solution is to update to Java 8 and later. > > Because Java 7's life cycle ended in July last year, it has security > risks. > > > > On Thu, Jan 12, 2023 at 5:13 PM Toh Min <tsmi...@yahoo.com.invalid> > wrote: > > > > > Hi, > > > I have an application running on Java 1.7 which may be using > > > commons-net. I saw from the website that commons-net 3.9 requires Java > > 1.8. > > > I would like to resolve CVE-2021-37533 for commons-net, is there > anything > > > which I can do to mitigate it since the java version which I am using > is > > > lower than the minimum version for commons-net 3.9. > > > Thanks & Regards, > > > Min > > > > > >
