[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of mysql-connector-java

On 22.06.2016 00:43, Emmanuel Bourg wrote:
> Le 22/06/2016 à 00:28, Markus Koschany a écrit :
>> Houston, we have a problem. It seems the latest upstream release
>> requires Java 8 for building JDBC 4. In Jessie even Java 6 was
>> sufficient. I suggest we ship version 5.1.34 of mysql-connector-java
>> instead, which should build fine with Java 6/7 and also fix the security
>> vulnerability. If there is a better way, please let me know.
> We could also ignore the JDBC 4.2 classes and build with Java 7. If I'm
> not mistaken it's just a matter of removing this build step:
> https://sources.debian.net/src/mysql-connector-java/5.1.39-1/build.xml/#L903
> Emmanuel Bourg

That might be a solution. Perhaps we should also disable the testsuite

I am not sure if this would prevent all possible runtime errors though.
This would require more testing. In any case we have two options:
Patching 5.1.39 and make it compatible for Jessie /Wheezy or use 5.1.34


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: