Hi folks I read up on the supported Java versions situation on the github issue tracker. I have some related questions around the v1.8.x line:
1. Is the project still releasing fixes on the 1.8.x line, at least while Java 8 is still in support? I ask because I think the last one was 1.8.14 in 2019. Say a CVE shows up, would you be likely to release a 1.8.15 with a fix? 2. Are the 1.8.x minor releases compatible, in the semantic-versioning sense of the word? i.e would a hypothetical 1.8.15 be a drop-in replacement? I ask because this project doesn't explicitly follow semantic versioning, although I suspect it may have back in the 1.8 days? Apologies if these are answered elsewhere, if so I didn't manage to find them on the website. The context of my ask is OWASP A06 analysis of our SBOM, not to motivate for any project action. regards Alan McLachlan ACI Worldwide www.aciworldwide.com ________________________________ [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] <http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. _______________________________________________ aspectj-users mailing list aspectj-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/aspectj-users
