Yes, 1.8.14 was unusual. That was before UI was an AspectJ committer,
though.

Concerning the hypothetical CVE report, let us walk through that door if
and when we stand in front of it. It always depends on the
circumstances, but actually I see no reason why Java 8 users should not
use e.g. 1.9.22. Installing an extra JDK on the build machine and
pointing to that during compile-time weaving is not rocket science and
in no way impedes you in using the compile results on Java 8. Besides,
many bugs and even one CVE I personally remember were fixed in more
recent versions, i.e. it might be beneficial even for legacy projects to
recompile and use more recent AspectJ dependencies.

It should be super easy to upgrade. Have you tried?
--
Alexander Kriegisch
https://scrum-master.de


Mclachlan, Alan via aspectj-users schrieb am 30.04.2024 um 15:02:
> Thanks for the quick response Alexander.
> 
> 1.8.14 must have been unusual then, because I did see it released after the 
> 1.9.xx branch was in progress.
> 
> For a team on 1.8.x facing a hypothetical CVE report, how hard is the upgrade 
> to 1.9.22 likely to be?
> Sounds like a Java build time version upgrade may be needed.
> 
> regards
> 
> Alan McLachlan
> Chief Architect - Merchant
> T +27 21 525 5008 / M +27 81 334 5946
> ACI Worldwide, Building A, The Estuaries, Century City, Milnerton, Cape Town, 
> 7435, South Africa.
> http://www.aciworldwide.com/
> 
> -----Original Message-----
> From: aspectj-users <aspectj-users-boun...@eclipse.org> On Behalf Of 
> Alexander Kriegisch via aspectj-users
> Sent: Tuesday, April 30, 2024 1:30 PM
> To: aspectj-users@eclipse.org
> Cc: Alexander Kriegisch <alexan...@kriegisch.name>
> Subject: Re: [aspectj-users] AspectJ versioning question
> 
> [You don't often get email from aspectj-users@eclipse.org. Learn why this is 
> important at https://aka.ms/LearnAboutSenderIdentification ]
> 
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the 
> content is safe.
> 
> 
> Hi Alan.
> 
> Thanks for your  inquiry.
> 
> AspectJ generally does not release updates for older versions. Usually, more 
> recent versions are backward compatible. E.g., you can use the current 1.9.22 
> to compile with 1.8 source/target or use LTW on Java 8.
> Only in your build environment when using AJC directly or aspectjtools.jar 
> via Maven oder Gradle plugin, you would need Java 17, because the upstream 
> Eclipse compiler requires it.
> 
> Regards
> --
> Alexander Kriegisch
> https://scrum-master.de/
> 
> 
> Mclachlan, Alan via aspectj-users schrieb am 30.04.2024 um 13:13:
> 
>> I read up on the supported Java versions situation on the github issue 
>> tracker.
>> I have some related questions around the v1.8.x line:
>>
>> 1. Is the project still releasing fixes on the 1.8.x line, at least while 
>> Java 8 is still in support?
>> I ask because I think the last one was 1.8.14 in 2019. Say a CVE shows up, 
>> would you be likely to release a 1.8.15 with a fix?
>>
>> 2. Are the 1.8.x minor releases compatible, in the semantic-versioning sense 
>> of the word?
>> i.e would a hypothetical 1.8.15 be a drop-in replacement?
>> I ask because this project doesn't explicitly follow semantic versioning, 
>> although I suspect it may have back in the 1.8 days?
>>
>> Apologies if these are answered elsewhere, if so I didn't manage to find 
>> them on the website.
>>
>> The context of my ask is OWASP A06 analysis of our SBOM, not to motivate for 
>> any project action.
>>
>> regards
>>
>> Alan McLachlan
>> ACI Worldwide
>> http://www.aciworldwide.com/
> _______________________________________________
> aspectj-users mailing list
> aspectj-users@eclipse.org
> To unsubscribe from this list, visit 
> https://www.eclipse.org/mailman/listinfo/aspectj-users
> ________________________________
>  [https://go.aciworldwide.com/rs/030-ROK-804/images/aci-footer.jpg] 
> <http://www.aciworldwide.com/>
> This email message and any attachments may contain confidential, proprietary 
> or non-public information. The information is intended solely for the 
> designated recipient(s). If an addressing or transmission error has 
> misdirected this email, please notify the sender immediately and destroy this 
> email. Any review, dissemination, use or reliance upon this information by 
> unintended recipients is prohibited. Any opinions expressed in this email are 
> those of the author personally.
> _______________________________________________
> aspectj-users mailing list
> aspectj-users@eclipse.org
> To unsubscribe from this list, visit 
> https://www.eclipse.org/mailman/listinfo/aspectj-users
> 
_______________________________________________
aspectj-users mailing list
aspectj-users@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/aspectj-users

Reply via email to