On Mon, 11 Mar 2024 17:46:14 GMT, Chad Rakoczy <d...@openjdk.org> wrote:

> Fix for [8325621](https://bugs.openjdk.org/browse/JDK-8325621)
> 
> Updates jspawnhelper to check that JDK version and jspawnhelper version are 
> the same. Updates test to include check for version. Also tested manually by 
> replacing jspawnhelper with incorrect version to confirm that check works.

Since incompatible changes here are seldom, another option would be to set/send 
a protocol version. Because if you reject an execute() on each mismatch or if 
only a incompatible execute() fails is both undesireable, but much more often 
with version compare (of course third behavior crash/corruption would be bad, 
but the bugfix should avoid that).

with a protocol version you don’t have to care about micro versions and also it 
is more tolerant about the usual cpu updates which do not introduce 
incompatibilities most of the time.

having said that, if you don’t want to introduce a protocol version and don’t 
want to gurantee this interface - the version quadruple would be fine for the 
most common cases of quarterly security updates.

btw just as a datapoint: we run into this issue with a longrunning Gerrit 
server which could no longer invoke external ssh client for incoming hooks (ad 
did not log this). It was not expected to use the system-vm which was updated 
on the running system by ubuntu.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18204#issuecomment-1989211732

Reply via email to