Clarification on javadocs, the generated 1.5.1 javadocs were not vulnerable and required no patching.
That said, I'm still in favor of bumping to jdk7. On Mar 28, 2014 11:36 AM, "Christopher" <[email protected]> wrote: > I want to bump the minimum supported version of Java to 7 for the next > version after the 1.6.x series. (Currently, this is tracked in JIRA as > 1.7.0, and the master branch in git). > > We've discussed this in detail for 1.5.0 and 1.6.0, and it has been > postponed for various reasons. I'd rather not rehash those discussions > in detail, but I really think it's time to do it. So, if you have a > serious objection that you think is still valid, and would warrant > delaying further, I'd like to hear it. > > FYI, JDK6 reached EOL over a year ago, and JDK7 will reach EOL next > year around this time. Some Linux distributions aren't even planning > to provide JDK7 in their repos, and provide only JDK8 (just released), > because it's expected to EOL within their support lifecycle. It'd be > nice to develop newer versions on a modern Linux OS without jumping > through hoops. JDK7 has been available in CentOS/RHEL for some time > now, and I'd be surprised if RHEL7 (still in beta) included JRE6 at > all. > > Plus, now there's the known javadoc6 vulnerabilities which require us > patching javadocs before putting on the website (which we don't do for > the javadoc jars, because they build with JDK6, so they would be > vulnerable if somebody dumped them and pushed them onto a website). > > -- > Christopher L Tubbs II > http://gravatar.com/ctubbsii >
