#234 An E version should be bound to a Java version

Need_for_security
closed-fixed
4
2005-07-24
2005-07-17
Steve Jenson
No

FIXED

The Java taming decisions are specific to a single
version of Java, and upgrading the Java libraries could
create significant vulnerabilities if those decisions
are no longer appropriate. [...] Consequently, we
recommend that Combex warn users that E should only be
used on the intended version of Java and take steps to
defend against this risk if Combex should ever decide
to upgrade to a later version of Java.

Followups

Comment Date By
The thread beginning at
http://www.eros-os.org/pipermail/e-lang/2002-March/006227.html
discusses this issue.

As I explain in my response at
http://www.eros-os.org/pipermail/e-lang/2002-March/006229.html
, on this issue I mostly disagree with the reviewers,
and think that a given version of E should normally be
considered to be compatible with >= a given version
of Java. 2002-Mar-18 21:23 markm

Discussion

  • Steve Jenson
    Steve Jenson
    2005-07-18

    • status: open --> open-fixed
     
  • Steve Jenson
    Steve Jenson
    2005-07-18

    • status: open-fixed --> closed-fixed
     
    • assigned_to: nobody --> caplet