Downporting JDK-8313765 to jdk11u and jdk17u and respinning 11.0.20 and 17.0.8
Volker Simonis
volker.simonis at gmail.com
Mon Aug 21 17:57:35 UTC 2023
I've just created "JDK-8314677: Bump update version for OpenJDK:
jdk-17.0.8.1" [1] and set its "Fix version" to "17.0.8.1".
Ben is preparing a PR for it. I'm not sure however, if he can create a
PR which will be merged with 17.0.8-ga? Maybe only Götzt can do that
(or create a 17.0.8.1 branch in 17u)?
[1] https://bugs.openjdk.org/browse/JDK-8314677
On Fri, Aug 18, 2023 at 10:41 AM Andrew Hughes <gnu.andrew at redhat.com> wrote:
>
> On 14:50 Thu 17 Aug , Sergey Bylokhov wrote:
> > Nobody mention respin of JDK 20u:
> > https://github.com/openjdk/jdk20u/pull/87
> > Does anybody plan to do it?
> >
> > On 8/17/23 10:31, Andrew Hughes wrote:
> > > Yes, I've been tracking this since it was discussed in the vulnerability
> > > group. I agree it is preferable to have a fix rather than resorting to
> > > turning off a CVE fix.
> > >
> > > My main worry is not about backporting the fix, but in whether we can
> > > squeeze in a respin. I'm glad to see the proposed fix has finally been
> > > posted publicly, reviewed and integrated as of yesterday. It seems
> > > to have taken a long time to get to that stage from the original VG
> > > discussion.
> > >
> > > When we've done interim releases in the past, they have been within a
> > > few weeks of the original release. With this release, we are already
> > > at the point where we enter rampdown for the next release in < 2
> > > weeks.
> > >
> > > I think we can still manage an interim release this time, but it
> > > needs to happen within the next week, before people start to focus
> > > on testing and adding security fixes to the October update.
> > >
> > > I'll go and review the 11u & 17u backports now. Note that there
> > > are currently GHA failures with both, one down to the GCC versioning
> > > we removed in 8u with https://bugs.openjdk.org/browse/JDK-8284772
> >
> > --
> > Best regards, Sergey.
> >
>
> We're not maintainers, Oracle are. I guess their efforts are now focused
> on 21. They are aware of this and have apparently added it to 17.0.10-oracle
> and 11.0.22-oracle already, and I see a request for 21 too [0]
>
> [0] https://bugs.openjdk.org/browse/JDK-8313765?focusedCommentId=14604862&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14604862
>
> Best regards,
> --
> Andrew :)
> Pronouns: he / him or they / them
> Principal Free Java Software Engineer
> OpenJDK Package Owner
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
>
> Please contact via e-mail, not proprietary chat networks
> Available on Libera Chat & OFTC IRC networks as gnu_andrew
More information about the jdk-updates-dev
mailing list