2019-03-05

Should I recompile my java projects when upgrade my JRE/JDK






Searched#1of2: is that necessary to recompile java for jdk security upgrade

Found:

  1. https://stackoverflow.com/questions/3846237/security-issues-of-compiling-against-older-jdks

    Aside from some very hypothetical niche situation that hasn't ever happened yet, the only thing that matters is the version with which the application is executed.

    I don't think there are any known security issues that have been "fixed" with @deprecated, because that wouldn't really be appropriate.

    There are two issues at play here:

    1) You can have your Java compiler produce binaries that are binary compatible with older versions. That affects the language features available to you.

    2) You can compile against the Java system libraries of an older version, and that will affect what methods/classes are available, as they are always adding new ones.

    But neither of these affects the security of your application. What matters is the runtime version with which the application is executed.

    Observe that security problems are fixed between updates, not the major versions, which introduce changes in the language itself. For example, Java 6 is currently at update 21. Java 6 update 19 fixed stuff that was vulnerable in Java 6 update 18.

    When Java 6 update 19 was released, updates were released for Java 1.5 and Java 1.4, to fix the same issues in Java 1.5 (update 24) and Java 1.4 (update 26). See the security baseline table here: http://www.oracle.com/technetwork/java/javase/6u19-141078.html




Searched#2of2: should I recompile classes when JDK security patch




Found:

  1. https://docs.oracle.com/en/java/javase/11/migrate/index.html#JSMIG-GUID-5657F44A-B2D7-4FB6-AAD7-295AC4533ABC



    Compile Your Application if Needed

















No comments:

Post a Comment