db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [VOTE] 10.3.2 release
Date Wed, 28 Nov 2007 17:29:20 GMT
Kathey Marsden wrote:
> Please test and vote on the 10.3.2.0 release candidate available at:

I'm still thinking about the change made to 10.3 for DERBY-3083.

In 10.2 bringing up the server in all cases did not install a security 
manager.

In 10.3.1.4:
    - server did not start if the derby jars were re-named and no 
security manager was already installed. While this is a regression from 
10.2 it was secure.

In 10.3.2.0
    - if the derby jars are renamed then no security manager is 
installed. This is a regression security wise from 10.3.1.4 but does fix 
a functional regression from 10.3.1.4.

One real concern is that this new behaviour is 10.3.2.0 is not 
documented anywhere, it contradicts the existing documentation, thus a 
user will assume a security manager has been installed. There's also no 
information printed to any error log that no security manager exists.

Dan.



https://issues.apache.org/jira/browse/DERBY-3083

Mime
View raw message