db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [VOTE] 10.3.2 release
Date Wed, 28 Nov 2007 17:29:20 GMT
Kathey Marsden wrote:
> Please test and vote on the release candidate available at:

I'm still thinking about the change made to 10.3 for DERBY-3083.

In 10.2 bringing up the server in all cases did not install a security 

    - server did not start if the derby jars were re-named and no 
security manager was already installed. While this is a regression from 
10.2 it was secure.

    - if the derby jars are renamed then no security manager is 
installed. This is a regression security wise from but does fix 
a functional regression from

One real concern is that this new behaviour is is not 
documented anywhere, it contradicts the existing documentation, thus a 
user will assume a security manager has been installed. There's also no 
information printed to any error log that no security manager exists.



View raw message