openjdk team mailing list archive

Thread
Date

Bug#912333: openjdk-8-jdk: breaks maven-surefire-plugin (security-caused regression)

To: 912333@xxxxxxxxxxxxxxx, "Mannix, Brendan" <BMannix@xxxxxxx>
From: Thorsten Glaser <t.glaser@xxxxxxxxx>
Date: Wed, 31 Oct 2018 01:19:49 +0100 (CET)
In-reply-to: <9022A4DC-149A-41CB-89E5-A38CDF1835EC@contoso.com>
Reply-to: Thorsten Glaser <t.glaser@xxxxxxxxx>, 912333@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Wed, 31 Oct 2018 00:21:01 +0000
Resent-from: Thorsten Glaser <t.glaser@xxxxxxxxx>
Resent-message-id: <handler.912333.B912333.154094519423959@xxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
User-agent: Alpine 2.21 (DEB 202 2017-01-01)

On Tue, 30 Oct 2018, Mannix, Brendan wrote:

> I worked around this issue for my team today by upgrading to surefire
> 2.22.1 and adding the element below to the configuration:
> 
> <version>2.22.1</version>
>          <configuration>
>          <useSystemClassLoader>false</useSystemClassLoader>
>          </configuration>

Thanks, that might prove useful if Surefire and OpenJDK
people can’t fight it out between themselves.

Nevertheless, current OpenJDK 11 does *not* exhibit the
bug (which was found out on IRC some days ago when I
first ran into that bug), so I wonder where the sentence
“This is an intentional upstream change” comes from, and
what the Debian OpenJDK maintainers have to say to that.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg