Thanks for following up on this!! What was the difficulty in grabbing the 11.0.3+7 tag directly?
On Thu, 23 May 2019 at 17:50, Emmanuel Bourg <ebo...@apache.org> wrote: > Le 20/05/2019 à 14:38, Aleksey Shipilev a écrit : > > > Yes. Security fixes and Japanese epoch changes are delivered in > 11.0.3+7, after security embargo was > > lifted. The fixes are not in 11.0.3+6, which was tagged before the > embargo lifted. You are looking > > for these: > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/175eb80c253a > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/2996b4523925 > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/f0d8b845de21 > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/1084d119236b > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c61b8801f0e4 > > http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/59610bddd37a > > > > So yes, I would say the update should be high priority. > > OpenJDK 11.0.3 GA is now available in stretch-backports for amd64, the > other architectures are still building [1] and will follow soon. > > Since I couldn't upload 11.0.3+7 directly I've uploaded 11.0.3+1 with a > patch containing the changes up to 11.0.3+7 (the patch is only ~1000 > lines long, so it's still reasonable). The version of the package could > be misleading since it's still 11.0.3+1, but I've taken care to ensure > that "java -version" reports 11.0.3+7. > > Disclaimer: this backport remains a technology preview for Debian 9 > "Stretch", I'll do my best to maintain it but I can't guarantee any ETA > on the updates (co-maintainers would be welcome). Anyone serious about > using OpenJDK 11 in production should switch to Debian 10 "Buster" when > it's released. OpenJDK 11 in Buster will be tracked by the Security Team > and is guaranteed to work with the Java applications and libraries > packaged in Debian. > > Emmanuel Bourg > > [1] > > https://buildd.debian.org/status/package.php?p=openjdk-11&suite=stretch-backports > > -- Cheers, Martijn (Sent from Gmail Mobile)
