On Mon, May 25, 2020 at 10:22:50AM +0200, Sylvain Beucler wrote: > Hi Security Team, > > What is your view on updating mysql-connector-java 5.1.42->5.1.49 for > Stretch?
We can update to 5.1.49, yes. We've had to update it to new 5.1.x releases in the past and I don't remember any issues. The fact that there's zero information totally sucks, but there's nothing we can do either (apart from removing it as we did a year ago). Looking at the debdiff from https://www.beuc.net/tmp/debian-lts/mysql-connector-java/ the remaining change would be to change the version number to 5.1.49-1~deb9u1 and the targets distro to stretch-security. Cheers, Moritz
