Upgrade to Java 11
Closed this issue · 1 comments
We still want to maintain a version 100% compatible with Java 8.
Since Java 9, we can use multi-release JARs (MRJAR) which is now supported by Maven Compiler plugin, but a Gradle developer gives convincing arguments against using this feature.
Alternative: switch to Gradle and take advantage of Gradle's variant-aware dependency management. See also https://docs.gradle.org/current/userguide/cross_project_publications.html#targeting-different-platforms, where it says (current version is 6.7.1):
Future versions of Gradle will provide ways to automatically build for different Java platforms.
Just got the issue of missing jaxb (javax.xml.bind) with Java 11, that breaks the maven build.
Although the jakarta jaxb dependencies (see below) added in pdp-testutils/pom.xml + in the parent (same dependencies, to be added in various pom.xml there: main pom.xml, pdp-ext-model/pom.xml, atom-model/pom.xml and xacml-model/pom.xm) fix the compilation issue, the build still breaks (later on) due to detected vulnerabilities: spring-core-5.1.14.RELEASE.jar: CVE-2020-5421, and jackson-databind-2.9.10.5.jar: CVE-2020-24616, CVE-2020-24750.
1st vulnerability gets fixed by and upgrading spring.version to 5.3.0 in the parent.
2nd one gets fixed by setting version of jackson-databind to 2.11.3 in pdp-testutils/pom.xml .
And do not forget to update parent version in core pom (7.6.2-SNAPSHOT) after building the parent.
<!-- API, java.xml.bind module -->
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>2.3.2</version>
</dependency>
<!-- Runtime, com.sun.xml.bind module -->
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>2.3.2</version>
</dependency>
With all that done, at least it compiles :) Well, I only tried with tests skipped...