2

Context: I am working on Apache Calcite (repo: github.com/apache/calcite) and am trying to update the HSQLDB version to 2.7.1 to address https://nvd.nist.gov/vuln/detail/CVE-2022-41853 (the issue is being tracked here: https://issues.apache.org/jira/browse/CALCITE-5938).

Because Calcite uses JDK8 I cannot simply use the normal 2.7.1 version because this only supports JDK11+. Instead I must use the alternative JAR (can be found here: https://repo1.maven.org/maven2/org/hsqldb/hsqldb/2.7.1/) but I am not sure how to do this in Gradle. The versions of each dependency may be found in gradle.properties in the repo I linked above. Does anyone know how I can use the JDK8 version of that release?

I have tried updating the dependency to 2.7.1 in gradle.properties as well as adding a classifier like 2.7.1:jdk8 to no avail.

Tanner Clary
  • 21
  • 2

1 Answers1

0

Please use the latest available version of HSQLDB (2.7.2) as it features new security updates. See below for a Gradle example: https://hsqldb.org/doc/2.0/guide/deployment-chapt.html#dec_dependency_applications

Please report your existing Gradle code and its location for a better answer.

fredt
  • 24,044
  • 3
  • 40
  • 61