AdoptOpenJDK 提示 openjfx (javafx) 存在潜在的安全问题,这是正确的吗?
AdoptOpenJDK suggests that openjfx (javafx) has potential safety issues, is this correct?
在靠近底部的 FAQ section of AdoptOpenJDK 中,他们建议由于 JavaFX 的修补缓慢,它存在(潜在的)安全问题。这是正确的说法还是使用 javafx GUI 制作 java 应用程序仍然可以?
我需要启动一个新的(长期商业分布式)项目,由于这个相当负面的评论,我不确定 javaFX 是否是我的选择。
我知道这个问题会引发意见,但这不是我的本意。我喜欢 JavaFX 和 Swing,我不需要帮助就知道这些工具都很棒!由于这篇文章,我担心安全问题。
感谢 José Pereda 和 mipa!
我已经复制了他们的答案并将它们作为我问题的最终答案。
何塞·佩雷达:
With different words, the unpatched free JavaFX 11.0.2 version is not
safe to be bundled with the OpenJDK new versions. They are asking for
someone to do OpenJFX LTS for free, which won't happen. But you have a
commercial LTS offering (releasing 11.0.10 in a few days and providing
support), and you still have free JavaFX 15.0.1 and 16-ea+XX with all
the patches as well. In any case, these offerings are not bundled with
OpenJDK, but that is not an issue, you can download them from Maven
Central.
米帕:
You can always use and bundle the latest version of JavaFX including
all patches with your application even if, for some reason I don't
understand, you are still bound to Java 11. So in practice there is no
problem you have to worry about.
在靠近底部的 FAQ section of AdoptOpenJDK 中,他们建议由于 JavaFX 的修补缓慢,它存在(潜在的)安全问题。这是正确的说法还是使用 javafx GUI 制作 java 应用程序仍然可以?
我需要启动一个新的(长期商业分布式)项目,由于这个相当负面的评论,我不确定 javaFX 是否是我的选择。
我知道这个问题会引发意见,但这不是我的本意。我喜欢 JavaFX 和 Swing,我不需要帮助就知道这些工具都很棒!由于这篇文章,我担心安全问题。
感谢 José Pereda 和 mipa!
我已经复制了他们的答案并将它们作为我问题的最终答案。
何塞·佩雷达:
With different words, the unpatched free JavaFX 11.0.2 version is not safe to be bundled with the OpenJDK new versions. They are asking for someone to do OpenJFX LTS for free, which won't happen. But you have a commercial LTS offering (releasing 11.0.10 in a few days and providing support), and you still have free JavaFX 15.0.1 and 16-ea+XX with all the patches as well. In any case, these offerings are not bundled with OpenJDK, but that is not an issue, you can download them from Maven Central.
米帕:
You can always use and bundle the latest version of JavaFX including all patches with your application even if, for some reason I don't understand, you are still bound to Java 11. So in practice there is no problem you have to worry about.