This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2024-03-30
Channels
- # architecture (10)
- # babashka (11)
- # beginners (12)
- # calva (7)
- # clojure (7)
- # clojure-europe (2)
- # clojure-norway (12)
- # clojure-spec (2)
- # events (7)
- # fulcro (3)
- # hyperfiddle (3)
- # instaparse (12)
- # lsp (2)
- # malli (3)
- # missionary (20)
- # music (1)
- # off-topic (18)
- # reitit (9)
- # releases (4)
- # squint (5)
- # xtdb (32)
I've seen some conflicting stuff about this so I'd love some clarity: does the xz/liblzma backdoor have any direct impact on clojure on the jvm (temurin)?
Clojure itself does not use or depend on lzma. Can you share links to the conflicting stuff re jvm?
It was on social media so I'll probably never find it again... Some people claimed that some jdk builds used xz/lzma then others argued that it only concerned certain libs that pulled that specific library in through ffi, but i couldn't track the convo any further
There's evidence that the bad actor committed to the xz-java package. So consider that tainted for the time being. I haven't seen anything specifically about xz in any Java builds, but if I do I'll let you know.
I would be surprised if Java builds used that