Is there a maintained java 8 version of the library

[amynbe]

Hi, The migration guide mentions that the library required java 11 since xades4j 2.0.0.

I'd need a java 8 compatible version of the library, however maven central reports vulnerabilities on 1.7.0. https://mvnrepository.com/artifact/com.googlecode.xades4j/xades4j/1.7.0

Would addressing those vulnerabilities be a quick fix? Any other reason why you'd discourage staying on 1.7?

Thank you in advance.

[luisgoncalves]

Hi

There isn't a maintained version compatible with Java 8. I don't know if resolving the vulnerabilities in 1.7.0 would be a quick fix. It depends if the dependencies to be updated include breaking changes (namely Apache Santuario). You can try checking out the 1.7.0 tag, updating the dependencies, and building from source.

By staying in older versions you'll be missing the dependency updates and possibly some code changes also related to security (probably nothing major). That's assuming you're not interested in any new features added to the library in the meantime.