Skip to content

revert: downgrade Derby 10.17.1.0 → 10.15.2.0 (Java 19+ incompatibility)#1101

Closed
mateusaubin wants to merge 4 commits intoapache:mainfrom
iomete:investigate-derby-upgrade-failure
Closed

revert: downgrade Derby 10.17.1.0 → 10.15.2.0 (Java 19+ incompatibility)#1101
mateusaubin wants to merge 4 commits intoapache:mainfrom
iomete:investigate-derby-upgrade-failure

Conversation

@mateusaubin
Copy link
Copy Markdown

@mateusaubin mateusaubin commented Mar 31, 2026

Summary

  • Reverts dependabot bump b8b597a that upgraded Derby from 10.15.2.0 to 10.17.1.0
  • Derby 10.17.1.0 requires Java 19+ due to use of restricted sun.misc.Unsafe APIs — breaks builds on our current JDK target
  • No backport has been released by Derby maintainers (fix exists in repo but was never shipped); Derby is effectively unmaintained

Context

Derby is a test-scope only dependency in flight/flight-sql — it is not shipped to users. This was discussed in the daily sync and needs to be annotated in Vanta accordingly.

Options considered

Option Notes
Revert (this PR) Unblocks builds immediately; accept risk given test-scope
Remove Derby + disable tests Cleaner long-term if we don't need it
Replace with H2 More actively maintained embedded DB
Manage our own Derby 10.16.1.2 release Full control but high maintenance burden
Upgrade arrow-java/JDBC to JDK-21 Would allow keeping 10.17.1.0; larger scope change

Follow-up

  • Annotate in Vanta: test-scope dependency, originates from upstream arrow-java fork, not shipped to users
  • Decide long-term Derby strategy (see options above)

Test plan

  • Build passes on current JDK target after revert
  • flight/flight-sql tests pass with Derby 10.15.2.0

mateusaubin and others added 4 commits March 18, 2026 19:49
@mateusaubin
feat(flight-jdbc): Add gRPC proxy detector for HTTP CONNECT tunneling (
870af9e 
…#1)

- Introduces ArrowFlightProxyDetector: implements gRPC ProxyDetector with multi-level resolution priority
  * proxyDisable=force override
  * proxyBypassPattern matching (glob format, case-insensitive)
  * Explicit proxyHost+proxyPort configuration
  * ProxySelector.getDefault() fallback
- Updates NettyClientBuilder to install proxy detector during channel creation
- Extends ArrowFlightConnection/ArrowFlightSqlClientHandler to pass proxy config
- Adds comprehensive unit tests for bypass pattern matching and proxy resolution

issue: https://linear.app/iomete/issue/CE-208/
@mateusaubin
release: Package IOMETE fork as 19.0.0-iomete.1 (#2)
69ba4db 
* release: bump version to 19.0.0-iomete.1 and add IOMETE manifest

- Set all module versions from 19.0.0-SNAPSHOT to 19.0.0-iomete.1
- Add ManifestResourceTransformer to flight-sql-jdbc-driver shade plugin
  with Built-By, Implementation-Vendor, Implementation-Version, and
  X-Fork-Source entries identifying this as an IOMETE fork of Arrow 19.0.0

* chore: add build config for JDK 17

* fix: remove machine-specific dotGitDirectory from git-commit-id-plugin config
@dependabot
Bump org.apache.derby:derby in /flight/flight-sql (#3)
b8b597a 
Bumps org.apache.derby:derby from 10.15.2.0 to 10.17.1.0.

---
updated-dependencies:
- dependency-name: org.apache.derby:derby
  dependency-version: 10.17.1.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mateusaubin
revert: downgrade Derby 10.17.1.0 → 10.15.2.0 (Java 19+ incompatibility)
782e473 
Derby 10.17.1.0 requires Java 19+ due to internal use of restricted APIs
(sun.misc.Unsafe). No backport has been released by the Derby maintainers,
despite the fix existing in the repo. The project currently targets Java
versions below 19, making this upgrade a build-breaking change.

Derby is effectively unmaintained (dead project). Longer-term options
discussed during daily sync:
- Accept risk: dependency is test-scoped, not shipped to users
- Remove Derby from our fork and disable affected tests
- Replace with H2 or another embedded DB
- Manage our own Derby 10.16.1.2 release
- Upgrade arrow-java/JDBC to JDK-21 (would allow keeping 10.17.1.0)

Decision: revert for now; track in Vanta noting this is test-scope only
and originates from the upstream arrow-java fork.

Reverts b8b597a
@mateusaubin
Copy link
Copy Markdown
Author

mateusaubin commented Mar 31, 2026

Opened by mistake against upstream; re-opening against iomete/arrow-java fork.

@mateusaubin mateusaubin deleted the investigate-derby-upgrade-failure branch April 2, 2026 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lidavidm lidavidm Awaiting requested review from lidavidm lidavidm will be requested when the pull request is marked ready for review lidavidm is a code owner

@laurentgo laurentgo Awaiting requested review from laurentgo laurentgo will be requested when the pull request is marked ready for review laurentgo is a code owner

@wgtmac wgtmac Awaiting requested review from wgtmac wgtmac will be requested when the pull request is marked ready for review wgtmac is a code owner

@jbonofre jbonofre Awaiting requested review from jbonofre jbonofre will be requested when the pull request is marked ready for review jbonofre is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mateusaubin