These notes describe the difference between Apache Derby release 10.14.2.0 and the preceding release 10.14.1.0.
The most up to date information about Derby releases can be found on the Derby download page.
Apache Derby is a pure Java relational database engine using standard SQL and JDBC as its APIs. More information about Derby can be found on the Apache web site. Derby functionality includes:
Support for Java SE 8 is being sunsetted and will not be supported by the next (10.15) release family. The 10.14 release family supports the following Java and JDBC versions:
This is a patch release. No new features have been added.
The following issues are addressed by Derby release 10.14.2.0. These issues are not addressed in the preceding 10.14.1.0 release.
| Issue Id | Description | 
|---|---|
| DERBY-6987 | The default Network Server security policy file could be trimmed down somewhat. | 
| DERBY-6986 | Network Server COMMAND_TESTCONNECTION need not try to open a database | 
Compared with the previous release (10.14.1.0), Derby release 10.14.2.0 introduces the following new features and incompatibilities. These merit your special attention.
The default Network Server security policy has been simplified.
If you start the Network Server without specifying a security manager, the Network Server will install a default Java security manager that enforces a basic policy. This security policy is now simpler than it was in previous releases.
If your Network Server deployment has particular security requirements, the default security policy is not right for you. You should instead deploy the Network Server with a customized security policy file, as described in the Security guide.
A simpler default security policy file is preferable, as it is easier to understand.
Please review the "Configuring Java security" topic in the Security guide for a detailed description of how to configure the Network Server security policy.
COMMAND_TESTCONNECTION no longer has database open support.
The Network Server's COMMAND_TESTCONNECTION operation, which is used by the Network Server 'ping' feature, contained code which could attempt to open a database specified as part of the 'ping' request. This code has been removed.
It is not necessary to attempt to open a database in order to ping the Network Server.
Derby release 10.14.2.0 was built using the following environment:
It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.
The PGP signatures can be verified using
PGP or
GPG.
First download the Apache Derby
KEYS
as well as the asc signature file for the particular
distribution. It is important that you get these files from the ultimate
trusted source - the main ASF distribution site, rather than from a mirror.
Then verify the signatures using ...
% pgpk -a KEYS % pgpv db-derby-X.Y.tar.gz.asc or % pgp -ka KEYS % pgp db-derby-X.Y.tar.gz.asc or % gpg --import KEYS % gpg --verify db-derby-X.Y.tar.gz.asc
To verify the MD5 signature on the files, you need to use a program
called md5 or md5sum, which is
included in many unix distributions.  It is also available as part of
GNU
Textutils.  Windows users can get binary md5 programs from here, here, or
here.
We strongly recommend that you verify your downloads with both PGP and MD5.