flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christofer Dutz <christofer.d...@c-ware.de>
Subject [VOTE] Release Apache Flex BlazeDS 4.7.3
Date Mon, 27 Mar 2017 21:13:18 GMT
Hi,

This is Apache Flex BlazeDS 4.7.3 release candidate 1.

RELEASE NOTES:

Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new
blazeds-spring-boot-starter module for easily setting up a BlazeDS server with
Spring Boot. It also provides Maven archetypes for easily creating new spring-boot
project that make use of BlazeDS. We also did quite a lot of fine-tuning of the
security default settings to make BlazeDS more secure.

Starting with 4.7.3 BlazeDS Deserialization of XML is disabled completely per default
but can easily be enabled in your services-config.xml:

    <channels>
        <channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
            <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf"
                      class="flex.messaging.endpoints.AMFEndpoint"/>
            <properties>
                <serialization>
                    <allow-xml>true</allow-xml>
                </serialization>
            </properties>
        </channel-definition>
    </channels>

Also we now enable the ClassDeserializationValidator per default to only allow
deserialization of whitelisted classes. BlazeDS internally comes with the following
whitelist:

    flex.messaging.io.amf.ASObject
    flex.messaging.io.amf.SerializedObject
    flex.messaging.io.ArrayCollection
    flex.messaging.io.ArrayList
    flex.messaging.messages.AcknowledgeMessage
    flex.messaging.messages.AcknowledgeMessageExt
    flex.messaging.messages.AsyncMessage
    flex.messaging.messages.AsyncMessageExt
    flex.messaging.messages.CommandMessage
    flex.messaging.messages.CommandMessageExt
    flex.messaging.messages.ErrorMessage
    flex.messaging.messages.HTTPMessage
    flex.messaging.messages.RemotingMessage
    flex.messaging.messages.SOAPMessage
    java.lang.Boolean
    java.lang.Byte
    java.lang.Character
    java.lang.Double
    java.lang.Float
    java.lang.Integer
    java.lang.Long
    java.lang.Object
    java.lang.Short
    java.lang.String
    java.util.ArrayList
    java.util.Date
    java.util.HashMap
    org.w3c.dom.Document

If you need to deserialize any other classes, be sure to register them in your
services-config.xml:

    <validators>
        <validator class="flex.messaging.validators.ClassDeserializationValidator">
            <properties>
                <allow-classes>
                    <class name="org.mycoolproject.*"/>
                    <class name="flex.messaging.messages.*"/>
                    <class name="flex.messaging.io.amf.ASObject"/>
                </allow-classes>
            </properties>
        </validator>
    </validators>

(Beware, by manually providing a whitelist the default whitelist is disabled)

Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages

-----------------------------------------------------------------------------------

The release candidate can be found here:
https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/blazeds-4.7.3-source-release.zip<https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/>

Before voting please review the section,"What are the ASF requirements on
approving a release?", at: http://www.apache.org/dev/release.html#approving-a-release

At a minimum you would be expected to check that:
- MD5 and signed packages are correct
- README, RELEASE_NOTES, NOTICE and LICENSE files are all fine
- That you can compile from source package
- That the SDK can be used in your IDE of choice
- That the SDK can be used to make a mobile, desktop and browser
application

Please vote to approve this release:
+1 Approve the release
-1 Don’t approve the release (please provide specific comments to why)

This vote will be open for 72 hours or until a result can be called.

The vote passes if there is:
- At least 3 +1 votes from the PMC
- More positive votes than negative votes

If you find an issue with the release that's a "show stopper" please don't
hold off voting -1. If someone votes -1 please continue testing we want to
try and catch as many issues as we can and cut down on the number of
release candidates. Remember existing voters can change their vote during
the voting process.

People who are not in PMC are also encouraged to test out the release and
vote, although their votes will not be binding, they can influence how the
PMC votes.

When voting please indicate what OS, IDE, Java- and Maven Version, you
tested BlazeDS with.

Please put all discussion about this release in the DISCUSSION thread not
this VOTE thread.

Thanks,
      Chris


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message