struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (WW-4849) ObjectFactory constructor signature change breaks extensions
Date Mon, 11 Sep 2017 05:07:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16160675#comment-16160675
] 

Lukasz Lenart edited comment on WW-4849 at 9/11/17 5:06 AM:
------------------------------------------------------------

Struts does not follow the semantic versioning, just because of using "2" (to distinguish
Struts 2 from Struts 1). And I think releasing security releases separately isn't a good idea
as this gives a lot of information how to prepare an exploit. Releasing security releases
without major API changes is the best.


was (Author: lukaszlenart):
Struts does not follow the semantic versioning, just because of using "2" (to distinguish
Struts 2 from Struts 1).

> ObjectFactory constructor signature change breaks extensions
> ------------------------------------------------------------
>
>                 Key: WW-4849
>                 URL: https://issues.apache.org/jira/browse/WW-4849
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.5.13
>            Reporter: Mitth'raw'nuruodo
>             Fix For: 2.5.14
>
>
> Commit {{6f91d0776a545c911ca4f2875ed9976614711ef9}} changed the signature of the {{ObjectFactory}}
constructor, breaking all classes that extend {{ObjectFactory}} (as per https://struts.apache.org/docs/objectfactory.html).
This affects eg the [{{guice-servlet}} Struts plugin| https://github.com/google/guice/blob/master/extensions/struts2/src/com/google/inject/struts2/Struts2Factory.java].
> This was not listed on the [2.5.13 version notes|https://struts.apache.org/docs/version-notes-2513.html]
as a breaking change, and breaking changes should preferably be avoided in critical security
updates.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message