struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Chaplin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4978) Update multiple Struts 2.5.x libraries to more recent versions
Date Tue, 13 Nov 2018 15:44:00 GMT
James Chaplin created WW-4978:
---------------------------------

             Summary: Update multiple Struts 2.5.x libraries to more recent versions
                 Key: WW-4978
                 URL: https://issues.apache.org/jira/browse/WW-4978
             Project: Struts 2
          Issue Type: Dependency
          Components: Build Management, Other
    Affects Versions: 2.5.18
         Environment: All.
            Reporter: James Chaplin
             Fix For: 2.5.19


Hello Apache Struts Team.

This Jira issue is intended to request/track introduction of newer (believed to be compatible)
library versions for the Struts 2.5.x line.  This can be achieved by modifications to one
or more pom.xml build files for the project.

Since multiple library version upgrades are being attempted at the same time there is some
risk, but the build regression does complete without failure.  The number of library upgrades
could be reduced (broken into smaller sets and slowly introduced) if necessary.  End users
would also have the option of manually back-leveling specific jars.

Please find below a list of library version updates that appear to be compatible with the
current versions in the 2.5.x build line.

---------

Update Struts 2.5.19 build with some newer (compatible) library versions.
Change the main pom.xml library versions for the following:
  - spring.platformVersion 4.3.13.RELEASE -> 4.3.20.RELEASE
  - ognl 3.1.15 -> 3.1.18  (Note: newest version that passes unit tests)
  - oval 1.31 -> 1.90        (Note: requires unit test fix for OValValidationInterceptorTest.java)
  - tiles 3.0.7 -> 3.0.8
  - tiles-request 1.0.6 -> 1.0.7
  - log4j 2.10.0 -> 2.11.1
  - jackson 2.9.5 -> 2.9.7
  - fluido-skin.version 1.6 -> 1.7
  - slf4j 1.7.12 -> 1.7.25
  - xtream 1.4.10 -> 1.4.11.1
  - jetty 6.1.9 -> 6.1.26 (last in 6.1.x line)
  - xerces 2.10.0 - > 2.12.0
  - org.owasp 3.1.1 -> 3.3.4
  - versions-maven-plugin 2.5 -> 2.7
  - doxia-core 1.7 -> 1.8
  - doxia-markdown 1.3 -> 1.7
  - freemarker 2.3.26-incubating -> 2.3.28
  - org.apache.felix.main 4.0.3 -> 4.6.1  (Note: most recent 4.x)
  - easymock 3.4 -> 3.5.1
  - javax.el 3.0 -> 3.0.1-b10
  - jasper 6.0.18 -> 6.0.53  (Note: most recent 6.0.x)
  - juli 6.0.18 -> 6.0.53    (Note: most recent 6.0.x)
  - commons-logging 1.1.3 -> 1.2
  - commons-collections4 4.1 -> 4.2
  - commons-io 2.5 -> 2.6
  - commons-lang 3.6 -> 3.8.1
  - commons-beanutils 1.9.2 -> 1.9.3
  - commons-validator 1.5.1 -> 1.6
  - mockito 1.9.5 -> 1.10.19            (Note: most recent 1.x)
  - cdi-api 1.0-SP1 -> 1.0-SP4          (Note: most recent 1.0.x)
  - weld-core 1.0.1-Final -> 1.0.1-SP4  (Note: most recent 1.0.x)

Note: cglib-nodep version appears to be determined by the jmock-cglib requirement for JMock
1.2.0.  Seems safer to leave cglib/cglib-nodep alone for 2.5.x series builds.

---------

There is an open PR #264 which demonstrates the build/regression completes using the above
version changes.  The Showcase applications appear to work interactively as well, but there
are no demonstrator applications for the Plugins.

Please review the above and see if some or all of the library updates appear appropriate for
the 2.5.x build line.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message