struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WW-4979) Update multiple Struts 2.6.x libraries to more recent versions
Date Wed, 14 Nov 2018 19:57:00 GMT

     [ https://issues.apache.org/jira/browse/WW-4979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart resolved WW-4979.
-------------------------------
    Resolution: Fixed

PR got merged, thanks a lot!

> Update multiple Struts 2.6.x libraries to more recent versions
> --------------------------------------------------------------
>
>                 Key: WW-4979
>                 URL: https://issues.apache.org/jira/browse/WW-4979
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Build Management, Other
>    Affects Versions: 2.6
>         Environment: All.
>            Reporter: James Chaplin
>            Priority: Minor
>              Labels: build, pull-request-available
>             Fix For: 2.6
>
>
> Hello Apache Struts Team.
> This Jira issue is intended to request/track introduction of newer (believed to be compatible)
library versions for the unreleased Struts 2.6.x line.  This can be achieved by modifications
to one or more pom.xml build files for the project.
> Since multiple library version upgrades are being attempted at the same time there is
some risk, but the build regression does complete without failure.  The number of library
upgrades could be reduced (broken into smaller sets and slowly introduced) if necessary. 
End users would also have the option of manually back-leveling specific jars.
> Please find below a list of library version updates that appear to be compatible with
the current versions in the 2.6.x build line.
> ---------
> Update Struts 2.6 build with some newer (compatible) library versions.
> Change the main pom.xml library versions for the following:
>   - spring.platformVersion 4.3.13.RELEASE -> 4.3.20.RELEASE
>   - oval 1.31 -> 1.90  (Note: required unit test fix for OValValidationInterceptorTest.java
AND code fix for OvalValidationInterceptor.java.  Oval 1.70 was the most recent that could
be used without a fix to OvalValidationInterceptor.)
>   - jackson 2.9.6 -> 2.9.7
>   - fluido-skin.version 1.6 -> 1.7
>   - slf4j (slf4j-api, slf4j-simple) 1.7.12 -> 1.7.25
>   - xstream 1.4.10 -> 1.4.11.1
>   - jetty 6.1.9 -> 6.1.26 (last in 6.1.x line)
>   - xerces 2.10.0 - > 2.12.0
>   - org.owasp 3.1.1 -> 3.3.4
>   - versions-maven-plugin 2.5 -> 2.7
>   - doxia-core 1.7 -> 1.8
>   - doxia-module-markdown 1.3 -> 1.7
>   - org.apache.felix.main 4.0.3 -> 4.6.1  (Note: most recent 4.x)
>   - easymock 3.4 -> 3.5.1
>   - javax.el 3.0 -> 3.0.1-b10
>   - jasper 6.0.18 -> 6.0.53  (Note: most recent 6.0.x)
>   - juli 6.0.18 -> 6.0.53    (Note: most recent 6.0.x)
>   - commons-logging 1.1.3 -> 1.2
>   - commons-collections4 4.1 -> 4.2
>   - commons-io 2.5 -> 2.6
>   - commons-lang3 3.6 -> 3.8.1
>   - commons-text 1.2 -> 1.3  (Note: most recent compatible with Java 7)
>   - commons-validator 1.5.1 -> 1.6
>   - mockito 1.9.5 -> 1.10.19            (Note: most recent 1.x)
>   - cdi-api 1.0-SP1 -> 1.0-SP4          (Note: most recent 1.0.x)
>   - weld-core 1.0.1-Final -> 1.0.1-SP4  (Note: most recent 1.0.x)
>   - cglib 2.2 -> 2.2.2                  (Note: most recent 2.2.x,
as 2.2.3's status is uncertain)
> Note: cglib-nodep version appears to be determined by the jmock-cglib requirement for
JMock 1.2.0.  Leaving the cglib-nodep version is probably safest for now.  However for 2.6.x
the cglib dependency can probably go to 2.2.2 for the build.  There might be consideration
for the cglib 3.x series, but that might impact other components.
> ---------
> There is an open PR #265 which demonstrates the build/regression completes using the
above version changes.  The main Showcase application (not the REST one) appears to work
interactively as well, but there are no demonstrator applications for the Plugins. 
> Please note: The struts2-rest-showcase application does not work (initialization fails
due to: com.opensymphony.xwork2.config.ConfigurationException: Unable to find interceptor
class referenced by ref-name profiling).  The init failed before the library version changes,
so it doesn't appear to be related.
> Please review the above and see if some or all of the library updates appear appropriate
for the 2.6.x build line.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message