You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2010/10/12 00:57:30 UTC
Emergency release?
I think I might have found a critical bug relating to how INI sections
manage property ordering.
The Ini class (and it's internal Ini.Section) class relied on using a
java.util.Properties object to help load its key-value pairs.
Properties objects don't retain order. I think a few of the mailing
list questions that have arisen this week might be related to this
ordering problem.
I _thought_ the ordering issue was already resolved because of the way
the ReflectionBuilder works, but SHIRO-184
(https://issues.apache.org/jira/browse/SHIRO-184), which uses the same
Ini mechanism under the hood apparently illustrates this not to be the
case.
Through Mathieu's patch on SHIRO-184 and continued modifications, I
believe I have fixed this issue (with supporting tests). Should we do
a 1.0.1 release to get this out?
I'm working in trunk at the moment, but it would be trivial for me to
merge into the 1.x branch.
Thoughts?
Les
Re: Emergency release?
Posted by Les Hazlewood <lh...@apache.org>.
I provided a patch to SHIRO-197 in case anyone wanted to build it
themselves, but there are two important things I wanted to get in 1.1
that might delay it a little bit:
- Improving the AuthenticationInfo / HashedCredentialsMatcher
implementations to support better salting techniques and
- The new-and-improved JndiLdapRealm (with documentation)
Any delay caused by those tasks would hurt anyone evaluating Shiro for
the first time because of the bug, and we'd probably see more mailing
list questions related to it. I'm especially worried about this since
I'll be presenting to a lot of people tomorrow night and I wouldn't
want a large influx of new evaluating users to be confused/frustrated.
How long do you think it take for us to push out a 1.0.1 release (not
including voting time) given that we're only changing 1 file? If it's
small, do you think we could give it a shot?
Les
On Mon, Oct 11, 2010 at 4:32 PM, Kalle Korhonen
<ka...@gmail.com> wrote:
> On Mon, Oct 11, 2010 at 3:57 PM, Les Hazlewood <lh...@apache.org> wrote:
>> I think I might have found a critical bug relating to how INI sections
>> manage property ordering.
>
> Hmm yes, I thought it was fairly apparent from SHIRO-184, filed two
> weeks ago. If you ask on the user list whether you should release or
> not, I'm sure somebody will say yes. I don't use the ini file
> configuration myself and we can do the 1.1.0 release fairly quickly
> but if you want to spend the time and practice releasing, I don't see
> why not. Personally, I wouldn't go through the trouble though given
> that 1.1.0 will follow so closely after.
>
> Kalle
Re: Emergency release?
Posted by Kalle Korhonen <ka...@gmail.com>.
On Mon, Oct 11, 2010 at 3:57 PM, Les Hazlewood <lh...@apache.org> wrote:
> I think I might have found a critical bug relating to how INI sections
> manage property ordering.
Hmm yes, I thought it was fairly apparent from SHIRO-184, filed two
weeks ago. If you ask on the user list whether you should release or
not, I'm sure somebody will say yes. I don't use the ini file
configuration myself and we can do the 1.1.0 release fairly quickly
but if you want to spend the time and practice releasing, I don't see
why not. Personally, I wouldn't go through the trouble though given
that 1.1.0 will follow so closely after.
Kalle