You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Stefan Seifert (Jira)" <ji...@apache.org> on 2023/05/16 15:50:00 UTC
[jira] [Created] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
Stefan Seifert created SLING-11882:
--------------------------------------
Summary: XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
Key: SLING-11882
URL: https://issues.apache.org/jira/browse/SLING-11882
Project: Sling
Issue Type: Improvement
Components: XSS Protection API
Affects Versions: XSS Protection API 2.3.0
Reporter: Stefan Seifert
Fix For: XSS Protection API 2.3.8
with version 2.3.0 of the XSS Protection API the internal implementation was switched to OWASP sanitizer library (esapi) in SLING-7231.
with this new implementation comes a load of 3rdparty libraries including a guava version, which is embedded as private packages in the OSGi bundle. this is completely fine from an OSGi bundle perspective and works.
however, in unit test contexts this can lead to problems, because depending on the dependency order the embedded guava classes may overlay other guava classes references in the same POM with a different version, leading to problems running code in the unit test context. to prevent problems like this, we usually apply a shading and relocation of the package names to ensure such clashes in classpath does no happen.
the same problem may affect other libraries embedded in the bundle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)