You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2018/11/16 07:11:01 UTC

[jira] [Comment Edited] (WW-4978) Update multiple Struts 2.5.x libraries to more recent versions

    [ https://issues.apache.org/jira/browse/WW-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16688905#comment-16688905 ] 

Lukasz Lenart edited comment on WW-4978 at 11/16/18 7:10 AM:
-------------------------------------------------------------

Important Note For WW-4978:
---------------
-  According to the Felix changelog, Felix 4.6.1 implements OSGi R6.
-  According to the Felix changelog, Felix 4.0.3 implements OSGi R4.3.


Some conflicting internet sources made it unclear which OSGi levels the various 4.x series implement, but the changelog should be authoritative.

Although various documentation seem to indicate bundles designed for OSGi 4.x should run under a newer (such as R6) framework, some also indicate that such bundles may experience slightly different behaviour (depending on how the bundle was designed).


Anyone using the Struts 2 OSGi Plugin should be aware of the version change for the Felix framework jar in Struts 2.5.19+.

If Struts 2 OSGi Plugin issues are encountered, reverting to Felix 4.0.3 (org.apache.felix.main-4.0.3.jar and org.apache.felix.framework-4.0.3.jar) may help resolve any issues.

Someone with expertise in OSGi and the Struts 2 OSGi plugin may have a more pertinent comment to provide.



> Update multiple Struts 2.5.x libraries to more recent versions
> --------------------------------------------------------------
>
>                 Key: WW-4978
>                 URL: https://issues.apache.org/jira/browse/WW-4978
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Build Management, Other
>    Affects Versions: 2.5.18
>         Environment: All.
>            Reporter: James Chaplin
>            Priority: Minor
>              Labels: build, pull-request-available
>             Fix For: 2.5.19
>
>
> Hello Apache Struts Team.
> This Jira issue is intended to request/track introduction of newer (believed to be compatible) library versions for the Struts 2.5.x line.  This can be achieved by modifications to one or more pom.xml build files for the project.
> Since multiple library version upgrades are being attempted at the same time there is some risk, but the build regression does complete without failure.  The number of library upgrades could be reduced (broken into smaller sets and slowly introduced) if necessary.  End users would also have the option of manually back-leveling specific jars.
> Please find below a list of library version updates that appear to be compatible with the current versions in the 2.5.x build line.
> ---------
> Update Struts 2.5.19 build with some newer (compatible) library versions.
> Change the main pom.xml library versions for the following:
>   - spring.platformVersion 4.3.13.RELEASE -> 4.3.20.RELEASE
>   - ognl 3.1.15 -> 3.1.18  (Note: newest version that passes unit tests)
>   - oval 1.31 -> 1.90        (Note: requires unit test fix for OValValidationInterceptorTest.java)
>   - tiles 3.0.7 -> 3.0.8
>   - tiles-request 1.0.6 -> 1.0.7
>   - log4j 2.10.0 -> 2.11.1
>   - jackson 2.9.5 -> 2.9.7
>   - fluido-skin.version 1.6 -> 1.7
>   - slf4j 1.7.12 -> 1.7.25
>   - xtream 1.4.10 -> 1.4.11.1
>   - jetty 6.1.9 -> 6.1.26 (last in 6.1.x line)
>   - xerces 2.10.0 - > 2.12.0
>   - org.owasp 3.1.1 -> 3.3.4
>   - versions-maven-plugin 2.5 -> 2.7
>   - doxia-core 1.7 -> 1.8
>   - doxia-markdown 1.3 -> 1.7
>   - freemarker 2.3.26-incubating -> 2.3.28
>   - org.apache.felix.main 4.0.3 -> 4.6.1  (Note: most recent 4.x)
>   - easymock 3.4 -> 3.5.1
>   - javax.el 3.0 -> 3.0.1-b10
>   - jasper 6.0.18 -> 6.0.53  (Note: most recent 6.0.x)
>   - juli 6.0.18 -> 6.0.53    (Note: most recent 6.0.x)
>   - commons-logging 1.1.3 -> 1.2
>   - commons-collections4 4.1 -> 4.2
>   - commons-io 2.5 -> 2.6
>   - commons-lang 3.6 -> 3.8.1
>   - commons-beanutils 1.9.2 -> 1.9.3
>   - commons-validator 1.5.1 -> 1.6
>   - mockito 1.9.5 -> 1.10.19            (Note: most recent 1.x)
>   - cdi-api 1.0-SP1 -> 1.0-SP4          (Note: most recent 1.0.x)
>   - weld-core 1.0.1-Final -> 1.0.1-SP4  (Note: most recent 1.0.x)
> Note: cglib-nodep version appears to be determined by the jmock-cglib requirement for JMock 1.2.0.  Seems safer to leave cglib/cglib-nodep alone for 2.5.x series builds.
> ---------
> There is an open PR #264 which demonstrates the build/regression completes using the above version changes.  The Showcase applications appear to work interactively as well, but there are no demonstrator applications for the Plugins.
> Please review the above and see if some or all of the library updates appear appropriate for the 2.5.x build line.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)