You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2021/05/12 15:02:00 UTC

[jira] [Updated] (TOMEE-3742) Drop patched dependencies

     [ https://issues.apache.org/jira/browse/TOMEE-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Zowalla updated TOMEE-3742:
-----------------------------------
    Fix Version/s:     (was: 8.0.7)

> Drop patched dependencies
> -------------------------
>
>                 Key: TOMEE-3742
>                 URL: https://issues.apache.org/jira/browse/TOMEE-3742
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 8.0.7
>            Reporter: Romain Manni-Bucau
>            Priority: Major
>
> Last tomee releases use a lot of patch dependencies.
> Most of them - not to say all ;) - are not needed but this way of doing broke a lot of applications. Just to give a few examples:
>  #  it breaks distro scanning (jar are unknown and CVE are missed which is super important for anyone have some security policy in companies) since jars are "corrupted" (from a scanning point of view)
>  #  it broke some features (default json providers can't be disabled as before breaking applications)
>  #  it makes it random to update backward compatible dependencies
>  #  it makes embedded mode quite random and behaving unexpectedly when not using the fork
>  
> This ticket is about dropping all forks ensuring 1 and 4 are trivially solved by doing (back) nothing and if possible try to fix 2 (the json setup is just about reverting or integrating more with bus providers in cxf for ex).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)