+1. Good enough for now. -Alex
On 3/30/17, 5:12 AM, "Christofer Dutz" <christofer.d...@c-ware.de> wrote: >+1 (Just noticed I didn’t actually vote ;-) ) > >I agree with Tom … next release will have it fixed anyway. > >Chris > > > >Am 30.03.17, 13:45 schrieb "Tom Chiverton" <t...@extravision.com>: > > +1 - the headers is not a serious enough issue to hold up the release. > > Tom > > > On 27/03/17 22:13, Christofer Dutz wrote: > > Hi, > > > > This is Apache Flex BlazeDS 4.7.3 release candidate 1. > > > > RELEASE NOTES: > > > > Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new > > blazeds-spring-boot-starter module for easily setting up a BlazeDS >server with > > Spring Boot. It also provides Maven archetypes for easily creating >new spring-boot > > project that make use of BlazeDS. We also did quite a lot of >fine-tuning of the > > security default settings to make BlazeDS more secure. > > > > Starting with 4.7.3 BlazeDS Deserialization of XML is disabled >completely per default > > but can easily be enabled in your services-config.xml: > > > > <channels> > > <channel-definition id="amf" >class="mx.messaging.channels.AMFChannel"> > > <endpoint >url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" > > >class="flex.messaging.endpoints.AMFEndpoint"/> > > <properties> > > <serialization> > > <allow-xml>true</allow-xml> > > </serialization> > > </properties> > > </channel-definition> > > </channels> > > > > Also we now enable the ClassDeserializationValidator per default to >only allow > > deserialization of whitelisted classes. BlazeDS internally comes >with the following > > whitelist: > > > > flex.messaging.io.amf.ASObject > > flex.messaging.io.amf.SerializedObject > > flex.messaging.io.ArrayCollection > > flex.messaging.io.ArrayList > > flex.messaging.messages.AcknowledgeMessage > > flex.messaging.messages.AcknowledgeMessageExt > > flex.messaging.messages.AsyncMessage > > flex.messaging.messages.AsyncMessageExt > > flex.messaging.messages.CommandMessage > > flex.messaging.messages.CommandMessageExt > > flex.messaging.messages.ErrorMessage > > flex.messaging.messages.HTTPMessage > > flex.messaging.messages.RemotingMessage > > flex.messaging.messages.SOAPMessage > > java.lang.Boolean > > java.lang.Byte > > java.lang.Character > > java.lang.Double > > java.lang.Float > > java.lang.Integer > > java.lang.Long > > java.lang.Object > > java.lang.Short > > java.lang.String > > java.util.ArrayList > > java.util.Date > > java.util.HashMap > > org.w3c.dom.Document > > > > If you need to deserialize any other classes, be sure to register >them in your > > services-config.xml: > > > > <validators> > > <validator >class="flex.messaging.validators.ClassDeserializationValidator"> > > <properties> > > <allow-classes> > > <class name="org.mycoolproject.*"/> > > <class name="flex.messaging.messages.*"/> > > <class name="flex.messaging.io.amf.ASObject"/> > > </allow-classes> > > </properties> > > </validator> > > </validators> > > > > (Beware, by manually providing a whitelist the default whitelist is >disabled) > > > > Known Issues > > _____________ > > FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot >of messages > > > > >-------------------------------------------------------------------------- >--------- > > > > The release candidate can be found here: > > >https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepositor >y.apache.org%2Fcontent%2Frepositories%2Forgapacheflex-1019%2Forg%2Fapache% >2Fflex%2Fblazeds%2Fblazeds%2F4.7.3%2Fblazeds-4.7.3-source-release.zip&data >=02%7C01%7C%7C41fd85e18dfd41259e1d08d477661b29%7Cfa7b1b5a7b34438794aed2c17 >8decee1%7C0%7C0%7C636264727801994451&sdata=REnYjCG2y9NWQ1SxsvoOsShXCXWzWSH >DZxXmSeYF3ZE%3D&reserved=0<https://na01.safelinks.protection.outlook.com/? >url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Forgapac >heflex-1019%2Forg%2Fapache%2Fflex%2Fblazeds%2Fblazeds%2F4.7.3%2F&data=02%7 >C01%7C%7C41fd85e18dfd41259e1d08d477661b29%7Cfa7b1b5a7b34438794aed2c178dece >e1%7C0%7C0%7C636264727802004455&sdata=KxxTXvwJlN9K764fTMY4enH%2BG0UghLqIIX >%2F7m3YIhQk%3D&reserved=0> > > > > Before voting please review the section,"What are the ASF >requirements on > > approving a release?", at: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache >.org%2Fdev%2Frelease.html%23approving-a-release&data=02%7C01%7C%7C41fd85e1 >8dfd41259e1d08d477661b29%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6362 >64727802004455&sdata=6mwldhs3oZDI06tc3Q6Yhzude6P4NpiZJK3j28ZWiO0%3D&reserv >ed=0 > > > > At a minimum you would be expected to check that: > > - MD5 and signed packages are correct > > - README, RELEASE_NOTES, NOTICE and LICENSE files are all fine > > - That you can compile from source package > > - That the SDK can be used in your IDE of choice > > - That the SDK can be used to make a mobile, desktop and browser > > application > > > > Please vote to approve this release: > > +1 Approve the release > > -1 Don’t approve the release (please provide specific comments to >why) > > > > This vote will be open for 72 hours or until a result can be called. > > > > The vote passes if there is: > > - At least 3 +1 votes from the PMC > > - More positive votes than negative votes > > > > If you find an issue with the release that's a "show stopper" >please don't > > hold off voting -1. If someone votes -1 please continue testing we >want to > > try and catch as many issues as we can and cut down on the number of > > release candidates. Remember existing voters can change their vote >during > > the voting process. > > > > People who are not in PMC are also encouraged to test out the >release and > > vote, although their votes will not be binding, they can influence >how the > > PMC votes. > > > > When voting please indicate what OS, IDE, Java- and Maven Version, >you > > tested BlazeDS with. > > > > Please put all discussion about this release in the DISCUSSION >thread not > > this VOTE thread. > > > > Thanks, > > Chris > > > > > > > > >______________________________________________________________________ > > This email has been scanned by the Symantec Email Security.cloud >service. > > For more information please visit >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symant >eccloud.com&data=02%7C01%7C%7C41fd85e18dfd41259e1d08d477661b29%7Cfa7b1b5a7 >b34438794aed2c178decee1%7C0%7C0%7C636264727802004455&sdata=d42slhcT4s95kJh >MvruO4USRGN5OqwTLofLDow3TwyI%3D&reserved=0 > > >______________________________________________________________________ > > >