Hi I think this issue has very low priority. After thinking a lot on it I prefer do not do nothing. Less is more in my opinion.
regards, Leonardo Uribe 2018-01-28 20:57 GMT-05:00 Leonardo Uribe <[email protected]>: > Hi > > I think MYFACES-4133 does not qualify to be a bug, because encryption > should be always enabled. > > Is it required? No > > Is it an improvement? Not really. I still need a reason why enable this > mode. > > Can we avoid the serialization/deserialization step? yes. > > regards, > > Leonardo Uribe > > 2018-01-28 9:12 GMT-05:00 Thomas Andraschko <[email protected]>: > >> Hi, >> >> IMO the change is almost mandatory for 2.3.0. >> >> Please also see the discussion in "[myfaces core] don't deserialize >> ViewState-ID if state saving method is server". >> >> @Leo: Do you have time to refactor it? >> >> Otherwise i would reapply my patch but with "random" instead of >> "secureRandom". >> Thats fine for now. We can still refactor or improve the API later in >> 2.3.x or even in JSF.next. >> >> Regards, >> Thomas >> >> >> >> 2018-01-28 0:17 GMT+01:00 Paul Nicolucci <[email protected]>: >> >>> Hi, >>> >>> It looks like the only remaining item we have before we can deliver >>> 2.3.0 is : https://issues.apache.org/jira/browse/MYFACES-4133 >>> >>> @Leonardo/Thomas, has an acceptable fix been created? Can we deliver >>> 2.3.0 without a fix or is this mandatory? >>> >>> Thanks, >>> >>> Paul >>> >> >> >
