Stefan Seifert created SLING-11882:
--------------------------------------
Summary: XSS Protection API: Apply shading/package relocation to
embedded Guava+Co Libraries
Key: SLING-11882
URL: https://issues.apache.org/jira/browse/SLING-11882
Project: Sling
Issue Type: Improvement
Components: XSS Protection API
Affects Versions: XSS Protection API 2.3.0
Reporter: Stefan Seifert
Fix For: XSS Protection API 2.3.8
with version 2.3.0 of the XSS Protection API the internal implementation was
switched to OWASP sanitizer library (esapi) in SLING-7231.
with this new implementation comes a load of 3rdparty libraries including a
guava version, which is embedded as private packages in the OSGi bundle. this
is completely fine from an OSGi bundle perspective and works.
however, in unit test contexts this can lead to problems, because depending on
the dependency order the embedded guava classes may overlay other guava classes
references in the same POM with a different version, leading to problems
running code in the unit test context. to prevent problems like this, we
usually apply a shading and relocation of the package names to ensure such
clashes in classpath does no happen.
the same problem may affect other libraries embedded in the bundle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
