[
https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-11882:
------------------------------------
Fix Version/s: XSS Protection API 2.3.12
(was: XSS Protection API 2.3.10)
> XSS Protection API: Apply shading/package relocation to embedded Guava+Co
> Libraries
> -----------------------------------------------------------------------------------
>
> Key: SLING-11882
> URL: https://issues.apache.org/jira/browse/SLING-11882
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.3.0
> Reporter: Stefan Seifert
> Assignee: Stefan Seifert
> Priority: Major
> Fix For: XSS Protection API 2.3.12
>
>
> with version 2.3.0 of the XSS Protection API the internal implementation was
> switched to OWASP sanitizer library (esapi) in SLING-7231.
> with this new implementation comes a load of 3rdparty libraries including a
> guava version, which is embedded as private packages in the OSGi bundle. this
> is completely fine from an OSGi bundle perspective and works.
> however, in unit test contexts this can lead to problems, because depending
> on the dependency order the embedded guava classes may overlay other guava
> classes references in the same POM with a different version, leading to
> problems running code in the unit test context. to prevent problems like
> this, we usually apply a shading and relocation of the package names to
> ensure such clashes in classpath does no happen.
> the same problem may affect other libraries embedded in the bundle.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
