https://bz.apache.org/bugzilla/show_bug.cgi?id=64290
Michael Osipov <micha...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Michael Osipov <micha...@apache.org> ---
(In reply to Markus Schlegel from comment #0)
> The commit 218ea934fc71a0948c1b2e313e9cf20dede2cc23 from December 6, 2019
> moved some Innerclasses from
> org.apache.tomcat.util.http.fileupload.FileUploadBase to the package
> org.apache.tomcat.util.http.fileupload.impl .
>
> Since some of those classes were public in FileUploadBase, they might have
> been used somewhere in other projects. Our Application for example uses
> org.apache.tomcat.util.http.fileupload.FileUploadBase.
> FileSizeLimitExceededException .
>
> This now ends in the fact, that compiled code will not run with newer 8.5.x
> Versions of Tomcat. As long as such projects or libraries are not fixed,
> customers cannot upgrade to newest Tomcat versions which will eventually end
> up in tomcat installations with known security issues.
That's a conceptual flaw I highly dislike:
> commit 218ea934fc71a0948c1b2e313e9cf20dede2cc23
> Author: Mark Thomas <ma...@apache.org>
> Date: 2019-12-06 16:30:48 +0100
>
> Merge in FileUpload changes to 2317552 (2019-12-06, 2.0-SNAPSHOT)
Relying on snapshots for GA versions is a no-go.
The other problem you see actually is that there is not enough abstraction
here. You rely on reshaded classes (exceptions) which should not be public (at
all). All should be hidden behind the Servlet API. Which is in Tomcat.
Do you
org.apache.tomcat.util.http.fileupload.FileUploadBase.FileSizeLimitExceededException
from #getCause()?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
