I think it is best to move quickly and use method 1 and release asap.
This will buy us time to implement the better method 3.
Andy.
On 01/09/17 11:10, Jonathan Gallimore wrote:
Awesome, thanks!
Jon
On Fri, Sep 1, 2017 at 6:34 AM, Svetlin Zarev <
svetlin.angelov.za...@gmail.com> wrote:
Here it is: https://issues.apache.org/jira/browse/TOMEE-2113
2017-08-31 19:05 GMT+03:00 Jonathan Gallimore <
jonathan.gallim...@gmail.com>
:
I'll do a search and see if I can dig that out. Good shout - thank you.
Jon
On Thu, Aug 31, 2017 at 5:00 PM, Romain Manni-Bucau <
rmannibu...@gmail.com
wrote:
+1
side note: we should pby link this to the user thread, can try to find
it
back later this week if needed
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/
rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
2017-08-31 17:54 GMT+02:00 Jonathan Gallimore <
jonathan.gallim...@gmail.com>
:
Just to make sure I understand - (3) would be your preference, but if
that's difficult you'd live with (1) if it came to it, with (2) being
your
least favorite.
We should only need to pick one - I can confirm that option (1) on
its
own
works, as does option (2) on its own. I'm definitely happy to have a
crack
at option (3) and present a PR for each and let the community decide
which
it likes the best.
Thanks for your input, I appreciate it.
Jon
On Thu, Aug 31, 2017 at 4:42 PM, Romain Manni-Bucau <
rmannibu...@gmail.com
wrote:
yep, 3, 1, 2 for the complete order (a mix of compatibility and
influence/asf consistence).
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/
rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE
Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
2017-08-31 16:53 GMT+02:00 Jonathan Gallimore <
jonathan.gallim...@gmail.com>
:
Uh, yeah, I think I misunderstood. I think we agree that the
code I
attached should work out of the box, requiring no changes to
TomEE.
That
leaves us with a few options:
1. Use the taglibs-standard-jstlel jars as we are now, and add
the
dependency for Xalan -> trivial change, but adds 3MB to our
binaries.
2. Switch to org.glassfish.web:javax.servlet.jsp.jstl which
uses a
CDDL/GPL
+ CP exception licence. Does not require Xalan -> easy change to
make
and
appears to work (I believe the license is ok for us to use it).
Not
sure
if
there are other restrictions or issues with us using that.
3. Patch the Tomcat taglibs libraries to use the XPath support
built
into
the JVM as opposed to Xalan. I did have a look at this yesterday,
and
it
didn't look like a straightforward change at the time. I'm happy
to
look
at
it again though if we feel that's the way forward.
I think you're stating a preference for (3) - is that correct?
Cheers
Jon
On Thu, Aug 31, 2017 at 3:25 PM, Romain Manni-Bucau <
rmannibu...@gmail.com
wrote:
Hmm, shout if wrong but think you misunderstood the "optional"
in
my
sentence. I meant we patch trunk to remove the adherence to
xalan.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <
https://github.com/
rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE
Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
2017-08-31 15:41 GMT+02:00 Jonathan Gallimore <
jonathan.gallim...@gmail.com>
:
Thanks Romain. That is definitely the simplest path - xalan
is
already
marked as an optional dependency, so we wouldn't need to do
anything.
From
a compliance perspective, where would this leave us? Wouldn't
we
need
this
to work out of the box without adding libraries to be
compliant?
If
it
doesn't affect us in that respect, then I think we're
probably
good
to
go.
Jon
On Thu, Aug 31, 2017 at 1:57 PM, Romain Manni-Bucau <
rmannibu...@gmail.com
wrote:
Hi Jon
there is another thread on it (probably on user@)
I think we should just make xalan optional in the lib and
upgrade.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <
https://github.com/
rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> |
JavaEE
Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
2017-08-31 13:19 GMT+02:00 Jonathan Gallimore <
jonathan.gallim...@gmail.com>
:
Correction - that should be: "CDDL or GPL with classpath
exception".
On Thu, Aug 31, 2017 at 12:16 PM, Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
Great question. CDDL _or_ GPL, by the look of it.
https://github.com/javaee/jstl-api/blob/master/LICENSE
-
same
as
JAXB
I
believe.
Jon
On Thu, Aug 31, 2017 at 11:55 AM, Jean-Louis Monteiro <
jlmonte...@tomitribe.com> wrote:
What is the licence for GlassFish one?
Le 31 août 2017 12:38, "Jonathan Gallimore" <
jonathan.gallim...@gmail.com
a écrit :
Hi
On master we shifted from openejb-jstl to
taglibs-standard-jstlel. I
have
done the same on the 1.7.x branch, specifically to
move
on
from
the
old
openejb-jstl (looking at
https://nvd.nist.gov/vuln/detail/CVE-2015-0254).
The
taglibs-standard-jstlel
library does seem to depend on xalan, which we
currently
do
not
include
in
TomEE.
The impact is that some XML functions in JSP code
does
not
work,
for
example:
<%@ taglib prefix="x" uri="
http://java.sun.com/jstl/
xml
"
%>
<x:parse var="movies">
<movies>
<movie id="1" name="Wedding Crashers"
director="David
Dobkin"
genre="Comedy" rating="7" year="2005" />
<movie id="2" name="Starsky & Hutch"
director="Todd
Phillips"
genre="Action" rating="6" year="2004" />
<movie id="3" name="Shanghai Knights"
director="David
Dobkin"
genre="Action" rating="6" year="2003" />
<movie id="4" name="I-Spy" director="Betty
Thomas"
genre="Adventure"
rating="5" year="2002" />
<movie id="5" name="The Royal Tenenbaums"
director="Wes
Anderson"
genre="Comedy" rating="8" year="2001" />
<movie id="6" name="Zoolander" director="Ben
Stiller"
genre="Comedy"
rating="6" year="2001" />
<movie id="7" name="Shanghai Noon"
director="Tom
Dey"
genre="Comedy"
rating="7" year="2000" />
</movies>
</x:parse>
Movie 1 Genre: <x:out select="$movies//movie[@id='1'
]/@genre"
/><br
/>
fails with java.lang.NoClassDefFoundError:
org/apache/xpath/XPath
(this on
both 1.7.x and master)
Including Xalan does fix this, but its a 3MB
dependency.
The alternative is to use org.glassfish.web:javax.
servlet.jsp.jstl
instead,
which I have tested and seems to work. Anyone have
any
thoughts?
Jon
