[
https://issues.apache.org/jira/browse/SOLR-16736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17708459#comment-17708459
]
Gus Heck commented on SOLR-16736:
---------------------------------
I've noticed several of these "replace library" type PR's and assumed there was
something specifically wrong (i.e. guava inconsistency over time can be
problematic). However, there's a big downside to not having this type of code
in a dependency. If there's a bug or worse yet a CVE now we own it, and the set
of folks likely to discover it is less than before and it will always be the
pain of our users finding it.
Furthermore if you are not just copying the code for these functions than you
run the risk or re-introducing any and all bugs previously reported against
these libraries. New code in sufficient quantity usually has bugs.
I perhaps missed a discussion somewhere, if so sorry for the noise, please
point me to it.
Otherwise can we get some rational for this change?
> Replace commons-lang3 usages with Java
> --------------------------------------
>
> Key: SOLR-16736
> URL: https://issues.apache.org/jira/browse/SOLR-16736
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Minor
> Fix For: main (10.0), 9.3
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Done as separate commits:
> * Remove `org.apache.commons.lang3.RandomStringUtils`
> * Remove `StringUtils#join`
> * Replace `StringUtils.leftPad`
> * Replace `ArrayUtils#toPrimitive`
> * Replace `StringUtils#repeat`
> * Misc replacements (startsWith and isEmpty)
> * Replace `StringUtils#split`
> * Replace `ArrayUtils.toObject`
> * Remove `org.apache.commons.lang3.SystemUtils`
> * Remove `ArrayUtils.isEmpty` and `ArrayUtils.isNotEmpty`
> * Replace `StringUtils#equals`
> * Replace `StringUtils.isEmpty` and `StringUtils.isNotEmpty`
> * Replace commons-lang3 builders (hashcode, equals)
> * Remove `startsWith` / `endsWith`
> * Replace `StringUtils.default*`
> * Replace `NumberUtils.isCreatable`
> * Replace `StringUtils.countMatches`
> * Replace `ArrayUtils.add`
> * Replace `StringUtils.contains`
> * Migrate remaining usages to helper methods and forbid new usages of
> commons-lang3
> This is NOT ready for review yet. This just works down the list of commons
> lang3 usages and tries to replace them with JDK methods where possible.
> These are remaining:
> * `LocaleUtils` - is there a good replacement? JDK Locale Builder does not
> work. Moved to LocaleUtils helper class
> * `Object hostnameVerifier = FieldUtils.readField(sslSocketFactory,
> "hostnameVerifier", true);` - moved to standalone method
> * `StringUtils.containsIgnoresCase` - This should be replaceable.
> * `FastDateFormat` used in HDFS tests
> {code:java}
> # git grep -F org.apache.commons.lang3 -- solr
> solr/core/src/java/org/apache/solr/request/SubstringBytesRefFilter.java:
> return org.apache.commons.lang3.StringUtils.containsIgnoreCase(str,
> searchStr);
> solr/core/src/java/org/apache/solr/util/LocaleUtils.java: return
> org.apache.commons.lang3.LocaleUtils.toLocale(locale);
> solr/modules/hdfs/src/test/org/apache/solr/hdfs/cloud/HdfsTestUtil.java:
> org.apache.commons.lang3.time.FastDateFormat.getInstance().format(System.currentTimeMillis());
> solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java:
> return org.apache.commons.lang3.reflect.FieldUtils.readField(
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
