James Chaplin created WW-4979:
---------------------------------
Summary: Update multiple Struts 2.6.x libraries to more recent
versions
Key: WW-4979
URL: https://issues.apache.org/jira/browse/WW-4979
Project: Struts 2
Issue Type: Dependency
Components: Build Management, Other
Affects Versions: 2.6
Environment: All.
Reporter: James Chaplin
Fix For: 2.6
Hello Apache Struts Team.
This Jira issue is intended to request/track introduction of newer (believed to
be compatible) library versions for the unreleased Struts 2.6.x line. This can
be achieved by modifications to one or more pom.xml build files for the project.
Since multiple library version upgrades are being attempted at the same time
there is some risk, but the build regression does complete without failure.
The number of library upgrades could be reduced (broken into smaller sets and
slowly introduced) if necessary. End users would also have the option of
manually back-leveling specific jars.
Please find below a list of library version updates that appear to be
compatible with the current versions in the 2.6.x build line.
---------
Update Struts 2.6 build with some newer (compatible) library versions.
Change the main pom.xml library versions for the following:
- spring.platformVersion 4.3.13.RELEASE -> 4.3.20.RELEASE
- oval 1.31 -> 1.90 (Note: required unit test fix for
OValValidationInterceptorTest.java AND code fix for
OvalValidationInterceptor.java. Oval 1.70 was the most recent that could be
used without a fix to OvalValidationInterceptor.)
- jackson 2.9.6 -> 2.9.7
- fluido-skin.version 1.6 -> 1.7
- slf4j (slf4j-api, slf4j-simple) 1.7.12 -> 1.7.25
- xstream 1.4.10 -> 1.4.11.1
- jetty 6.1.9 -> 6.1.26 (last in 6.1.x line)
- xerces 2.10.0 - > 2.12.0
- org.owasp 3.1.1 -> 3.3.4
- versions-maven-plugin 2.5 -> 2.7
- doxia-core 1.7 -> 1.8
- doxia-module-markdown 1.3 -> 1.7
- org.apache.felix.main 4.0.3 -> 4.6.1 (Note: most recent 4.x)
- easymock 3.4 -> 3.5.1
- javax.el 3.0 -> 3.0.1-b10
- jasper 6.0.18 -> 6.0.53 (Note: most recent 6.0.x)
- juli 6.0.18 -> 6.0.53 (Note: most recent 6.0.x)
- commons-logging 1.1.3 -> 1.2
- commons-collections4 4.1 -> 4.2
- commons-io 2.5 -> 2.6
- commons-lang3 3.6 -> 3.8.1
- commons-text 1.2 -> 1.3 (Note: most recent compatible with Java 7)
- commons-validator 1.5.1 -> 1.6
- mockito 1.9.5 -> 1.10.19 (Note: most recent 1.x)
- cdi-api 1.0-SP1 -> 1.0-SP4 (Note: most recent 1.0.x)
- weld-core 1.0.1-Final -> 1.0.1-SP4 (Note: most recent 1.0.x)
- cglib 2.2 -> 2.2.2 (Note: most recent 2.2.x, as 2.2.3's
status is uncertain)
Note: cglib-nodep version appears to be determined by the jmock-cglib
requirement for JMock 1.2.0. Leaving the cglib-nodep version is probably
safest for now. However for 2.6.x the cglib dependency can probably go to
2.2.2 for the build. There might be consideration for the cglib 3.x series,
but that might impact other components.
---------
There is an open PR #265 which demonstrates the build/regression completes
using the above version changes. The main Showcase application (not the REST
one) appears to work interactively as well, but there are no demonstrator
applications for the Plugins.
Please note: The struts2-rest-showcase application does not work
(initialization fails due to:
com.opensymphony.xwork2.config.ConfigurationException: Unable to find
interceptor class referenced by ref-name profiling). The init failed before
the library version changes, so it doesn't appear to be related.
Please review the above and see if some or all of the library updates appear
appropriate for the 2.6.x build line.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
