[jira] [Updated] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-11882: Fix Version/s: XSS Protection API 2.3.12 (was: XSS Protection API 2.3.10) > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Assignee: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.12 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (SLING-11882) XSS Protection API: Apply shading/package relocation to embedded Guava+Co Libraries
[ https://issues.apache.org/jira/browse/SLING-11882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-11882: Fix Version/s: XSS Protection API 2.3.10 (was: XSS Protection API 2.3.8) > XSS Protection API: Apply shading/package relocation to embedded Guava+Co > Libraries > --- > > Key: SLING-11882 > URL: https://issues.apache.org/jira/browse/SLING-11882 > Project: Sling > Issue Type: Improvement > Components: XSS Protection API >Affects Versions: XSS Protection API 2.3.0 >Reporter: Stefan Seifert >Priority: Major > Fix For: XSS Protection API 2.3.10 > > > with version 2.3.0 of the XSS Protection API the internal implementation was > switched to OWASP sanitizer library (esapi) in SLING-7231. > with this new implementation comes a load of 3rdparty libraries including a > guava version, which is embedded as private packages in the OSGi bundle. this > is completely fine from an OSGi bundle perspective and works. > however, in unit test contexts this can lead to problems, because depending > on the dependency order the embedded guava classes may overlay other guava > classes references in the same POM with a different version, leading to > problems running code in the unit test context. to prevent problems like > this, we usually apply a shading and relocation of the package names to > ensure such clashes in classpath does no happen. > the same problem may affect other libraries embedded in the bundle. -- This message was sent by Atlassian Jira (v8.20.10#820010)