Hi all, Well for the most part our build of CAS 3.5.1 is making its way through our testing. I did however want to release it into production *without* a stack trace every time one of our campus members types in the wrong password. I know this has been patched (a couple months ago perhaps), thanks Marvin.
For a variety of reasons (mainly to git commit our mods on top of the 3.5.x branch and push it to our source control server) I decided to re-clone the git repo for CAS, diff and rebuild, once our mods to LPPE were added. After building all snapshots and adding them to my maven repo, I continued to build our maven overlay. To my chagrin, when viewing the jars in the webapp's lib folder I see joda-time-1.6.2 back in with the rest of the libs. I was pretty careful to include those pom exceptions found in https://issues.jasig.org/browse/CAS-1253 but alas, the elusive version persists. After some plugging around with mvn -X dependency:tree >file and searching the file for instances of joda 1.6 I found where it is (now) coming from: within cas-server-webapp, there is a dependency for org.hibernate.hibernate-validator which was including the 1.6 version of joda-time. Adding the exclusion to this particular dependency has eliminated it from my cas.war file. I still have it listed in cas-server-core (now using the delivered pom.xml from checkout) In the effort of being helpful I am relaying my findings to the group, since during my testing there *was* a discrepancy within the LPPE logic that does require joda 2.1, and my build was not finding the method until the 1.6 version was removed from deployment. To the developer group, you're welcome to attempt replication and proceed with fixes in whichever branch you find appropriate. Thanks! Our testing continues! -Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
