+1 - the headers is not a serious enough issue to hold up the release.
Tom
On 27/03/17 22:13, Christofer Dutz wrote:
Hi,
This is Apache Flex BlazeDS 4.7.3 release candidate 1.
RELEASE NOTES:
Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new
blazeds-spring-boot-starter module for easily setting up a BlazeDS server with
Spring Boot. It also provides Maven archetypes for easily creating new
spring-boot
project that make use of BlazeDS. We also did quite a lot of fine-tuning of the
security default settings to make BlazeDS more secure.
Starting with 4.7.3 BlazeDS Deserialization of XML is disabled completely per
default
but can easily be enabled in your services-config.xml:
<channels>
<channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
<endpoint
url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf";
class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<serialization>
<allow-xml>true</allow-xml>
</serialization>
</properties>
</channel-definition>
</channels>
Also we now enable the ClassDeserializationValidator per default to only allow
deserialization of whitelisted classes. BlazeDS internally comes with the
following
whitelist:
flex.messaging.io.amf.ASObject
flex.messaging.io.amf.SerializedObject
flex.messaging.io.ArrayCollection
flex.messaging.io.ArrayList
flex.messaging.messages.AcknowledgeMessage
flex.messaging.messages.AcknowledgeMessageExt
flex.messaging.messages.AsyncMessage
flex.messaging.messages.AsyncMessageExt
flex.messaging.messages.CommandMessage
flex.messaging.messages.CommandMessageExt
flex.messaging.messages.ErrorMessage
flex.messaging.messages.HTTPMessage
flex.messaging.messages.RemotingMessage
flex.messaging.messages.SOAPMessage
java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Object
java.lang.Short
java.lang.String
java.util.ArrayList
java.util.Date
java.util.HashMap
org.w3c.dom.Document
If you need to deserialize any other classes, be sure to register them in your
services-config.xml:
<validators>
<validator
class="flex.messaging.validators.ClassDeserializationValidator">
<properties>
<allow-classes>
<class name="org.mycoolproject.*"/>
<class name="flex.messaging.messages.*"/>
<class name="flex.messaging.io.amf.ASObject"/>
</allow-classes>
</properties>
</validator>
</validators>
(Beware, by manually providing a whitelist the default whitelist is disabled)
Known Issues
_____________
FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages
-----------------------------------------------------------------------------------
The release candidate can be found here:
https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/blazeds-4.7.3-source-release.zip<https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/>
Before voting please review the section,"What are the ASF requirements on
approving a release?", at:
http://www.apache.org/dev/release.html#approving-a-release
At a minimum you would be expected to check that:
- MD5 and signed packages are correct
- README, RELEASE_NOTES, NOTICE and LICENSE files are all fine
- That you can compile from source package
- That the SDK can be used in your IDE of choice
- That the SDK can be used to make a mobile, desktop and browser
application
Please vote to approve this release:
+1 Approve the release
-1 Don’t approve the release (please provide specific comments to why)
This vote will be open for 72 hours or until a result can be called.
The vote passes if there is:
- At least 3 +1 votes from the PMC
- More positive votes than negative votes
If you find an issue with the release that's a "show stopper" please don't
hold off voting -1. If someone votes -1 please continue testing we want to
try and catch as many issues as we can and cut down on the number of
release candidates. Remember existing voters can change their vote during
the voting process.
People who are not in PMC are also encouraged to test out the release and
vote, although their votes will not be binding, they can influence how the
PMC votes.
When voting please indicate what OS, IDE, Java- and Maven Version, you
tested BlazeDS with.
Please put all discussion about this release in the DISCUSSION thread not
this VOTE thread.
Thanks,
Chris
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
