+1 (Just noticed I didn’t actually vote ;-) ) I agree with Tom … next release will have it fixed anyway.
Chris Am 30.03.17, 13:45 schrieb "Tom Chiverton" <t...@extravision.com>: +1 - the headers is not a serious enough issue to hold up the release. Tom On 27/03/17 22:13, Christofer Dutz wrote: > Hi, > > This is Apache Flex BlazeDS 4.7.3 release candidate 1. > > RELEASE NOTES: > > Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new > blazeds-spring-boot-starter module for easily setting up a BlazeDS server with > Spring Boot. It also provides Maven archetypes for easily creating new spring-boot > project that make use of BlazeDS. We also did quite a lot of fine-tuning of the > security default settings to make BlazeDS more secure. > > Starting with 4.7.3 BlazeDS Deserialization of XML is disabled completely per default > but can easily be enabled in your services-config.xml: > > <channels> > <channel-definition id="amf" class="mx.messaging.channels.AMFChannel"> > <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" > class="flex.messaging.endpoints.AMFEndpoint"/> > <properties> > <serialization> > <allow-xml>true</allow-xml> > </serialization> > </properties> > </channel-definition> > </channels> > > Also we now enable the ClassDeserializationValidator per default to only allow > deserialization of whitelisted classes. BlazeDS internally comes with the following > whitelist: > > flex.messaging.io.amf.ASObject > flex.messaging.io.amf.SerializedObject > flex.messaging.io.ArrayCollection > flex.messaging.io.ArrayList > flex.messaging.messages.AcknowledgeMessage > flex.messaging.messages.AcknowledgeMessageExt > flex.messaging.messages.AsyncMessage > flex.messaging.messages.AsyncMessageExt > flex.messaging.messages.CommandMessage > flex.messaging.messages.CommandMessageExt > flex.messaging.messages.ErrorMessage > flex.messaging.messages.HTTPMessage > flex.messaging.messages.RemotingMessage > flex.messaging.messages.SOAPMessage > java.lang.Boolean > java.lang.Byte > java.lang.Character > java.lang.Double > java.lang.Float > java.lang.Integer > java.lang.Long > java.lang.Object > java.lang.Short > java.lang.String > java.util.ArrayList > java.util.Date > java.util.HashMap > org.w3c.dom.Document > > If you need to deserialize any other classes, be sure to register them in your > services-config.xml: > > <validators> > <validator class="flex.messaging.validators.ClassDeserializationValidator"> > <properties> > <allow-classes> > <class name="org.mycoolproject.*"/> > <class name="flex.messaging.messages.*"/> > <class name="flex.messaging.io.amf.ASObject"/> > </allow-classes> > </properties> > </validator> > </validators> > > (Beware, by manually providing a whitelist the default whitelist is disabled) > > Known Issues > _____________ > FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot of messages > > ----------------------------------------------------------------------------------- > > The release candidate can be found here: > https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/blazeds-4.7.3-source-release.zip<https://repository.apache.org/content/repositories/orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/> > > Before voting please review the section,"What are the ASF requirements on > approving a release?", at: http://www.apache.org/dev/release.html#approving-a-release > > At a minimum you would be expected to check that: > - MD5 and signed packages are correct > - README, RELEASE_NOTES, NOTICE and LICENSE files are all fine > - That you can compile from source package > - That the SDK can be used in your IDE of choice > - That the SDK can be used to make a mobile, desktop and browser > application > > Please vote to approve this release: > +1 Approve the release > -1 Don’t approve the release (please provide specific comments to why) > > This vote will be open for 72 hours or until a result can be called. > > The vote passes if there is: > - At least 3 +1 votes from the PMC > - More positive votes than negative votes > > If you find an issue with the release that's a "show stopper" please don't > hold off voting -1. If someone votes -1 please continue testing we want to > try and catch as many issues as we can and cut down on the number of > release candidates. Remember existing voters can change their vote during > the voting process. > > People who are not in PMC are also encouraged to test out the release and > vote, although their votes will not be binding, they can influence how the > PMC votes. > > When voting please indicate what OS, IDE, Java- and Maven Version, you > tested BlazeDS with. > > Please put all discussion about this release in the DISCUSSION thread not > this VOTE thread. > > Thanks, > Chris > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________