+1 On Mar 30, 2017 6:12 AM, "Christofer Dutz" <christofer.d...@c-ware.de> wrote:
> +1 (Just noticed I didn’t actually vote ;-) ) > > I agree with Tom … next release will have it fixed anyway. > > Chris > > > > Am 30.03.17, 13:45 schrieb "Tom Chiverton" <t...@extravision.com>: > > +1 - the headers is not a serious enough issue to hold up the release. > > Tom > > > On 27/03/17 22:13, Christofer Dutz wrote: > > Hi, > > > > This is Apache Flex BlazeDS 4.7.3 release candidate 1. > > > > RELEASE NOTES: > > > > Apache Flex BlazeDS 4.7.3 is an update to 4.7.2 which adds a new > > blazeds-spring-boot-starter module for easily setting up a BlazeDS > server with > > Spring Boot. It also provides Maven archetypes for easily creating > new spring-boot > > project that make use of BlazeDS. We also did quite a lot of > fine-tuning of the > > security default settings to make BlazeDS more secure. > > > > Starting with 4.7.3 BlazeDS Deserialization of XML is disabled > completely per default > > but can easily be enabled in your services-config.xml: > > > > <channels> > > <channel-definition id="amf" class="mx.messaging.channels. > AMFChannel"> > > <endpoint url="http://{server.name}:{ > server.port}/{context.root}/messagebroker/amf" > > class="flex.messaging. > endpoints.AMFEndpoint"/> > > <properties> > > <serialization> > > <allow-xml>true</allow-xml> > > </serialization> > > </properties> > > </channel-definition> > > </channels> > > > > Also we now enable the ClassDeserializationValidator per default to > only allow > > deserialization of whitelisted classes. BlazeDS internally comes > with the following > > whitelist: > > > > flex.messaging.io.amf.ASObject > > flex.messaging.io.amf.SerializedObject > > flex.messaging.io.ArrayCollection > > flex.messaging.io.ArrayList > > flex.messaging.messages.AcknowledgeMessage > > flex.messaging.messages.AcknowledgeMessageExt > > flex.messaging.messages.AsyncMessage > > flex.messaging.messages.AsyncMessageExt > > flex.messaging.messages.CommandMessage > > flex.messaging.messages.CommandMessageExt > > flex.messaging.messages.ErrorMessage > > flex.messaging.messages.HTTPMessage > > flex.messaging.messages.RemotingMessage > > flex.messaging.messages.SOAPMessage > > java.lang.Boolean > > java.lang.Byte > > java.lang.Character > > java.lang.Double > > java.lang.Float > > java.lang.Integer > > java.lang.Long > > java.lang.Object > > java.lang.Short > > java.lang.String > > java.util.ArrayList > > java.util.Date > > java.util.HashMap > > org.w3c.dom.Document > > > > If you need to deserialize any other classes, be sure to register > them in your > > services-config.xml: > > > > <validators> > > <validator class="flex.messaging.validators. > ClassDeserializationValidator"> > > <properties> > > <allow-classes> > > <class name="org.mycoolproject.*"/> > > <class name="flex.messaging.messages.*"/> > > <class name="flex.messaging.io.amf.ASObject"/> > > </allow-classes> > > </properties> > > </validator> > > </validators> > > > > (Beware, by manually providing a whitelist the default whitelist is > disabled) > > > > Known Issues > > _____________ > > FLEX-34648 Memory Leak occurred in AsyncMessage when sending a lot > of messages > > > > ------------------------------------------------------------ > ----------------------- > > > > The release candidate can be found here: > > https://repository.apache.org/content/repositories/ > orgapacheflex-1019/org/apache/flex/blazeds/blazeds/4.7.3/ > blazeds-4.7.3-source-release.zip<https://repository.apache. > org/content/repositories/orgapacheflex-1019/org/apache/ > flex/blazeds/blazeds/4.7.3/> > > > > Before voting please review the section,"What are the ASF > requirements on > > approving a release?", at: http://www.apache.org/dev/ > release.html#approving-a-release > > > > At a minimum you would be expected to check that: > > - MD5 and signed packages are correct > > - README, RELEASE_NOTES, NOTICE and LICENSE files are all fine > > - That you can compile from source package > > - That the SDK can be used in your IDE of choice > > - That the SDK can be used to make a mobile, desktop and browser > > application > > > > Please vote to approve this release: > > +1 Approve the release > > -1 Don’t approve the release (please provide specific comments to > why) > > > > This vote will be open for 72 hours or until a result can be called. > > > > The vote passes if there is: > > - At least 3 +1 votes from the PMC > > - More positive votes than negative votes > > > > If you find an issue with the release that's a "show stopper" please > don't > > hold off voting -1. If someone votes -1 please continue testing we > want to > > try and catch as many issues as we can and cut down on the number of > > release candidates. Remember existing voters can change their vote > during > > the voting process. > > > > People who are not in PMC are also encouraged to test out the > release and > > vote, although their votes will not be binding, they can influence > how the > > PMC votes. > > > > When voting please indicate what OS, IDE, Java- and Maven Version, > you > > tested BlazeDS with. > > > > Please put all discussion about this release in the DISCUSSION > thread not > > this VOTE thread. > > > > Thanks, > > Chris > > > > > > > > ____________________________________________________________ > __________ > > This email has been scanned by the Symantec Email Security.cloud > service. > > For more information please visit http://www.symanteccloud.com > > ____________________________________________________________ > __________ > > > >
