[
https://issues.apache.org/jira/browse/HTTPCORE-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17009351#comment-17009351
]
Scott W Gifford commented on HTTPCORE-615:
------------------------------------------
Thanks for the response Oleg, sounds like we should continue to maintain this
change for our own use in HttpClient 4.x until we can update to the version 5
client, hopefully shortly after it's released. In the meantime if something
else comes up that requires a 4.6 release let me know and I'd be happy to do
the work to make this change a part of that, if it makes sense.
I have ported all of the changes made in response to your and Michael's
feedback back to our local copy, and will push it to my github repo, and
mention it's there on HTTPCORE-578 in case it's helpful to anybody there.
Also, I ported a few small code cleanup changes from our own internal code
reviews to a new pull request, feel free to merge at your leisure:
[https://github.com/apache/httpcomponents-client/pull/199]
> Implement more robust cache serializer with an HTTP-like storage format
> (replacing existing one based on Java Object Serialization)
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCORE-615
> URL: https://issues.apache.org/jira/browse/HTTPCORE-615
> Project: HttpComponents HttpCore
> Issue Type: New Feature
> Reporter: Scott W Gifford
> Priority: Major
> Fix For: 5.0-beta11
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> HTTPCORE-578 was caused by the brittleness of using Java Object Serialization
> to store cache objects. Java Object Serialization requires careful
> understanding of what sorts of changes require a new serialization version,
> with small mistakes leading to surprising results; further Java Object
> Serialization has security issues, and will be an optional feature in
> upcoming Java releases (with Jigsaw). It would be better to have a more
> stable serialization approach.
> Since the Apache client already knows how to communicate with HTTP, one
> simple approach would be to serialize as if we were writing to an HTTP
> client, and deserialize as if we were reading from an HTTP server.
> I have developed a serializer that does that, and would like to contribute it
> back to the Apache project.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
