Hi I think MYFACES-4133 does not qualify to be a bug, because encryption should be always enabled.
Is it required? No Is it an improvement? Not really. I still need a reason why enable this mode. Can we avoid the serialization/deserialization step? yes. regards, Leonardo Uribe 2018-01-28 9:12 GMT-05:00 Thomas Andraschko <andraschko.tho...@gmail.com>: > Hi, > > IMO the change is almost mandatory for 2.3.0. > > Please also see the discussion in "[myfaces core] don't deserialize > ViewState-ID if state saving method is server". > > @Leo: Do you have time to refactor it? > > Otherwise i would reapply my patch but with "random" instead of > "secureRandom". > Thats fine for now. We can still refactor or improve the API later in > 2.3.x or even in JSF.next. > > Regards, > Thomas > > > > 2018-01-28 0:17 GMT+01:00 Paul Nicolucci <pnico...@us.ibm.com>: > >> Hi, >> >> It looks like the only remaining item we have before we can deliver 2.3.0 >> is : https://issues.apache.org/jira/browse/MYFACES-4133 >> >> @Leonardo/Thomas, has an acceptable fix been created? Can we deliver >> 2.3.0 without a fix or is this mandatory? >> >> Thanks, >> >> Paul >> > >
