Hi all In SLING-9874 I added an adapter factory to the XSS Protection API module, which can adapt a SlingHttpServletRequest or a ResourceResolver to an XSSAPI. After tallying the release vote this morning and finalizing the release, Konrad pointed out that such an adapter factory had previously been removed, which I had not realized. I was under the impression that it had only been provided by an AEM product bundle that has since been replaced with the Sling bundle.
The reason why I added the adapter factor is an AEM upgrade project I am currently working on, where said adaptation leads to a NPE. This could be fixed in the project code base, but after a quick search I found evidence that I was not the first to encounter this issue[1]. Therefore I thought it would be beneficial to others and otherwise harmless to add the adapter factory. Now, according to comments in SLING-9874 it seems that Konrad and Radu are opposed to this adapter factory. Before creating a new issue to remove it again, I would like to discuss the issue and find a consensus on how to proceed from here. Can and should we remove this adapter factory from XSS Protection API 2.2.8 and follow it up quickly with a 2.2.10 release, in order to avoid adoption of the new feature? Regards Julian [1] https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/xssapi-is-null-6-5/qaq-p/324249 On Mon, Nov 9, 2020 at 9:45 AM Julian Sedding <[email protected]> wrote: > > Hi all, > > The vote has passed with the following result: > > +1 (binding): Nicolas Peltier, Daniel Klco and Julian Sedding > +1 (non binding): none > > Thanks for voting. I will copy this release to the Sling dist > directory, promote the artifacts to the central Maven repository and > update the news page. > > Regards > Julian
