[
https://issues.apache.org/jira/browse/SLING-10398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus reassigned SLING-10398:
---------------------------------------
Assignee: (was: Konrad Windszus)
> Embed classes with Bnd only
> ---------------------------
>
> Key: SLING-10398
> URL: https://issues.apache.org/jira/browse/SLING-10398
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.2.14
> Reporter: Konrad Windszus
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Currently XSS embeds certain classes via bnd's Private-Package instruction
> (https://bnd.bndtools.org/heads/private_package.html) and in addition the
> full contents of JARs also via {{maven-dependency-plugin}} and
> {{maven-resource-plugin}}. As the latter is executed at {{prepare-package}}
> (https://github.com/apache/sling-org-apache-sling-xss/blob/ee14b1be2918805a9372754f9d2a1621d396759b/pom.xml#L133)
> it happens after generating the manifest with {{bnd-maven-plugin}}. That is
> really dangerous as certain classes are then not taken into account for the
> OSGi manifest generation.
> Instead embedding should be done purely with bnd so that all classes are
> properly taken into consideration for the manifest generation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
