There is *a* degree of something breaking if you start using random libraries.
Transitive dependency management exists for a reason; going against what a framework *actually* depends on creates the exact risk you'd expect it would. Dave On Tue, Dec 3, 2013 at 7:43 AM, foo bar <[email protected]> wrote: > Hi all, > > I'm using the latest struts-2.3.15.3 on our web application. > Is it fine to use the latest third party libraries other than what's > included in the distribution (struts-2.3.15.3-lib.zip and > struts-2.3.15.3-all.zip) ? > > For example > Is it fine to use > > javassist-3.18.0-GA, > commons-io-2.4, > freemarker-2.3.20, > commons-beanutils-1.8.3, > commons-validator-1.4.0 > > rather than the included > > javassist-3.11.0.GA, > commons-io-2.0.1, > freemarker-2.3.19, > commons-beanutils-1.8.0, > commons-validator-1.3.1 > > I'm excluding libraries that are not simple drop-in replacements, like > commons-collections4-4.0 is not a simple drop-in replacement for > commons-collections-3.1. > > Basically I'm asking whether struts-2.3.15.3 is sort of "certified" to be > working properly with the bundled libraries ? > Is there a high degree of something breaking if I use the latest libraries > ? > (Are the libraries there because developers haven't gotten the time to > update them or because they are the versions that are known to be "rock > solid" so I should stick with them ?) > -- e: [email protected] m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
