[
https://issues.apache.org/jira/browse/SOLR-15989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496375#comment-17496375
]
Jan Høydahl edited comment on SOLR-15989 at 2/22/22, 11:00 PM:
---------------------------------------------------------------
This upgrade adds many parsers and dependencies. I ran the smoketester, which
introspects every jar looking for illegal "java.{*}" and "javax.{*}" class
files. These libararies were flagged by the smoke tester:
{code:java}
modules/extraction/lib/unit-api-1.0.jar" contains sheisty class
"javax/measure/Dimension.class"
modules/extraction/lib/jakarta.activation-1.2.2.jar" contains sheisty class
"javax/activation/CommandInfo$Beans$1.class"
modules/extraction/lib/jakarta.annotation-api-1.3.5.jar" contains sheisty class
"javax/annotation/security/PermitAll.class"
jakarta.xml.bind-api:2.3.3 {code}
I believe all jakarta libs are OK license wise, but strangely they use the
javax.xxx namespace instead of jakarta.xxx. The Units API (javax.measure.xxx)
seems to be in the same category, that it is a JSR implemented with an allowed
license.
We have excluded several annotation jars elsewhere, that's why I raise this
here.
I assume the correct action is to make exceptions for these pacakges in the
smoke tester. Any other insight?
was (Author: janhoy):
This upgrade adds many parsers and dependencies. I ran the smoketester, which
introspects every jar looking for illegal "java.*" and "javax.*" class files.
These libararies were flagged by the smoke tester:
{code:java}
modules/extraction/lib/unit-api-1.0.jar" contains sheisty class
"javax/measure/Dimension.class"
modules/extraction/lib/jakarta.activation-1.2.2.jar" contains sheisty class
"javax/activation/CommandInfo$Beans$1.class"
modules/extraction/lib/jakarta.annotation-api-1.3.5.jar" contains sheisty class
"javax/annotation/security/PermitAll.class"
jakarta.xml.bind-api:2.3.3 {code}
I believe all jakarta libs are OK, but strangely they use the javax.* namespace
instead of jakarta.*. The Units API (javax.measure.*) seems to be in the same
category, that it is a JSR implemented with an allowed license.
I assume the correct action is to make exceptions for these pacakges in the
smoke tester. Any other insight?
> Upgrade to Tika 1.28.1
> ----------------------
>
> Key: SOLR-15989
> URL: https://issues.apache.org/jira/browse/SOLR-15989
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Build, contrib - Solr Cell (Tika extraction)
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Fix For: 9.0
>
> Time Spent: 3h 50m
> Remaining Estimate: 0h
>
> Currently the extraction module has most dependencies as "transitive=false".
> This can be simplified to only pull in the dependencies that are referenced
> at compile time and ensure Gradle pulls in the right transitive dependencies.
> This makes it much easier to upgrade Tika without needing to find all the
> transitive dependency upgrades. As a side effect, this removes a lot of the
> versions.prop lines that we don't need to keep track of anymore.
> This upgrades Tika to the latest 1.x - 1.28.1 with the simplification of
> Gradle configuration.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
