James Chaplin created WW-4978:
---------------------------------
Summary: Update multiple Struts 2.5.x libraries to more recent
versions
Key: WW-4978
URL: https://issues.apache.org/jira/browse/WW-4978
Project: Struts 2
Issue Type: Dependency
Components: Build Management, Other
Affects Versions: 2.5.18
Environment: All.
Reporter: James Chaplin
Fix For: 2.5.19
Hello Apache Struts Team.
This Jira issue is intended to request/track introduction of newer (believed to
be compatible) library versions for the Struts 2.5.x line. This can be
achieved by modifications to one or more pom.xml build files for the project.
Since multiple library version upgrades are being attempted at the same time
there is some risk, but the build regression does complete without failure.
The number of library upgrades could be reduced (broken into smaller sets and
slowly introduced) if necessary. End users would also have the option of
manually back-leveling specific jars.
Please find below a list of library version updates that appear to be
compatible with the current versions in the 2.5.x build line.
---------
Update Struts 2.5.19 build with some newer (compatible) library versions.
Change the main pom.xml library versions for the following:
- spring.platformVersion 4.3.13.RELEASE -> 4.3.20.RELEASE
- ognl 3.1.15 -> 3.1.18 (Note: newest version that passes unit tests)
- oval 1.31 -> 1.90 (Note: requires unit test fix for
OValValidationInterceptorTest.java)
- tiles 3.0.7 -> 3.0.8
- tiles-request 1.0.6 -> 1.0.7
- log4j 2.10.0 -> 2.11.1
- jackson 2.9.5 -> 2.9.7
- fluido-skin.version 1.6 -> 1.7
- slf4j 1.7.12 -> 1.7.25
- xtream 1.4.10 -> 1.4.11.1
- jetty 6.1.9 -> 6.1.26 (last in 6.1.x line)
- xerces 2.10.0 - > 2.12.0
- org.owasp 3.1.1 -> 3.3.4
- versions-maven-plugin 2.5 -> 2.7
- doxia-core 1.7 -> 1.8
- doxia-markdown 1.3 -> 1.7
- freemarker 2.3.26-incubating -> 2.3.28
- org.apache.felix.main 4.0.3 -> 4.6.1 (Note: most recent 4.x)
- easymock 3.4 -> 3.5.1
- javax.el 3.0 -> 3.0.1-b10
- jasper 6.0.18 -> 6.0.53 (Note: most recent 6.0.x)
- juli 6.0.18 -> 6.0.53 (Note: most recent 6.0.x)
- commons-logging 1.1.3 -> 1.2
- commons-collections4 4.1 -> 4.2
- commons-io 2.5 -> 2.6
- commons-lang 3.6 -> 3.8.1
- commons-beanutils 1.9.2 -> 1.9.3
- commons-validator 1.5.1 -> 1.6
- mockito 1.9.5 -> 1.10.19 (Note: most recent 1.x)
- cdi-api 1.0-SP1 -> 1.0-SP4 (Note: most recent 1.0.x)
- weld-core 1.0.1-Final -> 1.0.1-SP4 (Note: most recent 1.0.x)
Note: cglib-nodep version appears to be determined by the jmock-cglib
requirement for JMock 1.2.0. Seems safer to leave cglib/cglib-nodep alone for
2.5.x series builds.
---------
There is an open PR #264 which demonstrates the build/regression completes
using the above version changes. The Showcase applications appear to work
interactively as well, but there are no demonstrator applications for the
Plugins.
Please review the above and see if some or all of the library updates appear
appropriate for the 2.5.x build line.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
