Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
XSS Protection API 2.3.0
-
None
Description
with version 2.3.0 of the XSS Protection API the internal implementation was switched to OWASP sanitizer library (esapi) in SLING-7231.
with this new implementation comes a load of 3rdparty libraries including a guava version, which is embedded as private packages in the OSGi bundle. this is completely fine from an OSGi bundle perspective and works.
however, in unit test contexts this can lead to problems, because depending on the dependency order the embedded guava classes may overlay other guava classes references in the same POM with a different version, leading to problems running code in the unit test context. to prevent problems like this, we usually apply a shading and relocation of the package names to ensure such clashes in classpath does no happen.
the same problem may affect other libraries embedded in the bundle.
Attachments
Issue Links
- relates to
-
SLING-7231 Move to owasp sanitizer library
- Closed
- links to