[wildfly-dev] Removal of commons-cli, commons-lang and commons-lang3 modules
Carlo de Wolf
cdewolf at redhat.com
Thu Apr 4 05:57:02 EDT 2019
Define the end-state.
If commons-lang3 is part of that end-state it makes no sense to remove
it from the matrix. Were it not for CXF it could however be removed from
the runtime.
Don't drive into a road which could potentially be a dead-end.
Carlo
On 03-04-19 16:51, Darran Lofthouse wrote:
> Certainly a topic for the future.
>
> On Wed, Apr 3, 2019 at 3:36 PM Fernando Nasser <fnasser at redhat.com
> <mailto:fnasser at redhat.com>> wrote:
>
> On 2019-04-03 4:43 a.m., Darran Lofthouse wrote:
>> +1 the tool is a shaded jar so should not need to depend on
>> another module.
>>
>> We may want to look at shading again but that would be a
>> different topic.
>
>
> Indeed.
>
> Who monitors/detects the shaded code does not contain a CVE and
> fix it if it does?
>
> Are the people who "shaded" it responsible for
> supporting/maintaining that code?
>
>
>>
>> On Tue, Apr 2, 2019 at 10:13 PM James Perkins
>> <jperkins at redhat.com <mailto:jperkins at redhat.com>> wrote:
>>
>> I believe the org.wildfly.security:wildfly-elytron-tool does
>> use org.apache.commons.lang3. However IIRC it's now shaded in
>> so likely not an issue. That could be why it was originally
>> there.
>>
>> On Tue, Apr 2, 2019 at 12:34 PM Brian Stansberry
>> <brian.stansberry at redhat.com
>> <mailto:brian.stansberry at redhat.com>> wrote:
>>
>> Currently WildFly includes 3 JBoss Modules modules that
>> are not used in our runtime. I would like to remove these
>> in WildFly 17:
>>
>> org.apache.commons.cli
>> org.apache.commons.lang[1]
>> org.apache.commons.lang3
>>
>> All three have the "jboss.api" = "private" property set
>> in their module.xml, meaning they are marked for internal
>> use only and we are free to remove them. End user
>> applications should not have referenced these modules,
>> and if they do we log a WARN on boot advising not to do that.
>>
>> However, other projects that extend WildFly (i.e. write
>> their own subsystems) may be using these modules, so I
>> wanted to notify any such folks that these will likely be
>> going away and you'll need to provide these yourselves.ed.
>>
>> Best regards,
>> Brian
>>
>> [1] This one is referenced in a commented out module.xml
>> section related to My Faces 1.1 support. I've checked
>> with Farah Juma and that is no longer relevant and the
>> comment can be removed.
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> <mailto:wildfly-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>>
>> --
>> James R. Perkins
>> JBoss by Red Hat
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20190404/04329a08/attachment-0001.html
More information about the wildfly-dev
mailing list