SLING-12276 - Update to java-html-sanitizer 20240325.1 #42
Conversation
- remove shade plugin configuration - stop embedding guava classes - rework our overrides to no longer use Guava Bundle size is down from 4.1 to 1.9 MB
|
After this PR the bundle will no longer resolve in the current Sling Starter |
Also inline the new shim classes in the resulting jar.
rombert
force-pushed
the
issue/SLING-12276
branch
from
b973b8d to
a6efb27
Compare
Fixed with a6efb27 |
|
java-html-sanitizer 20240325.1 contains Java 10 bytecode (https://github.com/OWASP/java-html-sanitizer/blob/43089899bae8fae0cb0016c5700beace7ddd26f0/owasp-java-html-sanitizer/pom.xml#L90), so we should target Java10+ as well with our wrapper bundle. Alternatively we can use https://github.com/OWASP/java-html-sanitizer/blob/43089899bae8fae0cb0016c5700beace7ddd26f0/java8-shim/pom.xml instead... |
|
@kwin - my reading of the release notes is that this release still supports Java 8. The Jenkins build with Java 8 also passes - https://ci-builds.apache.org/blue/organizations/jenkins/Sling%2Fmodules%2Fsling-org-apache-sling-xss/detail/PR-42/1/pipeline/122 . |
Fix Java 8 build after inlining the shim packages.
Fix bnd warnings (the shim packages don't overlap anyway).
|
I can't actually run the latest Sling Starter with Java 8, but the analysers are not happy This is probably because of the Java 10 shim; we should overide the requirement that bnd generates in this case. |
Force the osgi.ee requirement back to Java 8
|
|
lgtm from sling-mock perspective |
|
@raducotescu - any comments? I plan to merge tomorrow. |
Bundle size is down from 4.1 to 1.9 MB