-
Bug
-
Resolution: Done
-
Medium
-
Istanbul Release
With silicon-SR1 the problem seems to be the javax.servlet:javax.servlet-api:4.0.1 bundle which seems to be only partly used by opendaylight components.
So in the odl repo version 3.1.0 and 4.0.1 are available. Our parents are up to now only managing 4.0.1 (always the latest) version, so every ccsdk artifact is using 4.0.1
At least:
* org.eclipse.jetty:jetty-util
* org.eclispe.jetty:jetty-http
* org.eclispe.jetty:jetty-jaspi
* org.eclispe.jetty:jetty-security
* org.eclispe.jetty:jetty-server
* org.eclispe.jetty:jetty-servlet
* org.eclispe.jetty:jetty-servlets
* org.eclipse.jetty.websocket:websocket-servlet
* org.opendaylight.aaa:aaa-authn-api
* org.opendaylight.aaa:aaa-shiro
* org.opendaylight.aaa.web:web-api
* org.opendaylight.aaa.web:servlet-api
* org.opendaylight.aaa.web:servlet-jersey2
* org.opendaylight.aaa.web:web-osgi-impl
* org.opendaylight.netconf:sal-rest-docgen
* org.opendaylight.netconf:restconf-nb-bierman02
* org.opendaylight.netconf:restconf-nb-rfc8040
are still using 3.1.0 and have in their Manifest the restriction for javax.servlet with [3.1.0,4)
solution 1:
fallback in ccsdk/parent to javax.servlet-api to version 3.1.0
security concerns?
solution 2:
patching the manifest import-packages???
- is blocked by
-
CCSDK-3370 cleanup sdnr dependencies
- Closed
- relates to
-
CCSDK-3375 conflicting dependencies of sdnr-wt-websocketmanager-feature and org.onap.ccsdk.sli.adaptors.resource-assignment-provider
- Closed