spmallette commented on code in PR #3384: URL: https://github.com/apache/tinkerpop/pull/3384#discussion_r3137707527
########## docs/src/upgrade/release-4.x.x.asciidoc: ########## @@ -30,6 +30,95 @@ image::gremlins-wildest-dreams.png[width=185] Please see the link:https://github.com/apache/tinkerpop/blob/4.0.0/CHANGELOG.asciidoc#release-4-0-0[changelog] for a complete list of all the modifications that are part of this release. +=== Upgrading for Users + +==== Gremlin Server Initialization Without Groovy Review Comment: How about "More Secure Gremlin Server" as a title? The first sentence is rough with the semicolon: > Previous versions of Gremlin Server relied on the Groovy script engine for basic server initialization; binding traversal sources, loading data, and running lifecycle hooks all required Groovy init scripts. How about: > Previous versions of Gremlin Server relied on a Gremlin-flavored Groovy `ScriptEngine` for basic server initialization, which covered binding traversal sources, loading data, and running lifecycle hooks all setup by Groovy initialization scripts. Change "script engine" to `ScriptEngine` consistently. If this is about security, I think that it would make sense to mention how an earlier version took a step toward security by making gremlin-language the default for script execution and this is the second step required to make the server more secure by default. you allude to that in the second paragraph without that earlier reference about sending remote scripts. I would further allude to the idea that a future version will wholly remove Groovy as an installed option in the server. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
