[PR] Bump cxf.netty.version from 4.1.111.Final to 4.1.112.Final [cxf]
dependabot[bot] opened a new pull request, #1973: URL: https://github.com/apache/cxf/pull/1973 Bumps `cxf.netty.version` from 4.1.111.Final to 4.1.112.Final. Updates `io.netty:netty-codec-http` from 4.1.111.Final to 4.1.112.Final Commits https://github.com/netty/netty/commit/ebe2aa5b7cd36562a20b024d78ecff47a86874b8";>ebe2aa5 [maven-release-plugin] prepare release netty-4.1.112.Final https://github.com/netty/netty/commit/5e2d384477698419e56674ed5cf58d6865b95786";>5e2d384 Only include scopeId on link-local addresses when using native transport (https://redirect.github.com/netty/netty/issues/14";>#14... https://github.com/netty/netty/commit/5c0b0d5225023b02a61f89cbbae8aaeadbf5897e";>5c0b0d5 Validate HTTP version while decoding (https://redirect.github.com/netty/netty/issues/14187";>#14187) https://github.com/netty/netty/commit/b360abcca17bd86c7306ba4bdfdb22432bbcd5fd";>b360abc Allow HTTP responses without reason-phrase (https://redirect.github.com/netty/netty/issues/14183";>#14183) https://github.com/netty/netty/commit/a6bf424dad551be38d4fdb173764a4db673c0ee8";>a6bf424 ScheduledFutureTask: avoid invoke system clock again (https://redirect.github.com/netty/netty/issues/14162";>#14162) https://github.com/netty/netty/commit/3881103a01488785a6d2f78a3a80258dd848609f";>3881103 Fix checkstyle errors introduced by fixing merge conflicts https://github.com/netty/netty/commit/3c06dd680d05b3fa32ed9d6b82e9ef62de1c9b87";>3c06dd6 Reject request if NUL is present in the request line (https://redirect.github.com/netty/netty/issues/14180";>#14180) https://github.com/netty/netty/commit/e6a78dd2c98cc9a236d1d8ba5888a98327d6c7c6";>e6a78dd Don't strip whitespaces from header names and let the validator handl… (https://redirect.github.com/netty/netty/issues/14179";>#14179) https://github.com/netty/netty/commit/c5d3d724839a0f500803035b590df2d7c826e31a";>c5d3d72 Reject http header values with non SP / HTAB chars (https://redirect.github.com/netty/netty/issues/14178";>#14178) https://github.com/netty/netty/commit/d05af241def22b37120e19d477959799e7f653ff";>d05af24 Fix potential DNS cache invalidation across different EventLoops (https://redirect.github.com/netty/netty/issues/14147";>#14147) Additional commits viewable in https://github.com/netty/netty/compare/netty-4.1.111.Final...netty-4.1.112.Final";>compare view Updates `io.netty:netty-codec-http2` from 4.1.111.Final to 4.1.112.Final Commits https://github.com/netty/netty/commit/ebe2aa5b7cd36562a20b024d78ecff47a86874b8";>ebe2aa5 [maven-release-plugin] prepare release netty-4.1.112.Final https://github.com/netty/netty/commit/5e2d384477698419e56674ed5cf58d6865b95786";>5e2d384 Only include scopeId on link-local addresses when using native transport (https://redirect.github.com/netty/netty/issues/14";>#14... https://github.com/netty/netty/commit/5c0b0d5225023b02a61f89cbbae8aaeadbf5897e";>5c0b0d5 Validate HTTP version while decoding (https://redirect.github.com/netty/netty/issues/14187";>#14187) https://github.com/netty/netty/commit/b360abcca17bd86c7306ba4bdfdb22432bbcd5fd";>b360abc Allow HTTP responses without reason-phrase (https://redirect.github.com/netty/netty/issues/14183";>#14183) https://github.com/netty/netty/commit/a6bf424dad551be38d4fdb173764a4db673c0ee8";>a6bf424 ScheduledFutureTask: avoid invoke system clock again (https://redirect.github.com/netty/netty/issues/14162";>#14162) https://github.com/netty/netty/commit/3881103a01488785a6d2f78a3a80258dd848609f";>3881103 Fix checkstyle errors introduced by fixing merge conflicts https://github.com/netty/netty/commit/3c06dd680d05b3fa32ed9d6b82e9ef62de1c9b87";>3c06dd6 Reject request if NUL is present in the request line (https://redirect.github.com/netty/netty/issues/14180";>#14180) https://github.com/netty/netty/commit/e6a78dd2c98cc9a236d1d8ba5888a98327d6c7c6";>e6a78dd Don't strip whitespaces from header names and let the validator handl… (https://redirect.github.com/netty/netty/issues/14179";>#14179) https://github.com/netty/netty/commit/c5d3d724839a0f500803035b590df2d7c826e31a";>c5d3d72 Reject http header values with non SP / HTAB chars (https://redirect.github.com/netty/netty/issues/14178";>#14178) https://github.com/netty/netty/commit/d05af241def22b37120e19d477959799e7f653ff";>d05af24 Fix potential DNS cache invalidation across different EventLoops (https://redirect.github.com/netty/netty/issues/14147";>#14147) Additional commits viewable in https://github.com/netty/netty/compare/netty-4.1.111.Final...netty-4.1.112.Final";>compare view Updates `io.netty:netty-codec-socks` from 4.1.111.Final to 4.1.112.Final Commits https://github.com/netty/netty/commit/ebe2aa5b7cd36562a20b024d78ecff47a86874b8";>ebe2aa5 [maven-release-plugin] prepare release netty-4.1.112.Final https://github.com/netty/netty/commit/5e2d384477698419e56674ed5cf58d6865b95786";>5e2d384 Only inc
[PR] Bump github/codeql-action from 3.25.12 to 3.25.13 [cxf]
dependabot[bot] opened a new pull request, #1974: URL: https://github.com/apache/cxf/pull/1974 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13. Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] No user facing changes. 3.25.13 - 19 Jul 2024 Add codeql-version to outputs. https://redirect.github.com/github/codeql-action/pull/2368";>#2368 Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. https://redirect.github.com/github/codeql-action/pull/2375";>#2375 If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action. 3.25.12 - 12 Jul 2024 Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes";>build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. https://redirect.github.com/github/codeql-action/pull/2353";>#2353 Update default CodeQL bundle version to 2.18.0. https://redirect.github.com/github/codeql-action/pull/2364";>#2364 3.25.11 - 28 Jun 2024 Avoid failing the workflow run if there is an error while uploading debug artifacts. https://redirect.github.com/github/codeql-action/pull/2349";>#2349 Update default CodeQL bundle version to 2.17.6. https://redirect.github.com/github/codeql-action/pull/2352";>#2352 3.25.10 - 13 Jun 2024 Update default CodeQL bundle version to 2.17.5. https://redirect.github.com/github/codeql-action/pull/2327";>#2327 3.25.9 - 12 Jun 2024 Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. https://redirect.github.com/github/codeql-action/pull/2330";>#2330 The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. https://redirect.github.com/github/codeql-action/pull/2332";>#2332 3.25.8 - 04 Jun 2024 Update default CodeQL bundle version to 2.17.4. https://redirect.github.com/github/codeql-action/pull/2321";>#2321 3.25.7 - 31 May 2024 We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. https://redirect.github.com/github/codeql-action/pull/2306";>#2306 3.25.6 - 20 May 2024 Update default CodeQL bundle version to 2.17.3. https://redirect.github.com/github/codeql-action/pull/2295";>#2295 3.25.5 - 13 May 2024 ... (truncated) Commits https://github.com/github/codeql-action/commit/2d790406f505036ef40ecba973cc774a50395aac";>2d79040 Merge pull request https://redirect.github.com/github/codeql-action/issues/2379";>#2379 from github/update-v3.25.13-270a29d1c https://github.com/github/codeql-action/commit/232a8bc80e2853947b3243c378c6bf9930a32036";>232a8bc Update changelog for v3.25.13 https://github.com/github/codeql-action/commit/270a29d1cc4b4490128f991e675007513ea6e660";>270a29d Merge pull request https://redirect.github.com/github/codeql-action/issues/2375";>#2375 from github/update-supported-enterprise-server-versions https://github.com/github/codeql-action/commit/58f46da2c32f4
[PR] Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 [cxf]
dependabot[bot] opened a new pull request, #1975: URL: https://github.com/apache/cxf/pull/1975 Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.7.0 to 3.8.0. Commits https://github.com/apache/maven-javadoc-plugin/commit/621cba66b6aee068a370806b1619cf1d87e9c582";>621cba6 [maven-release-plugin] prepare release maven-javadoc-plugin-3.8.0 https://github.com/apache/maven-javadoc-plugin/commit/eab964ca3f7df4c5bc94ef78a2547729bbcb1c88";>eab964c [MJAVADOC-603] javadoc:fix failure on JDK10: java.lang.ClassNotFoundException... https://github.com/apache/maven-javadoc-plugin/commit/0a26a7e048e1b0ddb1951983e33e8f3453e87f17";>0a26a7e Update since tags https://github.com/apache/maven-javadoc-plugin/commit/08205b187e976bb7d9266df3b8e7865dae755105";>08205b1 Add compile step for MJAVADOC-365 IT https://github.com/apache/maven-javadoc-plugin/commit/4c8ca8ede6517cc34a7a1a38ba113d0fac351e4d";>4c8ca8e [MJAVADOC-804] Remove temporary directories created by tests https://github.com/apache/maven-javadoc-plugin/commit/91369fabe400ea6c2d91a36d90885d36b447d3ec";>91369fa [MJAVADOC-775] Option 'taglets/taglet/tagletpath' ignored when pointing to a JAR https://github.com/apache/maven-javadoc-plugin/commit/be2fa208674c781b08658878ae375f2c058992fc";>be2fa20 [MJAVADOC-783] Invalid path when using TagletArtifact and TagletPath https://github.com/apache/maven-javadoc-plugin/commit/3eb47c5081bf6f4158333bd378641bc9b7c9a25f";>3eb47c5 [MJAVADOC-791] maven-javadoc-plugin not working correctly together with maven... https://github.com/apache/maven-javadoc-plugin/commit/d3afd39f63f730f5018e8bb00bbf4226dd0f482f";>d3afd39 [MJAVADOC-803] Add default parameter to force root locale https://github.com/apache/maven-javadoc-plugin/commit/4904e0825ae265f5d152a9f0d7eebbcc038c55c9";>4904e08 [MJAVADOC-802] Set default value of defaultAuthor parameter in fix goals to $... Additional commits viewable in https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.7.0...maven-javadoc-plugin-3.8.0";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
JDK 23 RDP2 | Removal of the legacy COMPAT locale provider and more heads-up!
Welcome to the OpenJDK Quality Outreach summer update. JDK 23 is now in Rampdown Phase Two [1], its overall feature has been frozen a few weeks ago. Per the JDK Release Process, we have now turned our focus to P1 and P2 bugs, which can be fixed with approval [2]. Late enhancements are still possible, with approval, but the bar is now extraordinarily high. That also means that the JDK 23 Initial Release Candidates are fast approaching, i.e., August 8th [3]! So, and in addition to testing your projects with the latest JDK 23 early-access builds, it is now a good time to start testing with the JDK 24 early-access builds. Make sure to also check the heads-up below as some are related to JDK 23 and might have some impact, i.e., the first one being related to the eventual removal of the Security Manager and the second one discusses the removal of the legacy COMPAT locale provider. [1] https://mail.openjdk.org/pipermail/jdk-dev/2024-July/009252.html [2] https://openjdk.org/jeps/3#rdp-2 [3] https://openjdk.org/projects/jdk/23/ ## Heads-up - JDK 23: Subject.getSubject API Requires Allowing the Security Manager In JDK 17 and as announced in JEP 411 [4], the Security Manager was deprecated for removal. As part of that change, several Security Manager APIs, such as `AccessControlContext`, were deprecated for removal. The `Subject::doAs` and `Subject::getSubject` APIs depend on Security Manager related APIs even though they do not require Security Manager to be installed to use them. As of JDK 23 [5], to help applications prepare for the eventual removal of the Security Manager, subject authorization and the Subject APIs' behavior depend on allowing the Security Manager: - If the system property `java.security.manager` is set on the command line to the empty string, a class name, or the value `allow` then there is no behavior change compared to previous releases. - If the system property `java.security.manager` is not set on the command line or has been set on the command line to the value `disallow`, invoking the `Subject.getSubject` method will throw `UnsupportedOperationException`. Yet, running an application with `-Djava.security.manager=allow` is a temporary workaround to keep older code working. Maintainers of code using `Subject.doAs` and `Subject.getSubject` are strongly encouraged to migrate it with utmost priority to the replacement APIs, `Subject.callAs` and `Subject.current`. Make sure to check [5] and [6] for additional details. The jdeprscan tool [7] scans a JAR file for usage of deprecated API elements and is helpful to find code using these methods. Additionally, consider migrating as soon as possible code that stores a `Subject` in an `AccessControlContext` and invokes `AccessController.doPrivileged` with that context. Such code will stop working when the Security Manager is removed. [4] https://openjdk.org/jeps/411 [5] https://jdk.java.net/23/release-notes#b15 [6] https://inside.java/2024/07/08/quality-heads-up/ [7] https://dev.java/learn/jvm/tools/core/jdeprscan/ ## Heads-up - JDK 23: Unicode / Removal of COMPAT Locale Provider ### A Quick History of Locale Data in the JDK Before the Unicode Consortium created the Common Locale Data Repository (CLDR) in 2003 to manage locale data, the JDK had to provide its own collection. It did so successfully and in JDK 8 supported about 160 locales. To reduce maintenance effort, allow better interoperability between platforms, and improve locale data quality, the JDK started to move towards CLDR in 2014: - JDK 8 comes with two locale data providers, which can be selected with the system property java.locale.providers: . JRE/COMPAT for the JDK’s legacy data collection (default) . CLDR for the CLDR data . a custom locale provider can be implemented - JDK 9 picks CLDR by default - JDK 21 issues a warning on JRE/COMPAT There are plenty of minor and a few notable differences between the legacy data and CLDR - the recently rewritten JEP 252 [8] lists a few of them. ### Locale Data in JDK 23 JDK 23 [9] removes legacy locale data. As a consequence, setting java.locale.providers to JRE or COMPAT has no effect. Projects that are still using legacy locale data are highly encouraged to switch to CLDR as soon as possible. Where that is infeasible, two alternatives remain: - Create custom formatters with patterns that mimic the legacy behavior and use them everywhere where locale-sensitive data is written or parsed. - Implement a custom locale data provider [10]. For more details on that as well as on CLDR in the JDK in general, please check JEP 252 [8] that has been recently rewritten to provide better information and guidance. [8] https://openjdk.org/jeps/252 [9] https://bugs.openjdk.org/browse/JDK-8325568 [10] https://docs.oracle.com/en/java/javase/22/docs/api/java.base/java/util/spi/LocaleServiceProvider.html ## Heads-up - JDK 23: Initial Leyden Early-Access Builds Project Leyden published its first
Re: [PR] CXFXJC-47: XJC DefaultValue plugin uses JAXBElement that does not have a default constructor [cxf-xjc-utils]
marcelhdl commented on PR #129: URL: https://github.com/apache/cxf-xjc-utils/pull/129#issuecomment-2242225406 Hi @reta, any news on the ETA? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
