[MAGNOLIA-6814] Update 3rd-party libraries for next major 5.5 release Created: 15/Feb/16  Updated: 29/Oct/18  Resolved: 11/Oct/16

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 5.5

Type: Epic Priority: Neutral
Reporter: Michael Mühlebach Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLREST-70 REST tools module uses an old versio... Closed
dependency
is depended upon by MAGNOLIA-6373 Update Freemarker from '2.3.21' to '2... Closed
Template:
Epic Name: Update 3rd-party libraries for 5.5
Acceptance criteria:
Empty
Release notes required:
Yes
Date of First Response:
Story Points: 0

 Description   

The following libraries have updates atm in core (23.2.2016): (by definition all our dependencies should at least be managed in the core parent)

cglib:cglib-nodep ....................................... 3.1 -> 3.2.0 MAGNOLIA-6665 
com.google.auto.factory:auto-factory .......... 0.1-beta1 -> 1.0-beta3
com.google.guava:guava .................................. 18.0 -> 19.0
com.google.inject:guice ................................... 3.0 -> 4.0 MAGNOLIA-6337 
com.google.inject.extensions:guice-multibindings .......... 3.0 -> 4.0
com.mockrunner:mockrunner-servlet ..................... 1.0.4 -> 1.1.1
com.mycila.guice.extensions:mycila-guice-closeable .. 3.5.ga -> 3.6.ga
com.mycila.guice.extensions:mycila-guice-injection .. 3.5.ga -> 3.6.ga
com.mycila.guice.extensions:mycila-guice-jsr250 ..... 3.5.ga -> 3.6.ga
commons-betwixt:commons-betwixt ............... 0.8 -> 20030211.133854
javax.el:javax.el-api ............................. 2.2.4 -> 3.0.1-b04
javax.servlet:servlet-api ......................... 2.5 -> 3.0-alpha-1
javax.servlet.jsp:jsp-api ........................... 2.1 -> 2.2.1-b03
junit:junit ............................................. 4.11 -> 4.12
net.sourceforge.htmlunit:htmlunit ....................... 2.15 -> 2.19
org.apache.commons:commons-collections4 ................... 4.0 -> 4.1 DEV-266
org.apache.commons:commons-lang3 .......................... 3.1 -> 3.4 DEV-241 
org.apache.commons:commons-pool2 ........................ 2.2 -> 2.4.2 DEV-267
org.apache.httpcomponents:httpclient .................. 4.3.5 -> 4.5.1 DEV-268 
org.apache.httpcomponents:httpmime .................... 4.3.5 -> 4.5.1 DEV-268
org.apache.jackrabbit:jackrabbit-core ................ 2.8.0 -> 2.12.4 DEV-278
org.apache.jackrabbit:jackrabbit-jcr-commons ......... 2.8.0 -> 2.12.4 DEV-278
org.apache.tika:tika-core ................................ 1.6 -> 1.12
org.apache.tika:tika-parsers ............................. 1.6 -> 1.12
org.apache.velocity:velocity ........................ 1.5 -> 1.7-beta1
org.bouncycastle:bcmail-jdk15on ......................... 1.46 -> 1.54 MAGNOLIA-6703
org.bouncycastle:bcpg-jdk15on ........................... 1.46 -> 1.54 MAGNOLIA-6703
org.bouncycastle:bcprov-jdk15on ......................... 1.46 -> 1.54 MAGNOLIA-6703
org.easymock:easymock ..................................... 2.4 -> 3.4
org.easymock:easymockclassextension ....................... 2.4 -> 3.2
org.freemarker:freemarker ........................... 2.3.21 -> 2.3.25 MAGNOLIA-6373
org.glassfish.web:javax.el ............................ 2.2.4 -> 2.2.6
org.hibernate:hibernate-validator ........ 5.1.3.Final -> 5.3.0.Alpha1
org.mockito:mockito-core ....................... 1.10.8 -> 2.0.42-beta
org.powermock:powermock-api-mockito ................... 1.5.6 -> 1.6.4
org.powermock:powermock-module-junit4 ................. 1.5.6 -> 1.6.4
org.projectlombok:lombok ............................ 1.14.8 -> 1.16.6
org.reflections:reflections .......................... 0.9.9 -> 0.9.10
org.slf4j:jcl-over-slf4j ............................. 1.7.7 -> 1.7.16
org.slf4j:slf4j-api .................................. 1.7.7 -> 1.7.16
org.slf4j:slf4j-log4j12 .............................. 1.7.7 -> 1.7.16
org.slf4j:slf4j-simple ............................... 1.7.7 -> 1.7.16
org.yaml:snakeyaml ...................................... 1.14 -> 1.17
uk.com.robust-it:cloning .............................. 1.9.1 -> 1.9.2
xerces:xercesImpl .................................... 2.8.1 -> 2.11.0
xmlunit:xmlunit ........................................... 1.5 -> 1.6

Please use the following command to list possible dependency updates in maven projects: mvn versions:display-dependency-updates



 Comments   
Comment by Mikaël Geljić [ 19/Feb/16 ]

pdfbox (currently 1.8.6, brought by tika-parsers 1.6 => we should consider moving to 1.8.10, as brought by tika-parsers 1.11)

Comment by Mikaël Geljić [ 23/Jun/16 ]

Another candidate: log4j 2, out for a couple years, 1.x is EOL since September iirc
Mind that sfl4j impl is now provided by log4j themselves, no org.slf4j:slf4j-log4j12 anymore.

<dependency>
  <groupId>org.slf4j</groupId>
  <artifactId>slf4j-api</artifactId>
</dependency>
<!-- Use Log4J for logging -->
<dependency>
  <groupId>org.apache.logging.log4j</groupId>
  <artifactId>log4j-core</artifactId>
</dependency>
<dependency>
  <groupId>org.apache.logging.log4j</groupId>
  <artifactId>log4j-slf4j-impl</artifactId>
</dependency>
Comment by Roman Kovařík [ 20/Oct/16 ]

New libraries in 5.5:

  • yuicompressor-2.4.8.jar (brought by ui-framework)
  • rome-utils:jar:1.7.0 (brought by rome:jar:1.7.0)
  • json-lib:jar:jdk15:2.3 (brought by imageio-tiff:jar:3.1.0)
  • js-1.7R2.jar (brought by yuicompressor:jar:2.4.8)
  • jboss-logging-3.1.4.GA.jar (brought by jcip-annotations:jar:1.0)
  • jboss-jaxrs-api_2.0_spec-1.0.0.Final.jar (brought by resteasy-jaxrs:jar:3.0.19.Final)
  • ezmorph-1.0.6.jar (brought by json-lib:jar:jdk15:2.3)
  • c3p0-0.9.1.1.jar (brought by quartz:jar:2.2.3)
  • bcpkix-jdk15on-1.54.jar (brought by bcmail-jdk15on:jar:1.54)
Generated at Mon Feb 12 04:18:05 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.