我依赖于几个Apache TLP(顶级项目),如Apache Axis,Commons HttpClient,Commons DBCP,Commons Transaction等。
每个项目都依赖于JCL(Commons Logging),每个项目都依赖于不同版本的JCL。
我应该选择哪个版本的JCL - 最高版本是最佳选择吗?更高版本的JCL是否与针对较低版本编译的项目兼容(某些项目是针对1.0.x版本的JCL编译的,而其他项目是针对1.1.x编译的)? JCL项目本身是否在某处传达了这些信息?
答案 0 :(得分:2)
版本1.1.1的RELEASE-NOTES说明如下:
== Incompatibilities ==
The protected method LogFactory.getContextClassLoader has been reverted to pre-1.1
behaviour. In earlier releases, this method did not use an AccessController when
obtaining the context classloader. In version 1.1 it did. In this release, it has
reverted to not using an AccessController; any user-level code that needs to obtain
a context classloader should itself create an AccessController, and call the
LogFactory.getContextClassLoader method via the doPrivileged method. This fixes a
potential security issue, where untrusted code could get access to the context
classloader if a signed Commons Logging library was in the classpath.
这对我来说非常具体。我会尝试最新版本(1.1.1)并查看是否出现了一些问题。