This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-configuration.git
The following commit(s) were added to refs/heads/master by this push:
new 8696391d De-emphasize the 1.x version line on the website (#539)
8696391d is described below
commit 8696391dac286725ad26e1ceb0b158e91ca67e0e
Author: Arnout Engelen <enge...@apache.org>
AuthorDate: Fri Feb 7 20:11:15 2025 +0100
De-emphasize the 1.x version line on the website (#539)
* De-emphasize the 1.x version line on the website
Clarify we do not expect it to work with untrusted input.
* Update site.xml
* Update index.xml
---------
Co-authored-by: Gary Gregory <garydgreg...@users.noreply.github.com>
---
pom.xml | 3 -
src/site/site.xml | 3 +-
src/site/xdoc/dependencies_1_10.xml | 168 -------------------------------
src/site/xdoc/download_configuration.xml | 30 ------
src/site/xdoc/index.xml | 41 ++------
5 files changed, 11 insertions(+), 234 deletions(-)
diff --git a/pom.xml b/pom.xml
index 9ea09968..b3a7e1a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,9 +38,6 @@
<commons.release.version>2.11.0</commons.release.version>
<commons.release.next>2.11.1</commons.release.next>
<commons.release.desc>(Java 8 or above)</commons.release.desc>
-
<commons.release.2.name>commons-configuration-${commons.release.2.version}</commons.release.2.name>
- <commons.release.2.version>1.10</commons.release.2.version>
- <commons.release.2.desc>(old 1.x version)</commons.release.2.desc>
<commons.jira.id>CONFIGURATION</commons.jira.id>
<commons.jira.pid>12310467</commons.jira.pid>
<maven.compiler.source>1.8</maven.compiler.source>
diff --git a/src/site/site.xml b/src/site/site.xml
index 1dcaa825..b8ce5367 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -35,8 +35,7 @@
<item name="Download" href="/download_configuration.cgi" />
<item name="Javadoc">
<item name="Javadoc Current" href="/apidocs/index.html" />
- <item name="Javadoc Archive 2.x"
href="https://javadoc.io/doc/org.apache.commons/commons-configuration2/"; />
- <item name="Javadoc Archive 1.x"
href="https://javadoc.io/doc/commons-configuration/commons-configuration/"; />
+ <item name="Javadoc Archive"
href="https://javadoc.io/doc/org.apache.commons/commons-configuration2/"; />
</item>
<!-- End: For all components. -->
<!-- Specific to this component: -->
diff --git a/src/site/xdoc/dependencies_1_10.xml
b/src/site/xdoc/dependencies_1_10.xml
deleted file mode 100644
index fa51973b..00000000
--- a/src/site/xdoc/dependencies_1_10.xml
+++ /dev/null
@@ -1,168 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<document xmlns="http://maven.apache.org/XDOC/2.0";
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0
https://maven.apache.org/xsd/xdoc-2.0.xsd";>
- <properties>
- <title>Runtime dependencies</title>
- </properties>
-
- <body>
-
- <section name="Runtime dependencies">
-
- <p>
- Commons Configuration requires Java 5 or later.
- </p>
- <p>
- A lot of dependencies are declared in the Maven POM. These are
all
- needed during compile time. On runtime however you only need to
- add the dependencies to your classpath that are required by the
- parts of the Commons Configuration package you are using. The
- following table helps you to determine which dependencies you
- have to include based on the components you intend to use:
- </p>
-
- <table>
- <thead>
- <tr>
- <th width="30%">Component</th>
- <th>Dependencies</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>Core</td>
- <td>
- commons-lang<br/>
- commons-logging
- </td>
- </tr>
- <tr>
- <td>DefaultConfigurationBuilder</td>
- <td>commons-beanutils</td>
- </tr>
- <tr>
- <td>ConfigurationFactory (deprecated)</td>
- <td>commons-digester</td>
- </tr>
- <tr>
- <td>ConfigurationConverter</td>
- <td>commons-collections</td>
- </tr>
- <tr>
- <td>
- PropertyListConfiguration<br/>
- XMLPropertyListConfiguration
- </td>
- <td>commons-codec</td>
- </tr>
- <tr>
- <td>ConfigurationDynaBean</td>
- <td>commons-beanutils</td>
- </tr>
- <tr>
- <td>XPathExpressionEngine</td>
- <td>commons-jxpath</td>
- </tr>
- <tr>
- <td>CatalogResolver</td>
- <td>xml-resolver</td>
- </tr>
- <tr>
- <td>Web configurations</td>
- <td>servlet-api</td>
- </tr>
- <tr>
- <td>ExprLookup</td>
- <td>commons-jexl</td>
- </tr>
- <tr>
- <td>VFSFileSystem, VFSFileChangedReloadingStrategy</td>
- <td>commons-vfs</td>
- </tr>
- </tbody>
- </table>
-
- <p>
- <strong>Notes</strong>
- </p>
- <ul>
- <li>Commons Configuration makes use of other
- Commons components. You should be able to use the current
- versions of these components together with Commons
Configuration.
- In some cases, when no specific features are used, older
- versions will work, too. Below is a table with the version
- numbers that have been tested:
- <table>
- <thead>
- <tr>
- <th>Component</th>
- <th>Version</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>commons-lang</td>
- <td>2.2, 2.3, 2.4, 2.5, 2.6</td>
- </tr>
- <tr>
- <td>commons-collections</td>
- <td>3.1, 3.2, 3.2.1</td>
- </tr>
- <tr>
- <td>commons-logging</td>
- <td>1.0.4, 1.1, 1.1.1</td>
- </tr>
- <tr>
- <td>commons-digester</td>
- <td>1.6, 1.7, 1.8, 1.8.1</td>
- </tr>
- <tr>
- <td>commons-beanutils</td>
- <td>1.7.0, 1.8.0, 1.8.2, 1.8.3</td>
- </tr>
- <tr>
- <td>commons-codec</td>
- <td>1.3, 1.5, 1.6</td>
- </tr>
- <tr>
- <td>commons-jxpath</td>
- <td>1.2, 1.3</td>
- </tr>
- <tr>
- <td>commons-jexl</td>
- <td>2.1.1</td>
- </tr>
- <tr>
- <td>commons-vfs</td>
- <td>2.0</td>
- </tr>
- <tr>
- <td>xml-resolver</td>
- <td>1.2</td>
- </tr>
- </tbody>
- </table>
- </li>
- </ul>
- </section>
-
- </body>
-
-</document>
diff --git a/src/site/xdoc/download_configuration.xml
b/src/site/xdoc/download_configuration.xml
index 43139534..a1f80a07 100644
--- a/src/site/xdoc/download_configuration.xml
+++ b/src/site/xdoc/download_configuration.xml
@@ -145,36 +145,6 @@ limitations under the License.
</table>
</subsection>
</section>
- <section name="Apache Commons Configuration 1.10 (old 1.x version)">
- <subsection name="Binaries">
- <table>
- <tr>
- <td><a
href="[preferred]/commons/configuration/binaries/commons-configuration-1.10-bin.tar.gz">commons-configuration-1.10-bin.tar.gz</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/binaries/commons-configuration-1.10-bin.tar.gz.sha512";>sha512</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/binaries/commons-configuration-1.10-bin.tar.gz.asc";>pgp</a></td>
- </tr>
- <tr>
- <td><a
href="[preferred]/commons/configuration/binaries/commons-configuration-1.10-bin.zip">commons-configuration-1.10-bin.zip</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/binaries/commons-configuration-1.10-bin.zip.sha512";>sha512</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/binaries/commons-configuration-1.10-bin.zip.asc";>pgp</a></td>
- </tr>
- </table>
- </subsection>
- <subsection name="Source">
- <table>
- <tr>
- <td><a
href="[preferred]/commons/configuration/source/commons-configuration-1.10-src.tar.gz">commons-configuration-1.10-src.tar.gz</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/source/commons-configuration-1.10-src.tar.gz.sha512";>sha512</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/source/commons-configuration-1.10-src.tar.gz.asc";>pgp</a></td>
- </tr>
- <tr>
- <td><a
href="[preferred]/commons/configuration/source/commons-configuration-1.10-src.zip">commons-configuration-1.10-src.zip</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/source/commons-configuration-1.10-src.zip.sha512";>sha512</a></td>
- <td><a
href="https://downloads.apache.org/commons/configuration/source/commons-configuration-1.10-src.zip.asc";>pgp</a></td>
- </tr>
- </table>
- </subsection>
- </section>
<section name="Archives">
<p>
Older releases can be obtained from the archives.
diff --git a/src/site/xdoc/index.xml b/src/site/xdoc/index.xml
index 5b773da0..fac09303 100644
--- a/src/site/xdoc/index.xml
+++ b/src/site/xdoc/index.xml
@@ -70,42 +70,21 @@ Integer integer = config.getInteger("number");
<section name="Commons Configuration 1.x and 2.x">
<p>
- After its initial release in 2004, Apache Commons Configuration has been
steadily improved,
- and a series of feature releases has been published over the years. All
of these releases
- were binary backwards-compatible. The latest release of this series is
version 1.10. This code
- base is now pretty mature and does what it is expected to do.
+ New projects should use 2.x, first released in 2016, under the Maven
coordinates <code>org.apache.commons:commons-configuration2</code>.
</p>
<p>
- Nevertheless, there have been some design decisions made in the past
which are problematic
- in retrospect. For instance, access to configuration objects is always
synchronized which
- might be a performance issue in some use cases, or support for reloading
of configuration
- data is very limited - just to mention a few pain points. These problems
could not be
- fixed without breaking backwards compatibility in the affected areas.
+ The 1.x codebase no longer receives updates.
+ Denial of service issues that rely on loading untrusted data from
configuration files,
+ or passing untrusted data to the API, are outside the scope of the 1.x
security model
+ and will not be fixed. Upgrading your application from 1.x to 2.x will
require at least changing import statement
+ code changes and possibly more, see the <a
href="userguide/upgradeto2_0.html">migration guide for 2.0</a>.
</p>
<p>
- Therefore, work has been spent on a major redesign of the library
- addressing some of the weaknesses of the 1.x versions. The results
- have been made available over a longer period as a series of alpha and
beta releases.
- Now the final version 2.0 is available incorporating feedback from the
community. Note that
- this is not a drop-in replacement for Commons Configuration 1.x! Changes
on client code
- are required to make use of the new version. There is
- a <a href="userguide/upgradeto2_0.html">Migration guide</a> that can be
- used as guideline when upgrading from version 1.x to 2.0. It describes
the
- most important changes. A good source of information is also the
- <a href="changes.html">Changes Report</a> that explains all of the
changes and bug
- fixes that have been applied.
- </p>
- <p>
- Both Commons Configuration 1.10 and the most recent 2.x release can be
downloaded from the
+ The most recent Commons Configuration 2.x release can be downloaded from
the
<a
href="https://commons.apache.org/configuration/download_configuration.cgi";>Apache
download area</a>.
The artifacts have also been deployed to
- <a href="http://repo1.maven.org/maven2/";>Maven central</a> (with
different coordinates for
- both versions to avoid conflicts). Which version should you use? Well,
if you are a
- long-term user of Commons Configuration 1.x and happy with its
functionality, there is
- no urgent pressure to upgrade to the newest version. New projects,
however, should start
- with the new API as it offers more functionality and makes some tasks
easier and cleaner.
- Also note that development currently focuses exclusively on the 2.x
branch, so that the
- probability for bug-fix releases for version 1.x is pretty low.
+ <a href="http://repo1.maven.org/maven2/";>Maven central</a>. Commons
Configuration 1.x
+ artifacts are also available under their original Maven coordinates.
</p>
</section>
@@ -116,7 +95,7 @@ Integer integer = config.getInteger("number");
Turbine, this configuration interface moved to <a
href="http://jakarta.apache.org/velocity";>Jakarta Velocity</a>
and underwent various improvements. After Velocity, this code was
introduced to the
<a href="https://commons.apache.org";>Apache Commons</a> as
<code>ExtendedProperties</code>.
- Configuration began life in the Commons as a Sandbox component, and
was promoted to the
+ Configuration began life in the Commons as a Sandbox component and was
promoted to the
Commons Proper in late 2003.
</p>
</section>
