Skip to content

2.3.0
Compare
Choose a tag to compare
@amanteaux amanteaux released this 13 Sep 11:58
· 15 commits to master since this release
2.3.0
31829c5

Changelog

This release proposes a new Cron implementation dependency. Much lighter than the previous one, the new Cron library used:

  • Has no dependency
  • Does not use any dynamic code nor interpret any type of execution code (no Java reflection etc.)
  • Proposes a computation algorithm similar to the old one used
  • Support standard Cron expression style as well as the extended Quartz format (without the 7th year field)

It brings to Wisp:

  • A much safer code dependency: this library will never contain any critical security issue. The worst case security issue the library may face is denial of service through Cron expression interpretation (that is still a lot better than remote code execution...!)
  • A lighter dependency: cron-utils jar file is 170ko whereas the new dependency is only 20ko. Moreover cron-utils is relying on jakarta.el which jar file is 230ko
  • Less maintenance: cron-utils proposes many features useless for Wisp and for many projects using Wisp. As a consequence, to bring all these features and corresponding fixes, there are many releases of cron-utils. The new Cron library used by Wisp contains only Cron expression parsing and next dates calculation. That's exactly what Wisp requires. And now that this code works, it's not likely to evolve much in the future

Breaking change and upgrade instructions

The usage of cron-utils is now deprecated. The related code will be removed in Wisp 3.
However, it's still advised to do the migration when it's possible: it will bring more safety to projects using Wisp with Cron.

The changes to consider are:

  • Update the pom.xml file to replace cron-utils by the new Cron library. So this dependency:
<dependency>
  <groupId>com.cronutils</groupId>
  <artifactId>cron-utils</artifactId>
  <version>9.1.6</version>
</dependency>

Must be replaced by:

<dependency>
  <groupId>ch.eitchnet</groupId>
  <artifactId>cron</artifactId>
  <version>1.6.2</version>
</dependency>
  • Upgrade of Cron expressions used: cron-utils proposes 7 fields for Cron expression (the last one is the year), whereas the new cron library proposes two options: 5 fields (minute precision) and 6 fields (second precision). It means that if a Cron expression with 7 fields is used, the last field (the year) must be removed in order to be compatible with the new Cron library. For example, the Quartz expression 0 0 12 * * ? * must be translated to 0 0 12 * * ?. Most of the time, the year field is set to put an unreachable date, this can be accomplished by setting the expected date to a 31st of February: * * * 31 2 *
  • To parse Cron expression using the new library:
    • CronExpressionSchedule.parse() must be used to parse a 5 fields Cron expression (Unix standard), so without a second field
    • CronExpressionSchedule.parseWithSeconds() must be used to parse a 6 fields Cron expression, so the first field is the second

Maven

<dependency>
  <groupId>com.coreoz</groupId>
  <artifactId>wisp</artifactId>
  <version>2.3.0</version>
</dependency>
Assets 2
Loading