Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Assessment
Workspace Domino
Created by Guest
Created on Oct 7, 2021

Clean up ndext directory to give developers the choice to use newer open source libraries

The "ndext" directory of Domino contains more and more open source and internal libraries that are automatically added to the JVM classpath of web apps (and probably agents as well), e.g.:

  • activation.jar => javax.activation version 1.1

  • BlueJavaHtmlSanitizer.jar => OWASP HTML sanitizer version 20180219.1

  • domino-acf-policies.jar => OWASP ACF policies for Domino

  • dlt.jar => com.ibm.dltj, version nightlybuild_DLT7113_HF_2010_05_17_Hursley

  • dservlet.jar => lotus.domino.server.*

  • dwabl.jar =>com.lotus.dwa.*

  • guava.jar => Google Guava version 19.0.0

  • ibmdirectoryservices.jar => com.ibm.directoryservices.ldap

  • icu4j.jar => ICU4J version 4.0

  • jsdk.jar => javax.servlet.* API, version probably 2.4

  • liveconn.jar => netscape.javascript.* LiveConnect API for browser applets

  • lmgfilter.jar => com.ibm.spamguru

  • mail.jar => javax.mail.* API 1.4

  • RMEval.jar => com.ibm.amw

  • stcommsrvrtk.jar => Sametime Java classes version SAMETIME8.0.2_20081209.0208_WIN32AIXSOLLIN_WESTFORD


As a developer, the libs that hurt the most are the old versions of Google Guava, ICU4J and the OWASP HTML sanitizer.


activation.jar even is a duplicate, because the JDK 1.8 rt.jar archive already contains this API.


Having them in the JDK system classpath by default means we cannot use newer versions in our applications (except for some very experimental Java classloader tricks which also require higher Java privileges than standard XPages web apps have).

Please clean this directory up or find a different implementation approach that lets us use newer lib versions in our apps.

Karsten Lehmann, Mindoo GmbH


  • Attach files
  • Guest
    Reply
    |
    Oct 7, 2021

    Hear hear. Between this directory and the loose stuff added to jvm/lib/ext (moreso in the Notes client), the Java classpath is a minefield.