问题
As stated in the JavaDocs, it will be removed in a future release. Is there any alternative library which works similarly via annotations?
回答1:
Let's first explain the reasons of the deprecation: we recently had a security issue (CVE) due to this very constraint. It was due to an error in our implementation but it made us realize that this was very fragile and potentially a can of worms security wise.
The alternative for now would be to implement it yourself based on our latest implementation and maintain it in your own application (with potentially your own tweaks).
We have a very nice article on our blog explaining how to do that easily: https://in.relation.to/2017/03/02/adding-custom-constraint-definitions-via-the-java-service-loader/ .
Basically, this change is us saying that we don't want to take the responsibility of something that is potentially fragile and will need a lot of attention, with tweaks potentially specific to the application platform it is deployed on.
Update: I have posted a full announcement here: https://in.relation.to/2019/11/20/hibernate-validator-610-6018-released/ .
来源:https://stackoverflow.com/questions/58913428/what-alternatives-are-there-to-hibernate-validators-safehtml-to-validate-strin