2.0.3

What's Changed

• CVE-2025-67030 Plexus-Utils has a Directory Traversal vulnerability in its extractFile method by @dependabot[bot] in #81
• CVE-2026-0636 Bouncy Castle has an LDAP injection by @dependabot[bot] in #87
• CVE-2024-7254 unbounded recursion when parsing deeply nested SGROUP tags causes a stack overflow DoS by @Copilot in #86
• Update build.yml add JDK 26 support by @vharseko in #80
• Update org.openidentityplatform.opendj to 5.1.1 by @vharseko in #92
• Fix NPE in XMLConnector.dispose() when init() failed by @vharseko in #90
• Fix NPE in XMLHandlerImpl.dispose caused by concurrent DOM serialization by @Copilot in #91
• Replace Nashorn with Rhino as JavaScript engine fallback by @maximthomas in #85
• Rhino: org.apache.servicemix.bundles.rhino -> org.mozilla by @vharseko in #94
• Take bouncycastle version from commons by @maximthomas in #89
• Stabilize release-maven by removing race-prone assertion in testBatchUseCase3 by @Copilot in #93
• SKIP mac os jsvc test by @vharseko in #79
• chore: bump GitHub Actions to latest major versions by @Copilot in #83
• fix: replace deprecated MAINTAINER with LABEL in Dockerfile by @Copilot in #84

New Contributors

• @Copilot made their first contribution in #83

Full Changelog: 2.0.2...2.0.3

2.0.2

What's Changed

• Update org.openidentityplatform.opendj version to 5.0.3 by @vharseko in #77

Full Changelog: 2.0.1...2.0.2

2.0.1

What's Changed

• Update target JDK to 11 and move to JakartaEE 9 by @maximthomas in #67
• Add support LTS JDK 25 by @vharseko in #72
• Update base docker image Java version to 25 LTS by @maximthomas in #74
• Update org.openidentityplatform.opendj to 5.0.1 by @vharseko in #75
• Fix java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletResponse in OpenICF-java-framework by @maximthomas in #66
• Build & deploy: add branch sustaining/1.8.x by @vharseko in #73
• Update README.md: add backers and sponsors by @vharseko in #69
• ISSUE_TEMPLATE: add "Vote to raise the priority" by @vharseko in #70

Full Changelog: 1.8.0...2.0.1

1.8.0

What's Changed

• CVE-2024-13009 In Eclipse Jetty a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. by @maximthomas in #62
• Deploy: migrating from Legacy OSSRH to Central Portal by @vharseko in #63
• Take grizzly version from commons by @maximthomas in #64
• Bump org.openidentityplatform.opendj 4.10.0 by @vharseko in #65

Full Changelog: 1.7.3...1.8.0

1.7.3

What's Changed

• CVE-2025-27497 Fix Denial of Service (Dos) using alias loop by @vharseko in #58
• Add support Java SE 24 by @vharseko in #59
• Bump org.openidentityplatform.opendj 4.9.4 by @vharseko in #60
• CVE-2019-17554 CVE-2019-17555 CVE-2020-1925 Bump Apache Olingo by @vharseko in #61

Full Changelog: 1.7.2...1.7.3

1.7.2

What's Changed

• CVE-2023-22102 allows an attacker to compromise MySQL Connectors by @maximthomas in #55
• Bump org.openidentityplatform.opendj 4.8.2 by @vharseko in #54
• Bump opendj 4.9.2 by @vharseko in #57
• Remove transient dependency from the disabled repository to fix build error by @maximthomas in #56

Full Changelog: 1.7.1...1.7.2

1.7.1

What's Changed

• CVE-2024-8184 Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks by @vharseko in #51
• Bump org.openidentityplatform.opendj 4.8.1 by @vharseko in #45
• CVE-2016-6814 Deserialization of Untrusted Data in Groovy CVE-2020-17521 Information Disclosure in Apache Groovy by @vharseko in #53
• CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader by @dependabot in #46
• Bugfix in ConnectorServer.bat by @BolivandoJJ in #44
• Add JDK 23 build support by @vharseko in #47
• Bump org.eclipse.jetty:jetty-server from 9.4.51.v20230217 to 9.4.55.v20240627 in /OpenICF-java-framework/connector-server-jetty by @dependabot in #48
• ADD maven-compiler-plugin release for cross compile compatibility by @vharseko in #49

New Contributors

• @BolivandoJJ made their first contribution in #44

Full Changelog: 1.7.0...1.7.1

1.7.0

What's Changed

• Update README.md by @vharseko in #40
• ADD JDK 22 support by @vharseko in #42
• Switch docker to last LTS JRE 21 by @vharseko in #43
• Bump org.openidentityplatform.opendj 4.8.0 by @vharseko in #41

Full Changelog: 1.6.2...1.7.0

1.6.2

What's Changed

• Restore project logo by @vharseko in #35
• update the README.md by @maximthomas in #36
• CVE-2023-33202 CVE-2020-15522 CVE-2020-26939 Bump org.bouncycastle bcprov by @vharseko in #39
• CVE-2020-13936 Sandbox Bypass in Apache Velocity Engine by @vharseko in #38
• Bump org.openidentityplatform.opendj 4.6.4 by @vharseko in #37

Full Changelog: 1.6.1...1.6.2

1.6.1

What's Changed

• Bump Docker to 19-jre and restore linux/s390x platform by @vharseko in #34

Full Changelog: 1.6.0...1.6.1