What's Changed
- CVE-2025-67030 Plexus-Utils has a Directory Traversal vulnerability in its extractFile method by @dependabot[bot] in #81
- CVE-2026-0636 Bouncy Castle has an LDAP injection by @dependabot[bot] in #87
- CVE-2024-7254 unbounded recursion when parsing deeply nested SGROUP tags causes a stack overflow DoS by @Copilot in #86
- Update build.yml add JDK 26 support by @vharseko in #80
- Update org.openidentityplatform.opendj to 5.1.1 by @vharseko in #92
- Fix NPE in XMLConnector.dispose() when init() failed by @vharseko in #90
- Fix NPE in XMLHandlerImpl.dispose caused by concurrent DOM serialization by @Copilot in #91
- Replace Nashorn with Rhino as JavaScript engine fallback by @maximthomas in #85
- Rhino: org.apache.servicemix.bundles.rhino -> org.mozilla by @vharseko in #94
- Take bouncycastle version from commons by @maximthomas in #89
- Stabilize
release-mavenby removing race-prone assertion intestBatchUseCase3by @Copilot in #93 - SKIP mac os jsvc test by @vharseko in #79
- chore: bump GitHub Actions to latest major versions by @Copilot in #83
- fix: replace deprecated MAINTAINER with LABEL in Dockerfile by @Copilot in #84
New Contributors
- @Copilot made their first contribution in #83
Full Changelog: 2.0.2...2.0.3
Contributors
vharseko, maximthomas, and dependabot