What's Changed
- CVE-2026-1605 The Eclipse Jetty Server Artifact has a Gzip request memory leak by @dependabot[bot] in #130
- CVE-2026-33227 Apache ActiveMQ: Improper validation and restriction of a classpath path name by @dependabot[bot] in #157
- CVE-2026-39304 Apache ActiveMQ: Denial of Service via Out of Memory vulnerability by @dependabot[bot] in #158
- CVE-2026-27903 CVE-2026-27904 CVE-2026-26996 UI: update grunt to 1.6.2 to address vulnerabilities by @maximthomas in #159
- CVE-2018-1294 email header injection via bounce address by @Copilot in #161
- CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS by @dependabot[bot] in #168
- Make REST context path configurable via
openidm.context.pathsystem property by @Copilot in #142 - Add
onQueryResultscript hook to filter managed object query results by @Copilot in #139 - [#186] Fix "Internal Error" in mapping Sample Source / Single Record Reconciliation when first property has no
sourceby @vharseko in #188 - Upgrade OrientDB from 2.1.25 to 3.2.51 by @Copilot in #166
- Update asm.version to 9.9.1 for JDK 26 support by @Copilot in #135
- Update build.yml add JDK 26 support by @vharseko in #132
- Upgrade MyBatis 3.2.5 → 3.5.16 (deserialization vulnerability) by @Copilot in #162
- fix: remove hardcoded OPENIDM_PASSWORD from ENV, use shell default in HEALTHCHECK by @Copilot in #149
- Update openicf dependency version to 2.0.3 by @vharseko in #191
- Take bouncycastle version from commons by @maximthomas in #165
- Fix SCR deadlock in SecurityManager by making repoService a dynamic reference by @Copilot in #169
- Fix Property mapping /authzRoles transformation script encountered exception javax.script.ScriptException: Script status is 8 by @vharseko in #181
- Fix Felix Web Console
PreferencesConfigurationPrinternot enabled by @vharseko in #176 - Rhino: migrate from servicemix to org.mozilla by @maximthomas in #189
- Replace activiti-osgi
OsgiScriptingEngineswith stock ActivitiScriptingEnginesby @vharseko in #179 - Remove dead
logback.configurationFilereference and silence noisy pax-web INFO logs by @vharseko in #177 - chore: bump GitHub Actions to latest versions by @Copilot in #143
- Remove dead maintenance mode code from SettingsView by @Copilot in #151
- Add Playwright UI smoke tests against real OpenIDM server in CI by @Copilot in #145
- CI: matrixed ui-smoke-tests job across Java 17,26 × context paths × samples by @vharseko in #167
- Update GitHub Actions workflow versions to latest by @Copilot in #170
- Adding extended UI smoke tests for the getting-started scenario by @vharseko in #171
- ci: dump openidm logs after UI smoke tests by @vharseko in #173
- Adding extended UI smoke tests for the samples/workflow scenario by @vharseko in #172
- Fix workflow e2e Step 6: trigger blur/change so Start button becomes enabled by @Copilot in #174
- ci: fail "Print openidm logs" step on errors/exceptions in OpenIDM logs by @vharseko in #175
- fix(samples/workflow): honor
openidm.context.pathin Accept Notice script by @vharseko in #178 - Add
samples/usecase/usecase1UI smoke test and align doc/sample artifacts by @vharseko in #185 - test(openidm-script): reproduce custom endpoint field projection collision (#183) by @vharseko in #190
- docs: Add OAUTH authentication module documentation by @Copilot in #136
- docs: Add OPENID_CONNECT authentication module documentation by @Copilot in #137
- docs: Add SOCIAL_PROVIDERS authentication module documentation by @Copilot in #138
- Docs: set neutral version for the docs by @maximthomas in #141
- Update chap-scheduler-conf.adoc: Fix the URI for schedulers by @vliefooghe-adeo in #156
New Contributors
- @vliefooghe-adeo made their first contribution in #156
Full Changelog: 7.0.2...7.1.0
Contributors
vharseko, maximthomas, and 2 other contributors