Skip to content

5.4.0

Choose a tag to compare

View all tags
@ginccc ginccc released this 22 Nov 14:01
5.4.0
1680fc7

🚀 Enhancements and Improvements

Integration Enhancements

  • Integrated Gemini API
    • Enabled support for Gemini language model, offering flexible configurations such as:
      • Model selection
      • Temperature control for fine-tuned response generation
    • Added file handoff capabilities, allowing processing of various file types (e.g., PDFs, videos, and audio) through context
    • ⚠️ Breaking Change: Updated vertex type to "gemini-vertex", requiring downstream services to update configurations
  • Introduced JLama Integration
    • Added configurations in pom.xml
    • Implemented the new JlamaLanguageModelBuilder for enhanced functionality

Bot Updates

  • Upgraded Bot+Father to version 3.0.0 with support for Jlama configurations

🛠 Fixes

Security Improvements

  • Resolved Path Traversal Vulnerability in Backup Export
    • Added strict input validation for botFilename in the getBotZipArchive method
    • Implemented sanitization and canonicalization for user-provided paths
    • Restricted filesystem access to prevent unauthorized directory traversal
    • Fixes issue [XBOW-024-073 / CVE-2024-53844], ensuring backup exports are safe and secure

📦 Dependency Updates

  • Updated core dependencies:
    • Quarkus to 3.16.4
    • Langchain4j to 0.36.2
    • Lombok to 1.18.36
  • Updated Docker base image to openjdk-21:1.21
  • Improved various Maven plugins:
    • Compiler, Surefire, Failsafe, and War plugins
  • Enhanced compatibility with Langchain4j integrations
  • Removed outdated dependency snowball-stemmer, streamlining project dependencies

These updates improve stability, performance, and flexibility across the application.

👉 Full Changelog: 5.3.3...5.4.0

Assets 2
Loading