Skip to content

v12.2.1

Choose a tag to compare

View all tags
@phax phax released this 21 Apr 15:07
· 67 commits to master since this release
ph-commons-parent-pom-12.2.1
de88180
  • ERevocationCheckMode now implements IHasID<String> and provides static lookup methods
  • Fixed XXE vulnerability in XMLSchemaCache.createXSDSchemaFactory() - now sets ACCESS_EXTERNAL_DTD to empty and ACCESS_EXTERNAL_SCHEMA to "file" only
  • Fixed potential denial-of-service in StreamHelper.readSafeUTF() by adding a maximum allocation size check (MAX_SAFE_UTF_BYTES = 64 MB)
  • Added new class PasswordHashCreatorPBKDF2_SHA256_600000_48 with 600000 iterations (OWASP 2023 recommendation)
  • Deprecated PasswordHashCreatorPBKDF2_SHA256_1000_48 - use PasswordHashCreatorPBKDF2_SHA256_600000_48 for new password hashing
  • Added new overload SerializationHelper.getDeserializedObject(byte[], ObjectInputFilter) accepting an ObjectInputFilter
  • Deprecated SerializationHelper.getDeserializedObject(byte[]) without a filter
  • Extended AbstractConfigurationSource.isSecretKey() to also detect keys containing "secret", "token", "apikey", "api_key", "api-key" and "credential"
  • Fixed potential resource leak in AbstractSimpleDAO and AbstractWALDAO when getXMLWriterSettings() throws before MicroWriter.writeToStream is called
  • Improved XML comment formatting

Full Changelog: ph-commons-parent-pom-12.2.0...ph-commons-parent-pom-12.2.1

Assets 2
Loading