Skip to content

0.32.0
Compare
Choose a tag to compare
@tbouffard tbouffard released this 06 Mar 10:36
· 510 commits to refs/heads/master since this release
v0.32.0
7ec1c06

This new version improves the robustness of bpmn-visualization.

Thanks to all the contributors of this release 馃寛: @tbouffard

See milestone 0.32.0 to get the list of issues covered by this release.

Highlights

CVE fix in fast-xml-parser

bpmn-visualization uses fast-xml-parser to parse the BPMN diagrams in XML format. Unfortunately, a vulnerability in fast-xml-parser has recently been disclosed. See SNYK-JS-FASTXMLPARSER-3325616 for more details.

A fix is now available and bpmn-visualization uses a version of fast-xml-parser that includes the fix.

However, the vulnerability exists in all versions of fast-xml-parser prior to version 4.1.2. Since earlier versions of bpmn-visualization depend on older versions of fast-xml-parser, we strongly recommend that all users update their application to bpmn-visualization 0.32.0 immediately.
Users can also manually update the version of fast-xml-parser in their application. Note that there is no guarantee that it will work fully with the older version of bpmn-visualization.

鈩癸笍 See #2548 for more information.

Breaking Changes

StyleUtils may have been used in rare cases to redefine the way the shapes are rendered. It wasn't used in the bpmn-visualization examples.

StyleUtils was marked as experimental and was subject to change as part of the BPMN Theme refactoring. So users already knew that it might be removed.

鈩癸笍 See #2550 for more information.

What's Changed

Full Changelog: v0.31.0...v0.32.0

馃摑 Documentation

  • docs: fix license header in files of the root directory (#2557) @tbouffard
  • docs(contributor): add missing link to mxGeometry source (#2540) @tbouffard
  • docs: switch header license from JSDoc to regular block comments (#2525) @tbouffard

馃摝 Dependency updates

馃懟 Maintenance

Contributors

tbouffard and dependabot
Assets 2
Loading