v3.15.0

• [new] Java 21 support.
• [new] Support for jakarta.inject.* while retaining javax.inject.* compatibility.
• [nfo] Other jakarta.* packages are not supported yet.
• [chg] Update javassist to 3.30.2-GA
• [chg] Update guice to 6.0.0
• [chg] Update guava to 33.1.0
• [chg] Update typetools to 0.6.3
• [chg] Update shiro to 1.13.0
• [chg] Update Undertow to 2.2.31.Final
• [chg] Update Jersey to 2.42
• [chg] Update Hibernate Validator to 6.1.7.Final

v3.14.0

• [new] @PostConstruct support was extended to non-singletons. @PreDestroy is still limited to singletons per design
  (only singletons instances are known and tracked by the lifecycle manager).

v3.13.0

• [new] Support JSON and YAML expansion in configuration. Use a myKey|json or myKey|yaml as key syntax. The suffix
  will be removed and the value will be replaced by the parsed subtree. Useful for parsing JSON structures passed by
  cloud platforms.
• [new] The SEEDSTACK_PROFILES environment variable can now be used to specify comma-separated configuration profiles
  to enable. These profiles will be added to the profiles already defined in the seedstack.profiles system property if
  any.
• [new] If config option rest.diagnosticResource is set to true, the diagnostic report will be available as a JSON
  representation at /seedstack/diagnostic. Do not enable permanently in production. Default is false.

v3.12.1

• [fix] Class UsernamePasswordToken was incorrectly removed from seed-security-specs.

v3.12.0

• [new] Java 15 support
• [new] The check tool analyzes and show discrepancies between configuration files (actual config) and configuration objects (expected config).
• [chg] Move main entrypoint logic from SeedMain.main() to Seed.launch(), allowing custom main methods in addition to the built-in SeedMain.
• [chg] Upgrade Shiro to 1.7.1 (fixes CVE-2020-11989, CVE-2020-17510, CVE-2020-1957, CVE-2020-13933 and CVE-2019-12422).
• [chg] Upgrade Guice to 5.0.1
• [chg] Upgrade Jersey to 2.34
• [chg] Upgrade Javassist to 3.27.0-GA
• [chg] Upgrade Guava to 30.1.1-jre
• [chg] Upgrade Coffig to 3.1.7
• [fix] Detection of color output under recent versions of IntelliJ.
• [fix] Fix configuration evaluation (macros, functions, ...) in classes section (see #283).

v3.11.0

• [brk] Config functions that find available ports now take a port name as argument so they can return the same port for each evaluation (example: $availableTcpPort() becomes $availableTcpPort('web')).
• [new] Support for configuration of Undertow handlers using undertow-handlers.conf file (at the root of the classpath by default).
• [new] Security realms can now return direct user permissions, not attached to any role.
• [chg] Enable a detailed user message by default for internal and security exceptions during REST requests.
• [fix] Fixed test annotations that were not fully detected when repeated: @ConfigurationProperty, @KernelParameter and @SystemProperty.

v3.10.0

• [brk] Generic session options moved from web.server.sessions to web.sessions.
• [brk] Static resources options moved from web.staticResources to web.static.
• [brk] Default session timeout with embedded servers is now defined by the web.server.defaultSessionTimeout option.
• [new] Add web.sessions.cookie configuration options to set Web session cookie details.
• [new] Support JSR-250 @PostConstruct and @PreDestroy annotations on singletons (in addition to AutoCloseable close() method).
• [new] Add SeedInterceptor API to declare method interceptors without coupling to Guice implementation.
• [fix] Ensure that JVM-wide base configuration is refreshed between tests.
• [fix] Allow JAX-RS components to be instantiated without Guice as a fallback (Jersey 2).
• [fix] Default session timeout for Undertow was incorrect. It is now 20 minutes.
• [chg] Better error messages for security realm exceptions.

v3.9.1

• [new] Support for programmatic login through SecuritySupport interface (no need for Shiro-specific code anymore).
• [chg] Obtaining principals by type now honors inheritance (instead of returning principals of the exact specified type).
• [chg] Principals are no longer required to be serializable.
• [chg] AbstractTransactionManager is now scoped as package.
• [fix] Security authentication and authorization caches are now disabled by default (avoiding to keep credentials indefinitely in memory).

v3.9.0

• [new] Introduce the diag tool to manually write a diagnostic report to standard output or in a file.
• [new] Enable configuration of Undertow error pages for specific HTTP codes or exceptions as well as a default error page (web.server.errorPages config).
• [new] SSL truststore can be configured separately from the master keystore (if no configuration it will default to the Java default truststore).
• [new] A custom X509KeyManager can now be configured to allow control of the chosen key material during SSL handshake.
• [brk] Plain file X509 certificates (outside a keystore) can no longer be configured as it is less secure and not so useful.
• [fix] Remove NullPointerException a Undertow shutdown if the it had not started properly before.

v3.8.5

• [new] The @Provide annotation allows to register JSR-330 providers for producing injectable instances of a specific type.