Skip to content

Version 1.5.0 Release Candidate 2

Latest
Latest
Compare
Choose a tag to compare
@ste-gr ste-gr released this 01 Mar 04:27
· 3 commits to main since this release
v1.5.0_rc2
e07955d
This commit was signed with the committer’s verified signature.
ste-gr Stefan Graff
GPG key ID: 480913580EEEC892
Learn about vigilant mode.
JEE-Version Java-Version Servlet JSP EL JSF JSTL
Jakarta EE 9 8 5.0 3.0 4.0 3.0 2.0

Breaking changes

  • Changes to FileUpload handling:
    • Method FormFile.destroy: throws an IOException.
    • Method MultipartRequestHandler.elementsFile: returns HashMap<String, FormFile[];> instead Hashtable<String, List<FormFile>>
    • Method MockMultipartRequestHandler.elementsFile: returns HashMap<String, FormFile[];> instead Hashtable<String, List<FormFile>>

Bugs

  • Correct file-upload-example
  • Add missing "maven-release-plugin" 3.0.1
  • Add missing "maven-antrun-plugin" 3.1.0
  • Exclude "doc-files" from export-packages in "MANIFEST.MF"
  • Add "CVE-2008-2025" info to "README"
  • JS validate email remove useless regular-expression character escape
  • Correct OSGi/JPMS name from integration-test-apps

Improvement

  • Add "versions-maven-plugin" 2.16.2 for updates reports
  • Security - Digester: Resolving XML external entity in user-controlled data
  • Fix for "CVE-2023-49735" Apache Tiles: Unvalidated input may lead to path traversal and XXE
  • Fix for "CVE-2023-34396" Apache Struts vulnerable to memory exhaustion
  • Add filtering for Option "text" when "filter" is set to "true"
  • Ensure Input-/OutputStream is closed and use try-with-resources
  • Fix for Apache Struts "CVE-2012-1007" Multiple Cross Site Scripting Vulnerabilities (Sample apps)
  • Change cryptographic algorithm from "MD5" to "SHA-256" for token generation
  • Improvements in FileUpload handling
  • Add property "multiple" to "html:file", "html-el:file" and "nested:file"

Task

  • Bump "webdrivermanager" from 5.6.2 to 5.7.0
  • Bump "htmlunit" from 3.9.0 to 3.11.0
  • Bump "cargo-maven3-plugin" from 1.10.11 to 1.10.12
  • Bump "maven-jxr-plugin" from 3.3.1 to 3.3.2
  • Bump "checkstyle" from 10.12.6 to 10.14.0
  • Bump "junit-jupiter-api" from 5.10.1 to 5.10.2
  • Bump "slf4j-api", "slf4j-simple" and "jcl-over-slf4j" from 2.0.9 to 2.0.12
  • Bump "selenium-api" and "selenium-java" from 4.16.1 to 4.18.1
  • Bump "groovy" from 4.0.17 to 4.0.18
  • Bump "maven-failsafe/surefire-[report]-plugin" from 3.2.3 to 3.2.5
  • Add example for multiple-file-upload
  • Update "README.md" to version 1.5.0-RC2
  • Set Version to 1.5.0-RC2
Assets 7