• 188938c Releasing 4.5.22
• 284cf73 StaticHandler should not serve files under hidden directories
• b3edd39 Fix failing test due to Java 11 syntax usage
• 83fb341 Update StaticDirectoryListHandlerTest
• 78e61fc Make sure test dir is cleaned up
• f2dbc2a StaticHandler should encode file names in directory listing
• 6c6aab0 Upgrade CI to Java 25
• 2c18f46 fix #2765: CookieSessionStore requires twice auth on first login (#2802)
• 2417a02 feature #2800 CORS: support moz-extension (#2804)
• a02afbb This test fails repeatedly on Windows (gets 400 BAD Request). (#2791)
• Additional commits viewable in compare view

• 56ea976 [maven-release-plugin] prepare release netty-4.1.125.Final
• 34894ac Merge commit from fork (#15612)
• 39d3ecf Merge commit from fork
• 151a486 Update to latest maven release (#15607)
• af9c77e Update maven-surefire-plugin (#15186) (#15191)
• 105fedc Update JDK releases to latest patch release (#15601) (#15605)
• bcd70f0 Fix IllegalReferenceCountException on invalid upgrade response (#15602) (#15606)
• 5e62bd4 Drop unknown frame on missing stream (#15592) (#15595)
• 864a569 Replace Java23 with Java24 for CI testing (#15102) (#15158)
• f1cad0d Update to latest netty-tcnative release (#15587) (#15590)
• Additional commits viewable in compare view

Sourced from io.undertow:undertow-core's releases.

v.2.3.19.Final

Release 2.3.19.Final fixes CVE-2024-4109 Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.19.Final

... (truncated)

• 6c5d2f1 Prepare 2.3.19.Final
• b1882cc Merge pull request #1782 from fl4via/backport-fixes_2.3.x
• f8e4cef [UNDERTOW-2601] Update staging repository from wildfly-staging to jboss-io
• e8eecc8 [UNDERTOW-2600] Upgrade jboss-parent pom to 50
• 3302cc9 [UNDERTOW-2601] Add developers and basic nexus settings to parent pom.xml
• bd7ade7 [UNDERTOW-2522] Make maven compiler plugin fail on error so it does not obfus...
• b259069 Merge pull request #1769 from fl4via/backport-fixes_2.3.x
• 67bfb3d [UNDERTOW-2576] ProxyHandler can throw NullPointerException if the source add...
• 2bb93ae [UNDERTOW-2574] At AbstractFramedChannel, also cover for the case where frame...
• 35f4863 [UNDERTOW-2574] Make sure the allocated buffer is closed in case AbstractFram...
• Additional commits viewable in compare view

Sourced from io.undertow:undertow-core's releases.

v.2.3.19.Final

Release 2.3.19.Final fixes CVE-2024-4109 Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.19.Final

... (truncated)

• 6c5d2f1 Prepare 2.3.19.Final
• b1882cc Merge pull request #1782 from fl4via/backport-fixes_2.3.x
• f8e4cef [UNDERTOW-2601] Update staging repository from wildfly-staging to jboss-io
• e8eecc8 [UNDERTOW-2600] Upgrade jboss-parent pom to 50
• 3302cc9 [UNDERTOW-2601] Add developers and basic nexus settings to parent pom.xml
• bd7ade7 [UNDERTOW-2522] Make maven compiler plugin fail on error so it does not obfus...
• b259069 Merge pull request #1769 from fl4via/backport-fixes_2.3.x
• 67bfb3d [UNDERTOW-2576] ProxyHandler can throw NullPointerException if the source add...
• 2bb93ae [UNDERTOW-2574] At AbstractFramedChannel, also cover for the case where frame...
• 35f4863 [UNDERTOW-2574] Make sure the allocated buffer is closed in case AbstractFram...
• Additional commits viewable in compare view

Sourced from io.undertow:undertow-core's releases.

v.2.3.19.Final

Release 2.3.19.Final fixes CVE-2024-4109 Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.19.Final

... (truncated)

• 6c5d2f1 Prepare 2.3.19.Final
• b1882cc Merge pull request #1782 from fl4via/backport-fixes_2.3.x
• f8e4cef [UNDERTOW-2601] Update staging repository from wildfly-staging to jboss-io
• e8eecc8 [UNDERTOW-2600] Upgrade jboss-parent pom to 50
• 3302cc9 [UNDERTOW-2601] Add developers and basic nexus settings to parent pom.xml
• bd7ade7 [UNDERTOW-2522] Make maven compiler plugin fail on error so it does not obfus...
• b259069 Merge pull request #1769 from fl4via/backport-fixes_2.3.x
• 67bfb3d [UNDERTOW-2576] ProxyHandler can throw NullPointerException if the source add...
• 2bb93ae [UNDERTOW-2574] At AbstractFramedChannel, also cover for the case where frame...
• 35f4863 [UNDERTOW-2574] Make sure the allocated buffer is closed in case AbstractFram...
• Additional commits viewable in compare view

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

• a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
• 180027a Prepare for 2.15.0 release
• 2b41925 ...
• 85340aa Merge branch '2.14' into 2.15
• ed846d9 ...
• 94ea208 Update release notes wrt #990
• a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
• 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
• 0ee3ad8 ...
• 163540e [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

• a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
• 180027a Prepare for 2.15.0 release
• 2b41925 ...
• 85340aa Merge branch '2.14' into 2.15
• ed846d9 ...
• 94ea208 Update release notes wrt #990
• a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
• 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
• 0ee3ad8 ...
• 163540e [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

• a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
• 180027a Prepare for 2.15.0 release
• 2b41925 ...
• 85340aa Merge branch '2.14' into 2.15
• ed846d9 ...
• 94ea208 Update release notes wrt #990
• a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
• 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
• 0ee3ad8 ...
• 163540e [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

• fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

• chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
• chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
• chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

• chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
• chore(deps): update oracle-actions/setup-java action to v1.4.2 @​renovate-bot (#3643)
• fix(deps): update dependency checkstyle to v10.25.0 @​renovate-bot (#3644)
• chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)
• fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25 @​renovate-bot (#3648)
• fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite.gradle.plugin to v7.7.0 @​renovate-bot (#3649)
• chore(deps): update plugin com.gradle.develocity to v4.0.2 @​renovate-bot (#3647)
• chore(deps): update codecov/codecov-action digest to 15559ed @​renovate-bot (#3636)
• chore(deps): update dependency gradle to v8.14.1 @​renovate-bot (#3637)
• chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.21 - autoclosed @​renovate-bot (#3638)
• chore(deps): update dependency sbt/sbt to v1.11.0 @​renovate-bot (#3640)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.13 @​renovate-bot (#3639)

v42.7.6

Changes

... (truncated)

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

• performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
• feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

• fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR #3491](pgjdbc/pgjdbc#3491)
• fix: Fixed handling of protocol 3.2 and wider cancel keys [PR #3592](pgjdbc/pgjdbc#3592)
• fix: Made PgConnection#abort compatible with Java 24 [PR #3582](pgjdbc/pgjdbc#3582)
• fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR #3500](pgjdbc/pgjdbc#3500)
• fix: Added back application name setting [PR #3509](pgjdbc/pgjdbc#3509)

Metadata & Catalog Handling

• fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)
• fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)
• fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

• fix: Undeprecated Fastpath API and fixed deprecation warnings [PR #3493](pgjdbc/pgjdbc#3493)
• fix: Undeprecated sslfactoryarg [PR #3496](pgjdbc/pgjdbc#3496)
• fix: Added PgMessageType and used static variables for protocol literals [PR #3609](pgjdbc/pgjdbc#3609)
• fix: Add the ability to turn off automatic LSN flush [PR #3403](pgjdbc/pgjdbc#3403)
• fix: isValid incorrectly called execute, instead of executeWithFlags [PR #3631](pgjdbc/pgjdbc#3631). Fixes [Issue #3630](pgjdbc/pgjdbc#3630)
• fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 Commit 0a88ea4. Fixes [Issue #3365](pgjdbc/pgjdbc#3365)

Infrastructure & Build Improvements

... (truncated)

• 9217ed1 Merge commit from fork
• cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
• 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
• 6c5ea88 chore: fix the default branch name for dependency-submission action
• 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
• 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
• d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
• 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
• d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
• Additional commits viewable in compare view

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

• fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

• chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
• chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
• chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

• chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
• chore(deps): update oracle-actions/setup-java action to v1.4.2 @​renovate-bot (#3643)
• fix(deps): update dependency checkstyle to v10.25.0 @​renovate-bot (#3644)
• chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)
• fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25 @​renovate-bot (#3648)
• fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite.gradle.plugin to v7.7.0 @​renovate-bot (#3649)
• chore(deps): update plugin com.gradle.develocity to v4.0.2 @​renovate-bot (#3647)
• chore(deps): update codecov/codecov-action digest to 15559ed @​renovate-bot (#3636)
• chore(deps): update dependency gradle to v8.14.1 @​renovate-bot (#3637)
• chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.21 - autoclosed @​renovate-bot (#3638)
• chore(deps): update dependency sbt/sbt to v1.11.0 @​renovate-bot (#3640)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.13 @​renovate-bot (#3639)

v42.7.6

Changes

... (truncated)

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

• performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
• feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

• fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR #3491](pgjdbc/pgjdbc#3491)
• fix: Fixed handling of protocol 3.2 and wider cancel keys [PR #3592](pgjdbc/pgjdbc#3592)
• fix: Made PgConnection#abort compatible with Java 24 [PR #3582](pgjdbc/pgjdbc#3582)
• fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR #3500](pgjdbc/pgjdbc#3500)
• fix: Added back application name setting [PR #3509](pgjdbc/pgjdbc#3509)

Metadata & Catalog Handling

• fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)
• fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)
• fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

• fix: Undeprecated Fastpath API and fixed deprecation warnings [PR #3493](pgjdbc/pgjdbc#3493)
• fix: Undeprecated sslfactoryarg [PR #3496](pgjdbc/pgjdbc#3496)
• fix: Added PgMessageType and used static variables for protocol literals [PR #3609](pgjdbc/pgjdbc#3609)
• fix: Add the ability to turn off automatic LSN flush [PR #3403](pgjdbc/pgjdbc#3403)
• fix: isValid incorrectly called execute, instead of executeWithFlags [PR #3631](pgjdbc/pgjdbc#3631). Fixes [Issue #3630](pgjdbc/pgjdbc#3630)
• fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 Commit 0a88ea4. Fixes [Issue #3365](pgjdbc/pgjdbc#3365)

Infrastructure & Build Improvements

... (truncated)

• 9217ed1 Merge commit from fork
• cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
• 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
• 6c5ea88 chore: fix the default branch name for dependency-submission action
• 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
• 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
• d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
• 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
• d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
• Additional commits viewable in compare view

Sourced from gg.jte:jte's releases.

3.1.16

• GHSA-vh22-6c6h-rm8q Fix jte HTML templates with script tags or script attributes that include a Javascript template string (backticks) are subject to XSS. (thanks to https://github.com/Petersoj for reporting and reviewing the bugfix) It is strongly advised to upgrade as soon as possible if you use jte to output variables in Javascript template strings.
• #416 Fix compilation in module enabled applications (thanks to @​rickardoberg)

3.1.15

• #401 spring-boot-starter: temporarily revert #398 (Add template change watcher for livereload), since the devtools dependency causes issues with production builds. This will get re-introduced, when we find a proper solution for it

3.1.14

• #398 spring-boot-starter: Add template change watcher for livereload (thanks to @​tschuehly!)

3.1.13

• #365 Suppress warnings in generated Java source files. Thanks @​rpost!
• #381 make jte a non-optional dependency of spring-boot-starter-3
• #385 Update property names to use kebab-case format and update Spring Boot to version 3.3.4. Thanks @​tschuehly!
• #388 Add spring-boot-starter dependency to jte-spring-boot-starters. Thanks @​tschuehly!
• #378 Add new property gg.jte.expose-request-attributes to jte-spring-boot-starter-3. Thanks @​blaluc!

3.1.12

• #359 fix for comments between html attributes (thanks to @​tschuehly for finding & reporting)

3.1.11

• #356 add defer and inert to the list of boolean attributes (thanks to @​marcospereira)
• #357 use of modern Java features and APIs internally (thanks to @​marcospereira)
• #358 add jte-jsp-converter-jakarta module (preview)

3.1.10

• #328 Fix ${"\\"} causes "Unexpected end of template expression", thanks to @​mhdeeb
• #326 fix unsafe output in html tag content
• #333 Update Gradle to 8.6 and add wrapper validation, thanks to @​leonard84
• #339 Maven Plugin: Fix Kotlin compiler args parameter setting, thanks to @​marcospereira

3.1.9

Hotfix for #325, HTML Comments Inside Content Blocks Cause Compilation Failure in jte 3.1.7/3.1.8

Thank you @​PsychotherapistSam for reporting!

3.1.8

Caution! There is a bug with HTML comments in this release. Please upgrade to 3.1.9 instead.

• #324 Fix Kotlin models extension code generation for tags/templates in subfolders. Thanks @​marcospereira for this quick hotfix!

3.1.7

Caution! There is a bug with HTML comments and with Kotlin model generation in this release. Please upgrade to 3.1.9 instead.

• #311 Use Stream#toList() instead of collect(). Thanks to @​MariusVolkhart This change could potentially break user code for these public methods:

   public List<String> TemplateEngine#generateAll()
   public List<String> TemplateEngine#precompileAll()
  

... (truncated)

• d50dce8 Bump version to 3.1.16
• a6fb00d Merge commit from fork
• 0c7d4ad Fix compilation in module enabled applications (#416)
• 6f5434e ci: Re-arrange workflows to remove duplication (#410)
• 190ced3 Fix broken link
• afc0dac Bump version to 3.1.16-SNAPSHOT for further development
• 0b4d997 Bump version to 3.1.15
• 1ea5060 Revert "Add template change watcher for livereload (#398)"
• 1513abf Bump version to 3.1.15-SNAPSHOT for further development
• 6c22d52 Bump version to 3.1.14
• Additional commits viewable in compare view

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this gro...

Description has been truncated