Hi Turbine devs, a new Turbine Core release candidate has been prepared!
Tag: turbine-7.0-candidate Git repo (mirrored): <https://gitbox.apache.org/repos/asf/turbine-core.git> https://gitbox.apache.org/repos/asf/turbine-core.git Mirror <https://github.com/apache/turbine-core> https://github.com/apache/turbine-core Update or clone the repo, then checkout the candidate : git checkout turbine-7.0-candidate N.B. If you do a checkout for a tag, you are in detached head mode, as you have no branch to work on. Artifacts: <https://repository.apache.org/content/repositories/orgapacheturbine-1101/> https://repository.apache.org/content/repositories/orgapacheturbine-1101/ Main changes in this version are: o New configuration option "session.objectinputfilter" to limit the classes that can be deserialized into a session from persistent storage. This feature uses the ObjectInputFilter introduced in Java 9. o Fix for security check to prevent XSS for default Turbine keys from parameters, which might be set or not and e.g. sed in templates and other places. o Change to Jakarta namespace (from Javax). o Update to latest Fulcrum dependencies (fulcrum.security 4.0.0, fulcrum.intake 4.0.0, fulcrum.parser 4.0.0, fulcrum.yaafi 2.0.0, fulcrum.cache 2.0.1, fulcrum-quartz 2.0.0, fulcrum localization 2.0.0, fulcrum testcontainer 2.0.1) and Turbine parent 14. o Find more fixes and changes, e.g. dependency updates in GIT commits, e.g. Torque 6.0, commons-configuration2 to 2.11.0, commons-beanutils from 1.9.4 to 1.11.0. This version requires Java 17. [ ] +1 release it [ ] +0 go ahead I don't care [ ] -1 no, do not release it because Please consider voting, thanks! Best regards, Georg
smime.p7s
Description: S/MIME cryptographic signature
