[CONF] Apache Tapestry > Release Notes 5.3.6
Release Notes 5.3.6 Page edited by Bob Harner Comment: Renamed "Bug" section to "Fixed Bugs" Changes (2) ... Release Notes - Tapestry 5 - Version 5.3.6 Fixed Bugs ... Improvements ... Full Content Release Notes 5.3.5 Release Notes Release Notes 5.4 This is the consolidated list of changes between Tapestry versions 5.3.5 and 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in your POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading. This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer. The main improvement is security related; Tapestry will now integrate a hash-based message authentication code (HMAC) into serialized Java object data stored on the client (generally, this means the t:formdata hidden field used by the Form component). When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the tapestry.hmac-passphrase configuration symbol. And, as with any Tapestry upgrade, be sure to change your application's version number. Jira issues Release Notes - Tapestry 5 - Version 5.3.6 Fixed Bugs [TAP5-986] - A request can fail with an NPE in some cases, when a Tapestry page is acting as the servlet container error page [TAP5-1735] - Most packages lack package-level javadocs [TAP5-1903] - Client-side exception when a Zone containing a Form with an Upload component is re-rendered [TAP5-2008] - Serialized object data stored on the client should be HMAC signed and validated [TAP5-2009] - Downgrade bundled Prototype version back to 1.7 [TAP5-2010] - Broken links in Javadoc pages Improvements [TAP5-1996] - Add Severity.SUCCESS enum for alerts Release Notes 5.3.5 Release Notes Release Notes 5.4 Change Notification Preferences View Online | View Changes
[CONF] Apache Tapestry > Release Notes 5.3.6
Release Notes 5.3.6 Page edited by Howard M. Lewis Ship Comment: Reference the FAQ about upgrading Changes (1) ... When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the [tapestry.hmac-passphrase|Configuration] configuration symbol. And, as with any Tapestry upgrade, be sure to change your [application's version number|General Questions]. h2. Jira issues ... Full Content Release Notes 5.3.5 Release Notes Release Notes 5.4 This is the consolidated list of changes between Tapestry versions 5.3.5 and 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in your POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading. This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer. The main improvement is security related; Tapestry will now integrate a hash-based message authentication code (HMAC) into serialized Java object data stored on the client (generally, this means the t:formdata hidden field used by the Form component). When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the tapestry.hmac-passphrase configuration symbol. And, as with any Tapestry upgrade, be sure to change your application's version number. Jira issues Release Notes - Tapestry 5 - Version 5.3.6 Bug [TAP5-986] - A request can fail with an NPE in some cases, when a Tapestry page is acting as the servlet container error page [TAP5-1735] - Most packages lack package-level javadocs [TAP5-1903] - Client-side exception when a Zone containing a Form with an Upload component is re-rendered [TAP5-2008] - Serialized object data stored on the client should be HMAC signed and validated [TAP5-2009] - Downgrade bundled Prototype version back to 1.7 [TAP5-2010] - Broken links in Javadoc pages Improvement [TAP5-1996] - Add Severity.SUCCESS enum for alerts Release Notes 5.3.5 Release Notes Release Notes 5.4 Change Notification Preferences View Online | View Changes
[CONF] Apache Tapestry > Release Notes 5.3.6
Release Notes 5.3.6
Page edited by Bob Harner
Comment:
Mentioned HMAC needing to be private
Changes (1)
...
The main improvement is security related; Tapestry will now integrate a [hash-based message authentication code|http://en.wikipedia.org/wiki/HMAC] (HMAC) into serialized Java object data stored on the client (generally, this means the {{t:formdata}} hidden field used by the Form component).
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the [tapestry.hmac-passphrase|Configuration] configuration symbol.
h2. Jira issues
...
Full Content
Release Notes 5.3.5 Release Notes Release Notes 5.4
This is the consolidated list of changes between Tapestry versions 5.3.5 and 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in your POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading.
This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.
The main improvement is security related; Tapestry will now integrate a hash-based message authentication code (HMAC) into serialized Java object data stored on the client (generally, this means the t:formdata hidden field used by the Form component).
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique, private value for the tapestry.hmac-passphrase configuration symbol.
Jira issues
Release Notes - Tapestry 5 - Version 5.3.6
Bug
[TAP5-986] - A request can fail with an NPE in some cases, when a Tapestry page is acting as the servlet container error page
[TAP5-1735] - Most packages lack package-level javadocs
[TAP5-1903] - Client-side exception when a Zone containing a Form with an Upload component is re-rendered
[TAP5-2008] - Serialized object data stored on the client should be HMAC signed and validated
[TAP5-2009] - Downgrade bundled Prototype version back to 1.7
[TAP5-2010] - Broken links in Javadoc pages
Improvement
[TAP5-1996] - Add Severity.SUCCESS enum for alerts
Release Notes 5.3.5 Release Notes Release Notes 5.4
Change Notification Preferences
View Online
|
View Changes
[CONF] Apache Tapestry > Release Notes 5.3.6
Release Notes 5.3.6
Page edited by Howard M. Lewis Ship
Changes (2)
...
This is a very modest bug fix release. Importantly, the bundled version of [Prototype|http://prototypejs.org/2012/8/8/prototype-1-7-1] has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.
The main improvement is security related; Tapestry will now integrate a [hash-based message authentication code|http://en.wikipedia.org/wiki/HMAC] into an serialized Java object data stored on the client; generally, this means the {{t:formdata}} hidden field used by the Form component.
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique value for [configuration symbol tapestry.hmac-passphrase|Configuration].
For those developers not using Maven or Gradle, you'll be pleased that we now offer the option of a binary download containing Tapestry's modules and main dependencies. More details are on the [Download] page.
h2. Jira issues
...
Full Content
Release Notes 5.3.5 Release Notes Release Notes 5.4
This is the consolidated list of changes between Tapestry included in version 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in you POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading.
This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.
The main improvement is security related; Tapestry will now integrate a hash-based message authentication code into an serialized Java object data stored on the client; generally, this means the t:formdata hidden field used by the Form component.
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique value for configuration symbol tapestry.hmac-passphrase.
Jira issues
Release Notes - Tapestry 5 - Version 5.3.6
Bug
[TAP5-986] - A request can fail with an NPE in some cases, when a Tapestry page is acting as the servlet container error page
[TAP5-1735] - Most packages lack package-level javadocs
[TAP5-1903] - Client-side exception when a Zone containing a Form with an Upload component is re-rendered
[TAP5-2008] - Serialized object data stored on the client should be HMAC signed and validated
[TAP5-2009] - Downgrade bundled Prototype version back to 1.7
[TAP5-2010] - Broken links in Javadoc pages
Improvement
[TAP5-1996] - Add Severity.SUCCESS enum for alerts
Release Notes 5.3.5 Release Notes Release Notes 5.4
Change Notification Preferences
View Online
|
View Changes
[CONF] Apache Tapestry > Release Notes 5.3.6
Release Notes 5.3.6
Page added by Howard M. Lewis Ship
Release Notes
This is the consolidated list of changes between Tapestry included in version 5.3.6. Tapestry 5.3.6 is a drop-in replacement for prior Tapestry 5.3 releases. To upgrade, just update the Maven dependency in you POM file (or download the new JAR file) and the new version will just work. However, please review the How to Upgrade instructions before upgrading.
This is a very modest bug fix release. Importantly, the bundled version of Prototype has been downgraded back to version 1.7, as the new version was causing a number of issues, especially under Internet Explorer.
The main improvement is security related; Tapestry will now integrate a hash-based message authentication code into an serialized Java object data stored on the client; generally, this means the
Unknown macro: {t}
hidden field used by the Form component.
When you first run your application under 5.3.6, you will see an alert and a console error concerning the HMAC configuration. You should update your application's configuration to set a unique value for configuration symbol tapestry.hmac-passphrase.
For those developers not using Maven or Gradle, you'll be pleased that we now offer the option of a binary download containing Tapestry's modules and main dependencies. More details are on the Download page.
Jira issues
Release Notes - Tapestry 5 - Version 5.3.6
Bug
[TAP5-986] - A request can fail with an NPE in some cases, when a Tapestry page is acting as the servlet container error page
[TAP5-1735] - Most packages lack package-level javadocs
[TAP5-1903] - Client-side exception when a Zone containing a Form with an Upload component is re-rendered
[TAP5-2008] - Serialized object data stored on the client should be HMAC signed and validated
[TAP5-2009] - Downgrade bundled Prototype version back to 1.7
[TAP5-2010] - Broken links in Javadoc pages
Improvement
[TAP5-1996] - Add Severity.SUCCESS enum for alerts
Release Notes
Change Notification Preferences
View Online
