Dropwizard v2.0.2

« Changelog History

Dropwizard v2.0.2 Release Notes

• 🔒 Security

  • Escape EL expressions in ViolationCollector to address CVE-2020-5245 (#3157)
    • Security Advisory: Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2
    • Thanks to Alvaro Muñoz (@pwntester) and the GitHub Security Lab for the responsible disclosure!

  🐛 Bug fixes

  • 🛠 Fix regression in OptionalInt/Long/Double handling (#3134)

  ⚡️ Dependency updates

  • ⬆️ Bump byte-buddy from 1.10.7 to 1.10.8 (#3151)
  • ⬆️ Bump checker-qual from 3.1.0 to 3.1.1 (#3127)
  • ⬆️ Bump hibernate-core from 5.4.10.Final to 5.4.11.Final (#3137)
  • ⬆️ Bump hibernate-core from 5.4.11.Final to 5.4.12.Final (#3147)
  • ⬆️ Bump hibernate-validator from 6.1.1.Final to 6.1.2.Final (#3126)
  • ⬆️ Bump jdbi3-bom from 3.12.0 to 3.12.2 (#3146)
  • ⬆️ Bump liquibase-core from 3.8.5 to 3.8.6 (#3136)
  • ⬆️ Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#3144)
  • ⬆️ Bump octokit from 4.15.0 to 4.16.0 in /docs (#3128)
  • ⬆️ Bump plexus-compiler-javac-errorprone from 2.8.5 to 2.8.6 (#3150)
  • ⬆️ Bump sphinx from 2.3.1 to 2.4.0 in /docs (#3132)
  • ⬆️ Bump sphinx from 2.4.0 to 2.4.1 in /docs (#3141)
  • ⬆️ Bump sphinx from 2.4.1 to 2.4.2 in /docs (#3155)
  • ⬆️ Bump tomcat-jdbc from 9.0.30 to 9.0.31 (#3143)

  Assorted

  • 🏗 Enable error-prone on Java 9+ builds. (#3133)
  • 🛠 Fix a typo in the fourth paragraph of the Resources -> Methods section (#3135)
  • ✅ Don't depend on iteration order in LoggingExceptionMapperTest (#3152)
  • 🛠 Fix user timezone for tests to UTC (#3158)

• All Versions
• Previous v2.0.1
• Next v2.0.3
• Latest Version