Dropwizard v2.0.2 Release Notes
Release Date: 2020-02-24 // about 4 years ago-
🔒 Security
- Escape EL expressions in
ViolationCollector
to address CVE-2020-5245 (#3157)- Security Advisory: Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2
- Thanks to Alvaro Muñoz (@pwntester) and the GitHub Security Lab for the responsible disclosure!
🐛 Bug fixes
- 🛠 Fix regression in OptionalInt/Long/Double handling (#3134)
⚡️ Dependency updates
- ⬆️ Bump byte-buddy from 1.10.7 to 1.10.8 (#3151)
- ⬆️ Bump checker-qual from 3.1.0 to 3.1.1 (#3127)
- ⬆️ Bump hibernate-core from 5.4.10.Final to 5.4.11.Final (#3137)
- ⬆️ Bump hibernate-core from 5.4.11.Final to 5.4.12.Final (#3147)
- ⬆️ Bump hibernate-validator from 6.1.1.Final to 6.1.2.Final (#3126)
- ⬆️ Bump jdbi3-bom from 3.12.0 to 3.12.2 (#3146)
- ⬆️ Bump liquibase-core from 3.8.5 to 3.8.6 (#3136)
- ⬆️ Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#3144)
- ⬆️ Bump octokit from 4.15.0 to 4.16.0 in /docs (#3128)
- ⬆️ Bump plexus-compiler-javac-errorprone from 2.8.5 to 2.8.6 (#3150)
- ⬆️ Bump sphinx from 2.3.1 to 2.4.0 in /docs (#3132)
- ⬆️ Bump sphinx from 2.4.0 to 2.4.1 in /docs (#3141)
- ⬆️ Bump sphinx from 2.4.1 to 2.4.2 in /docs (#3155)
- ⬆️ Bump tomcat-jdbc from 9.0.30 to 9.0.31 (#3143)
Assorted
- Escape EL expressions in