Pippo v1.12.0 Release Notes

Release Date: 2018-12-11 // almost 3 years ago
  • 🛠 Fixed

    • [#454]: Lead to RCE when unmarshal xml data with XStream
    • [#458]: Java deserialization vulnerability in SerializationSessionDataTranscoder.decode()
    • [#463]: Resolve undertow settings not getting picked
    • [#483]: Use WebSockets.sendClose to send close code/reason
    • 🚚 [#485]: Use undertow channel tasks to remove closed/broken connections
    • [#486]: Resolve xxe vulnerabilities

    🔄 Changed

    • 0️⃣ [#465]: Made SessionData an interface, and introduced DefaultSessionData
    • ⚡️ [#467]: Updated FastJSON to latest version 1.2.51

    ➕ Added

    • [#260]: Add route method helper in templates (only for Pebble engine)
    • [#468]: Add wrapper method in Request to get header names
    • [#474]: Send gzip response when Accept-Encoding:* is present

    ✂ Removed