Pippo v1.12.0 Release Notes

Release Date: 2018-12-11 // over 1 year ago
  • 🛠 Fixed

    • [#454]: Lead to RCE when unmarshal xml data with XStream
    • [#458]: Java deserialization vulnerability in SerializationSessionDataTranscoder.decode()
    • [#463]: Resolve undertow settings not getting picked
    • [#483]: Use WebSockets.sendClose to send close code/reason
    • 🚚 [#485]: Use undertow channel tasks to remove closed/broken connections
    • [#486]: Resolve xxe vulnerabilities

    🔄 Changed

    • 0️⃣ [#465]: Made SessionData an interface, and introduced DefaultSessionData
    • ⚡️ [#467]: Updated FastJSON to latest version 1.2.51

    ➕ Added

    • [#260]: Add route method helper in templates (only for Pebble engine)
    • [#468]: Add wrapper method in Request to get header names
    • [#474]: Send gzip response when Accept-Encoding:* is present

    ✂ Removed


Previous changes from v1.11.0

  • 🛠 Fixed

    • 0️⃣ [#436]: The PippoSettings file is now read with UTF-8 as the default encoding
    • [#438]: Incorrect service file name for template engines

    🔄 Changed

    • [#443]: Make methods statics in IoUtils
    • ⬆️ [#446]: Upgrade jackson to latest version (2.9.6)
    • ⬆️ [#447]: Upgrade guice to latest version (4.2.0)
    • ⚡️ [#459]: Update Pebble template engine to 3.0.5
    • ⚡️ [#460]: Update Tomcat to 8.5.34

    ➕ Added

    • [#437]: Add useful handlers for admin
    • ➕ Add model field in TemplateHandler
    • ➕ Add masking password feature in SettingsHandler
    • [#439]: Add DirEntry comparator in DirectoryHandler
    • [#452]: Add new headers
    • [#456]: Add CorsHandler for Cross-origin resource sharing

    ✂ Removed