{"id":6862,"name":"org.apache.tomcat.embed:tomcat-embed-core","ecosystem":"maven","repository_url":"","issues_count":726,"created_at":"2025-06-06T22:06:45.796Z","updated_at":"2025-06-06T22:06:45.796Z","purl":"pkg:maven/org.apache.tomcat.embed:tomcat-embed-core","metadata":{"id":5422858,"name":"org.apache.tomcat.embed:tomcat-embed-core","ecosystem":"maven","description":"Core Tomcat implementation","homepage":"https://tomcat.apache.org/","licenses":"Apache License, Version 2.0","normalized_licenses":["Apache-2.0"],"repository_url":"","keywords_array":[],"namespace":"org.apache.tomcat.embed","versions_count":403,"first_release_published_at":"2010-07-12T13:30:14.000Z","latest_release_published_at":"2024-11-06T20:00:49.000Z","latest_release_number":"11.0.1","last_synced_at":"2024-12-01T05:35:29.500Z","created_at":"2022-11-14T19:46:48.629Z","updated_at":"2025-06-05T21:00:23.631Z","registry_url":"https://central.sonatype.com/artifact/org.apache.tomcat.embed/tomcat-embed-core/","install_command":null,"documentation_url":"https://appdoc.app/artifact/org.apache.tomcat.embed/tomcat-embed-core/","metadata":{},"repo_metadata":{},"repo_metadata_updated_at":"2023-03-22T07:44:39.347Z","dependent_packages_count":1044,"downloads":null,"downloads_period":null,"dependent_repos_count":14197,"rankings":{"downloads":null,"dependent_repos_count":0.06091207822393203,"dependent_packages_count":0.0709305121423419,"stargazers_count":null,"forks_count":null,"docker_downloads_count":1.8866714755149474,"average":0.6728380219604072},"purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core","advisories":[{"uuid":"GSA_kwCzR0hTQS05aGcyLTM5NWotODNybc4AASV-","url":"https://github.com/advisories/GHSA-9hg2-395j-83rm","title":"Expected Behavior Violation in Apache Tomcat","description":"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-13T01:46:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2017-5651","https://bz.apache.org/bugzilla/show_bug.cgi?id=60918","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://security.gentoo.org/glsa/201705-09","http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544","https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219","https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b","https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8","https://security.netapp.com/advisory/ntap-20180614-0001","https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F\u0026type=code","https://github.com/advisories/GHSA-9hg2-395j-83rm"],"source_kind":"github","identifiers":["GHSA-9hg2-395j-83rm","CVE-2017-5651"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.13","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.12"},{"first_patched_version":"9.0.0.M19","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.0.M18"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.5.13","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.12"},{"first_patched_version":"9.0.0.M19","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.0.M18"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"}],"created_at":"2022-12-21T16:12:15.285Z","updated_at":"2024-04-18T17:11:19.000Z","epss_percentage":0.09811,"epss_percentile":0.925},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnd3ItM3FtMy0yNmYz","url":"https://github.com/advisories/GHSA-jgwr-3qm3-26f3","title":"Potential remote code execution in Apache Tomcat","description":"The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-03-19T20:11:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2021-25329","https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4","https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html","http://www.openwall.com/lists/oss-security/2021/03/01/2","https://security.netapp.com/advisory/ntap-20210409-0002/","https://www.debian.org/security/2021/dsa-4891","https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://security.gentoo.org/glsa/202208-34","https://github.com/advisories/GHSA-jgwr-3qm3-26f3"],"source_kind":"github","identifiers":["GHSA-jgwr-3qm3-26f3","CVE-2021-25329"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.108","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.107"},{"first_patched_version":"8.5.61","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.61"},{"first_patched_version":"9.0.41","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.41"},{"first_patched_version":"10.0.2","vulnerable_version_range":"\u003e= 10.0.0-M1, \u003c 10.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:10.323Z","updated_at":"2023-02-03T05:04:49.000Z","epss_percentage":0.04622,"epss_percentile":0.8873},{"uuid":"GSA_kwCzR0hTQS1mNHFmLW01Z2YtOGptOM4AA4kQ","url":"https://github.com/advisories/GHSA-f4qf-m5gf-8jm8","title":"Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information","description":"Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-01-19T12:30:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-21733","https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz","http://www.openwall.com/lists/oss-security/2024/01/19/2","http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html","https://security.netapp.com/advisory/ntap-20240216-0005","https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a","https://github.com/apache/tomcat/commit/ce4b154e7b48f66bd98858626347747cd2514311","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://github.com/advisories/GHSA-f4qf-m5gf-8jm8"],"source_kind":"github","identifiers":["GHSA-f4qf-m5gf-8jm8","CVE-2024-21733"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.64","vulnerable_version_range":"\u003e= 8.5.7, \u003c 8.5.64"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"9.0.44","vulnerable_version_range":"\u003e= 9.0.0-M11, \u003c 9.0.44"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"}],"created_at":"2024-01-29T23:04:51.009Z","updated_at":"2025-02-13T19:33:10.000Z","epss_percentage":0.60067,"epss_percentile":0.98131},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJydnYtdzlyMi1yZzdt","url":"https://github.com/advisories/GHSA-2rvv-w9r2-rg7m","title":"Information Disclosure in Apache Tomcat","description":"When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-05-13T22:30:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2021-24122","https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html","http://www.openwall.com/lists/oss-security/2021/01/14/1","https://www.oracle.com//security-alerts/cpujul2021.html","https://github.com/apache/tomcat/commit/7f004ac4531c45f9a2a2d1470561fe135cf27bc2","https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177","https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9","https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533","https://tomcat.apache.org/security-9.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-7.html","https://tomcat.apache.org/security-10.html","https://security.netapp.com/advisory/ntap-20210212-0008","https://github.com/advisories/GHSA-2rvv-w9r2-rg7m"],"source_kind":"github","identifiers":["GHSA-2rvv-w9r2-rg7m","CVE-2021-24122"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.107","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.107"},{"first_patched_version":"8.5.60","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.60"},{"first_patched_version":"9.0.40","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.40"},{"first_patched_version":"10.0.0-M10","vulnerable_version_range":"\u003e= 10.0.0-M1, \u003c= 10.0.0-M9"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:08.452Z","updated_at":"2024-03-11T16:32:23.000Z","epss_percentage":0.61383,"epss_percentile":0.98196},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aGctcm1xMi01MnE5","url":"https://github.com/advisories/GHSA-q4hg-rmq2-52q9","title":"Improper Locking in Apache Tomcat","description":"The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-06-26T01:09:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-10072","https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://support.f5.com/csp/article/K17321505","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_29","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227033743/http://www.securityfocus.com/bid/108874","https://github.com/apache/tomcat/commit/0bcd69c9dd8ae0ff424f2cd46de51583510b7f35","https://github.com/apache/tomcat/commit/7f748eb6bfaba5207c89dbd7d5adf50fae847145","https://github.com/apache/tomcat/commit/8d14c6f21d29768a39be4b6b9517060dc6606758","https://github.com/apache/tomcat/commit/ada725a50a60867af3422c8e612aecaeea856a9a","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://usn.ubuntu.com/4128-1","https://usn.ubuntu.com/4128-2","https://security.netapp.com/advisory/ntap-20190625-0002","https://github.com/advisories/GHSA-q4hg-rmq2-52q9"],"source_kind":"github","identifiers":["GHSA-q4hg-rmq2-52q9","CVE-2019-10072"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.41","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.41"},{"first_patched_version":"9.0.20","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.20"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:07.769Z","updated_at":"2024-03-11T15:39:15.000Z","epss_percentage":0.71534,"epss_percentile":0.98626},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyeGotNThqaC00MzZy","url":"https://github.com/advisories/GHSA-6rxj-58jh-436r","title":"Apache Tomcat unauthorized access vulnerability","description":"The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-10-17T16:31:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1304","https://access.redhat.com/errata/RHSA-2018:0465","https://access.redhat.com/errata/RHSA-2018:0466","https://access.redhat.com/errata/RHSA-2018:1320","https://access.redhat.com/errata/RHSA-2018:1447","https://access.redhat.com/errata/RHSA-2018:1448","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2018:1451","https://access.redhat.com/errata/RHSA-2018:2939","https://access.redhat.com/errata/RHSA-2019:2205","https://github.com/advisories/GHSA-6rxj-58jh-436r","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227102806/http://www.securityfocus.com/bid/103170","https://web.archive.org/web/20200516074457/http://www.securitytracker.com/id/1040427","https://github.com/apache/tomcat/commit/2d69fde135302e8cff984bb2131ec69f2e396964","https://github.com/apache/tomcat/commit/5af7c13cff7cc8366c5997418e820989fabb8f48","https://github.com/apache/tomcat/commit/723ea6a5bc5e7bc49e5ef84273c3b3c164a6a4fd","https://github.com/apache/tomcat80/commit/9e700b93e3bf5c605267d20568a964169f9e0b79","https://security.netapp.com/advisory/ntap-20180706-0001","https://usn.ubuntu.com/3665-1"],"source_kind":"github","identifiers":["GHSA-6rxj-58jh-436r","CVE-2018-1304"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.86","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.86"},{"first_patched_version":"8.0.51","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.0.51"},{"first_patched_version":"8.5.28","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.28"},{"first_patched_version":"9.0.5","vulnerable_version_range":"\u003e= 9.0.0, \u003c= 9.0.4"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.935Z","updated_at":"2024-02-23T17:46:59.000Z","epss_percentage":0.01722,"epss_percentile":0.81487},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqcHEtZ3A1cS04cTZ3","url":"https://github.com/advisories/GHSA-jjpq-gp5q-8q6w","title":"Cross-site scripting in Apache Tomcat","description":"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-05-30T03:30:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-0221","https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html","https://seclists.org/bugtraq/2019/Dec/43","https://security.gentoo.org/glsa/202003-43","https://support.f5.com/csp/article/K13184144?utm_source=f5support\u0026amp;utm_medium=RSS","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html","http://seclists.org/fulldisclosure/2019/May/50","http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html","https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://support.f5.com/csp/article/K13184144?utm_source=f5support\u0026amp%3Butm_medium=RSS","https://web.archive.org/web/20200227055048/http://www.securityfocus.com/bid/108545","https://github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea","https://github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e","https://github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","https://security.netapp.com/advisory/ntap-20190606-0001","https://tomcat.apache.org/security-7.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://usn.ubuntu.com/4128-1","https://usn.ubuntu.com/4128-2","https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46","https://github.com/advisories/GHSA-jjpq-gp5q-8q6w"],"source_kind":"github","identifiers":["GHSA-jjpq-gp5q-8q6w","CVE-2019-0221"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.94","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.94"},{"first_patched_version":"8.5.40","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.40"},{"first_patched_version":"9.0.17","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.17"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:29.988Z","updated_at":"2024-03-11T14:33:58.000Z","epss_percentage":0.09193,"epss_percentile":0.92262},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aHctd2Y3eC1qcDlq","url":"https://github.com/advisories/GHSA-c9hw-wf7x-jp9j","title":"Improper Privilege Management in Tomcat","description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: returning arbitrary files from anywhere in the web application, processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2020-06-15T18:51:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-1938","https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://security.gentoo.org/glsa/202003-43","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","http://support.blackberry.com/kb/articleDetail?articleNumber=000062739","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","https://security.netapp.com/advisory/ntap-20200226-0002","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS","https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","https://github.com/advisories/GHSA-c9hw-wf7x-jp9j"],"source_kind":"github","identifiers":["GHSA-c9hw-wf7x-jp9j","CVE-2020-1938"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.100","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.100"},{"first_patched_version":"8.5.51","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.51"},{"first_patched_version":"9.0.31","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.31"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:24.086Z","updated_at":"2024-07-25T13:37:10.000Z","epss_percentage":0.94469,"epss_percentile":0.99995},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4Y2otYzhjci04YzNj","url":"https://github.com/advisories/GHSA-9xcj-c8cr-8c3c","title":"In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack","description":"When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-12-26T18:22:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-17563","https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E","https://seclists.org/bugtraq/2019/Dec/43","https://www.debian.org/security/2019/dsa-4596","https://security.netapp.com/advisory/ntap-20200107-0001/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://usn.ubuntu.com/4251-1/","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://security.gentoo.org/glsa/202003-43","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://github.com/advisories/GHSA-9xcj-c8cr-8c3c"],"source_kind":"github","identifiers":["GHSA-9xcj-c8cr-8c3c","CVE-2019-17563"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.30","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.30"},{"first_patched_version":"8.5.50","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.50"},{"first_patched_version":"7.0.99","vulnerable_version_range":"\u003c 7.0.99"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:26.772Z","updated_at":"2023-01-28T05:04:37.000Z","epss_percentage":0.03258,"epss_percentile":0.8653},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2bXgtcW1jaC1tcHFn","url":"https://github.com/advisories/GHSA-8vmx-qmch-mpqg","title":"Apache Tomcat OS Command Injection vulnerability","description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-04-18T14:27:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-0232","https://access.redhat.com/errata/RHSA-2019:1712","https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/","https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://security.netapp.com/advisory/ntap-20190419-0001/","https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/","https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_17","https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/","http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2019/May/4","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227030103/http://www.securityfocus.com/bid/107906","https://github.com/advisories/GHSA-8vmx-qmch-mpqg"],"source_kind":"github","identifiers":["GHSA-8vmx-qmch-mpqg","CVE-2019-0232"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.17","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.17"},{"first_patched_version":"7.0.94","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.94"},{"first_patched_version":"8.5.40","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.40"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:30.447Z","updated_at":"2023-12-08T23:08:56.000Z","epss_percentage":0.94225,"epss_percentile":0.99916},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqZnItcWYzcC0zcTI1","url":"https://github.com/advisories/GHSA-pjfr-qf3p-3q25","title":"When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server","description":"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-17T16:30:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2017-12615","https://access.redhat.com/errata/RHSA-2017:3080","https://access.redhat.com/errata/RHSA-2017:3081","https://access.redhat.com/errata/RHSA-2017:3113","https://access.redhat.com/errata/RHSA-2017:3114","https://access.redhat.com/errata/RHSA-2018:0465","https://access.redhat.com/errata/RHSA-2018:0466","https://github.com/advisories/GHSA-pjfr-qf3p-3q25","https://github.com/breaktoprotect/CVE-2017-12615","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://www.synology.com/support/security/Synology_SA_17_54_Tomcat","http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html","http://www.securityfocus.com/bid/100901","http://www.securitytracker.com/id/1039392","https://www.exploit-db.com/exploits/42953","https://security.netapp.com/advisory/ntap-20171018-0001","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"],"source_kind":"github","identifiers":["GHSA-pjfr-qf3p-3q25","CVE-2017-12615"],"repository_url":"https://github.com/breaktoprotect/CVE-2017-12615","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.79","vulnerable_version_range":"\u003e= 7.0.0, \u003c 7.0.79"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.955Z","updated_at":"2024-07-16T20:13:15.000Z","epss_percentage":0.9436,"epss_percentile":0.99956},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoM2oteDRtYy1nNDhy","url":"https://github.com/advisories/GHSA-hh3j-x4mc-g48r","title":"Insufficiently Protected Credentials in Apache Tomcat","description":"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-12-26T18:22:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-12418","https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","https://seclists.org/bugtraq/2019/Dec/43","https://www.debian.org/security/2019/dsa-4596","https://security.netapp.com/advisory/ntap-20200107-0001/","https://support.f5.com/csp/article/K10107360?utm_source=f5support\u0026amp;utm_medium=RSS","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html","https://security.gentoo.org/glsa/202003-43","https://usn.ubuntu.com/4251-1/","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpuapr2020.html","https://github.com/advisories/GHSA-hh3j-x4mc-g48r"],"source_kind":"github","identifiers":["GHSA-hh3j-x4mc-g48r","CVE-2019-12418"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.29","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.29"},{"first_patched_version":"8.5.49","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.48"},{"first_patched_version":"7.0.99","vulnerable_version_range":"\u003c 7.0.98"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:26.762Z","updated_at":"2023-02-01T05:02:37.000Z","epss_percentage":0.00556,"epss_percentile":0.6703},{"uuid":"GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF","url":"https://github.com/advisories/GHSA-qvf5-hvjx-wm27","title":"Apache Tomcat Request and/or response mix-up","description":"Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-11-18T12:30:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2024-52317","https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs","https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b","https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a","https://github.com/apache/tomcat/commit/9e840ccacb40881c03a03b1e0746bfba7369b3bd","https://security.netapp.com/advisory/ntap-20250124-0004","http://www.openwall.com/lists/oss-security/2024/11/18/3","https://github.com/advisories/GHSA-qvf5-hvjx-wm27"],"source_kind":"github","identifiers":["GHSA-qvf5-hvjx-wm27","CVE-2024-52317"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"11.0.0","vulnerable_version_range":"\u003e= 11.0.0-M23, \u003c 11.0.0"},{"first_patched_version":"10.1.31","vulnerable_version_range":"\u003e= 10.1.27, \u003c 10.1.31"},{"first_patched_version":"9.0.96","vulnerable_version_range":"\u003e= 9.0.92, \u003c 9.0.96"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"11.0.0","vulnerable_version_range":"\u003e= 11.0.0-M23, \u003c 11.0.0"},{"first_patched_version":"10.1.31","vulnerable_version_range":"\u003e= 10.1.27, \u003c 10.1.31"},{"first_patched_version":"9.0.96","vulnerable_version_range":"\u003e= 9.0.92, \u003c 9.0.96"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2024-11-18T22:06:44.340Z","updated_at":"2025-01-24T21:41:14.000Z","epss_percentage":0.03556,"epss_percentile":0.87101},{"uuid":"GSA_kwCzR0hTQS1mOThwLTlwcDYtN3E2Y821nA","url":"https://github.com/advisories/GHSA-f98p-9pp6-7q6c","title":"Apache Tomcat Cross-site scripting (XSS) vulnerability","description":"Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-01T23:45:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2008-1947","https://exchange.xforce.ibmcloud.com/vulnerabilities/42816","https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11534","https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6009","https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html","https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html","https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html","http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html","http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2","http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2","http://marc.info/?l=tomcat-user\u0026m=121244319501278\u0026w=2","http://support.apple.com/kb/HT3216","http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm","http://tomcat.apache.org/security-5.html","http://tomcat.apache.org/security-6.html","http://www.debian.org/security/2008/dsa-1593","http://www.mandriva.com/security/advisories?name=MDVSA-2008:188","http://www.redhat.com/support/errata/RHSA-2008-0648.html","http://www.redhat.com/support/errata/RHSA-2008-0862.html","http://www.redhat.com/support/errata/RHSA-2008-0864.html","http://www.vmware.com/security/advisories/VMSA-2009-0002.html","http://www.vmware.com/security/advisories/VMSA-2009-0016.html","https://access.redhat.com/errata/RHSA-2008:0648","https://access.redhat.com/errata/RHSA-2008:0862","https://access.redhat.com/errata/RHSA-2008:0864","https://access.redhat.com/errata/RHSA-2008:1007","https://access.redhat.com/security/cve/CVE-2008-1947","https://bugzilla.redhat.com/show_bug.cgi?id=446393","https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E","https://github.com/apache/tomcat/commit/5f00d434c8dc11bd49ce0b4b56fe889839056030","https://github.com/apache/tomcat/commit/78ad0fcbe29c824f1f2e45a4e2716247b033250a","https://github.com/apache/tomcat/commit/ab6a6c41ac972c845717c9d639f0335865afab4d","https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","https://web.archive.org/web/20200514224656/http://www.securityfocus.com/archive/1/507985/100/0/threaded","https://web.archive.org/web/20201208011750/http://www.securityfocus.com/archive/1/492958/100/0/threaded","https://github.com/apache/tomcat/commit/49c71fc59c1b8f8da77aea9eb53e61db168aebab","http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html","https://github.com/advisories/GHSA-f98p-9pp6-7q6c"],"source_kind":"github","identifiers":["GHSA-f98p-9pp6-7q6c","CVE-2008-1947"],"repository_url":"https://github.com/apache/tomcat","blast_radius":22.00664188637131,"packages":[{"versions":[{"first_patched_version":"6.0.18","vulnerable_version_range":"\u003e= 6.0.0, \u003c= 6.0.16"},{"first_patched_version":"5.5.27","vulnerable_version_range":"\u003e= 5.5.9, \u003c= 5.5.26"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"6.0.18","vulnerable_version_range":"\u003e= 6.0.0, \u003c= 6.0.16"},{"first_patched_version":"5.5.27","vulnerable_version_range":"\u003e= 5.5.9, \u003c= 5.5.26"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"}],"created_at":"2024-01-08T23:05:58.233Z","updated_at":"2025-04-09T16:44:53.000Z","epss_percentage":0.49114,"epss_percentile":0.97543},{"uuid":"GSA_kwCzR0hTQS01ajMzLWN2dnItdzI0Nc4ABChZ","url":"https://github.com/advisories/GHSA-5j33-cvvr-w245","title":"Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability","description":"Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-12-17T15:31:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-50379","https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r","https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f","https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00","https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41","https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842","https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2","https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c","https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","http://www.openwall.com/lists/oss-security/2024/12/17/4","http://www.openwall.com/lists/oss-security/2024/12/18/2","https://security.netapp.com/advisory/ntap-20250103-0003","https://github.com/advisories/GHSA-5j33-cvvr-w245"],"source_kind":"github","identifiers":["GHSA-5j33-cvvr-w245","CVE-2024-50379"],"repository_url":"https://github.com/apache/tomcat","blast_radius":29.89581539280631,"packages":[{"versions":[{"first_patched_version":"9.0.98","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.98"},{"first_patched_version":"10.1.34","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.34"},{"first_patched_version":"11.0.2","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"9.0.98","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.98"},{"first_patched_version":"10.1.34","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.34"},{"first_patched_version":"11.0.2","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2024-12-17T17:08:24.217Z","updated_at":"2025-01-03T12:30:31.000Z","epss_percentage":0.89324,"epss_percentile":0.9951},{"uuid":"GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y","url":"https://github.com/advisories/GHSA-7w75-32cg-r6g2","title":"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","description":"Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-03-13T18:31:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-24549","https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg","https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96","https://github.com/apache/tomcat/commit/810f49d5ff6d64b704af85d5b8d0aab9ec3c83f5","https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0","https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843","https://security.netapp.com/advisory/ntap-20240402-0002","https://lists.debian.org/debian-lts-announce/2024/04/msg00001.html","http://www.openwall.com/lists/oss-security/2024/03/13/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/736G4GPZWS2DSQO5WKXO3G6OMZKFEK55","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UWIS5MMGYDZBLJYT674ZI5AWFHDZ46B","https://github.com/advisories/GHSA-7w75-32cg-r6g2"],"source_kind":"github","identifiers":["GHSA-7w75-32cg-r6g2","CVE-2024-24549"],"repository_url":"https://github.com/apache/tomcat","blast_radius":27.40449744340578,"packages":[{"versions":[{"first_patched_version":"8.5.99","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.98"},{"first_patched_version":"9.0.86","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c= 9.0.85"},{"first_patched_version":"10.1.19","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c= 10.1.18"},{"first_patched_version":"11.0.0-M17","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c= 11.0.0-M16"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"11.0.0-M17","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c= 11.0.0-M16"},{"first_patched_version":"10.1.19","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c= 10.1.18"},{"first_patched_version":"9.0.86","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c= 9.0.85"},{"first_patched_version":"8.5.99","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.98"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2024-03-21T20:04:43.147Z","updated_at":"2025-02-13T19:07:46.000Z","epss_percentage":0.52453,"epss_percentile":0.97766},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2NTItbWo1ci03ajJt","url":"https://github.com/advisories/GHSA-6v52-mj5r-7j2m","title":"Apache Tomcat Race Condition vulnerability","description":"If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-10-17T16:33:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-8037","https://access.redhat.com/errata/RHSA-2018:2867","https://access.redhat.com/errata/RHSA-2018:2868","https://access.redhat.com/errata/RHSA-2019:1529","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E","http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227102808/http://www.securityfocus.com/bid/104894","https://web.archive.org/web/20200515223903/http://www.securitytracker.com/id/1041376","https://github.com/apache/tomcat/commit/4c04369c287233ea2e8e5135f6c31d02e2d76293","https://github.com/apache/tomcat/commit/ccf2e6bf5205561ad18c2300153e9173ec509d73","https://github.com/apache/tomcat/commit/ed4b9d791f9470e4c3de691dd0153a9ce431701b","https://github.com/apache/tomcat/commit/f94eedf02b5973598ab3dbbd4504da588e9ba6cb","https://security.netapp.com/advisory/ntap-20180817-0001","https://github.com/advisories/GHSA-6v52-mj5r-7j2m"],"source_kind":"github","identifiers":["GHSA-6v52-mj5r-7j2m","CVE-2018-8037"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.10","vulnerable_version_range":"\u003e= 9.0.0.M9, \u003c 9.0.10"},{"first_patched_version":"8.5.32","vulnerable_version_range":"\u003e= 8.5.5, \u003c 8.5.32"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.884Z","updated_at":"2024-02-22T21:06:51.000Z","epss_percentage":0.05055,"epss_percentile":0.89249},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01OWMtanBjOC1tMng0","url":"https://github.com/advisories/GHSA-m59c-jpc8-m2x4","title":"In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder ","description":"An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-17T16:32:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1336","https://access.redhat.com/errata/RHEA-2018:2188","https://access.redhat.com/errata/RHEA-2018:2189","https://access.redhat.com/errata/RHSA-2018:2700","https://access.redhat.com/errata/RHSA-2018:2701","https://access.redhat.com/errata/RHSA-2018:2740","https://access.redhat.com/errata/RHSA-2018:2741","https://access.redhat.com/errata/RHSA-2018:2742","https://access.redhat.com/errata/RHSA-2018:2743","https://access.redhat.com/errata/RHSA-2018:2921","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2018:2939","https://access.redhat.com/errata/RHSA-2018:2945","https://access.redhat.com/errata/RHSA-2018:3768","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","https://support.f5.com/csp/article/K73008537?utm_source=f5support\u0026amp;utm_medium=RSS","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://support.f5.com/csp/article/K73008537?utm_source=f5support\u0026amp%3Butm_medium=RSS","https://web.archive.org/web/20190703075545/http://www.securitytracker.com/id/1041375","https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104898","https://github.com/apache/tomcat/commit/156d76a6afeef440d14044a560d6ad1d029361c4","https://github.com/apache/tomcat/commit/92cd494555598e99dd691712e8ee426a2f9c2e93","https://github.com/apache/tomcat/commit/e00812b94e5830b2be3de04f4ae4ade38a700074","https://github.com/apache/tomcat80/commit/9e9b7fe1b5732277a26e437f1d32155de6208ef2","https://security.netapp.com/advisory/ntap-20180817-0001","https://usn.ubuntu.com/3723-1","https://github.com/advisories/GHSA-m59c-jpc8-m2x4"],"source_kind":"github","identifiers":["GHSA-m59c-jpc8-m2x4","CVE-2018-1336"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.0.51","vulnerable_version_range":"\u003e= 8.0.0RC1, \u003c 8.0.51"},{"first_patched_version":"9.0.8","vulnerable_version_range":"\u003e= 9.0.0.M9, \u003c= 9.0.7"},{"first_patched_version":"7.0.87","vulnerable_version_range":"\u003e= 7.0.28, \u003c 7.0.87"},{"first_patched_version":"8.5.31","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.31"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.915Z","updated_at":"2024-02-23T17:57:10.000Z","epss_percentage":0.12239,"epss_percentile":0.93474},{"uuid":"GSA_kwCzR0hTQS1tcHB2LTc5Y2gtdnc2cc4AAz98","url":"https://github.com/advisories/GHSA-mppv-79ch-vw6q","title":"Apache Tomcat vulnerable to information leak","description":"A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS message would be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-06-21T12:30:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-34981","https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz","https://bz.apache.org/bugzilla/show_bug.cgi?id=66512","https://bz.apache.org/bugzilla/show_bug.cgi?id=66591","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://github.com/apache/tomcat/commit/2214c8030522aa9b2a367dfa5d9acff1a03666ae","https://github.com/apache/tomcat/commit/2f0ca2378415f4cf0748f4bc8fa955f41f803fa5","https://github.com/apache/tomcat/commit/739c7381aed22b7636351caf885ddc519ab6b442","https://github.com/apache/tomcat/commit/f0742f47b98aca943097f7f88e0d1163f57527e3","https://security.netapp.com/advisory/ntap-20230714-0003","https://github.com/advisories/GHSA-mppv-79ch-vw6q"],"source_kind":"github","identifiers":["GHSA-mppv-79ch-vw6q","CVE-2023-34981"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.89","vulnerable_version_range":"= 8.5.88"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"9.0.75","vulnerable_version_range":"= 9.0.74"},{"first_patched_version":"10.1.9","vulnerable_version_range":"= 10.1.8"},{"first_patched_version":"11.0.0-M6","vulnerable_version_range":"= 11.0.0-M5"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2023-06-21T23:03:28.342Z","updated_at":"2024-10-09T19:46:51.000Z","epss_percentage":0.00231,"epss_percentile":0.45898},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZjQtY2h2Zy00cjhy","url":"https://github.com/advisories/GHSA-qxf4-chvg-4r8r","title":"Potential HTTP request smuggling in Apache Tomcat","description":"In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2020-02-28T01:10:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-1935","https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://security.netapp.com/advisory/ntap-20200327-0005/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E","https://www.oracle.com/security-alerts/cpujul2020.html","https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E","https://usn.ubuntu.com/4448-1/","https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://github.com/advisories/GHSA-qxf4-chvg-4r8r"],"source_kind":"github","identifiers":["GHSA-qxf4-chvg-4r8r","CVE-2020-1935"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.31","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.31"},{"first_patched_version":"8.5.51","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.51"},{"first_patched_version":"7.0.100","vulnerable_version_range":"\u003c 7.0.100"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"},{"versions":[{"first_patched_version":"9.0.31","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.31"},{"first_patched_version":"8.5.51","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.51"},{"first_patched_version":"7.0.100","vulnerable_version_range":"\u003c 7.0.100"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:25.936Z","updated_at":"2023-02-01T05:02:42.000Z","epss_percentage":0.0104,"epss_percentile":0.76367},{"uuid":"GSA_kwCzR0hTQS1oZnJ4LTZxZ2otZnA2Y84AAxvU","url":"https://github.com/advisories/GHSA-hfrx-6qgj-fp6c","title":"Apache Commons FileUpload denial of service vulnerability","description":"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-02-20T18:30:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-24998","https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy","https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17","https://commons.apache.org/proper/commons-fileupload/security-reports.html","http://www.openwall.com/lists/oss-security/2023/05/22/1","https://security.gentoo.org/glsa/202305-37","https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","https://www.debian.org/security/2023/dsa-5522","https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce","https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e","https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74","https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F\u0026type=code","https://security.netapp.com/advisory/ntap-20230302-0013","https://github.com/advisories/GHSA-hfrx-6qgj-fp6c"],"source_kind":"github","identifiers":["GHSA-hfrx-6qgj-fp6c","CVE-2023-24998"],"repository_url":"https://github.com/apache/commons-fileupload","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.71","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.71"},{"first_patched_version":"8.5.88","vulnerable_version_range":"\u003e= 8.5.85, \u003c 8.5.88"},{"first_patched_version":"11.0.0-M5","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.0-M5"},{"first_patched_version":"10.1.5","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.5"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"9.0.71","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.71"},{"first_patched_version":"8.5.88","vulnerable_version_range":"\u003e= 8.5.85, \u003c 8.5.88"},{"first_patched_version":"11.0.0-M5","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.0-M5"},{"first_patched_version":"10.1.5","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.5"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"1.5","vulnerable_version_range":"\u003c 1.5"}],"ecosystem":"maven","package_name":"commons-fileupload:commons-fileupload"}],"created_at":"2023-02-22T01:02:59.651Z","updated_at":"2025-02-13T18:41:40.000Z","epss_percentage":0.41119,"epss_percentile":0.97208},{"uuid":"GSA_kwCzR0hTQS1mZjc3LTI2eDUtNjljcs4ABHO8","url":"https://github.com/advisories/GHSA-ff77-26x5-69cr","title":"Apache Tomcat Rewrite rule bypass","description":"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6, which fix the issue.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2025-04-28T21:30:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-31651","https://lists.apache.org/list.html?announce@tomcat.apache.org","http://www.openwall.com/lists/oss-security/2025/04/28/3","https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098","https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64","https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454","https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-9.html","https://github.com/advisories/GHSA-ff77-26x5-69cr"],"source_kind":"github","identifiers":["GHSA-ff77-26x5-69cr","CVE-2025-31651"],"repository_url":"https://github.com/apache/tomcat","blast_radius":11.210930772302365,"packages":[{"versions":[{"first_patched_version":"11.0.6","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.6"},{"first_patched_version":"10.1.40","vulnerable_version_range":"\u003e= 10.1.10, \u003c 10.1.40"},{"first_patched_version":"9.0.104","vulnerable_version_range":"\u003e= 9.0.76, \u003c= 9.0.102"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"11.0.6","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.6"},{"first_patched_version":"10.1.40","vulnerable_version_range":"\u003e= 10.1.10, \u003c 10.1.40"},{"first_patched_version":"9.0.104","vulnerable_version_range":"\u003e= 9.0.76, \u003c= 9.0.102"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2025-04-29T16:08:55.377Z","updated_at":"2025-05-14T21:07:57.000Z","epss_percentage":0.00054,"epss_percentile":0.16835},{"uuid":"GSA_kwCzR0hTQS0zcDJoLXdxcTQtd2Y0aM4ABHO5","url":"https://github.com/advisories/GHSA-3p2h-wqq4-wf4h","title":"Apache Tomcat Denial of Service via invalid HTTP priority header","description":"Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-04-28T21:30:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-31650","https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826","http://www.openwall.com/lists/oss-security/2025/04/28/2","https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc","https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d","https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40","https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60","https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9","https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa","https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff","https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9","https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-9.html","https://github.com/advisories/GHSA-3p2h-wqq4-wf4h"],"source_kind":"github","identifiers":["GHSA-3p2h-wqq4-wf4h","CVE-2025-31650"],"repository_url":"https://github.com/apache/tomcat","blast_radius":27.40449744340578,"packages":[{"versions":[{"first_patched_version":"11.0.6","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.6"},{"first_patched_version":"10.1.40","vulnerable_version_range":"\u003e= 10.1.10, \u003c 10.1.40"},{"first_patched_version":"9.0.104","vulnerable_version_range":"\u003e= 9.0.76, \u003c= 9.0.102"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"11.0.6","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.6"},{"first_patched_version":"10.1.40","vulnerable_version_range":"\u003e= 10.1.10, \u003c 10.1.40"},{"first_patched_version":"9.0.104","vulnerable_version_range":"\u003e= 9.0.76, \u003c= 9.0.102"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"}],"created_at":"2025-04-29T15:09:13.723Z","updated_at":"2025-05-14T21:05:46.000Z","epss_percentage":0.00183,"epss_percentile":0.40765},{"uuid":"GSA_kwCzR0hTQS13ZjV2LWpoeGotcTYzMs4AAYNe","url":"https://github.com/advisories/GHSA-wf5v-jhxj-q632","title":"Denial of service in Apache Tomcat","description":"java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a \"Content-Length: 0\" AJP request to trigger a hang in request processing.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T00:24:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-0095","http://seclists.org/fulldisclosure/2014/May/134","http://svn.apache.org/viewvc?view=revision\u0026revision=1578392","http://tomcat.apache.org/security-8.html","http://www-01.ibm.com/support/docview.wss?uid=swg21678231","http://www-01.ibm.com/support/docview.wss?uid=swg21681528","http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html","https://github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479","https://github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aee","https://web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300","https://web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673","https://web.archive.org/web/20151017043748/http://secunia.com/advisories/60729","https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873","https://github.com/advisories/GHSA-wf5v-jhxj-q632"],"source_kind":"github","identifiers":["GHSA-wf5v-jhxj-q632","CVE-2014-0095"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.0.4","vulnerable_version_range":"\u003e= 8.0.0-RC1, \u003c 8.0.4"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.0.4","vulnerable_version_range":"\u003e= 8.0.0-RC1, \u003c 8.0.4"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"}],"created_at":"2024-01-08T21:05:40.364Z","updated_at":"2024-02-22T16:31:45.000Z","epss_percentage":0.13063,"epss_percentile":0.935},{"uuid":"GSA_kwCzR0hTQS1oMmZ3LXJmaDUtOTVyM84ABIft","url":"https://github.com/advisories/GHSA-h2fw-rfh5-95r3","title":"Apache Tomcat - CGI security constraint bypass","description":"Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2025-05-29T21:31:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":1.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-46701","https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j","https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a","https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558","https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5","https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605","https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74","https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2","https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41","https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7","https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105","http://www.openwall.com/lists/oss-security/2025/05/29/4","https://github.com/advisories/GHSA-h2fw-rfh5-95r3"],"source_kind":"github","identifiers":["GHSA-h2fw-rfh5-95r3","CVE-2025-46701"],"repository_url":"https://github.com/apache/tomcat","blast_radius":7.058734189968155,"packages":[{"versions":[{"first_patched_version":"11.0.7","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.7"},{"first_patched_version":"10.1.41","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.41"},{"first_patched_version":"9.0.105","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.105"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"11.0.7","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.7"},{"first_patched_version":"10.1.41","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.41"},{"first_patched_version":"9.0.105","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.105"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2025-05-29T23:07:48.004Z","updated_at":"2025-05-30T14:51:24.000Z","epss_percentage":0.00017,"epss_percentile":0.02797},{"uuid":"GSA_kwCzR0hTQS04M3FqLTZmcjItdmhxZ84ABFPZ","url":"https://github.com/advisories/GHSA-83qj-6fr2-vhqg","title":"Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT","description":"Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat's file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2025-03-10T18:31:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-24813","https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq","http://www.openwall.com/lists/oss-security/2025/03/10/5","https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c","https://github.com/apache/tomcat/commit/eb61aade8f8daccaecabf07d428b877975622f72","https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc","https://github.com/absholi7ly/POC-CVE-2025-24813/blob/main/README.md","https://www.vicarius.io/vsociety/posts/cve-2025-24813-detect-apache-tomcat-rce","https://www.vicarius.io/vsociety/posts/cve-2025-24813-mitigate-apache-tomcat-rce","https://security.netapp.com/advisory/ntap-20250321-0001","https://lists.debian.org/debian-lts-announce/2025/04/msg00003.html","https://github.com/advisories/GHSA-83qj-6fr2-vhqg"],"source_kind":"github","identifiers":["GHSA-83qj-6fr2-vhqg","CVE-2025-24813"],"repository_url":"https://github.com/apache/tomcat","blast_radius":38.200208557474724,"packages":[{"versions":[{"first_patched_version":"9.0.99","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.99"},{"first_patched_version":"10.1.35","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.35"},{"first_patched_version":"11.0.3","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.3"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"9.0.99","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.99"},{"first_patched_version":"10.1.35","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.35"},{"first_patched_version":"11.0.3","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.3"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2025-03-10T23:07:47.808Z","updated_at":"2025-04-03T13:23:54.000Z","epss_percentage":0.93709,"epss_percentile":0.99839},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1M20tcGZyNS03djg3","url":"https://github.com/advisories/GHSA-r53m-pfr5-7v87","title":"Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core","description":"**Withdrawn:** Duplicate of GHSA-qcxh-w3j9-58qr","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-04-18T14:50:19.000Z","withdrawn_at":"2020-06-17T15:15:06.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-0199","https://github.com/advisories/GHSA-r53m-pfr5-7v87"],"source_kind":"github","identifiers":["GHSA-r53m-pfr5-7v87"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.38","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.38"},{"first_patched_version":"9.0.16","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.14"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:30.418Z","updated_at":"2023-01-09T05:03:26.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt","url":"https://github.com/advisories/GHSA-g8pj-r55q-5c2v","title":"Apache Tomcat Incomplete Cleanup vulnerability","description":"Incomplete Cleanup vulnerability in Apache Tomcat.\n\nWhen recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-10-10T18:31:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-42795","https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw","http://www.openwall.com/lists/oss-security/2023/10/10/9","https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","https://www.debian.org/security/2023/dsa-5521","https://www.debian.org/security/2023/dsa-5522","https://github.com/apache/tomcat/commit/30f8063d7a9b4c43ae4722f5e382a76af1d7a6bf","https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75","https://github.com/apache/tomcat/commit/9375d67106f8df9eb9d7b360b2bef052fe67d3d4","https://github.com/apache/tomcat/commit/d6db22e411307c97ddf78315c15d5889356eca38","https://security.netapp.com/advisory/ntap-20231103-0007","https://github.com/advisories/GHSA-g8pj-r55q-5c2v"],"source_kind":"github","identifiers":["GHSA-g8pj-r55q-5c2v","CVE-2023-42795"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.81"},{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.81"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"}],"created_at":"2023-10-10T23:05:57.726Z","updated_at":"2025-02-13T19:16:31.000Z","epss_percentage":0.0051,"epss_percentile":0.65343},{"uuid":"GSA_kwCzR0hTQS0yN2hwLXhod3Itd3Iybc4ABCp3","url":"https://github.com/advisories/GHSA-27hp-xhwr-wr2m","title":"Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability","description":"Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe mitigation for CVE-2024-50379 was incomplete.\n\nUsers running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation \nparameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:\n- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)\n- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)\n- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)\n\nTomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-12-20T18:31:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-56337","https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp","https://www.cve.org/CVERecord?id=CVE-2024-50379","https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34","https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2","https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98","https://security.netapp.com/advisory/ntap-20250103-0002","https://github.com/advisories/GHSA-27hp-xhwr-wr2m"],"source_kind":"github","identifiers":["GHSA-27hp-xhwr-wr2m","CVE-2024-56337"],"repository_url":null,"blast_radius":29.89581539280631,"packages":[{"versions":[{"first_patched_version":"9.0.98","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.98"},{"first_patched_version":"10.1.34","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.34"},{"first_patched_version":"11.0.2","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"9.0.98","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c 9.0.98"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-embed-core"},{"versions":[{"first_patched_version":"10.1.34","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.34"},{"first_patched_version":"11.0.2","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2024-12-20T20:08:21.849Z","updated_at":"2025-01-08T16:05:13.000Z","epss_percentage":0.0503,"epss_percentile":0.8927},{"uuid":"GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV","url":"https://github.com/advisories/GHSA-wm9w-rjj3-j356","title":"Apache Tomcat - Denial of Service","description":"Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-07-03T21:39:44.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-34750","https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l","https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2","https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3","https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-9.html","https://security.netapp.com/advisory/ntap-20240816-0004","https://github.com/advisories/GHSA-wm9w-rjj3-j356"],"source_kind":"github","identifiers":["GHSA-wm9w-rjj3-j356","CVE-2024-34750"],"repository_url":"https://github.com/apache/tomcat","blast_radius":36.12411026630762,"packages":[{"versions":[{"first_patched_version":"9.0.90","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.90"},{"first_patched_version":"10.1.25","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.25"},{"first_patched_version":"11.0.0-M21","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M21"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"9.0.90","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.90"},{"first_patched_version":"10.1.25","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.25"},{"first_patched_version":"11.0.0-M21","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M21"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2024-07-05T21:05:24.838Z","updated_at":"2025-06-04T21:21:59.000Z","epss_percentage":0.17015,"epss_percentile":0.94615},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjeGgtdzNqOS01OHFy","url":"https://github.com/advisories/GHSA-qcxh-w3j9-58qr","title":"Apache Tomcat Denial of Service vulnerability","description":"The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-15T18:51:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-0199","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/","https://seclists.org/bugtraq/2019/Dec/43","https://security.netapp.com/advisory/ntap-20190419-0001/","https://support.f5.com/csp/article/K17321505","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html","https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/","https://web.archive.org/web/20200227030041/http://www.securityfocus.com/bid/107674","https://github.com/advisories/GHSA-qcxh-w3j9-58qr"],"source_kind":"github","identifiers":["GHSA-qcxh-w3j9-58qr","CVE-2019-0199"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.38","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.5.38"},{"first_patched_version":"9.0.16","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.16"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:24.077Z","updated_at":"2023-12-08T22:47:09.000Z","epss_percentage":0.64304,"epss_percentile":0.98309},{"uuid":"GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy","url":"https://github.com/advisories/GHSA-rq2w-37h9-vg94","title":"Apache Tomcat improperly escapes input from JsonErrorReportValve","description":"The `JsonErrorReportValve` in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the `type`, `message` or `description` values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-01-03T21:30:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2022-45143","https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj","https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf","https://github.com/apache/tomcat/commit/6a0ac6a438cbbb66b6e9c5223842f53bf0cb50aa","https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e","https://security.gentoo.org/glsa/202305-37","https://github.com/advisories/GHSA-rq2w-37h9-vg94"],"source_kind":"github","identifiers":["GHSA-rq2w-37h9-vg94","CVE-2022-45143"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.69","vulnerable_version_range":"\u003e= 9.0.40, \u003c 9.0.69"},{"first_patched_version":"8.5.84","vulnerable_version_range":"= 8.5.83"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-util"},{"versions":[{"first_patched_version":"10.1.2","vulnerable_version_range":"\u003e= 10.1.0, \u003c= 10.1.1"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"},{"versions":[{"first_patched_version":"10.1.2","vulnerable_version_range":"\u003e= 10.1.0, \u003c= 10.1.1"},{"first_patched_version":"9.0.69","vulnerable_version_range":"\u003e= 9.0.40, \u003c= 9.0.68"},{"first_patched_version":"8.5.84","vulnerable_version_range":"= 8.5.83"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2023-01-05T12:15:08.044Z","updated_at":"2024-04-23T21:44:50.000Z","epss_percentage":0.00833,"epss_percentile":0.73486},{"uuid":"GSA_kwCzR0hTQS1wMjJ4LWc5cHgtMzk0Nc4AAvm5","url":"https://github.com/advisories/GHSA-p22x-g9px-3945","title":"Apache Tomcat may reject request containing invalid Content-Length header","description":"If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-11-01T12:00:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2022-42252","https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq","https://security.gentoo.org/glsa/202305-37","https://github.com/apache/tomcat/commit/0d089a15047faf9cb3c82f80f4d28febd4798920","https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77","https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a","https://github.com/apache/tomcat/commit/c9fe754e5d17e262dfbd3eab2a03ca96ff372dc3","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://github.com/advisories/GHSA-p22x-g9px-3945"],"source_kind":"github","identifiers":["GHSA-p22x-g9px-3945","CVE-2022-42252"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"10.1.1","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.1"},{"first_patched_version":"10.0.27","vulnerable_version_range":"\u003e= 10.0.0-M1, \u003c 10.0.27"},{"first_patched_version":"9.0.68","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.68"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"10.1.1","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.1"},{"first_patched_version":"10.0.27","vulnerable_version_range":"\u003e= 10.0.0-M1, \u003c 10.0.27"},{"first_patched_version":"9.0.68","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.68"},{"first_patched_version":"8.5.83","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.83"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:11:43.627Z","updated_at":"2024-04-23T20:42:24.000Z","epss_percentage":0.00164,"epss_percentile":0.38357},{"uuid":"GSA_kwCzR0hTQS0zdngzLXhmNnEtcjV4cM4AAQYR","url":"https://github.com/advisories/GHSA-3vx3-xf6q-r5xp","title":"Exposure of Resource to Wrong Sphere in Apache Tomcat","description":"While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-13T01:25:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2017-5648","https://access.redhat.com/errata/RHSA-2017:1801","https://access.redhat.com/errata/RHSA-2017:1802","https://access.redhat.com/errata/RHSA-2017:1809","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://security.gentoo.org/glsa/201705-09","http://www.debian.org/security/2017/dsa-3842","http://www.debian.org/security/2017/dsa-3843","http://www.openwall.com/lists/oss-security/2020/07/20/8","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20170417124117/http://www.securityfocus.com/bid/97530","https://web.archive.org/web/20170420115120/http://www.securitytracker.com/id/1038220","https://github.com/apache/tomcat/commit/0f7b9465d594b9814e1853d1e3a6e3aa51a21610","https://github.com/apache/tomcat/commit/6bb36dfdf6444efda074893dff493b9eb3648808","https://github.com/apache/tomcat/commit/dfa40863421d7681fed893b4256666491887e38c","https://github.com/apache/tomcat80/commit/6d73b079c55ee25dea1bbd0556bb568a4247dacd","https://security.netapp.com/advisory/ntap-20180614-0001","https://github.com/advisories/GHSA-3vx3-xf6q-r5xp"],"source_kind":"github","identifiers":["GHSA-3vx3-xf6q-r5xp","CVE-2017-5648"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.76","vulnerable_version_range":"\u003e= 7.0.0, \u003c= 7.0.75"},{"first_patched_version":"8.0.42","vulnerable_version_range":"\u003e= 8.0.0, \u003c= 8.0.41"},{"first_patched_version":"8.5.13","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.12"},{"first_patched_version":"9.0.0.M18","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.0.M17"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"7.0.76","vulnerable_version_range":"\u003e= 7.0.0, \u003c= 7.0.75"},{"first_patched_version":"8.0.42","vulnerable_version_range":"\u003e= 8.0.0, \u003c= 8.0.41"},{"first_patched_version":"8.5.13","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.12"},{"first_patched_version":"9.0.0.M18","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.0.M17"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2022-12-21T16:12:15.255Z","updated_at":"2024-04-18T17:08:34.000Z","epss_percentage":0.21758,"epss_percentile":0.95412},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajMtcjRwai00ODM1","url":"https://github.com/advisories/GHSA-46j3-r4pj-4835","title":"The host name verification missing in Apache Tomcat","description":"The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-17T16:32:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-8034","https://access.redhat.com/errata/RHSA-2019:0130","https://access.redhat.com/errata/RHSA-2019:0131","https://access.redhat.com/errata/RHSA-2019:0450","https://access.redhat.com/errata/RHSA-2019:0451","https://access.redhat.com/errata/RHSA-2019:1159","https://access.redhat.com/errata/RHSA-2019:1160","https://access.redhat.com/errata/RHSA-2019:1161","https://access.redhat.com/errata/RHSA-2019:1162","https://access.redhat.com/errata/RHSA-2019:1529","https://access.redhat.com/errata/RHSA-2019:2205","https://access.redhat.com/errata/RHSA-2019:3892","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227102810/http://www.securityfocus.com/bid/104895","https://web.archive.org/web/20200517032514/http://www.securitytracker.com/id/1041374","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E","https://github.com/apache/tomcat/commit/2835bb4e030c1c741ed0847bb3b9c3822e4fbc8a","https://github.com/apache/tomcat/commit/2c522795166c930741a9cecca76797bf48cb1634","https://security.netapp.com/advisory/ntap-20180817-0001","https://usn.ubuntu.com/3723-1","http://www.securityfocus.com/bid/104895","http://www.securitytracker.com/id/1041374","https://github.com/advisories/GHSA-46j3-r4pj-4835"],"source_kind":"github","identifiers":["GHSA-46j3-r4pj-4835","CVE-2018-8034"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"7.0.90","vulnerable_version_range":"\u003e= 7.0.35, \u003c= 7.0.88"},{"first_patched_version":"8.0.53","vulnerable_version_range":"\u003e= 8.0.0, \u003c 8.0.53"},{"first_patched_version":"8.5.32","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.32"},{"first_patched_version":"9.0.10","vulnerable_version_range":"\u003e= 9.0.0, \u003c= 9.0.9"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.895Z","updated_at":"2024-10-21T19:06:49.000Z","epss_percentage":0.14379,"epss_percentile":0.94047},{"uuid":"GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq","url":"https://github.com/advisories/GHSA-fccv-jmmp-qg76","title":"Apache Tomcat Improper Input Validation vulnerability","description":"Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-11-28T18:30:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-46589","https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr","http://www.openwall.com/lists/oss-security/2023/11/28/2","https://github.com/apache/tomcat/commit/6f181e1062a472bc5f0234980f66cbde42c1041b","https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd","https://github.com/apache/tomcat/commit/aa92971e879a519384c517febc39fd04c48d4642","https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://www.openwall.com/lists/oss-security/2023/11/28/2","https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html","https://security.netapp.com/advisory/ntap-20231214-0009","https://github.com/advisories/GHSA-fccv-jmmp-qg76"],"source_kind":"github","identifiers":["GHSA-fccv-jmmp-qg76","CVE-2023-46589"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.96","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.96"},{"first_patched_version":"9.0.83","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.83"},{"first_patched_version":"10.1.16","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.16"},{"first_patched_version":"11.0.0-M11","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M11"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.5.96","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.96"},{"first_patched_version":"9.0.83","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.83"},{"first_patched_version":"10.1.16","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.16"},{"first_patched_version":"11.0.0-M11","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M11"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-catalina"}],"created_at":"2023-11-29T00:05:59.937Z","updated_at":"2024-07-12T19:17:29.000Z","epss_percentage":0.52094,"epss_percentile":0.97756},{"uuid":"GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8","url":"https://github.com/advisories/GHSA-r6j3-px5g-cq3x","title":"Apache Tomcat Improper Input Validation vulnerability","description":"Improper Input Validation vulnerability in Apache Tomcat.\n\nTomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-10-10T21:31:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-45648","https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp","http://www.openwall.com/lists/oss-security/2023/10/10/10","https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","https://www.debian.org/security/2023/dsa-5521","https://www.debian.org/security/2023/dsa-5522","https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0","https://github.com/apache/tomcat/commit/8ecff306507be8e4fd3adee1ae5de1ea6661a8f4","https://github.com/apache/tomcat/commit/eb5c094e5560764cda436362254997511a3ca1f6","https://github.com/apache/tomcat/commit/c83fe47725f7ae9ae213568d9039171124fb7ec6","https://security.netapp.com/advisory/ntap-20231103-0007","https://github.com/advisories/GHSA-r6j3-px5g-cq3x"],"source_kind":"github","identifiers":["GHSA-r6j3-px5g-cq3x","CVE-2023-45648"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.81"},{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.81"},{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"}],"created_at":"2023-10-10T23:05:57.743Z","updated_at":"2024-04-24T15:42:00.000Z","epss_percentage":0.00732,"epss_percentile":0.71609},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0eDItM2NxNS1ocXZw","url":"https://github.com/advisories/GHSA-r4x2-3cq5-hqvp","title":"The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins","description":"The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2018-10-17T16:32:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-8014","https://access.redhat.com/errata/RHSA-2018:2469","https://access.redhat.com/errata/RHSA-2018:2470","https://access.redhat.com/errata/RHSA-2018:3768","https://access.redhat.com/errata/RHSA-2019:0450","https://access.redhat.com/errata/RHSA-2019:0451","https://access.redhat.com/errata/RHSA-2019:1529","https://access.redhat.com/errata/RHSA-2019:2205","https://github.com/advisories/GHSA-r4x2-3cq5-hqvp","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html","https://seclists.org/bugtraq/2019/Dec/43","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuapr2020.html","http://tomcat.apache.org/security-7.html","http://tomcat.apache.org/security-8.html","http://tomcat.apache.org/security-9.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20181017143233/http://www.securityfocus.com/bid/104203","https://web.archive.org/web/20201207080723/http://www.securitytracker.com/id/1041888","https://web.archive.org/web/20201207101131/http://www.securitytracker.com/id/1040998","https://github.com/apache/tomcat/commit/5877390a9605f56d9bd6859a54ccbfb16374a78b","https://github.com/apache/tomcat/commit/60f596a21fd6041335a3a1a4015d4512439cecb5","https://github.com/apache/tomcat/commit/d83a76732e6804739b81d8b2056365307637b42d","https://github.com/apache/tomcat80/commit/2c9d8433bd3247a2856d4b2555447108758e813e","https://security.netapp.com/advisory/ntap-20181018-0002","https://usn.ubuntu.com/3665-1"],"source_kind":"github","identifiers":["GHSA-r4x2-3cq5-hqvp","CVE-2018-8014"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.0.53","vulnerable_version_range":"\u003e= 8.0.0RC1, \u003c 8.0.53"},{"first_patched_version":"9.0.9","vulnerable_version_range":"\u003e= 9.0.0.M1, \u003c= 9.0.8"},{"first_patched_version":"7.0.88","vulnerable_version_range":"\u003e= 7.0.41, \u003c 7.0.88"},{"first_patched_version":"8.5.32","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.32"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.905Z","updated_at":"2024-02-23T18:01:24.000Z","epss_percentage":0.63691,"epss_percentile":0.98279},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1","url":"https://github.com/advisories/GHSA-jx6h-3fjx-cgv5","title":"Apache Tomcat information exposure vulnerability","description":"Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-10-17T16:31:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1305","https://access.redhat.com/errata/RHSA-2018:0465","https://access.redhat.com/errata/RHSA-2018:0466","https://access.redhat.com/errata/RHSA-2018:1320","https://access.redhat.com/errata/RHSA-2018:2939","https://access.redhat.com/errata/RHSA-2019:2205","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227030042/http://www.securityfocus.com/bid/103144","https://web.archive.org/web/20200516094320/http://www.securitytracker.com/id/1040428","https://github.com/apache/tomcat/commit/2349801827f09fb6582a8afdeca704294106ad9a","https://github.com/apache/tomcat/commit/2aac69f694d42d9219eb27018b3da0ae1bdd73ab","https://github.com/apache/tomcat/commit/3e54b2a6314eda11617ff7a7b899c251e222b1a1","https://github.com/apache/tomcat/commit/4d637bc3986e5d09b9363e2144b8ba74fa6eac3a","https://github.com/apache/tomcat/commit/c63b96d72cd39287e17b2ba698f4eee0ba508073","https://github.com/apache/tomcat/commit/de6b4fd58b64828f374503b9ec76a12017b92895","https://security.netapp.com/advisory/ntap-20180706-0001","https://usn.ubuntu.com/3665-1","https://github.com/advisories/GHSA-jx6h-3fjx-cgv5"],"source_kind":"github","identifiers":["GHSA-jx6h-3fjx-cgv5","CVE-2018-1305"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.5","vulnerable_version_range":"\u003e= 9.0.0M1, \u003c= 9.0.4"},{"first_patched_version":"7.0.85","vulnerable_version_range":"\u003e= 7.0.0, \u003c= 7.0.84"},{"first_patched_version":"8.5.28","vulnerable_version_range":"\u003e= 8.5.0, \u003c= 8.5.27"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.925Z","updated_at":"2024-02-23T17:54:04.000Z","epss_percentage":0.07914,"epss_percentile":0.91566},{"uuid":"GSA_kwCzR0hTQS1xM213LXB2cjgtOWdnY84AA1gl","url":"https://github.com/advisories/GHSA-q3mw-pvr8-9ggc","title":"Apache Tomcat Open Redirect vulnerability","description":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-08-25T21:30:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-41080","https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f","https://github.com/apache/tomcat/commit/4998ad745b67edeadefe541c94ed029b53933d3b","https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b","https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27","https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a","https://security.netapp.com/advisory/ntap-20230921-0006/","https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","https://www.debian.org/security/2023/dsa-5521","https://www.debian.org/security/2023/dsa-5522","https://github.com/advisories/GHSA-q3mw-pvr8-9ggc"],"source_kind":"github","identifiers":["GHSA-q3mw-pvr8-9ggc","CVE-2023-41080"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"11.0.0-M11","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M11"},{"first_patched_version":"10.1.13","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.13"},{"first_patched_version":"9.0.80","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.80"},{"first_patched_version":"8.5.93","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.93"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"8.5.93","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.93"},{"first_patched_version":"9.0.80","vulnerable_version_range":"\u003e= 9.0.0-M1, \u003c 9.0.80"},{"first_patched_version":"10.1.13","vulnerable_version_range":"\u003e= 10.1.0-M1, \u003c 10.1.13"},{"first_patched_version":"11.0.0-M11","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M11"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"}],"created_at":"2023-08-25T23:05:13.778Z","updated_at":"2023-11-11T05:04:49.000Z","epss_percentage":0.14377,"epss_percentile":0.94045},{"uuid":"GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2","url":"https://github.com/advisories/GHSA-qppj-fm5r-hxr3","title":"HTTP/2 Stream Cancellation Attack","description":"## HTTP/2 Rapid reset attack\nThe HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed.\n\nAbuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. \n\nThe HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately.\n\nThe ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth.\n\nIn a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client.\n\nMultiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows.\n\n## swift-nio-http2 specific advisory\nswift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress.\n\nswift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-10-10T21:28:24.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","references":["https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","https://github.com/alibaba/tengine/issues/1872","https://github.com/caddyserver/caddy/issues/5877","https://github.com/eclipse/jetty.project/issues/10679","https://github.com/haproxy/haproxy/issues/2312","https://github.com/hyperium/hyper/issues/3337","https://github.com/envoyproxy/envoy/pull/30055","https://github.com/grpc/grpc-go/pull/6703","https://github.com/nghttp2/nghttp2/pull/1961","https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61","https://bugzilla.proxmox.com/show_bug.cgi?id=4988","https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9","https://chaos.social/@icing/111210915918780532","https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack","https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764","https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2","https://github.com/bcdannyboy/CVE-2023-44487","https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244","https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0","https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html","https://my.f5.com/manage/s/article/K000137106","https://news.ycombinator.com/item?id=37830987","https://news.ycombinator.com/item?id=37830998","https://news.ycombinator.com/item?id=37831062","https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack","https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf","https://github.com/dotnet/announcements/issues/277","https://github.com/golang/go/issues/63417","https://github.com/apache/trafficserver/pull/10564","https://github.com/facebook/proxygen/pull/466","https://github.com/h2o/h2o/pull/3291","https://github.com/microsoft/CBL-Mariner/pull/6381","https://github.com/nodejs/node/pull/50121","https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve","https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088","https://github.com/advisories/GHSA-vx74-f528-fxqg","https://github.com/micrictor/http2-rst-stream","https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo","https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487","https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected","https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14","https://www.openwall.com/lists/oss-security/2023/10/10/6","https://github.com/opensearch-project/data-prepper/issues/3474","https://github.com/kubernetes/kubernetes/pull/121120","https://github.com/advisories/GHSA-xpw8-rcwv-8f8p","https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73","https://github.com/oqtane/oqtane.framework/discussions/3367","https://netty.io/news/2023/10/10/4-1-100-Final.html","https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487","https://github.com/Azure/AKS/issues/3947","https://github.com/akka/akka-http/issues/4323","https://github.com/apache/apisix/issues/10320","https://github.com/etcd-io/etcd/issues/16740","https://github.com/junkurihara/rust-rpxy/issues/97","https://github.com/kazu-yamamoto/http2/issues/93","https://github.com/ninenines/cowboy/issues/1615","https://github.com/openresty/openresty/issues/930","https://github.com/tempesta-tech/tempesta/issues/1986","https://github.com/varnishcache/varnish-cache/issues/3996","https://github.com/apache/httpd-site/pull/10","https://github.com/line/armeria/pull/5232","https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632","https://github.com/projectcontour/contour/pull/5826","https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1","https://access.redhat.com/security/cve/cve-2023-44487","https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack","https://bugzilla.redhat.com/show_bug.cgi?id=2242803","https://bugzilla.suse.com/show_bug.cgi?id=1216123","https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125","https://github.com/Kong/kong/discussions/11741","https://github.com/advisories/GHSA-qppj-fm5r-hxr3","https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113","https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487","https://github.com/caddyserver/caddy/releases/tag/v2.7.5","https://go.dev/cl/534215","https://go.dev/cl/534235","https://go.dev/issue/63417","https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ","https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html","https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html","https://news.ycombinator.com/item?id=37837043","https://security.paloaltonetworks.com/CVE-2023-44487","https://ubuntu.com/security/CVE-2023-44487","https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487","https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event","https://www.debian.org/security/2023/dsa-5521","https://www.debian.org/security/2023/dsa-5522","http://www.openwall.com/lists/oss-security/2023/10/13/4","http://www.openwall.com/lists/oss-security/2023/10/13/9","https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html","https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html","https://github.com/grpc/grpc-go/releases","https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html","https://www.debian.org/security/2023/dsa-5540","http://www.openwall.com/lists/oss-security/2023/10/18/4","http://www.openwall.com/lists/oss-security/2023/10/18/8","http://www.openwall.com/lists/oss-security/2023/10/19/6","http://www.openwall.com/lists/oss-security/2023/10/20/8","https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715","https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html","https://www.debian.org/security/2023/dsa-5549","https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html","https://security.gentoo.org/glsa/202311-09","https://www.debian.org/security/2023/dsa-5558","https://www.debian.org/security/2023/dsa-5570","https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12","https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94","https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81","https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size","https://aws.amazon.com/security/security-bulletins/AWS-2023-011","https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack","https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack","https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty","https://blog.vespa.ai/cve-2023-44487","https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps","https://istio.io/latest/news/security/istio-security-2023-004","https://linkerd.io/2023/10/12/linkerd-cve-2023-44487","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4","https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2","https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response","https://security.netapp.com/advisory/ntap-20231016-0001","https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records","https://www.eclipse.org/lists/jetty-announce/msg00181.html","https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487","https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products","https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday","https://github.com/akka/akka-http/pull/4325","https://github.com/akka/akka-http/pull/4324","https://akka.io/security/akka-http-cve-2023-44487.html","https://security.netapp.com/advisory/ntap-20240426-0007","https://security.netapp.com/advisory/ntap-20240621-0006","https://security.netapp.com/advisory/ntap-20240621-0007","https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628","https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX","https://github.com/grpc/grpc/releases/tag/v1.59.2","http://www.openwall.com/lists/oss-security/2023/10/10/6","http://www.openwall.com/lists/oss-security/2023/10/10/7"],"source_kind":"github","identifiers":["GHSA-qppj-fm5r-hxr3","CVE-2023-44487"],"repository_url":"https://github.com/apple/swift-nio-http2","blast_radius":85.3341403196586,"packages":[{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.81"},{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 10.1.15"}],"ecosystem":"maven","package_name":"com.typesafe.akka:akka-http-core_2.11"},{"versions":[{"first_patched_version":"10.5.3","vulnerable_version_range":"\u003c 10.5.3"}],"ecosystem":"maven","package_name":"com.typesafe.akka:akka-http-core_2.12"},{"versions":[{"first_patched_version":"10.5.3","vulnerable_version_range":"\u003c 10.5.3"}],"ecosystem":"maven","package_name":"com.typesafe.akka:akka-http-core_2.13"},{"versions":[{"first_patched_version":"10.5.3","vulnerable_version_range":"\u003c 10.5.3"}],"ecosystem":"maven","package_name":"com.typesafe.akka:akka-http-core"},{"versions":[{"first_patched_version":"12.0.2","vulnerable_version_range":"\u003e= 12.0.0, \u003c 12.0.2"}],"ecosystem":"maven","package_name":"org.eclipse.jetty.http2:jetty-http2-server"},{"versions":[{"first_patched_version":"12.0.2","vulnerable_version_range":"\u003e= 12.0.0, \u003c 12.0.2"}],"ecosystem":"maven","package_name":"org.eclipse.jetty.http2:jetty-http2-common"},{"versions":[{"first_patched_version":"11.0.17","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.0.17"},{"first_patched_version":"10.0.17","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.17"},{"first_patched_version":"9.4.53","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.4.53"}],"ecosystem":"maven","package_name":"org.eclipse.jetty.http2:http2-server"},{"versions":[{"first_patched_version":"11.0.17","vulnerable_version_range":"\u003e= 11.0.0, \u003c 11.0.17"},{"first_patched_version":"10.0.17","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.17"},{"first_patched_version":"9.4.53","vulnerable_version_range":"\u003e= 9.3.0, \u003c 9.4.53"}],"ecosystem":"maven","package_name":"org.eclipse.jetty.http2:http2-common"},{"versions":[{"first_patched_version":"1.28.0","vulnerable_version_range":"\u003c 1.28.0"}],"ecosystem":"swift","package_name":"github.com/apple/swift-nio-http2"},{"versions":[{"first_patched_version":"8.5.94","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.94"},{"first_patched_version":"9.0.81","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.81"},{"first_patched_version":"10.1.14","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.1.14"},{"first_patched_version":"11.0.0-M12","vulnerable_version_range":"\u003e= 11.0.0-M1, \u003c 11.0.0-M12"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"},{"versions":[{"first_patched_version":"1.56.3","vulnerable_version_range":"\u003c 1.56.3"},{"first_patched_version":"1.57.1","vulnerable_version_range":"\u003e= 1.57.0, \u003c 1.57.1"},{"first_patched_version":"1.58.3","vulnerable_version_range":"\u003e= 1.58.0, \u003c 1.58.3"}],"ecosystem":"go","package_name":"google.golang.org/grpc"},{"versions":[{"first_patched_version":"0.17.0","vulnerable_version_range":"\u003c 0.17.0"}],"ecosystem":"go","package_name":"golang.org/x/net"}],"created_at":"2023-10-10T22:06:02.273Z","updated_at":"2025-03-07T21:33:52.000Z","epss_percentage":0.94433,"epss_percentile":0.99982},{"uuid":"GSA_kwCzR0hTQS1jeDZoLTg2eHctOXgzNM4AA0cs","url":"https://github.com/advisories/GHSA-cx6h-86xw-9x34","title":"Apache Tomcat - Fix for CVE-2023-24998 was incomplete","description":"The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-07-06T21:14:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-28709","https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j","https://tomcat.apache.org/security-10.html","https://tomcat.apache.org/security-11.html","https://tomcat.apache.org/security-8.html","https://tomcat.apache.org/security-9.html","https://security.gentoo.org/glsa/202305-37","https://www.debian.org/security/2023/dsa-5521","http://www.openwall.com/lists/oss-security/2023/05/22/1","https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd","https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc","https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38","https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861","https://security.netapp.com/advisory/ntap-20230616-0004","https://github.com/advisories/GHSA-cx6h-86xw-9x34"],"source_kind":"github","identifiers":["GHSA-cx6h-86xw-9x34","CVE-2023-28709"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.88","vulnerable_version_range":"\u003e= 8.5.85, \u003c 8.5.88"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat-coyote"},{"versions":[{"first_patched_version":"9.0.74","vulnerable_version_range":"\u003e= 9.0.71, \u003c 9.0.74"},{"first_patched_version":"10.1.8","vulnerable_version_range":"\u003e= 10.1.5, \u003c 10.1.8"},{"first_patched_version":"11.0.0-M5","vulnerable_version_range":"\u003e= 11.0.0-M2, \u003c 11.0.0-M5"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2023-07-07T00:03:45.732Z","updated_at":"2024-04-24T19:16:49.000Z","epss_percentage":0.00075,"epss_percentile":0.23482},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozOWMtYzhoai14NGoz","url":"https://github.com/advisories/GHSA-j39c-c8hj-x4j3","title":"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","description":"When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-06-16T17:45:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2021-25122","https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html","http://www.openwall.com/lists/oss-security/2021/03/01/1","https://security.netapp.com/advisory/ntap-20210409-0002/","https://www.debian.org/security/2021/dsa-4891","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://security.gentoo.org/glsa/202208-34","https://github.com/advisories/GHSA-j39c-c8hj-x4j3"],"source_kind":"github","identifiers":["GHSA-j39c-c8hj-x4j3","CVE-2021-25122"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"8.5.63","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.63"},{"first_patched_version":"9.0.43","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.43"},{"first_patched_version":"10.0.2","vulnerable_version_range":"\u003e= 10.0.0, \u003c 10.0.2"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:09.602Z","updated_at":"2023-02-03T05:04:34.000Z","epss_percentage":0.0246,"epss_percentile":0.84444},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2N2otamZoMi1qdnJj","url":"https://github.com/advisories/GHSA-767j-jfh2-jvrc","title":"Potential HTTP request smuggling in Apache Tomcat","description":"The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2020-02-28T01:10:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-17569","https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","https://security.netapp.com/advisory/ntap-20200327-0005/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://github.com/advisories/GHSA-767j-jfh2-jvrc"],"source_kind":"github","identifiers":["GHSA-767j-jfh2-jvrc","CVE-2019-17569"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.31","vulnerable_version_range":"\u003e= 9.0.28, \u003c 9.0.31"},{"first_patched_version":"8.5.51","vulnerable_version_range":"\u003e= 8.5.48, \u003c 8.5.51"},{"first_patched_version":"7.0.100","vulnerable_version_range":"\u003e= 7.0.98, \u003c 7.0.100"}],"ecosystem":"maven","package_name":"org.apache.tomcat:tomcat"},{"versions":[{"first_patched_version":"9.0.31","vulnerable_version_range":"\u003e= 9.0.28, \u003c 9.0.31"},{"first_patched_version":"8.5.51","vulnerable_version_range":"\u003e= 8.5.48, \u003c 8.5.51"},{"first_patched_version":"7.0.100","vulnerable_version_range":"\u003e= 7.0.98, \u003c 7.0.100"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:25.926Z","updated_at":"2023-01-29T05:01:46.000Z","epss_percentage":0.09925,"epss_percentile":0.92598},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOTktZjM0bS02N2dj","url":"https://github.com/advisories/GHSA-5q99-f34m-67gc","title":"Apache Tomcat Open Redirect vulnerability","description":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-10-17T16:31:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-11784","https://access.redhat.com/errata/RHSA-2019:0130","https://access.redhat.com/errata/RHSA-2019:0131","https://access.redhat.com/errata/RHSA-2019:0485","https://access.redhat.com/errata/RHSA-2019:1529","https://github.com/advisories/GHSA-5q99-f34m-67gc","https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html","https://seclists.org/bugtraq/2019/Dec/43","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://web.archive.org/web/20200227030058/http://www.securityfocus.com/bid/105524","https://github.com/apache/tomcat/commit/b76e1dfb3dec3789cc700f8d022c872eb947a221","https://github.com/apache/tomcat/commit/efb860b3ff8ebcf606199b8d0d432f76898040da","https://github.com/apache/tomcat/commit/f9f147359b7c95511b64cd99bbc47917c01b3879","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP","https://security.netapp.com/advisory/ntap-20181014-0002","https://usn.ubuntu.com/3787-1"],"source_kind":"github","identifiers":["GHSA-5q99-f34m-67gc","CVE-2018-11784"],"repository_url":"https://github.com/apache/tomcat","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"9.0.12","vulnerable_version_range":"\u003e= 9.0.0, \u003c 9.0.12"},{"first_patched_version":"7.0.91","vulnerable_version_range":"\u003e= 7.0.23, \u003c 7.0.91"},{"first_patched_version":"8.5.34","vulnerable_version_range":"\u003e= 8.5.0, \u003c 8.5.34"}],"ecosystem":"maven","package_name":"org.apache.tomcat.embed:tomcat-embed-core"}],"created_at":"2022-12-21T16:13:34.945Z","updated_at":"2024-02-22T22:43:52.000Z","epss_percentage":0.87814,"epss_percentile":0.99425}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/org.apache.tomcat.embed:tomcat-embed-core","docker_dependents_count":5118,"docker_downloads_count":681368144,"usage_url":"https://repos.ecosyste.ms/usage/maven/org.apache.tomcat.embed:tomcat-embed-core","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/org.apache.tomcat.embed:tomcat-embed-core/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.tomcat.embed:tomcat-embed-core/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.tomcat.embed:tomcat-embed-core/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.tomcat.embed:tomcat-embed-core/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.tomcat.embed:tomcat-embed-core/related_packages","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":517936,"maintainers_count":0,"namespaces_count":68848,"keywords_count":32053,"github":"maven-central","metadata":{"funded_packages_count":25044},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2025-06-07T05:38:09.526Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},"unique_repositories_count":274,"unique_repositories_count_past_30_days":11,"recent_issues":[{"uuid":"4487334376","node_id":"PR_kwDODUCTus7dkg1A","number":46,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 7.0.52 to 9.0.118","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T15:28:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T14:29:16.000Z","updated_at":"2026-05-20T15:28:13.000Z","time_to_close":3534,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.52","new_version":"9.0.118","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 7.0.52 to 9.0.118.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=7.0.52\u0026new-version=9.0.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flyingkatsudon/insight-board/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/flyingkatsudon/insight-board/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/flyingkatsudon%2Finsight-board/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"},{"uuid":"4478247250","node_id":"PR_kwDOBfHF1M7dHC4g","number":96,"state":"closed","title":"Bump the maven group across 2 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-25T21:49:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T14:30:19.000Z","updated_at":"2026-05-25T21:49:56.000Z","time_to_close":544772,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":3,"packages":[{"name":"org.apache.tomcat:tomcat-catalina","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.springframework.security:spring-security-web","old_version":"6.1.5","new_version":"6.5.9","repository_url":"https://github.com/spring-projects/spring-security"},{"name":"org.apache.tomcat:tomcat-catalina","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.15","new_version":"10.1.54"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /kerb4j-server directory: org.apache.tomcat:tomcat-catalina and [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security).\nBumps the maven group with 1 update in the /kerb4j-server/kerb4j-server-tomcat directory: org.apache.tomcat:tomcat-catalina.\n\nUpdates `org.apache.tomcat:tomcat-catalina` from 10.1.15 to 10.1.54\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.15 to 10.1.54\n\nUpdates `org.springframework.security:spring-security-web` from 6.1.5 to 6.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-security/releases\"\u003eorg.springframework.security:spring-security-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.5.9\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Link to CSRF Docs in FAQ \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18616\"\u003e#18616\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix GrantedAuthority.authority null in AuthoritiesAuthorizationManager \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18544\"\u003e#18544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esaveAuthenticationRequest\u003c/code\u003e should read \u003ccode\u003erelayState\u003c/code\u003e from \u003ccode\u003eauthenticationRequest\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18872\"\u003e#18872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Missing OnCommitedResponseWrapper Header Overrides \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18798\"\u003e#18798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify Resource Server startup expectations \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18518\"\u003e#18518\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect Reference to Clear-Site-Data Directive enum \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18273\"\u003e#18273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CookieRequestCache parameters \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18857\"\u003e#18857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Flaky Crypto Tests \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18841\"\u003e#18841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Jackson Deserializer for AuthenticationExtensionsClientOutputs \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18896\"\u003e#18896\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@antora\u003c/code\u003e/collector-extension from 1.0.2 to 1.0.3 in /docs \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18854\"\u003e#18854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 6.0.0 to 7.0.0 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18809\"\u003e#18809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18749\"\u003e#18749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18779\"\u003e#18779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18876\"\u003e#18876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org-apache-maven-resolver from 1.9.25 to 1.9.26 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18750\"\u003e#18750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org-apache-maven-resolver from 1.9.26 to 1.9.27 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18791\"\u003e#18791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18860\"\u003e#18860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18886\"\u003e#18886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18780\"\u003e#18780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18829\"\u003e#18829\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18903\"\u003e#18903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Hann244\"\u003e\u003ccode\u003e@​Hann244\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Khyojae\"\u003e\u003ccode\u003e@​Khyojae\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ghusta\"\u003e\u003ccode\u003e@​ghusta\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/itsmevichu\"\u003e\u003ccode\u003e@​itsmevichu\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/qihaiyan\"\u003e\u003ccode\u003e@​qihaiyan\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/rwinch\"\u003e\u003ccode\u003e@​rwinch\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/therepanic\"\u003e\u003ccode\u003e@​therepanic\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/ziqin\"\u003e\u003ccode\u003e@​ziqin\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e6.5.8\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e@FunctionalInterface\u003c/code\u003e to RequestMatcher \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18337\"\u003e#18337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring Security 7 should provide migration path from request-matcher=\u0026quot;ant\u0026quot; \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18211\"\u003e#18211\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop deploying JavaDoc outside of Antora \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18199\"\u003e#18199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Missing Migration Pages to Navigation \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18313\"\u003e#18313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate SHA-1 MessageDigest for every new check request in Compromised Password Checker \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18235\"\u003e#18235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in \u0026quot;Preparing for 7.0\u0026quot; in reference to PathPatternRequestMatcher \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18336\"\u003e#18336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in AnnotationTemplateExpressionDefaults documentation  \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18176\"\u003e#18176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/0c54a55ae831c691449d4750abf5bc48cdbb6d96\"\u003e\u003ccode\u003e0c54a55\u003c/code\u003e\u003c/a\u003e Release 6.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/01ff3b086a60f565b332ea9257168aaa1699e279\"\u003e\u003ccode\u003e01ff3b0\u003c/code\u003e\u003c/a\u003e Add Workflow for Deferring Issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/33e6f4bd3f5641decd530b2202464f5e3211cecb\"\u003e\u003ccode\u003e33e6f4b\u003c/code\u003e\u003c/a\u003e Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/cdd4b36d37221432e7ea25e6e414587ef1a38cbb\"\u003e\u003ccode\u003ecdd4b36\u003c/code\u003e\u003c/a\u003e Update Antora UI Spring to v0.4.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/7672f76fdee334cd35cef00fb825f80071fdb3de\"\u003e\u003ccode\u003e7672f76\u003c/code\u003e\u003c/a\u003e Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/3db4999da4f333ba1f285e50f9b646aa0848311a\"\u003e\u003ccode\u003e3db4999\u003c/code\u003e\u003c/a\u003e Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/a708d2f61bb6911c159e4b103cb06f27463c526c\"\u003e\u003ccode\u003ea708d2f\u003c/code\u003e\u003c/a\u003e Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/e726c05e764faf23961bff7071f43b92ce78597c\"\u003e\u003ccode\u003ee726c05\u003c/code\u003e\u003c/a\u003e Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/a7039fb3e6e5424829788f139944a7eb0c9da3b6\"\u003e\u003ccode\u003ea7039fb\u003c/code\u003e\u003c/a\u003e Test Jackson 2 deserializer with unknown primitive WebAuthn ext\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/88ea668f47515ecbbb9406c68c813589f1795a34\"\u003e\u003ccode\u003e88ea668\u003c/code\u003e\u003c/a\u003e Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-security/compare/6.1.5...6.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat:tomcat-catalina` from 10.1.15 to 10.1.54\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.15 to 10.1.54\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bedrin/kerb4j/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bedrin/kerb4j/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bedrin%2Fkerb4j/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"},{"uuid":"4472683945","node_id":"PR_kwDOAkEHwc7c1LKT","number":1304,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /javamelody-for-standalone","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T22:56:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T21:23:45.000Z","updated_at":"2026-05-23T22:56:26.000Z","time_to_close":437552,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/javamelody-for-standalone","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.54\u0026new-version=10.1.55)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/javamelody/javamelody/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/javamelody/javamelody/pull/1304","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/javamelody%2Fjavamelody/issues/1304","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1304/packages"},{"uuid":"4472583516","node_id":"PR_kwDOAkEHwc7c02Y6","number":1303,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /javamelody-offline-viewer","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T22:56:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T21:07:02.000Z","updated_at":"2026-05-23T22:57:06.000Z","time_to_close":438594,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/javamelody-offline-viewer","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.54\u0026new-version=10.1.55)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/javamelody/javamelody/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/javamelody/javamelody/pull/1303","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/javamelody%2Fjavamelody/issues/1303","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1303/packages"},{"uuid":"4472416250","node_id":"PR_kwDOL4vop87c0S7s","number":21,"state":"open","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.20 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T20:40:14.000Z","updated_at":"2026-05-18T20:45:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.20","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.20 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.20\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/companieshouse/registers-data-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/companieshouse/registers-data-api/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/companieshouse%2Fregisters-data-api/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4470940823","node_id":"PR_kwDONxtSOs7cvdle","number":7,"state":"closed","title":"Bump the maven group across 7 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T20:47:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T16:52:50.000Z","updated_at":"2026-05-18T20:47:33.000Z","time_to_close":14081,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.springframework:spring-context","old_version":"6.2.2","new_version":"6.2.7","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.springframework.boot:spring-boot","old_version":"3.4.2","new_version":"3.5.14","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.100","new_version":"9.0.117"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.4"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.18.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.zookeeper:zookeeper","old_version":"3.7.2","new_version":"3.8.6"},{"name":"org.hibernate:hibernate-validator","old_version":"5.2.4.Final","new_version":"6.2.0.Final"},{"name":"org.apache.commons:commons-lang3","old_version":"3.17.0","new_version":"3.18.0"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.70.0","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.asynchttpclient:async-http-client","old_version":"2.12.4","new_version":"2.15.0","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.codehaus.plexus:plexus-utils","old_version":"3.6.0","new_version":"3.6.1","repository_url":"https://github.com/codehaus-plexus/plexus-utils"},{"name":"com.hazelcast:hazelcast","old_version":"3.12.13","new_version":"5.2.5","repository_url":"https://github.com/hazelcast/hazelcast"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `6.2.2` | `6.2.7` |\n| [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) | `3.4.2` | `3.5.14` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.100` | `9.0.117` |\n| org.apache.logging.log4j:log4j-core | `2.24.3` | `2.25.4` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.2` | `2.18.6` |\n| org.apache.zookeeper:zookeeper | `3.7.2` | `3.8.6` |\n| org.hibernate:hibernate-validator | `5.2.4.Final` | `6.2.0.Final` |\n| org.apache.commons:commons-lang3 | `3.17.0` | `3.18.0` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.70.0` | `1.75.0` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.4` | `2.15.0` |\n| [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) | `3.6.0` | `3.6.1` |\n| [com.hazelcast:hazelcast](https://github.com/hazelcast/hazelcast) | `3.12.13` | `5.2.5` |\n\nBumps the maven group with 7 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.100` | `9.0.117` |\n| org.apache.logging.log4j:log4j-core | `2.24.3` | `2.25.4` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.2` | `2.18.6` |\n| org.apache.zookeeper:zookeeper | `3.7.2` | `3.8.6` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.commons:commons-lang3 | `3.17.0` | `3.18.0` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.70.0` | `1.75.0` |\n\nBumps the maven group with 4 updates in the /dubbo-maven-plugin directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils).\nBumps the maven group with 4 updates in the /dubbo-plugin/dubbo-filter-cache directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and [com.hazelcast:hazelcast](https://github.com/hazelcast/hazelcast).\nBumps the maven group with 4 updates in the /dubbo-plugin/dubbo-filter-validation directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and org.hibernate:hibernate-validator.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 2 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.springframework:spring-context` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-core` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-webmvc` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-webmvc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot` from 3.4.2 to 3.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.14\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50173\"\u003e#50173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50172\"\u003e#50172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50171\"\u003e#50171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50170\"\u003e#50170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50169\"\u003e#50169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50168\"\u003e#50168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50035\"\u003e#50035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50033\"\u003e#50033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50021\"\u003e#50021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50008\"\u003e#50008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49942\"\u003e#49942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49885\"\u003e#49885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49865\"\u003e#49865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49864\"\u003e#49864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49863\"\u003e#49863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49860\"\u003e#49860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50092\"\u003e#50092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50083\"\u003e#50083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50023\"\u003e#50023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50010\"\u003e#50010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50007\"\u003e#50007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49895\"\u003e#49895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49835\"\u003e#49835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Groovy 4.0.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49905\"\u003e#49905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 6.6.49.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50140\"\u003e#50140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50109\"\u003e#50109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49907\"\u003e#49907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34\"\u003eJetty 12.0.34\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49908\"\u003e#49908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jOOQ/jOOQ/releases/tag/version-3.19.32\"\u003ejOOQ 3.19.32\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50110\"\u003e#50110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Lombok 1.18.46 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50148\"\u003e#50148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://mariadb.com/kb/en/mariadb-connector-j-3-5-8-release-notes\"\u003eMariaDB 3.5.8\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49909\"\u003e#49909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/micrometer/releases/tag/v1.15.11\"\u003eMicrometer 1.15.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49961\"\u003e#49961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/tracing/releases/tag/v1.5.11\"\u003eMicrometer Tracing 1.5.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49962\"\u003e#49962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-9-7-0.html\"\u003eMySQL 9.7.0\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50161\"\u003e#50161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Neo4j Java Driver 5.28.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50074\"\u003e#50074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/reactor/reactor/releases/tag/2024.0.17\"\u003eReactor Bom 2024.0.17\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49963\"\u003e#49963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-amqp/releases/tag/v3.2.10\"\u003eSpring AMQP 3.2.10\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49964\"\u003e#49964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-authorization-server/releases/tag/1.5.7\"\u003eSpring Authorization Server 1.5.7\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49965\"\u003e#49965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-data-bom/releases/tag/2025.0.11\"\u003eSpring Data Bom 2025.0.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49966\"\u003e#49966\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-framework/releases/tag/v6.2.18\"\u003eSpring Framework 6.2.18\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49967\"\u003e#49967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-kafka/releases/tag/v3.3.15\"\u003eSpring Kafka 3.3.15\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50129\"\u003e#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7d7b3ac12735161f9c096ce6cb415bdd9fc4a0f4\"\u003e\u003ccode\u003e7d7b3ac\u003c/code\u003e\u003c/a\u003e Release v3.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f3b8eb0f2cd989dffe5dceefce80bde165328b31\"\u003e\u003ccode\u003ef3b8eb0\u003c/code\u003e\u003c/a\u003e Use SecureRandom in RandomValuePropertySource\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e22083a5684c3c65bcf2a9a90adcdecee6e85d50\"\u003e\u003ccode\u003ee22083a\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Cassandra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/5ceb1a228932e35cc803d1c1fea68f0f984aaa90\"\u003e\u003ccode\u003e5ceb1a2\u003c/code\u003e\u003c/a\u003e Improve ApplicationTemp's temporary directory creation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4b0862cc00815a47b22339d7eac7ddc3b6645bd4\"\u003e\u003ccode\u003e4b0862c\u003c/code\u003e\u003c/a\u003e Use constant-time comparison for remote DevTools secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e4febe2015d340ea9135437ee0659ea0f2260c31\"\u003e\u003ccode\u003ee4febe2\u003c/code\u003e\u003c/a\u003e Apply verify-hostname consistently\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/2c2ffe51c415f464fde6368fdd144b9551c3458c\"\u003e\u003ccode\u003e2c2ffe5\u003c/code\u003e\u003c/a\u003e Fix Windows test failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/0046a442f9ac5ae186359df575e68fab17d01646\"\u003e\u003ccode\u003e0046a44\u003c/code\u003e\u003c/a\u003e Protect against corrupt buildpack archives\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.4.2...v3.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot-starter-actuator` from 3.4.2 to 3.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-starter-actuator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.14\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50173\"\u003e#50173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50172\"\u003e#50172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50171\"\u003e#50171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50170\"\u003e#50170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50169\"\u003e#50169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50168\"\u003e#50168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50035\"\u003e#50035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50033\"\u003e#50033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50021\"\u003e#50021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50008\"\u003e#50008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49942\"\u003e#49942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49885\"\u003e#49885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49865\"\u003e#49865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49864\"\u003e#49864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49863\"\u003e#49863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49860\"\u003e#49860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50092\"\u003e#50092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50083\"\u003e#50083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50023\"\u003e#50023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50010\"\u003e#50010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50007\"\u003e#50007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49895\"\u003e#49895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49835\"\u003e#49835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Groovy 4.0.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49905\"\u003e#49905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 6.6.49.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50140\"\u003e#50140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50109\"\u003e#50109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49907\"\u003e#49907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34\"\u003eJetty 12.0.34\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49908\"\u003e#49908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jOOQ/jOOQ/releases/tag/version-3.19.32\"\u003ejOOQ 3.19.32\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50110\"\u003e#50110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Lombok 1.18.46 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50148\"\u003e#50148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://mariadb.com/kb/en/mariadb-connector-j-3-5-8-release-notes\"\u003eMariaDB 3.5.8\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49909\"\u003e#49909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/micrometer/releases/tag/v1.15.11\"\u003eMicrometer 1.15.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49961\"\u003e#49961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/tracing/releases/tag/v1.5.11\"\u003eMicrometer Tracing 1.5.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49962\"\u003e#49962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-9-7-0.html\"\u003eMySQL 9.7.0\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50161\"\u003e#50161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Neo4j Java Driver 5.28.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50074\"\u003e#50074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/reactor/reactor/releases/tag/2024.0.17\"\u003eReactor Bom 2024.0.17\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49963\"\u003e#49963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-amqp/releases/tag/v3.2.10\"\u003eSpring AMQP 3.2.10\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49964\"\u003e#49964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-authorization-server/releases/tag/1.5.7\"\u003eSpring Authorization Server 1.5.7\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49965\"\u003e#49965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-data-bom/releases/tag/2025.0.11\"\u003eSpring Data Bom 2025.0.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49966\"\u003e#49966\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-framework/releases/tag/v6.2.18\"\u003eSpring Framework 6.2.18\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49967\"\u003e#49967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-kafka/releases/tag/v3.3.15\"\u003eSpring Kafka 3.3.15\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50129\"\u003e#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7d7b3ac12735161f9c096ce6cb415bdd9fc4a0f4\"\u003e\u003ccode\u003e7d7b3ac\u003c/code\u003e\u003c/a\u003e Release v3.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f3b8eb0f2cd989dffe5dceefce80bde165328b31\"\u003e\u003ccode\u003ef3b8eb0\u003c/code\u003e\u003c/a\u003e Use SecureRandom in RandomValuePropertySource\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e22083a5684c3c65bcf2a9a90adcdecee6e85d50\"\u003e\u003ccode\u003ee22083a\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Cassandra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/5ceb1a228932e35cc803d1c1fea68f0f984aaa90\"\u003e\u003ccode\u003e5ceb1a2\u003c/code\u003e\u003c/a\u003e Improve ApplicationTemp's temporary directory creation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4b0862cc00815a47b22339d7eac7ddc3b6645bd4\"\u003e\u003ccode\u003e4b0862c\u003c/code\u003e\u003c/a\u003e Use constant-time comparison for remote DevTools secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e4febe2015d340ea9135437ee0659ea0f2260c31\"\u003e\u003ccode\u003ee4febe2\u003c/code\u003e\u003c/a\u003e Apply verify-hostname consistently\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/2c2ffe51c415f464fde6368fdd144b9551c3458c\"\u003e\u003ccode\u003e2c2ffe5\u003c/code\u003e\u003c/a\u003e Fix Windows test failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/0046a442f9ac5ae186359df575e68fab17d01646\"\u003e\u003ccode\u003e0046a44\u003c/code\u003e\u003c/a\u003e Protect against corrupt buildpack archives\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.4.2...v3.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.100 to 9.0.117\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.4\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.18.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.18.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.2 to 3.8.6\n\nUpdates `org.hibernate:hibernate-validator` from 5.2.4.Final to 6.2.0.Final\n\nUpdates `org.apache.commons:commons-lang3` from 3.17.0 to 3.18.0\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.70.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at...\n\n_Description has been truncated_","html_url":"https://github.com/vishakha-mali/dubbo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishakha-mali%2Fdubbo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4426558137","node_id":"PR_kwDOKyk85s7aihEY","number":2317,"state":"closed","title":"chore(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /backend in the all-backend-non-major-dependencies group across 1 directory","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T00:11:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T05:52:06.000Z","updated_at":"2026-05-18T00:11:10.000Z","time_to_close":497943,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/backend in the all-backend-non-major-dependencies group across 1 directory","ecosystem":"maven"},"body":"Bumps the all-backend-non-major-dependencies group with 1 update in the /backend directory: org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.54 to 10.1.55","html_url":"https://github.com/digitalservicebund/ris-norms/pull/2317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalservicebund%2Fris-norms/issues/2317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2317/packages"},{"uuid":"4425809104","node_id":"PR_kwDOSBPhCs7agG8z","number":7,"state":"closed","title":"chore(deps): Bump the all-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T05:22:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:54:01.000Z","updated_at":"2026-05-19T05:22:16.000Z","time_to_close":613693,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"all-dependencies","update_count":3,"packages":[{"name":"org.springframework.boot:spring-boot-starter-parent","old_version":"4.0.5","new_version":"4.0.6","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"tools.jackson.core:jackson-core","old_version":"3.1.2","new_version":"3.1.3","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22"}],"path":null,"ecosystem":"maven"},"body":"Bumps the all-dependencies group with 3 updates in the / directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot), [tools.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) and org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.springframework.boot:spring-boot-starter-parent` from 4.0.5 to 4.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-starter-parent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.6\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50188\"\u003e#50188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eElasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50187\"\u003e#50187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50185\"\u003e#50185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50183\"\u003e#50183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50180\"\u003e#50180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50178\"\u003e#50178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50176\"\u003e#50176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50174\"\u003e#50174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50077\"\u003e#50077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClassic starters are missing several modules \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50071\"\u003e#50071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModule spring-boot-resttestclient is missing from spring-boot-starter-test-classic \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50069\"\u003e#50069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50064\"\u003e#50064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50039\"\u003e#50039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50017\"\u003e#50017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50012\"\u003e#50012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWith spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49951\"\u003e#49951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49946\"\u003e#49946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49945\"\u003e#49945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49943\"\u003e#49943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49880\"\u003e#49880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49869\"\u003e#49869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49866\"\u003e#49866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49854\"\u003e#49854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAPI versioning path strategy should be applied path last as it is not meant to yield \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49800\"\u003e#49800\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50146\"\u003e#50146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP Service Interface Clients still document that API versioning can be configured via properties \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50126\"\u003e#50126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50097\"\u003e#50097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50085\"\u003e#50085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50024\"\u003e#50024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50019\"\u003e#50019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50015\"\u003e#50015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in JdbcSessionAutoConfiguration Javadoc \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49873\"\u003e#49873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49851\"\u003e#49851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument the need for Liquibase and Flyway starters \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49839\"\u003e#49839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKafka documentation refers to deprecated JSON serializer and deserializer classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49826\"\u003e#49826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Elasticsearch Client 9.2.8 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50027\"\u003e#50027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Groovy 5.0.5 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49911\"\u003e#49911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 7.2.12.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50134\"\u003e#50134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Jackson Bom 3.1.2 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50051\"\u003e#50051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50104\"\u003e#50104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49914\"\u003e#49914\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/8821ad2cd381bb4b9615a61479e1de7305a8ba39\"\u003e\u003ccode\u003e8821ad2\u003c/code\u003e\u003c/a\u003e Release v4.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9e4048a03f17adfe78057a3c4d5b4693305c0ae0\"\u003e\u003ccode\u003e9e4048a\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/20bb11c3984802990572ddbeae8b66885a8f2462\"\u003e\u003ccode\u003e20bb11c\u003c/code\u003e\u003c/a\u003e Next development version (v3.5.15-SNAPSHOT)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/98daa8ea30f39a5b0ca6768b5cbc2dc8698ef4e1\"\u003e\u003ccode\u003e98daa8e\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/874f6294b91da18367b8b5ab7b2fad3fa23cfba6\"\u003e\u003ccode\u003e874f629\u003c/code\u003e\u003c/a\u003e Fix default security with actuator but without health\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e41b3bf731d1134bc18ec1f68ac01e0fe1c54923\"\u003e\u003ccode\u003ee41b3bf\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Elasticsearch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/ef8527bb0ef8f564f4f9c57a7be99a7aa96c6ab0\"\u003e\u003ccode\u003eef8527b\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4a7bd332b6d19fef1aa4cf28434985f2b03a2e0f\"\u003e\u003ccode\u003e4a7bd33\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v4.0.5...v4.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tools.jackson.core:jackson-core` from 3.1.2 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/6956129ace69d7d28dfde174be6490e1707b43ae\"\u003e\u003ccode\u003e6956129\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/2796462b783180ad13cc9c8a6dbe1e8efe221e62\"\u003e\u003ccode\u003e2796462\u003c/code\u003e\u003c/a\u003e Prep for 3.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/87c70b305d74b3bfff32fab0daebfec12f6a8301\"\u003e\u003ccode\u003e87c70b3\u003c/code\u003e\u003c/a\u003e Merge branch '2.x' into 3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/f21195dc779d1fcf7e25dd1ba445bbd524536efc\"\u003e\u003ccode\u003ef21195d\u003c/code\u003e\u003c/a\u003e Merge branch '2.21' into 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/59fb9cc1bbe4424221b171e88b37bcbdbdba1c50\"\u003e\u003ccode\u003e59fb9cc\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/3cb88d1cf3bc30e9629af25f0f503db236b508e2\"\u003e\u003ccode\u003e3cb88d1\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5815636064ca5f5f2f5af0a91c7ad96368c239e7\"\u003e\u003ccode\u003e5815636\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/6e728f9bde605f98e34d67d5db0a1b530b0a9bfd\"\u003e\u003ccode\u003e6e728f9\u003c/code\u003e\u003c/a\u003e Prep for 2.21.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/4e30cf21ca4faeffa062ae13730fade890ce2540\"\u003e\u003ccode\u003e4e30cf2\u003c/code\u003e\u003c/a\u003e Merge branch '2.20' into 2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1429fffeca1eee24d7c3d7a0887c5ac10cac7a58\"\u003e\u003ccode\u003e1429fff\u003c/code\u003e\u003c/a\u003e Merge branch '2.19' into 2.20\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-3.1.2...jackson-core-3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 11.0.21 to 11.0.22\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bjcoombs/spring-boot-template/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjcoombs%2Fspring-boot-template/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4417446167","node_id":"PR_kwDOB8cKwc7aE6fA","number":288,"state":"open","title":"chore(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T01:22:17.000Z","updated_at":"2026-05-11T01:25:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ChrisSamo632/bedding-plants/pull/288","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisSamo632%2Fbedding-plants/issues/288","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/288/packages"},{"uuid":"4417359828","node_id":"PR_kwDORB0yGs7aEpu0","number":93,"state":"open","title":"build(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java","size/size/XS"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T00:54:54.000Z","updated_at":"2026-05-11T00:58:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/anyulled/superhero-battle-arena/pull/93","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anyulled%2Fsuperhero-battle-arena/issues/93","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/93/packages"},{"uuid":"4388480541","node_id":"PR_kwDOKNqkVc7YnfkF","number":23,"state":"closed","title":"Bump the backend-prod group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-11T03:26:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T03:13:28.000Z","updated_at":"2026-05-11T03:26:19.000Z","time_to_close":432770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"backend-prod","update_count":4,"packages":[{"name":"org.projectlombok:lombok","old_version":"1.18.44","new_version":"1.18.46","repository_url":"https://github.com/projectlombok/lombok"},{"name":"commons-codec:commons-codec","old_version":"1.21.0","new_version":"1.22.0","repository_url":"https://github.com/apache/commons-codec"},{"name":"commons-io:commons-io","old_version":"2.21.0","new_version":"2.22.0"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22"}],"path":null,"ecosystem":"maven"},"body":"Bumps the backend-prod group with 4 updates in the / directory: [org.projectlombok:lombok](https://github.com/projectlombok/lombok), [commons-codec:commons-codec](https://github.com/apache/commons-codec), commons-io:commons-io and org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.projectlombok:lombok` from 1.18.44 to 1.18.46\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown\"\u003eorg.projectlombok:lombok's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.18.46 (April 22nd, 2026)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePLATFORM: JDK26 support added \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4019\"\u003e#4019\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePLATFORM: Spring Tools Suite 5 supported \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/3985\"\u003e#3985\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: \u003ccode\u003e@Jacksonized\u003c/code\u003e no longer stops generating \u003ccode\u003e@JsonProperty\u003c/code\u003e once an explicit \u003ccode\u003e@JsonIgnore\u003c/code\u003e annotations is encountered \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4022\"\u003e#4022\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: In eclipse, mixing \u003ccode\u003e@Jacksonized\u003c/code\u003e and \u003ccode\u003efluent = true\u003c/code\u003e no longer causes the error \u003ccode\u003ecom.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/3934\"\u003e#3934\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: Some finishing touches for v1.18.44's support of Jackson3 \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4004\"\u003e#4004\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/936ca59baf844fd6c0ad641974295498785d8091\"\u003e\u003ccode\u003e936ca59\u003c/code\u003e\u003c/a\u003e [build] lombok's launcher is still intended to be 1.4 compatible, or at least...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/fcdab3f29e1b48c8f4b33ef9231ec2587a43d122\"\u003e\u003ccode\u003efcdab3f\u003c/code\u003e\u003c/a\u003e [version] pre-release version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/1cb7d49c5d2dc98af7a66413d8119dec285d0666\"\u003e\u003ccode\u003e1cb7d49\u003c/code\u003e\u003c/a\u003e [changelog]\u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4004\"\u003e#4004\u003c/a\u003e Mention Jackson3 final touches in changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/12a15b00555ec8097eca2bf7d77c2c2124e13e0e\"\u003e\u003ccode\u003e12a15b0\u003c/code\u003e\u003c/a\u003e Fix: Bump EA_JDK to 27 (25 and 26 have been released)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/2be766cfc2ef56f2d986f28f734c98535d611aee\"\u003e\u003ccode\u003e2be766c\u003c/code\u003e\u003c/a\u003e Merge branch 'jackson3-final-touches'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/290fa4c8539c7e97b47f7e80033e078127050eb5\"\u003e\u003ccode\u003e290fa4c\u003c/code\u003e\u003c/a\u003e [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/e6567b6621f86b43033ab4a75e0273780e18e998\"\u003e\u003ccode\u003ee6567b6\u003c/code\u003e\u003c/a\u003e test: Add Jackson 3 test cases and version ambiguity warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/45e72e241abe98dcfb66408402da825dd2b8e925\"\u003e\u003ccode\u003e45e72e2\u003c/code\u003e\u003c/a\u003e feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/184d42363d86446a63b6270ac1eb352dc43ae76c\"\u003e\u003ccode\u003e184d423\u003c/code\u003e\u003c/a\u003e feat: Add Jackson 3 support to \u003ca href=\"https://github.com/Jacksonized\"\u003e\u003ccode\u003e@​Jacksonized\u003c/code\u003e\u003c/a\u003e handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/e027ad0f1515bd33d4d329d90e59dccbaf44651e\"\u003e\u003ccode\u003ee027ad0\u003c/code\u003e\u003c/a\u003e refactored to ShadowClassLoader use Collections::enumeration instead of Vector\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/projectlombok/lombok/compare/v1.18.44...v1.18.46\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-codec:commons-codec` from 1.21.0 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt\"\u003ecommons-codec:commons-codec's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Commons Codec 1.22.0 Release Notes\u003c/h2\u003e\n\u003cp\u003eThe Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.\u003c/p\u003e\n\u003cp\u003eThe Apache Commons Codec component contains encoders and decoders for\nformats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these\nwidely used encoders and decoders, the codec package also maintains a\ncollection of phonetic encoding utilities.\u003c/p\u003e\n\u003cp\u003eThis is a feature and maintenance release. Java 8 or later is required.\u003c/p\u003e\n\u003ch2\u003eNew features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCODEC-326:  Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.\u003c/li\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003eCODEC-335:  Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed Bugs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCODEC-249:  Fix Incorrect transform of CH digraph according Metaphone basic rules \u003ca href=\"https://redirect.github.com/apache/commons-codec/issues/423\"\u003e#423\u003c/a\u003e. Thanks to Shalu Jha, Andrey, Gary Gregory.\u003c/li\u003e\n\u003cli\u003eCODEC-317:  ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.\u003c/li\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003eCODEC-336:  Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor complete information on Apache Commons Codec, including instructions on how to submit bug reports,\npatches, or suggestions for improvement, see the Apache Commons Codec website:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://commons.apache.org/proper/commons-codec/\"\u003ehttps://commons.apache.org/proper/commons-codec/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eDownload page: \u003ca href=\"https://commons.apache.org/proper/commons-codec/download_codec.cgi\"\u003ehttps://commons.apache.org/proper/commons-codec/download_codec.cgi\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/81a6295f071df5819893422a397d94bc396f2edd\"\u003e\u003ccode\u003e81a6295\u003c/code\u003e\u003c/a\u003e Prepare for the release candidate 1.22.0 RC1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/73104b011a9758896904831f9b1bd29aad077f11\"\u003e\u003ccode\u003e73104b0\u003c/code\u003e\u003c/a\u003e Prepare for the next release candidate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/8e36214fa2760d37e4e9c83336ed5bb324c23482\"\u003e\u003ccode\u003e8e36214\u003c/code\u003e\u003c/a\u003e In-line single use test local variables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/9bd67e787d88705baa26e85f3a9609dec015ba5b\"\u003e\u003ccode\u003e9bd67e7\u003c/code\u003e\u003c/a\u003e Use vararg syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/25e52b06a3c24dc06216e7d29321a2f01c60ec6f\"\u003e\u003ccode\u003e25e52b0\u003c/code\u003e\u003c/a\u003e Use vararg syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/e2ebaca8b30d1d04d0eb6a4e811a6d26631f4d31\"\u003e\u003ccode\u003ee2ebaca\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.35.1 to 4.35.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/33998a05a8adc84ca944bad2e5c7215309d1477b\"\u003e\u003ccode\u003e33998a0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/50c6583280cb3ed67407dcaeb31df4f8fa8ede20\"\u003e\u003ccode\u003e50c6583\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.4 to 5.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/b2be3a82b2d0902e89718a56c6afb5850d020668\"\u003e\u003ccode\u003eb2be3a8\u003c/code\u003e\u003c/a\u003e Add \u003ca href=\"https://github.com/Override\"\u003e\u003ccode\u003e@​Override\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/20f09bfcfdce88760ec9be095b848e85d9084acf\"\u003e\u003ccode\u003e20f09bf\u003c/code\u003e\u003c/a\u003e Use final.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/commons-codec/compare/rel/commons-codec-1.21.0...rel/commons-codec-1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-io:commons-io` from 2.21.0 to 2.22.0\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 11.0.21 to 11.0.22\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/OpenConext/openconext-saml-java/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2Fopenconext-saml-java/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"},{"uuid":"4388046999","node_id":"PR_kwDODYD4ns7YmHMY","number":3466,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22 in /pgp-keys-map-test1","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T01:08:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T01:05:04.000Z","updated_at":"2026-05-06T01:08:57.000Z","time_to_close":232,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":"/pgp-keys-map-test1","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/s4u/pgp-keys-map/pull/3466","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fpgp-keys-map/issues/3466","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3466/packages"},{"uuid":"4325351862","node_id":"PR_kwDOOguFJM7VdN6c","number":5,"state":"open","title":"Bump the maven group across 18 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:17:41.000Z","updated_at":"2026-04-24T20:20:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":24,"packages":[{"name":"com.google.protobuf:protobuf-java","old_version":"3.25.3","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"ch.qos.logback:logback-core","old_version":"1.2.13","new_version":"1.5.25","repository_url":"https://github.com/qos-ch/logback"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.8.10","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.assertj:assertj-core","old_version":"3.25.3","new_version":"3.27.7","repository_url":"https://github.com/assertj/assertj"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.109","new_version":"9.0.117"},{"name":"org.apache.tomcat.embed:tomcat-embed-websocket","old_version":"8.5.88","new_version":"8.5.99"},{"name":"org.apache.jackrabbit:jackrabbit-core","old_version":"2.5.0","new_version":"2.22.2","repository_url":"https://github.com/apache/jackrabbit"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.12.0","new_version":"2.25.4"},{"name":"org.elasticsearch:elasticsearch","old_version":"2.4.6","new_version":"8.19.8","repository_url":"https://github.com/elastic/elasticsearch"},{"name":"org.springframework:spring-context","old_version":"4.3.26.RELEASE","new_version":"6.1.20","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.hibernate:hibernate-core","old_version":"5.3.22.Final","new_version":"5.6.15.Final","repository_url":"https://github.com/hibernate/hibernate-orm"},{"name":"org.asynchttpclient:async-http-client","old_version":"2.12.3","new_version":"2.14.5","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.springframework:spring-web","old_version":"2.0.8","new_version":"5.3.38","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"com.microsoft.sqlserver:mssql-jdbc","old_version":"9.4.0.jre8","new_version":"11.2.0.jre8","repository_url":"https://github.com/Microsoft/mssql-jdbc"},{"name":"org.apache.activemq:activemq-client","old_version":"5.16.3","new_version":"5.19.4","repository_url":"https://github.com/apache/activemq"},{"name":"org.apache.activemq:activemq-broker","old_version":"5.16.3","new_version":"5.19.5","repository_url":"https://github.com/apache/activemq"},{"name":"org.apache.struts:struts2-core","old_version":"2.5.26","new_version":"6.8.0","repository_url":"https://github.com/apache/struts"},{"name":"commons-beanutils:commons-beanutils","old_version":"1.9.4","new_version":"1.11.0"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"org.eclipse.jetty:jetty-http","old_version":"12.0.7","new_version":"12.0.33"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.8.10` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.109` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.jackrabbit:jackrabbit-core](https://github.com/apache/jackrabbit) | `2.5.0` | `2.22.2` |\n| org.apache.logging.log4j:log4j-core | `2.12.0` | `2.25.4` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.6` | `8.19.8` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.3.26.RELEASE` | `6.1.20` |\n| [org.hibernate:hibernate-core](https://github.com/hibernate/hibernate-orm) | `5.3.22.Final` | `5.6.15.Final` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.3` | `2.14.5` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `2.0.8` | `5.3.38` |\n| [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) | `9.4.0.jre8` | `11.2.0.jre8` |\n| [org.apache.activemq:activemq-client](https://github.com/apache/activemq) | `5.16.3` | `5.19.4` |\n| [org.apache.activemq:activemq-broker](https://github.com/apache/activemq) | `5.16.3` | `5.19.5` |\n| [org.apache.struts:struts2-core](https://github.com/apache/struts) | `2.5.26` | `6.8.0` |\n| commons-beanutils:commons-beanutils | `1.9.4` | `1.11.0` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| org.eclipse.jetty:jetty-http | `12.0.7` | `12.0.33` |\n\nBumps the maven group with 7 updates in the /agent/benchmarks directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `5.3.23` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.jackrabbit:jackrabbit-core](https://github.com/apache/jackrabbit) | `2.5.0` | `2.22.2` |\n\nBumps the maven group with 8 updates in the /agent/plugins/elasticsearch-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.8.10` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.6` | `8.19.8` |\n\nBumps the maven group with 7 updates in the /agent/plugins/grails-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.3.26.RELEASE` | `6.1.20` |\n\nBumps the maven group with 7 updates in the /agent/plugins/hibernate-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.hibernate:hibernate-core](https://github.com/hibernate/hibernate-orm) | `5.3.22.Final` | `5.6.15.Final` |\n\nBumps the maven group with 8 updates in the /agent/plugins/http-client-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.3` | `2.14.5` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `2.0.8` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/plugins/jaxws-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `5.2.17.RELEASE` | `6.1.20` |\n\nBumps the maven group with 7 updates in the /agent/plugins/jdbc-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) | `9.4.0.jre8` | `11.2.0.jre8` |\n\nBumps the maven group with 8 updates in the /agent/plugins/jms-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.activemq:activemq-client](https://github.com/apache/activemq) | `5.16.3` | `5.19.4` |\n| [org.apache.activemq:activemq-broker](https://github.com/apache/activemq) | `5.16.3` | `5.19.5` |\n\nBumps the maven group with 6 updates in the /agent/plugins/jsp-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.109` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 7 updates in the /agent/plugins/logger-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.12.0` | `2.25.4` |\n\nBumps the maven group with 7 updates in the /agent/plugins/servlet-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `5.3.23` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/plugins/spring-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `5.3.12` | `6.1.20` |\n\nBumps the maven group with 9 updates in the /agent/plugins/struts-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |\n| [org.apache.struts:struts2-core](https://github.com/apache/struts) | `2.5.26` | `6.8.0` |\n| commons-beanutils:commons-beanutils | `1.9.4` | `1.11.0` |\n\nBumps the maven group with 6 updates in the /central directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 6 updates in the /ui directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 9 updates in the /webdriver-tests directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| org.eclipse.jetty:jetty-http | `12.0.7` | `12.0.33` |\n\n\nUpdates `com.google.protobuf:protobuf-java` from 3.25.3 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.25.3...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.2.13 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/f426e0002800cfb507f393fcacffe0761a425220\"\u003e\u003ccode\u003ef426e00\u003c/code\u003e\u003c/a\u003e prepare release of 1.5.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d28931f3b9ede954285cd22d44e029142bba52e6\"\u003e\u003ccode\u003ed28931f\u003c/code\u003e\u003c/a\u003e restrict object creation to expected supertype\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/aa264f7ad2bb65c2d5ab046754741e56234c9096\"\u003e\u003ccode\u003eaa264f7\u003c/code\u003e\u003c/a\u003e test default variable values in appender-ref ref attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8fb403ab6d1a36b351e9095f8ee1c6c3ad8e0405\"\u003e\u003ccode\u003e8fb403a\u003c/code\u003e\u003c/a\u003e adjust copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b294a12ff9f2bb2f03168590da1c6d7cbfd71cfe\"\u003e\u003ccode\u003eb294a12\u003c/code\u003e\u003c/a\u003e check optionList in start()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b65040a3b5d844a791bd3cc690ca44e9e024e04d\"\u003e\u003ccode\u003eb65040a\u003c/code\u003e\u003c/a\u003e Add EpochConverter for milliseconds/seconds since epoch (related to issue \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/96\"\u003e#96\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/069017445b41e9c3a23bda2be446663dca3c4453\"\u003e\u003ccode\u003e0690174\u003c/code\u003e\u003c/a\u003e cla for Duncan Jauncey\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/71dc2afc1046e7b7e218dbfbcde3b0c549bc2fba\"\u003e\u003ccode\u003e71dc2af\u003c/code\u003e\u003c/a\u003e Removed email address for Tony.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/1f97ae1844b1be8486e4e9cade98d7123d3eded5\"\u003e\u003ccode\u003e1f97ae1\u003c/code\u003e\u003c/a\u003e check for undeclared by referenced appenders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b07355e26aaf128c8303393b7e2ed3d4687c7736\"\u003e\u003ccode\u003eb07355e\u003c/code\u003e\u003c/a\u003e Move the artifact version checking code to VersionUtil in logback-core.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.13...v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.8.10 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.10...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.assertj:assertj-core` from 3.25.3 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-build-3.25.3...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 7.0.109 to 9.0.117\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 8.5.88 to 8.5.99\n\nUpdates `org.apache.jackrabbit:jackrabbit-core` from 2.5.0 to 2.22.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/jackrabbit/blob/jackrabbit-2.22.2/RELEASE-NOTES.txt\"\u003eorg.apache.jackrabbit:jackrabbit-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Jackrabbit 2.22.2\u003c/h2\u003e\n\u003cp\u003eBug\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5121] - Java 23: getSubject is supported only if a security manager is allowed\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eImprovement\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5146] - Add missing mixin values (defined in JCR 2.0 spec) to JcrConstants\n[JCR-5150] - Add missing constant for jcr:title\n[JCR-5152] - Add method isValidJcrLocalName(String) to o.a.j.util.Text\n[JCR-5161] - NamespaceHelper - get NamespaceRegistry only once\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eTask\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5048] - Jackrabbit should build and test with Java 24\n[JCR-5089] - avoid use of deprecated junit.framework.Assert\n[JCR-5119] - webapp: bump htmlunit to 4.7.0\n[JCR-5120] - webapp: update tomcat dependency to 9.0.97\n[JCR-5130] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.76.0\n[JCR-5132] - webapp: update tomcat dependency to 9.0.104\n[JCR-5134] - Update oak-jackrabbit-api.version.used to Oak 1.22.22\n[JCR-5135] - Make JNDI support opt-in\n[JCR-5143] - Update Mockito dependency to 5.17.0\n[JCR-5144] - Update to jacoco version 0.8.13\n[JCR-5145] - Upgrade Commons VFS to 2.10.0\n[JCR-5147] - remove jackrabbit 1.x compatibility and performance tests\n[JCR-5158] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.82.0\n[JCR-5159] - Create coverage for NamespaceHelper\n[JCR-5177] - jackrabbit-jcr2spi: update to commons-collections4 4.5.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor more detailed information about all the changes in this and other\nJackrabbit releases, please see the Jackrabbit issue tracker at\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ehttps://issues.apache.org/jira/browse/JCR\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eRelease Contents\u003c/h2\u003e\n\u003cp\u003eThis release consists of a single source archive packaged as a zip file.\nThe archive can be unpacked with the jar tool from your JDK installation.\nSee the README.txt file for instructions on how to build this release.\u003c/p\u003e\n\u003cp\u003eThe source archive is accompanied by an SHA512 checksum and a\nPGP signature that you can use to verify the authenticity of your\ndownload. The public key used for the PGP signature can be found at\n\u003ca href=\"https://www.apache.org/dist/jackrabbit/KEYS\"\u003ehttps://www.apache.org/dist/jackrabbit/KEYS\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/2b5babfc2fcf4e0aa198dfcc6b850854d3daae21\"\u003e\u003ccode\u003e2b5babf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackrabbit-2.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/0d7c2e5bb6006a7cebe9e5481aefa9d83e63e8a8\"\u003e\u003ccode\u003e0d7c2e5\u003c/code\u003e\u003c/a\u003e JCR-5180: Release Jackrabbit 2.22.2 - Candidate Release Notes (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/b487b6f4a07eed98205a557085fc7aab0b791205\"\u003e\u003ccode\u003eb487b6f\u003c/code\u003e\u003c/a\u003e JCR-5158: Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.82....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/52d84116c8081ea223ea02dad6f25f22458ded7b\"\u003e\u003ccode\u003e52d8411\u003c/code\u003e\u003c/a\u003e JCR-5161: NamespaceHelper - get NamespaceRegistry only once (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/6b6171ef3e671b37f635b5fd067880e979c157f9\"\u003e\u003ccode\u003e6b6171e\u003c/code\u003e\u003c/a\u003e JCR-5150 Add constant for jcr:title\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/02b09fd650394902de4eda7a312124c460a9119d\"\u003e\u003ccode\u003e02b09fd\u003c/code\u003e\u003c/a\u003e JCR-5159: Create coverage for NamespaceHelper (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/0b818502436cb8f8f3b76aabe2367b69f813d227\"\u003e\u003ccode\u003e0b81850\u003c/code\u003e\u003c/a\u003e JCR-5152 Add method to check if a (local) name is valid according to JCR\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/2e64ea54698b97e3d7bd00ed687b752899eb8db6\"\u003e\u003ccode\u003e2e64ea5\u003c/code\u003e\u003c/a\u003e JCR-5137: Update JCR commons to implement current jackrabbit-api (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/9ba05181f7f2f1bc28418aa06f521c14190befc2\"\u003e\u003ccode\u003e9ba0518\u003c/code\u003e\u003c/a\u003e JCR-5089: avoid use of deprecated junit.framework.Assert (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/019f6f9eaa7e8ccf12976a84b9da2e6a25114706\"\u003e\u003ccode\u003e019f6f9\u003c/code\u003e\u003c/a\u003e JCR-5177: jackrabbit-jcr2spi: update to commons-collections4 4.5.0 (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/jackrabbit/compare/2.5.0...jackrabbit-2.22.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.12.0 to 2.25.4\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.6 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.6...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-context` from 4.3.26.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.3.26.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-core` from 5.3.22.Final to 5.6.15.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hibernate/hibernate-orm/releases\"\u003eorg.hibernate:hibernate-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 5.3.38\u003c/h2\u003e\n\u003ch1\u003eHibernate ORM 5.3.38.Final released\u003c/h1\u003e\n\u003cp\u003eToday, we published a new release of Hibernate ORM 5.3: 5.3.38.Final.\u003c/p\u003e\n\u003cp\u003eYou can find the full list of 5.3.38.Final changes \u003ca href=\"https://hibernate.atlassian.net/issues/?jql=project%20%3D%20HHH%20AND%20fixVersion%20%3D%205.3.38\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003cp\u003eThis release introduces a few minor improvements as well as bug fixes.\u003c/p\u003e\n\u003ch2\u003eConclusion\u003c/h2\u003e\n\u003cp\u003eFor additional details, see:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe \u003ca href=\"https://hibernate.org/orm/releases/5.3/\"\u003erelease page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/migration-guide/\"\u003eMigration Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/introduction/html_single/\"\u003eIntroduction Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/userguide/html_single/\"\u003eUser Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/javadocs\"\u003eAPI docs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee also the following resources related to supported APIs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe \u003ca href=\"https://hibernate.org/community/compatibility-policy/\"\u003ecompatibility policy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/incubating/incubating.txt\"\u003eincubating API report\u003c/a\u003e (\u003ccode\u003e@Incubating\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/deprecated/deprecated.txt\"\u003edeprecated API report\u003c/a\u003e (\u003ccode\u003e@Deprecated\u003c/code\u003e + \u003ccode\u003e@Remove\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/internals/internal.txt\"\u003einternal API report\u003c/a\u003e (internal packages, \u003ccode\u003e@Internal\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVisit the \u003ca href=\"https://hibernate.org/community/\"\u003ewebsite\u003c/a\u003e for details on getting in touch with us.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hibernate/hibernate-orm/blob/5.6.15/changelog.txt\"\u003eorg.hibernate:hibernate-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in 5.6.15.Final (February 06, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32121\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32121\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Bug\n* [HHH-16049] - Setting a property to its current value with bytecode enhancement enabled results in unnecessary SQL Update in some (many) cases\n* [HHH-15665] - Mariadb is missing identifier quote on SEQUENCE QUERY\n* [HHH-15618] - Procedure should accept TypedParameterValue as parameter\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15693] - Introduce a fast-path access for ClassLoaderService being retrieved from ServiceRegistry\n* [HHH-15690] - HQLQueryPlan to have a direct reference to QueryTranslatorFactory\n* [HHH-15685] - Improve efficiency of Dialect lookup in Loader and HqlSqlWalker\u003c/p\u003e\n\u003cp\u003e** Patch\n* [HHH-15792] - Explicitly add JavaDoc to make \u003ca href=\"https://github.com/deprecated\"\u003e\u003ccode\u003e@​deprecated\u003c/code\u003e\u003c/a\u003e hint for createSQLQuery visible in Eclipse\u003c/p\u003e\n\u003ch2\u003eChanges in 5.6.14.Final (November 04, 2022)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32120\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32120\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15662] - ClasscastException caused by check for Managed rather than ManagedEntity\u003c/p\u003e\n\u003ch2\u003eChanges in 5.6.13.Final (November 03, 2022)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32112\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32112\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Bug\n* [HHH-15634] - Lazy basic property does not get updated on change\n* [HHH-15561] - Function \u0026quot;IDENTITY\u0026quot; not found when inserting audited revision using Hibernate Envers\n* [HHH-15554] - Merge of an Entity with an immutable composite user type throws Exception\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15649] - Additional performance fixes relating to Klass's _secondary_super_cache interaction with entity enhancement\n* [HHH-15639] - Upgrade to ByteBuddy 1.12.18\n* [HHH-15637] - Upgrade to Byteman 4.0.20\n* [HHH-15616] - Mitigate performance impact of entity enhancement on Klass's _secondary_super_cache\n* [HHH-15585] - Add support for DB2 aliases for schema validation\n* [HHH-15575] - Make getter org.hibernate.criterion.SimpleExpression#getOp() public\u003c/p\u003e\n\u003cp\u003e** Task\n* [HHH-15594] - Remove Oracle RDS and all test matrix uses\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/e924c27e1259b0b5915819e9521d86fcb8164a46\"\u003e\u003ccode\u003ee924c27\u003c/code\u003e\u003c/a\u003e 5.6.15.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/38ec412e61b72112e88e5a6311a27a365ace9968\"\u003e\u003ccode\u003e38ec412\u003c/code\u003e\u003c/a\u003e HHH-15665 - Fix and added test for issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/1078caa19ff5d86c01feac03641cc325a11e0283\"\u003e\u003ccode\u003e1078caa\u003c/code\u003e\u003c/a\u003e HHH-16049 Setting a property to its current value with bytecode enhancement e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/802fc76883dddc33fe60b68e67491b14e1af3192\"\u003e\u003ccode\u003e802fc76\u003c/code\u003e\u003c/a\u003e HHH-16049 Test setting a property to its current value with bytecode enhancem...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/ac55bb28db5963d9e2d213b80ece39c24d567381\"\u003e\u003ccode\u003eac55bb2\u003c/code\u003e\u003c/a\u003e HHH-16049 Test setting a property to its current value with bytecode enhancem...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/84662bf21cb36810c165eb9986ba8f3d091dbb2c\"\u003e\u003ccode\u003e84662bf\u003c/code\u003e\u003c/a\u003e HHH-16049 Restructure lazy-basic tests for easier re-execution and better tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/49fbe84dde773de84ea704bb10193c4c581d34b8\"\u003e\u003ccode\u003e49fbe84\u003c/code\u003e\u003c/a\u003e HHH-15618 Accept TypedParameterValue for procedure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/45c7fc5e28245563d173292aca12dabeb596b3d1\"\u003e\u003ccode\u003e45c7fc5\u003c/code\u003e\u003c/a\u003e Add TCK build throttling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/cc3b38971e6650307f349e797230932dc977887d\"\u003e\u003ccode\u003ecc3b389\u003c/code\u003e\u003c/a\u003e Switch from LGTM to CodeQL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/d7fa18ac64bb1b0f157f85990900a526d18a2808\"\u003e\u003ccode\u003ed7fa18a\u003c/code\u003e\u003c/a\u003e HHH-15792: Explicitly add JavaDoc to make \u003ca href=\"https://github.com/deprecated\"\u003e\u003ccode\u003e@​deprecated\u003c/code\u003e\u003c/a\u003e hint for createSQLQuery...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hibernate/hibernate-orm/compare/5.3.22...5.6.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 2.0.8 to 5.3.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.38\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEfficient handling of conditional HTTP requests \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33378\"\u003e#33378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect weak ETag validation \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33377\"\u003e#33377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSimpleEvaluationContext\u003c/code\u003e does not enforce read-only semantics \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33320\"\u003e#33320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConversionService\u003c/code\u003e cannot convert primitive array to \u003ccode\u003eObject[]\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33314\"\u003e#33314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL \u003ccode\u003eIndexer\u003c/code\u003e silently ignores failure to set property as index \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33312\"\u003e#33312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockito mock falsely initialized as CGLIB proxy with AspectJ aspect \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33142\"\u003e#33142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u0026quot;file:.\u0026quot; cannot be resolved to \u003ccode\u003ejava.nio.file.Path\u003c/code\u003e (and plain \u0026quot;.\u0026quot; value resolves to classpath root) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33140\"\u003e#33140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTypo in Annotation-driven Listener Endpoints section of Spring Framework documentation \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33052\"\u003e#33052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eContainer Extension Points section of Spring Framework documentation refers to the wrong property name \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33039\"\u003e#33039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect constructor details in the javadoc for ApplicationContextEvent \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33034\"\u003e#33034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2020.0.47 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33322\"\u003e#33322\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.37\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAnnotationUtils performance degrades with deep stacks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32923\"\u003e#32923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAspectJ CTW aspects executed twice \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32974\"\u003e#32974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL compilation fails when indexing into a \u003ccode\u003eMap\u003c/code\u003e with a primitive \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32911\"\u003e#32911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL compilation fails when indexing into an array or list with an \u003ccode\u003eInteger\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32909\"\u003e#32909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplication not starting with \u003ccode\u003e@EnableTransactionManagement\u003c/code\u003e(mode = AdviceMode.ASPECTJ)  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32885\"\u003e#32885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2020.0.45 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33010\"\u003e#33010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.36\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOverridden aspect method runs twice \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32868\"\u003e#32868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@DateTimeFormat(iso = DateTimeFormat.ISO.DATE\\_TIME)\u003c/code\u003e cannot convert UTC without milliseconds to \u003ccode\u003ejava.util.Date\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32860\"\u003e#32860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring AOP fails against registered \u003ccode\u003e@Configurable\u003c/code\u003e aspect \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32840\"\u003e#32840\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.35\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/spring-projects/spring-framework/commits/v5.3.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.microsoft.sqlserver:mssql-jdbc` from 9.4.0.jre8 to 11.2.0.jre8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Microsoft/mssql-jdbc/rele...\n\n_Description has been truncated_","html_url":"https://github.com/abrahem79/glowroot/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abrahem79%2Fglowroot/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4325308070","node_id":"PR_kwDOKJTg4s7VdEcA","number":4,"state":"closed","title":"Bump the maven group across 11 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:45:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T20:09:19.000Z","updated_at":"2026-04-25T16:45:24.000Z","time_to_close":74164,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.zookeeper:zookeeper","old_version":"3.4.14","new_version":"3.8.6"},{"name":"org.apache.mina:mina-core","old_version":"2.2.1","new_version":"2.2.4","repository_url":"https://github.com/apache/mina"},{"name":"com.google.protobuf:protobuf-java","old_version":"3.24.0","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"com.squareup.okhttp3:okhttp","old_version":"3.14.9","new_version":"4.9.2","repository_url":"https://github.com/square/okhttp"},{"name":"org.hibernate:hibernate-validator","old_version":"5.4.3.Final","new_version":"6.2.0.Final"},{"name":"org.apache.avro:avro","old_version":"1.11.1","new_version":"1.11.4"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.87","new_version":"9.0.117"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.2.11","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.15.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.57.1","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.10.3","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-consumer directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-provider directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 15 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.zookeeper:zookeeper | `3.4.14` | `3.8.6` |\n| [org.apache.mina:mina-core](https://github.com/apache/mina) | `2.2.1` | `2.2.4` |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.24.0` | `3.25.5` |\n| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `3.14.9` | `4.9.2` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.avro:avro | `1.11.1` | `1.11.4` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.87` | `9.0.117` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.2.11` | `1.2.13` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.15.2` | `2.18.6` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.57.1` | `1.75.0` |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.10.3` | `1.1.10.4` |\n\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-maven-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-native-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-spring-boot/dubbo-spring-boot-starters/dubbo-zookeeper-curator5-spring-boot-starter directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 3 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper, org.apache.commons:commons-compress and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.mina:mina-core` from 2.2.1 to 2.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/4134a125d8830c67c21b97c28f2bf706801bdd13\"\u003e\u003ccode\u003e4134a12\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/ccc85e38a1b1b494444246b6cd9d98419dee8912\"\u003e\u003ccode\u003eccc85e3\u003c/code\u003e\u003c/a\u003e Fixing another link issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/bfb75f2490953fa4753da57ef742fdeb5e0ef3ea\"\u003e\u003ccode\u003ebfb75f2\u003c/code\u003e\u003c/a\u003e Rollbacked to source plugin 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/625a52405acabe624a2bf9e68f8743ec46474b37\"\u003e\u003ccode\u003e625a524\u003c/code\u003e\u003c/a\u003e Trying to get maven source plugin to the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/252130da0fd76d9c2399b75a9f1a13efa313f133\"\u003e\u003ccode\u003e252130d\u003c/code\u003e\u003c/a\u003e Solved some link issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/859e7aaa6f039032c3063daa92e86d94eac11cc5\"\u003e\u003ccode\u003e859e7aa\u003c/code\u003e\u003c/a\u003e Fixed a bad \u003ca href=\"https://github.com/link\"\u003e\u003ccode\u003e@​link\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/f58344115703a883074941f54fccd92aeeb4382e\"\u003e\u003ccode\u003ef583441\u003c/code\u003e\u003c/a\u003e Fixed some compilation issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/b1dc83a3a8ceef10cff1daa957320ac043fc03d8\"\u003e\u003ccode\u003eb1dc83a\u003c/code\u003e\u003c/a\u003e Fixed some javadoc issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/06a51073ebddd1a969ba50ea41e8bb262c065169\"\u003e\u003ccode\u003e06a5107\u003c/code\u003e\u003c/a\u003e Rollbacked maven source plugin to 3.2.1, because since 3.3.0 the build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/97918866b79f35bcf00a5e7090e02c15ab82b1db\"\u003e\u003ccode\u003e9791886\u003c/code\u003e\u003c/a\u003e Added some missing spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/mina/compare/2.2.1...2.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 3.24.0 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.24.0...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.squareup.okhttp3:okhttp` from 3.14.9 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/square/okhttp/blob/master/CHANGELOG.md\"\u003ecom.squareup.okhttp3:okhttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003ch2\u003eVersion 5.3.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-18\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\ntimeouts to fire later than they were supposed to.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.4][okio_3_16_4].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-16\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eThis release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade: [Okio 3.16.3][okio_3_16_3].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-10-30\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Add tags to \u003ccode\u003eCall\u003c/code\u003e, including computable tags. Use this to attach application-specific\nmetadata to a \u003ccode\u003eCall\u003c/code\u003e in an \u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e. The tag can be read in any other\n\u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"kotlin\"\u003e\u003ccode\u003e  override fun intercept(chain: Interceptor.Chain): Response {\n    chain.call().tag(MyAnalyticsTag::class) {\n      MyAnalyticsTag(...)\n    }\n\u003cpre\u003e\u003ccode\u003ereturn chain.proceed(chain.request())\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Support request bodies on HTTP/1.1 connection upgrades.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: \u003ccode\u003eEventListener.plus()\u003c/code\u003e makes it easier to observe events in multiple listeners.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't spam logs with \u003cem\u003e‘Method isLoggable in android.util.Log not mocked.’\u003c/em\u003e when using\nOkHttp in Robolectric and Paparazzi tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Kotlin 2.2.21][kotlin_2_2_21].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.2][okio_3_16_2].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail\n[16 KB ELF alignment checks][elf_alignment].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d\"\u003e\u003ccode\u003e3edf17c\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7\"\u003e\u003ccode\u003e262b3cd\u003c/code\u003e\u003c/a\u003e Handle strict module handling on JDK17 (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6707\"\u003e#6707\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6742\"\u003e#6742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c\"\u003e\u003ccode\u003ef574ea2\u003c/code\u003e\u003c/a\u003e Cherry pick fix for CVE-2021-0341 onto 4.9.x (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6741\"\u003e#6741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518\"\u003e\u003ccode\u003e1fd7c0a\u003c/code\u003e\u003c/a\u003e Make it more difficult to accidentally log sensitive headers (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6551\"\u003e#6551\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6740\"\u003e#6740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6\"\u003e\u003ccode\u003eb0397cc\u003c/code\u003e\u003c/a\u003e 4.9.x GitHub builds update (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6732\"\u003e#6732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd\"\u003e\u003ccode\u003eeb5a834\u003c/code\u003e\u003c/a\u003e Prepare next development version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf\"\u003e\u003ccode\u003e63dcd95\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/d2e28ab672d5734a76f97f48174a3e6e8339e183\"\u003e\u003ccode\u003ed2e28ab\u003c/code\u003e\u003c/a\u003e Silently ignore 'bio == null' NullPointerExceptions (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6534\"\u003e#6534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/cbeaf8f955fff9caa5652ccc6c1393ec8b993799\"\u003e\u003ccode\u003ecbeaf8f\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/8fd74a7482effe1ca8847a28b29262415dbb7faa\"\u003e\u003ccode\u003e8fd74a7\u003c/code\u003e\u003c/a\u003e Conscrypt 2.5.1 Upgrade (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6263\"\u003e#6263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/square/okhttp/compare/parent-3.14.9...parent-4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-validator` from 5.4.3.Final to 6.2.0.Final\n\nUpdates `org.apache.avro:avro` from 1.11.1 to 1.11.4\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.87 to 9.0.117\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.11 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2648b9e7fbb47426c89b9c93b411c07484e8f277\"\u003e\u003ccode\u003e2648b9e\u003c/code\u003e\u003c/a\u003e prepare release 1.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3\"\u003e\u003ccode\u003ebb09515\u003c/code\u003e\u003c/a\u003e fix CVE-2023-6378\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/45732949bfb845df04cbe65292cf48aaa090cb1d\"\u003e\u003ccode\u003e4573294\u003c/code\u003e\u003c/a\u003e start work on 1.2.13-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/a388193052c298ca87cc64192319df723288c6ab\"\u003e\u003ccode\u003ea388193\u003c/code\u003e\u003c/a\u003e Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/de44dc422bc3da1d7808283851324d960b492d4d\"\u003e\u003ccode\u003ede44dc4\u003c/code\u003e\u003c/a\u003e prepare release 1.2.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ca0cf172f680308938515b8a5d69348759ee947c\"\u003e\u003ccode\u003eca0cf17\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/532\"\u003e#532\u003c/a\u003e from joakime/fix-jetty-requestlog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e31609b1980b9ba986344aae3cab7275fa2b4935\"\u003e\u003ccode\u003ee31609b\u003c/code\u003e\u003c/a\u003e removed unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/21e29efb284766f386781175b2ba18585b690154\"\u003e\u003ccode\u003e21e29ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/567\"\u003e#567\u003c/a\u003e from spliffone/LOGBACK-1633\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e869000e1d5901e6aa6f46cc6575ee2137f15b69\"\u003e\u003ccode\u003ee869000\u003c/code\u003e\u003c/a\u003e fix: published POM file contain the wrong scm URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/009ea46cb81a015f2ca312bde6e823581b93b37a\"\u003e\u003ccode\u003e009ea46\u003c/code\u003e\u003c/a\u003e version for next dev cycle\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.11...v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.12.0 to 3.18.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.15.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.57.1 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at the aggregate cluster layer to choose a priority from that combined list. However, it turns out that aggregate clusters don't actually define the LB policy in the aggregate cluster; instead, the aggregate cluster uses a special cluster-provided LB policy that first chooses the underlying cluster and then delegates to the LB policy of the underlying cluster. This change implements that.\u003c/li\u003e\n\u003cli\u003eapi: set size correctly for sets and maps in handling \u003ccode\u003eMetadata\u003c/code\u003e values to be exchanged during a call (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12229\"\u003e#12229\u003c/a\u003e) (80217275d)\u003c/li\u003e\n\u003cli\u003exds: xdsClient cache transient error for new watchers (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12291\"\u003e#12291\u003c/a\u003e). When a resource update is NACKed, cache the error and update new watchers that get added with that error instead of making them hang.\u003c/li\u003e\n\u003cli\u003exds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e). If a LB policy gives extraneous updates with state CONNECTING, then it was possible to re-create \u003ccode\u003efailOverTimer\u003c/code\u003e which would then wait the 10 seconds for the child to finish CONNECTING. We only want to give the child one opportunity after transitioning out of READY/IDLE.\u003c/li\u003e\n\u003cli\u003exds: Use a different log name for \u003ccode\u003eXdsClientImpl\u003c/code\u003e and \u003ccode\u003eControlPlaneClient\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12287\"\u003e#12287\u003c/a\u003e). \u003ccode\u003eControlPlaneClient\u003c/code\u003e uses \u0026quot;xds-cp-client\u0026quot; now instead of \u0026quot;xds-client\u0026quot; while logging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Netty 4.1.124.Final (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e). This implicitly disables \u003ccode\u003eNettyAdaptiveCumulator\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/11284\"\u003e#11284\u003c/a\u003e), which can have a performance impact. We delayed upgrading Netty to give time to rework the optimization, but we've gone too long already without upgrading which causes problems for vulnerability tracking.\u003c/li\u003e\n\u003cli\u003ebazel: Use \u003ccode\u003ejar_jar\u003c/code\u003e to avoid xds deps (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12243\"\u003e#12243\u003c/a\u003e) (8f09b9689). The //xds and //xds:orca targets now use \u003ccode\u003ejar_jar\u003c/code\u003e to shade the protobuf generated code. This allows them to use their own private copy of the protos and drop direct Bazel dependencies on cel-spec, grpc, rules_go, com_github_cncf_xds, envoy_api, com_envoyproxy_protoc_gen_validate, and opencensus_proto. This mirrors the shading of protobuf messages done for grpc-xds provided on Maven Central and should simplify dependency management\u003c/li\u003e\n\u003cli\u003eProtobuf upgraded to 3.25.8\u003c/li\u003e\n\u003cli\u003eproto-google-common-protos upgraded to 2.59.2\u003c/li\u003e\n\u003cli\u003es2a-proto upgraded to 1.1.2\u003c/li\u003e\n\u003cli\u003egoogle-cloud-logging upgraded to 3.23.1 (used by gcp-observability)\u003c/li\u003e\n\u003cli\u003eOpenTelemetry upgraded to 1.52.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify requirements for creating a cross-user Channel. (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12181\"\u003e#12181\u003c/a\u003e). The \u003ccode\u003e@SystemApi\u003c/code\u003e runtime visibility requirement isn't really new. It has always been implicit in the required INTERACT_ACROSS_USERS permission, which can only be held by system apps in production. Now deprecated \u003ccode\u003eBinderChannelBuilder#bindAsUser\u003c/code\u003e has always required SDK_INT \u0026gt;= 30. This change just copies that requirement forward to its replacement APIs in \u003ccode\u003eAndroidComponentAddress\u003c/code\u003e and the TARGET_ANDROID_USER \u003ccode\u003eNameResolver.Args\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eapi: Add more Javadoc for \u003ccode\u003eNameResolver.Listener2\u003c/code\u003e interface (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12220\"\u003e#12220\u003c/a\u003e) (d352540a0)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/benjaminp\"\u003e\u003ccode\u003e@​benjaminp\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/werkt\"\u003e\u003ccode\u003e@​werkt\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/vimanikag\"\u003e\u003ccode\u003e@​vimanikag\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.74.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecompiler: Default to \u003ccode\u003e@generated=omit\u003c/code\u003e (f8700a13a). This omits \u003ccode\u003ejavax.annotation.Generated\u003c/code\u003e from the generated code and makes the \u003ccode\u003eorg.apache.tomcat:annotations-api\u003c/code\u003e compile-only dependency unnecessary (README and examples changes forthcoming; we delayed those changes until the release landed). You can use the option \u003ccode\u003e@generated=javax\u003c/code\u003e for the previous behavior, but please also file an issue so we can develop alternatives\u003c/li\u003e\n\u003cli\u003ecompiler: generate blocking v2 unary calls that throw StatusException (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12126\"\u003e#12126\u003c/a\u003e) (a16d65591). Previously, the new blocking stub API was identical to the older blocking stub for unary RPCs and used the unchecked \u003ccode\u003eStatusRuntimeException\u003c/code\u003e. However, feedback demonstrated it was confusing to mix that with the checked \u003ccode\u003eStatusException\u003c/code\u003e in \u003ccode\u003eBlockingClientCall\u003c/code\u003e. Now the new blocking stub uses StatusException throughout. grpc-java continues to support the old generated code, but the version of protoc-gen-grpc-java will dictate which API you see. If you support multiple generated code versions, you can use the older blocking v1 stub for unary RPCs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Fix a race that caused RPCs to hang on start when a GOAWAY was received while the RPCs’ headers were being written to the OS (b04c673fd, 15c757398). This was a very old race, not a recent regression. All streams should now properly fail instead of hanging, although in some cases they may be transparently retried\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/3abc0e6e1f4981017b7117e47e1844a318a51f24\"\u003e\u003ccode\u003e3abc0e6\u003c/code\u003e\u003c/a\u003e Bump version to 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/cbfe6c1ccaf0d9480daa8faa3e37a117adb798ba\"\u003e\u003ccode\u003ecbfe6c1\u003c/code\u003e\u003c/a\u003e Update README etc to reference 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a0f3520ad0bf5186f84d48b7df6e2555e8b16da8\"\u003e\u003ccode\u003ea0f3520\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12295\"\u003e#12295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/7ef13f40a6d9cdaccd0c064b5bd3745f9518781e\"\u003e\u003ccode\u003e7ef13f4\u003c/code\u003e\u003c/a\u003e Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/14fd8eff28d55fae4a791b256602d83a5fb9d848\"\u003e\u003ccode\u003e14fd8ef\u003c/code\u003e\u003c/a\u003e xds: xdsClient caches transient error for new watchers (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/653d076c605a9066cf6ae484921058580df2437d\"\u003e\u003ccode\u003e653d076\u003c/code\u003e\u003c/a\u003e xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a5c2b1aa51608b1fff016a313d8ee65f92e8d23d\"\u003e\u003ccode\u003ea5c2b1a\u003c/code\u003e\u003c/a\u003e netty: Count sent RST_STREAMs against limit (1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/0d3e8283a8105a7bbf1bf746d96cac1e363de2e3\"\u003e\u003ccode\u003e0d3e828\u003c/code\u003e\u003c/a\u003e xds: Use a different log name for XdsClientImpl and ControlPlaneClient (1.75....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/d750e9df576a63f8b0d55eefc730282dc60f99d1\"\u003e\u003ccode\u003ed750e9d\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.1.124.Final (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/19c579e8a93cc0660df1523b5740eae9aa888a09\"\u003e\u003ccode\u003e19c579e\u003c/code\u003e\u003c/a\u003e Bump versions of dependencies (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12252\"\u003e#12252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-java/compare/v1.57.1...v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.10.3 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.0 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GizzZmo/dubbo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GizzZmo/dubbo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GizzZmo%2Fdubbo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4303858074","node_id":"PR_kwDOGUpuWs7UXLKS","number":251,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.42 to 10.1.54 in /jag-ccd-application","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T20:53:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T16:05:29.000Z","updated_at":"2026-05-18T20:53:55.000Z","time_to_close":2350104,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.42","new_version":"10.1.54","repository_url":null}],"path":"/jag-ccd-application","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.42 to 10.1.54.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.42\u0026new-version=10.1.54)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bcgov/jag-ccd/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bcgov/jag-ccd/pull/251","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgov%2Fjag-ccd/issues/251","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/251/packages"},{"uuid":"4282073476","node_id":"PR_kwDOR_UjR87TSRTX","number":45,"state":"closed","title":"deps: bump the maven-dependencies group with 6 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T21:07:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-17T10:56:52.000Z","updated_at":"2026-05-16T21:08:04.000Z","time_to_close":2542263,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: bump","group_name":"maven-dependencies","update_count":6,"packages":[{"name":"org.apache.maven:maven-model","old_version":"3.9.14","new_version":"3.9.15"},{"name":"org.eclipse.jgit:org.eclipse.jgit","old_version":"7.1.0.202411261347-r","new_version":"7.6.0.202603022253-r","repository_url":"https://github.com/eclipse-jgit/jgit"},{"name":"org.springframework.boot:spring-boot-dependencies","old_version":"3.5.6","new_version":"4.0.5","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.53","new_version":"11.0.21"},{"name":"org.apache.tomcat.embed:tomcat-embed-el","old_version":"10.1.53","new_version":"11.0.21"},{"name":"org.apache.tomcat.embed:tomcat-embed-websocket","old_version":"10.1.53","new_version":"11.0.21"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven-dependencies group with 6 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.maven:maven-model | `3.9.14` | `3.9.15` |\n| [org.eclipse.jgit:org.eclipse.jgit](https://github.com/eclipse-jgit/jgit) | `7.1.0.202411261347-r` | `7.6.0.202603022253-r` |\n| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.5.6` | `4.0.5` |\n| org.apache.tomcat.embed:tomcat-embed-core | `10.1.53` | `11.0.21` |\n| org.apache.tomcat.embed:tomcat-embed-el | `10.1.53` | `11.0.21` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `10.1.53` | `11.0.21` |\n\nUpdates `org.apache.maven:maven-model` from 3.9.14 to 3.9.15\n\nUpdates `org.eclipse.jgit:org.eclipse.jgit` from 7.1.0.202411261347-r to 7.6.0.202603022253-r\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/e1fefa5863d6380d091d04e6f0d890356a218fd6\"\u003e\u003ccode\u003ee1fefa5\u003c/code\u003e\u003c/a\u003e JGit v7.6.0.202603022253-r\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/c80ff8d4fbe67fe1adefc6e931440ef3889bef5b\"\u003e\u003ccode\u003ec80ff8d\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into stable-7.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/db7dcf9ee3851c7c34a9ccabc0866a875f3d28e6\"\u003e\u003ccode\u003edb7dcf9\u003c/code\u003e\u003c/a\u003e Add AddCommand #addFilepatterns methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/9c8ba9e35c2572efcd910ff186551b0158d8739c\"\u003e\u003ccode\u003e9c8ba9e\u003c/code\u003e\u003c/a\u003e Bazel: Pin jcl-over-slf4j to SLF4J_VERSION\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/401eeaa9a1f81e8adc4583b4de6a75a683837a92\"\u003e\u003ccode\u003e401eeaa\u003c/code\u003e\u003c/a\u003e Prepare 7.6.0-SNAPSHOT builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/cf6fdba1614fbe4e9c6edc84ea8f8439994ca72a\"\u003e\u003ccode\u003ecf6fdba\u003c/code\u003e\u003c/a\u003e JGit v7.6.0.202602242313-rc1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/99c85ebb5f19d5073f541a8a0c254c9a99b18520\"\u003e\u003ccode\u003e99c85eb\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into stable-7.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/d4ceb3f8daf02a39d109921d08f79bf98774e925\"\u003e\u003ccode\u003ed4ceb3f\u003c/code\u003e\u003c/a\u003e Support diff3 conflict style in merges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/490ed19fc73522265027ea377ff745289160d21f\"\u003e\u003ccode\u003e490ed19\u003c/code\u003e\u003c/a\u003e RebaseCommand: Honor the commit message cleanup configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/a5873fff63b9dc88e10a4178d70838fe6ef0a002\"\u003e\u003ccode\u003ea5873ff\u003c/code\u003e\u003c/a\u003e Merge \u0026quot;Refactor handlePackError method to improve readability\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eclipse-jgit/jgit/compare/v7.1.0.202411261347-r...v7.6.0.202603022253-r\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot-dependencies` from 3.5.6 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-dependencies's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.5\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest starter for Spring Integration does not include Spring Integration test module \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49784\"\u003e#49784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49782\"\u003e#49782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49753\"\u003e#49753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49749\"\u003e#49749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMetadata annotation processor ignores method-level \u003ccode\u003e@NestedConfigurationProperty\u003c/code\u003e when using constructor binding \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49738\"\u003e#49738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOverride of property in external 'application.properties' or 'application.yaml' is ignored \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49731\"\u003e#49731\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNativeImageResourceProvider does not find Flyway migration scripts in subdirectories \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49706\"\u003e#49706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e@ConditionalOnWebApplication\u003c/code\u003e to NettyReactiveWebServerAutoConfiguration \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49695\"\u003e#49695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@GraphQlTest\u003c/code\u003e does not include \u003ccode\u003e@ControllerAdvice\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49672\"\u003e#49672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect indefinite articles in Javadoc \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49727\"\u003e#49727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd some more Kotlin examples and trivial style fixes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49714\"\u003e#49714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOverhaul Spring Session documentation following modularization \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49704\"\u003e#49704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Brave 6.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49763\"\u003e#49763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Jackson 2 Bom 2.21.2 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49764\"\u003e#49764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to jOOQ 3.19.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49765\"\u003e#49765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Netty 4.2.12.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49794\"\u003e#49794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Tomcat 11.0.20 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49767\"\u003e#49767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Zipkin Reporter 3.5.3 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49762\"\u003e#49762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Joowon-Seo\"\u003e\u003ccode\u003e@​Joowon-Seo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/deejay1\"\u003e\u003ccode\u003e@​deejay1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dlwldnjs1009\"\u003e\u003ccode\u003e@​dlwldnjs1009\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kwondh5217\"\u003e\u003ccode\u003e@​kwondh5217\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ljrmorgan\"\u003e\u003ccode\u003e@​ljrmorgan\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003e:warning: Attention Required\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49453\"\u003e#49453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49389\"\u003e#49389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49383\"\u003e#49383\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe default value for \u003ccode\u003eserver.tomcat.max-part-count\u003c/code\u003e has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49311\"\u003e#49311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEndpointRequest request matcher for health groups is too complex \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49649\"\u003e#49649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u0026quot;/cloudfoundryapplication\u0026quot; web path is not limited to Actuator \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49646\"\u003e#49646\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix EndpointRequest.toLinks() when base-path is '/' \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49617\"\u003e#49617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49596\"\u003e#49596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRSocket exposes duplicate endpoint for websocket setups \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49593\"\u003e#49593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFailure analysis for a missing mail sender is misleading \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49582\"\u003e#49582\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/fe74b311f4b2846848e678eaf7b3c6203ddae930\"\u003e\u003ccode\u003efe74b31\u003c/code\u003e\u003c/a\u003e Release v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e1d6e5a7098d1e5d3403fb58387622b65d8e825f\"\u003e\u003ccode\u003ee1d6e5a\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/6c9e52a1745d255e096d1334593636d005f68143\"\u003e\u003ccode\u003e6c9e52a\u003c/code\u003e\u003c/a\u003e Next development version (v3.5.14-SNAPSHOT)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/a413e9545fd1efe9a9548ec70c86f87559c907f1\"\u003e\u003ccode\u003ea413e95\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.2.12.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/c1694b50c29e37a162a3d9ad43f4e4b434698247\"\u003e\u003ccode\u003ec1694b5\u003c/code\u003e\u003c/a\u003e Add missing Spring Integration test module to the relevant starter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/51ffdc6cd319fd70f8200ffd69dff0f79c3dfdb7\"\u003e\u003ccode\u003e51ffdc6\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/696a60e8fd2ce2bff1cf96c2706a97cf64b49a76\"\u003e\u003ccode\u003e696a60e\u003c/code\u003e\u003c/a\u003e Full auto-configure transaction management in slice tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/ba70d41a998c8e77d185dd1d7e4ace80ed8cd7e2\"\u003e\u003ccode\u003eba70d41\u003c/code\u003e\u003c/a\u003e Upgrade to Tomcat 11.0.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/fd94ca0a0baab48a055b3dfe8fd4d09daec766b9\"\u003e\u003ccode\u003efd94ca0\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.2.11.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7e6833bc9c5b73bba6920cead989e28d64f982ff\"\u003e\u003ccode\u003e7e6833b\u003c/code\u003e\u003c/a\u003e Upgrade to jOOQ 3.19.31\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.5.6...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-el` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-el` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 10.1.53 to 11.0.21\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jka2498/bom-migrate/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jka2498%2Fbom-migrate/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"},{"uuid":"4257377747","node_id":"PR_kwDOK8Zc3s7SF8VK","number":9,"state":"open","title":"Bump the maven group across 4 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-13T19:30:29.000Z","updated_at":"2026-05-05T02:03:13.541Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":18,"packages":[{"name":"org.apache.activemq:activemq-all","old_version":"5.15.8","new_version":"5.19.2","repository_url":"https://github.com/apache/activemq"},{"name":"org.wso2.carbon.mediation:org.wso2.carbon.localentry","old_version":"4.7.46","new_version":"4.7.259"},{"name":"commons-io:commons-io","old_version":"2.2","new_version":"2.14.0"},{"name":"org.opensaml:opensaml","old_version":"2.2.3","new_version":"2.6.5"},{"name":"org.springframework:spring-context","old_version":"4.1.5.RELEASE","new_version":"6.1.20","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.85","new_version":"9.0.117"},{"name":"org.json:json","old_version":"20080701","new_version":"20231013","repository_url":"https://github.com/douglascrockford/JSON-java"},{"name":"io.netty:netty-common","old_version":"4.1.11.Final","new_version":"4.1.118.Final","repository_url":"https://github.com/netty/netty"},{"name":"org.apache.commons:commons-lang3","old_version":"3.1","new_version":"3.18.0"},{"name":"org.owasp.esapi:esapi","old_version":"2.0.1","new_version":"2.6.0.0","repository_url":"https://github.com/ESAPI/esapi-java-legacy"},{"name":"commons-fileupload:commons-fileupload","old_version":"1.3.2","new_version":"1.6.0"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [org.apache.activemq:activemq-all](https://github.com/apache/activemq) | `5.15.8` | `5.19.2` |\n| org.wso2.carbon.mediation:org.wso2.carbon.localentry | `4.7.46` | `4.7.259` |\n| commons-io:commons-io | `2.2` | `2.14.0` |\n| org.opensaml:opensaml | `2.2.3` | `2.6.5` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.1.5.RELEASE` | `6.1.20` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.85` | `9.0.117` |\n| [org.json:json](https://github.com/douglascrockford/JSON-java) | `20080701` | `20231013` |\n| [io.netty:netty-common](https://github.com/netty/netty) | `4.1.11.Final` | `4.1.118.Final` |\n| org.apache.commons:commons-lang3 | `3.1` | `3.18.0` |\n| [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) | `2.0.1` | `2.6.0.0` |\n| commons-fileupload:commons-fileupload | `1.3.2` | `1.6.0` |\n\nBumps the maven group with 1 update in the /integration/automation-extensions directory: org.apache.commons:commons-lang3.\nBumps the maven group with 2 updates in the /p2-profile/analytics-profile directory: org.apache.commons:commons-lang3 and commons-fileupload:commons-fileupload.\nBumps the maven group with 3 updates in the /product-scenarios directory: org.apache.activemq:activemq-client, org.apache.commons:commons-lang3 and org.apache.axis2:axis2.\n\nUpdates `org.apache.activemq:activemq-all` from 5.15.8 to 5.19.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c0ba134bd07f5c15f04f9b7cb7a6a1b021ef3882\"\u003e\u003ccode\u003ec0ba134\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release activemq-5.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/b8b6125d64b9902c616a90b12765f1da35225ae4\"\u003e\u003ccode\u003eb8b6125\u003c/code\u003e\u003c/a\u003e Upgrade to log4j 2.25.3 and slf4j 2.0.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/2962323277ab07286c4dd84084d2e26c9c68b081\"\u003e\u003ccode\u003e2962323\u003c/code\u003e\u003c/a\u003e Bump org.apache.commons:commons-pool2 from 2.12.1 to 2.13.1 (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1605\"\u003e#1605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/13360632df6e55c422e21c14fcc7cada0b1abf46\"\u003e\u003ccode\u003e1336063\u003c/code\u003e\u003c/a\u003e [AMQ-9815] Add additional attributes to ConnectorView (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1556\"\u003e#1556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/120aa34113b26c1aacac6461b798caa8b6048a08\"\u003e\u003ccode\u003e120aa34\u003c/code\u003e\u003c/a\u003e AMQ-9824 - Cleanup code in KahaDB classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/4f3bafbcb76f86fc89bf3a172044ccea602a27e6\"\u003e\u003ccode\u003e4f3bafb\u003c/code\u003e\u003c/a\u003e AMQ-9823 - properly clear ack set from ackAndPreparedMap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/7b71fc6289e6f26c200988df3cf9c0f5093dadf8\"\u003e\u003ccode\u003e7b71fc6\u003c/code\u003e\u003c/a\u003e AMQ-9819 - Rework Rest test fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/009b4f3cbb1469389497ab6ffe2df68ce897dd2c\"\u003e\u003ccode\u003e009b4f3\u003c/code\u003e\u003c/a\u003e [AMQ-9819]: harden #testConsumeAsyncTimeout() so it does not rely on a specif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c2dced4b307ca74f0784339a106261d0469be2b0\"\u003e\u003ccode\u003ec2dced4\u003c/code\u003e\u003c/a\u003e [AMQ-9820]: closed connections leaking into the pool when reconnectOnExceptio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/733257f23cdfdcc199e71ff3fc4670f2a56876a2\"\u003e\u003ccode\u003e733257f\u003c/code\u003e\u003c/a\u003e AMQ-9813 - Minor updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/activemq/compare/activemq-5.15.8...activemq-5.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.activemq:activemq-broker` from 5.15.8 to 5.19.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c0ba134bd07f5c15f04f9b7cb7a6a1b021ef3882\"\u003e\u003ccode\u003ec0ba134\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release activemq-5.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/b8b6125d64b9902c616a90b12765f1da35225ae4\"\u003e\u003ccode\u003eb8b6125\u003c/code\u003e\u003c/a\u003e Upgrade to log4j 2.25.3 and slf4j 2.0.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/2962323277ab07286c4dd84084d2e26c9c68b081\"\u003e\u003ccode\u003e2962323\u003c/code\u003e\u003c/a\u003e Bump org.apache.commons:commons-pool2 from 2.12.1 to 2.13.1 (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1605\"\u003e#1605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/13360632df6e55c422e21c14fcc7cada0b1abf46\"\u003e\u003ccode\u003e1336063\u003c/code\u003e\u003c/a\u003e [AMQ-9815] Add additional attributes to ConnectorView (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1556\"\u003e#1556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/120aa34113b26c1aacac6461b798caa8b6048a08\"\u003e\u003ccode\u003e120aa34\u003c/code\u003e\u003c/a\u003e AMQ-9824 - Cleanup code in KahaDB classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/4f3bafbcb76f86fc89bf3a172044ccea602a27e6\"\u003e\u003ccode\u003e4f3bafb\u003c/code\u003e\u003c/a\u003e AMQ-9823 - properly clear ack set from ackAndPreparedMap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/7b71fc6289e6f26c200988df3cf9c0f5093dadf8\"\u003e\u003ccode\u003e7b71fc6\u003c/code\u003e\u003c/a\u003e AMQ-9819 - Rework Rest test fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/009b4f3cbb1469389497ab6ffe2df68ce897dd2c\"\u003e\u003ccode\u003e009b4f3\u003c/code\u003e\u003c/a\u003e [AMQ-9819]: harden #testConsumeAsyncTimeout() so it does not rely on a specif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c2dced4b307ca74f0784339a106261d0469be2b0\"\u003e\u003ccode\u003ec2dced4\u003c/code\u003e\u003c/a\u003e [AMQ-9820]: closed connections leaking into the pool when reconnectOnExceptio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/733257f23cdfdcc199e71ff3fc4670f2a56876a2\"\u003e\u003ccode\u003e733257f\u003c/code\u003e\u003c/a\u003e AMQ-9813 - Minor updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/activemq/compare/activemq-5.15.8...activemq-5.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.activemq:activemq-client` from 5.15.8 to 5.19.2\n\nUpdates `org.wso2.carbon.mediation:org.wso2.carbon.localentry` from 4.7.46 to 4.7.259\n\nUpdates `commons-io:commons-io` from 2.2 to 2.14.0\n\nUpdates `org.opensaml:opensaml` from 2.2.3 to 2.6.5\n\nUpdates `org.springframework:spring-context` from 4.1.5.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.1.5.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 4.1.5.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.1.5.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 7.0.85 to 9.0.117\n\nUpdates `org.json:json` from 20080701 to 20231013\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/douglascrockford/JSON-java/releases\"\u003eorg.json:json's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e20231013\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eReverted \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eupdate the docs for release 20231013\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eoptLong vs getLong inconsistencies\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/782\"\u003e#782\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eadd validity check for JSONObject constructors\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/776\"\u003e#776\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate [JUnit to version 4.13.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/774\"\u003e#774\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRemoving unneeded synchronization\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/773\"\u003e#773\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd optJSONArray method to JSONObject with a default value\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/772\"\u003e#772\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eDisallow nested objects and arrays as keys in objects\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUnit test cleanup\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/769\"\u003e#769\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAddressed Java 17 compile warnings\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/764\"\u003e#764\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate CodeQL action version\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd module-info\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/759\"\u003e#759\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSON parsing should detect embedded \u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/753\"\u003e#753\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdated new object methods\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/752\"\u003e#752\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFixes possible unit test bug when compiling/testing on Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230618\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/749\"\u003e#749\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/749\"\u003ePrep for release 20230618\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/740\"\u003e#740\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/734\"\u003e#734\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/733\"\u003e#733\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/733\"\u003eJSONTokener implemented java.io.Closeable\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/731\"\u003e#731\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/731\"\u003eRemoving commented out code in JSONObject optDouble()\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/729\"\u003e#729\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/729\"\u003eRefactor ParserConfiguration class hierarchy\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230227\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/723\"\u003e#723\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eProtect JSONML from stack overflow exceptions caused by recursion\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/720\"\u003e#720\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eLimit the XML nesting depth for CVE-2022-45688\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/711\"\u003e#711\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRevert pull 707 - interviewbit spam\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/704\"\u003e#704\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eMove javadoc comments above the interface definition to make it visible\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/703\"\u003e#703\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate Releases.md for JSONObject(Map): Throws NPE if key is null\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/696\"\u003e#696\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate JSONPointerTest for NonDex compatibility\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/694\"\u003e#694\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePretty print XML\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/692\"\u003e#692\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eExample.md syntax highlight and indentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/691\"\u003e#691\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eCreate unit tests for various number formats\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20220924\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/688\"\u003e#688\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate copyright to Public Domain\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/687\"\u003e#687\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix a typo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/685\"\u003e#685\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSONObject map type unit tests\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md\"\u003eorg.json:json's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e20231013    First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.\u003c/p\u003e\n\u003cp\u003e20230618    Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.\u003c/p\u003e\n\u003cp\u003e20230227    Fix for CVE-2022-45688 and recent commits\u003c/p\u003e\n\u003cp\u003e20220924    New License - public domain, and some minor updates\u003c/p\u003e\n\u003cp\u003e20220320    Wrap StackOverflow with JSONException\u003c/p\u003e\n\u003cp\u003e20211205    Recent commits and some bug fixes for similar()\u003c/p\u003e\n\u003cp\u003e20210307    Recent commits and potentially breaking fix to JSONPointer\u003c/p\u003e\n\u003cp\u003e20201115    Recent commits and first release after project structure change\u003c/p\u003e\n\u003cp\u003e20200518    Recent commits and snapshot before project structure change\u003c/p\u003e\n\u003cp\u003e20190722    Recent commits\u003c/p\u003e\n\u003cp\u003e20180813    POM change to include Automatic-Module-Name (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/431\"\u003e#431\u003c/a\u003e)\nJSONObject(Map) now throws an exception if any of a map keys are null (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/405\"\u003e#405\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e20180130    Recent commits\u003c/p\u003e\n\u003cp\u003e20171018    Checkpoint for recent commits.\u003c/p\u003e\n\u003cp\u003e20170516    Roll up recent commits.\u003c/p\u003e\n\u003cp\u003e20160810    Revert code that was breaking opt*() methods.\u003c/p\u003e\n\u003cp\u003e20160807    This release contains a bug in the JSONObject.opt*() and JSONArray.opt*() methods,\nit is not recommended for use.\nJava 1.6 compatability fixed, JSONArray.toList() and JSONObject.toMap(),\nRFC4180 compatibility, JSONPointer, some exception fixes, optional XML type conversion.\nContains the latest code as of 7 Aug 2016\u003c/p\u003e\n\u003cp\u003e20160212    Java 1.6 compatibility, OSGi bundle. Contains the latest code as of 12 Feb 2016.\u003c/p\u003e\n\u003cp\u003e20151123    JSONObject and JSONArray initialization with generics. Contains the latest code as of 23 Nov 2015.\u003c/p\u003e\n\u003cp\u003e20150729    Checkpoint for Maven central repository release. Contains the latest code\nas of 29 July 2015.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/douglascrockford/JSON-java/commits/20231013\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-common` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-handler` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-codec` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-codec-http` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.owasp.esapi:esapi` from 2.0.1 to 2.6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/releases\"\u003eorg.owasp.esapi:esapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.0.0\u003c/h2\u003e\n\u003ch2\u003eFull Release Notes\u003c/h2\u003e\n\u003cp\u003eRelease notes for ESAPI release 2.6.0.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.6.0.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.6.0.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreparation for ESAPI release 2.6.0.0 by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/860\"\u003eESAPI/esapi-java-legacy#860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.5.0...esapi-2.6.0.0\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.5.0...esapi-2.6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eConfiguration Jar\u003c/h2\u003e\n\u003cp\u003eNote the associated file \u0026quot;\u003cstrong\u003eesapi-2.6.0.0-configuration.jar\u003c/strong\u003e\u0026quot; contains the default ESAPI configuration\nfiles under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file\n\u0026quot;\u003cstrong\u003eesapi-2.6.0.0-configuration.jar.asc\u0026quot;\u003c/strong\u003e is a GPG signature of that jar file made by Kevin W. Wall.\u003c/p\u003e\n\u003ch2\u003e2.5.5.0\u003c/h2\u003e\n\u003ch2\u003eFull Release Notes\u003c/h2\u003e\n\u003cp\u003eRelease notes for ESAPI release 2.5.5.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.5.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.5.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePom updates to address issue \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/847\"\u003e#847\u003c/a\u003e by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/848\"\u003eESAPI/esapi-java-legacy#848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate the logging properties to opt-out of the prefix events \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/844\"\u003e#844\u003c/a\u003e by \u003ca href=\"https://github.com/mickeyz07\"\u003e\u003ccode\u003e@​mickeyz07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/845\"\u003eESAPI/esapi-java-legacy#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Typos by \u003ca href=\"https://github.com/DarioViva42\"\u003e\u003ccode\u003e@​DarioViva42\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/852\"\u003eESAPI/esapi-java-legacy#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation by \u003ca href=\"https://github.com/DebajitKumarPhukan\"\u003e\u003ccode\u003e@​DebajitKumarPhukan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/853\"\u003eESAPI/esapi-java-legacy#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease prep 2.5.5.0 by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/856\"\u003eESAPI/esapi-java-legacy#856\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickeyz07\"\u003e\u003ccode\u003e@​mickeyz07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/845\"\u003eESAPI/esapi-java-legacy#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DarioViva42\"\u003e\u003ccode\u003e@​DarioViva42\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/852\"\u003eESAPI/esapi-java-legacy#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DebajitKumarPhukan\"\u003e\u003ccode\u003e@​DebajitKumarPhukan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/853\"\u003eESAPI/esapi-java-legacy#853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.4.0...esapi-2.5.5.0\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.4.0...esapi-2.5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eConfiguration Jar\u003c/h2\u003e\n\u003cp\u003eNote the associated file \u0026quot;esapi-2.5.5.0-configuration.jar\u0026quot; contains the default ESAPI configuration\nfiles under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file\n\u0026quot;esapi-2.5.5.0-configuration.jar.asc\u0026quot; is a GPG signature of that jar file made by Kevin W. Wall.\u003c/p\u003e\n\u003ch2\u003e2.5.4.0\u003c/h2\u003e\n\u003ch1\u003eFull release notes\u003c/h1\u003e\n\u003cp\u003eFull release notes for ESAPI release 2.5.4.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.4.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.4.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt contains important details, which you need to read as you \u003cstrong\u003eMUST\u003c/strong\u003e remove (or rename) 'esapi-java-logging.properties' if you are using ESAPI's default logging, which is JUL. Otherwise ESAPI will throw a \u003ccode\u003eConfigurationException\u003c/code\u003e (which may appear as a \u003ccode\u003ejava.lang.ExceptionInInitializerError\u003c/code\u003e or as a \u003ccode\u003ejava.lang.NoClassDefFoundError\u003c/code\u003e, depending on circumstances). Please refer to the \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/wiki/Configuring-the-JavaLogFactory\"\u003e\u0026quot;Configuring the JavaLogFactory\u0026quot; wiki page\u003c/a\u003e for additional details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eYOU HAVE BEEN WARNED!!!\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/dcde6c2362654b6f4af2b7daa96ef44c16c5763d\"\u003e\u003ccode\u003edcde6c2\u003c/code\u003e\u003c/a\u003e A few minor documentation fixes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/5a10f77aedd790dd8ae828f090807d1ee32f11f0\"\u003e\u003ccode\u003e5a10f77\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Minor change to release steps document.\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/8b9f8f191125a19f4d258c03ec56b93ef5b54d6e\"\u003e\u003ccode\u003e8b9f8f1\u003c/code\u003e\u003c/a\u003e Minor change to release steps document.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/4698c43f469a08d1a2377b164822582aefd701af\"\u003e\u003ccode\u003e4698c43\u003c/code\u003e\u003c/a\u003e Bump release to new official release number.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/f185e5bd75270ad6f7eb54c22ef8a0fdfa0a83e7\"\u003e\u003ccode\u003ef185e5b\u003c/code\u003e\u003c/a\u003e Preparation for ESAPI release 2.6.0.0 (\u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/0b0f86cc220482987d56f0d5fd1cfc13ae7ebceb\"\u003e\u003ccode\u003e0b0f86c\u003c/code\u003e\u003c/a\u003e Update SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/4879a085034e6cf4068ef5117d933d80a1fa34b3\"\u003e\u003ccode\u003e4879a08\u003c/code\u003e\u003c/a\u003e Modifying pom.xml for next planned release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/3f2ff053269572dceef78bdefe3b8c3ecfd83076\"\u003e\u003ccode\u003e3f2ff05\u003c/code\u003e\u003c/a\u003e Fix release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/19b739a02962ae0a1e7f3a7ec3411c55e7ebf071\"\u003e\u003ccode\u003e19b739a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/856\"\u003e#856\u003c/a\u003e from kwwall/release-prep-2.5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/a160de070ad02b5308ae27d2f3d638d92fd4c2d3\"\u003e\u003ccode\u003ea160de0\u003c/code\u003e\u003c/a\u003e Update section on commit / PR history.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.0.1...esapi-2.6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-fileupload:commons-fileupload` from 1.3.2 to 1.6.0\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.apache.commons:commons-lang3` from 3.3.2 to 3.18.0\n\nUpdates `commons-fileupload:commons-fileupload` from 1.3.2 to 1.6.0\n\nUpdates `org.apache.activemq:activemq-client` from 5.15.8 to 5.19.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.apache.axis2:axis2` from 1.6.2 to 1.8.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jadenblack/product-ei/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jadenblack/product-ei/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jadenblack%2Fproduct-ei/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4245943109","node_id":"PR_kwDOMPF9kM7RteFB","number":59,"state":"open","title":"Bump the maven group across 12 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-11T22:45:26.000Z","updated_at":"2026-04-11T22:45:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":10,"packages":[{"name":"org.apache.hadoop:hadoop-common","old_version":"2.6.4","new_version":"3.4.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.1.2","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"ch.qos.logback:logback-core","old_version":"1.1.3","new_version":"1.5.25","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.elasticsearch:elasticsearch","old_version":"2.4.0","new_version":"8.19.8","repository_url":"https://github.com/elastic/elasticsearch"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.7","new_version":"2.25.4"},{"name":"org.hsqldb:hsqldb","old_version":"2.3.3","new_version":"2.7.1"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.7.1","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"},{"name":"org.postgresql:postgresql","old_version":"9.4.1212.jre7","new_version":"42.2.28.jre7","repository_url":"https://github.com/pgjdbc/pgjdbc"},{"name":"org.json:json","old_version":"20160212","new_version":"20231013","repository_url":"https://github.com/douglascrockford/JSON-java"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.0.28","new_version":"9.0.117"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.hadoop:hadoop-common | `2.6.4` | `3.4.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.1.2` | `1.2.13` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.1.3` | `1.5.25` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.0` | `8.19.8` |\n| org.apache.logging.log4j:log4j-core | `2.7` | `2.25.4` |\n| org.hsqldb:hsqldb | `2.3.3` | `2.7.1` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.7.1` | `1.1.10.4` |\n| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `9.4.1212.jre7` | `42.2.28.jre7` |\n| [org.json:json](https://github.com/douglascrockford/JSON-java) | `20160212` | `20231013` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.0.28` | `9.0.117` |\n\nBumps the maven group with 1 update in the /accumulo1.9 directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 2 updates in the /arangodb directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [ch.qos.logback:logback-core](https://github.com/qos-ch/logback).\nBumps the maven group with 1 update in the /elasticsearch directory: [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch).\nBumps the maven group with 1 update in the /elasticsearch5 directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /ignite directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /jdbc directory: org.hsqldb:hsqldb.\nBumps the maven group with 2 updates in the /mongodb directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java).\nBumps the maven group with 1 update in the /postgrenosql directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).\nBumps the maven group with 1 update in the /rados directory: [org.json:json](https://github.com/douglascrockford/JSON-java).\nBumps the maven group with 1 update in the /rest directory: org.apache.tomcat.embed:tomcat-embed-core.\nBumps the maven group with 1 update in the /voltdb directory: org.apache.logging.log4j:log4j-core.\n\nUpdates `org.apache.hadoop:hadoop-common` from 2.6.4 to 3.4.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.2 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.1.3 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.0 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.0...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.7 to 2.25.4\n\nUpdates `org.hsqldb:hsqldb` from 2.3.3 to 2.7.1\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.7.1 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.10.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🐛 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix the \u003ccode\u003eGLIBC_2.32 not found\u003c/code\u003e issue of \u003ccode\u003elibsnappyjava.so\u003c/code\u003e in certain Linux distributions on s390x by \u003ca href=\"https://github.com/kun-lu20\"\u003e\u003ccode\u003e@​kun-lu20\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/481\"\u003exerial/snappy-java#481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.10 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/480\"\u003exerial/snappy-java#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/482\"\u003exerial/snappy-java#482\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kun-lu20\"\u003e\u003ccode\u003e@​kun-lu20\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/481\"\u003exerial/snappy-java#481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/1.1.7.1...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.postgresql:postgresql` from 9.4.1212.jre7 to 42.2.28.jre7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pgjdbc/pgjdbc/releases\"\u003eorg.postgresql:postgresql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev42.2.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackpatch changes for 42.5.1 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2673\"\u003epgjdbc/pgjdbc#2673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.26...REL42.2.27\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.26...REL42.2.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprepare for next release 42.2.26 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2437\"\u003epgjdbc/pgjdbc#2437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch changes for 42.2.25 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2581\"\u003epgjdbc/pgjdbc#2581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.25...REL42.2.26\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.25...REL42.2.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2267\"\u003e#2267\u003c/a\u003e, version 14 returns UNDEFINED FUNCTION for testInvokeFunctionHavingReturnParameter, also add v13, and v14 to Server versions by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2268\"\u003epgjdbc/pgjdbc#2268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix checkstyle and javadoc issues by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2434\"\u003epgjdbc/pgjdbc#2434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eincrement version to 42.2.25 for new release by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2436\"\u003epgjdbc/pgjdbc#2436\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.24...REL42.2.25\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.24...REL42.2.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backpatch PR#2217 handle OIDs \u0026gt;= 2**31 to fix issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2215\"\u003e#2215\u003c/a\u003e.  by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2218\"\u003epgjdbc/pgjdbc#2218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: NPE calling getTypeInfo when alias is null by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2220\"\u003epgjdbc/pgjdbc#2220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix updateable result set when there are primary keys and unique keys by \u003ca href=\"https://github.com/chalmagr\"\u003e\u003ccode\u003e@​chalmagr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2228\"\u003epgjdbc/pgjdbc#2228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove old changelog information from post. Incorrectly added by development script that is clearly still in development [SKIP-CI] by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2240\"\u003epgjdbc/pgjdbc#2240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebackpatch pr#2245 fixes case where duplicate tables are returned if there are duplicate descriptions oids are not guaranteed to be unique in the catalog by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2248\"\u003epgjdbc/pgjdbc#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatching \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2251\"\u003e#2251\u003c/a\u003e into 42.2 Clean up open connections to fix test failures on omni and appveyor  by \u003ca href=\"https://github.com/sehrope\"\u003e\u003ccode\u003e@​sehrope\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2252\"\u003epgjdbc/pgjdbc#2252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch PR 2242 into 42.2: PgDatabaseMetaData.getIndexInfo() cast operands to smallint by \u003ca href=\"https://github.com/jsyrjala\"\u003e\u003ccode\u003e@​jsyrjala\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2253\"\u003epgjdbc/pgjdbc#2253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebackpatch PR#2247 fix: handle ParameterStatus messages in QueryExecutorImpl.receiveFastpathResult by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2249\"\u003epgjdbc/pgjdbc#2249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport PR2148 into 42.2.x Avoid leaking server error details through BatchUpdateException when logServerErrorDetail=false by \u003ca href=\"https://github.com/jp7677\"\u003e\u003ccode\u003e@​jp7677\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2254\"\u003epgjdbc/pgjdbc#2254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix startup regressions caused by PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/1949\"\u003e#1949\u003c/a\u003e. Instead of checking all types by OID, we can return types for well known types by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2257\"\u003epgjdbc/pgjdbc#2257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChangelog 42.2.24 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2258\"\u003epgjdbc/pgjdbc#2258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalmagr\"\u003e\u003ccode\u003e@​chalmagr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2228\"\u003epgjdbc/pgjdbc#2228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jp7677\"\u003e\u003ccode\u003e@​jp7677\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2254\"\u003epgjdbc/pgjdbc#2254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.2.24\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.2.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etest: Regenerate TLS certs with new expirations by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2201\"\u003epgjdbc/pgjdbc#2201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch fixupdateable  by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2200\"\u003epgjdbc/pgjdbc#2200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eback patch fixing refreshRow makes resultset readonly fixes Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2193\"\u003e#2193\u003c/a\u003e by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2202\"\u003epgjdbc/pgjdbc#2202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix getColumnPrecision for Numeric when scale and precision not specified fixes: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2188\"\u003e#2188\u003c/a\u003e by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2203\"\u003epgjdbc/pgjdbc#2203\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md\"\u003eorg.postgresql:postgresql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eNotable changes since version 42.0.0, read the complete \u003ca href=\"https://jdbc.postgresql.org/documentation/changelog.html\"\u003eHistory of Changes\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003e[42.7.10] (2026-02-11)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Migrate to Shadow 9 \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3931\"\u003ePR 3931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: fix empty line before javadoc for checkstyle compliance [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3925\"\u003e#3925\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3925\"\u003epgjdbc/pgjdbc#3925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estyle: fix lambda argument indentation for checkstyle compliance [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3922\"\u003e#3922\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3922\"\u003epgjdbc/pgjdbc#3922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etest: add autosave=always|never|conservative and cleanupSavepoints=true|false to the randomized CI jobs [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3917\"\u003e#3917\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3917\"\u003epgjdbc/pgjdbc#3917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: non-standard strings failing test for version 19 [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3934\"\u003e#3934\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3934\"\u003epgjdbc/pgjdbc#3934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: small issues in ConnectionFactoryImpl [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3929\"\u003e#3929\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3929\"\u003epgjdbc/pgjdbc#3929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: process pending responses before fastpath to avoid protocol errors \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3913\"\u003ePR # 3913\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: use.md, fix typos [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3911\"\u003e#3911\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3911\"\u003epgjdbc/pgjdbc#3911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edoc: datasource.md, fix minor formatting issue [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3912\"\u003e#3912\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3912\"\u003epgjdbc/pgjdbc#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edoc: add the new PGP signing key to the official documentation [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3912\"\u003e#3912\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3813\"\u003epgjdbc/pgjdbc#3813\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverted\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: make all Calendar instances proleptic Gregorian (\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3837\"\u003e#3837\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3887\"\u003e#3887\u003c/a\u003e)\u0026quot; [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3932\"\u003e#3932\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3932\"\u003epgjdbc/pgjdbc#3932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[42.7.9] (2026-01-14)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: query timeout property [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3705\"\u003e#3705\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3705\"\u003epgjdbc/pgjdbc#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: Add PEMKeyManager to handle PEM based certs and keys [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3700\"\u003e#3700\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3700\"\u003epgjdbc/pgjdbc#3700\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eperf: optimize PGInterval.getValue() by replacing String.format with StringBuilder\u003c/li\u003e\n\u003cli\u003edoc: update property quoteReturningIdentifiers default value [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3847\"\u003e#3847\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3847\"\u003epgjdbc/pgjdbc#3847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: incorrect pg_stat_replication.reply_time calculation [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3906\"\u003e#3906\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3906\"\u003epgjdbc/pgjdbc#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob\u003c/li\u003e\n\u003cli\u003efix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3897\"\u003e#3897\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3897\"\u003epgjdbc/pgjdbc#3897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: make all Calendar instances proleptic Gregorian [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3837\"\u003e#3837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3887\"\u003epgjdbc/pgjdbc#3887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3897\"\u003e#3897\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3849\"\u003epgjdbc/pgjdbc#3849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: avoid memory leaks in Java \u0026lt;= 21 caused by Thread.inheritedAccessControlContext [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3886\"\u003e#3886\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3886\"\u003epgjdbc/pgjdbc#3886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3784\"\u003e#3784\u003c/a\u003e pgjdbc can't decode numeric arrays containing special numbers like NaN [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3838\"\u003e#3838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3838\"\u003epgjdbc/pgjdbc#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use ssl_is_used() to check for ssl connection [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3867\"\u003e#3867\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3867\"\u003epgjdbc/pgjdbc#3867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: the classloader is nullable [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3907\"\u003e#3907\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3907\"\u003epgjdbc/pgjdbc#3907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[42.7.8] (2025-09-18)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pgjdbc/pgjdbc/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.json:json` from 20160212 to 20231013\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/douglascrockford/JSON-java/releases\"\u003eorg.json:json's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e20231013\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eReverted \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eupdate the docs for release 20231013\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eoptLong vs getLong inconsistencies\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/782\"\u003e#782\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eadd validity check for JSONObject constructors\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/776\"\u003e#776\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate [JUnit to version 4.13.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/774\"\u003e#774\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRemoving unneeded synchronization\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/773\"\u003e#773\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd optJSONArray method to JSONObject with a default value\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/772\"\u003e#772\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eDisallow nested objects and arrays as keys in objects\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUnit test cleanup\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/769\"\u003e#769\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAddressed Java 17 compile warnings\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/764\"\u003e#764\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate CodeQL action version\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd module-info\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/759\"\u003e#759\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSON parsing should detect embedded \u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/753\"\u003e#753\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdated new object methods\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/752\"\u003e#752\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFixes possible unit test bug when compiling/testing on Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230618\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/749\"\u003e#749\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/749\"\u003ePrep for release 20230618\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/740\"\u003e#740\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/734\"\u003e#734\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/733\"\u003e#733\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/733\"\u003eJSONTokener implemented java.io.Closeable\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/731\"\u003e#731\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/731\"\u003eRemoving commented out code in JSONObject optDouble()\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/729\"\u003e#729\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/729\"\u003eRefactor ParserConfiguration class hierarchy\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230227\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/723\"\u003e#723\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eProtect JSONML from stack overflow exceptions caused by recursion\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/720\"\u003e#720\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eLimit the XML nesting depth for CVE-2022-45688\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/711\"\u003e#711\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRevert pull 707 - interviewbit spam\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/704\"\u003e#704\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eMove javadoc comments above the interface definition to make it visible\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/703\"\u003e#703\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate Releases.md for JSONObject(Map): Throws NPE if key is null\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/696\"\u003e#696\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate JSONPointerTest for NonDex compatibility\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/694\"\u003e#694\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePretty print XML\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/692\"\u003e#692\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eExample.md syntax highlight and indentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/691\"\u003e#691\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eCreate unit tests for various number formats\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20220924\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/688\"\u003e#688\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate copyright to Public Domain\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/687\"\u003e#687\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix a typo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/685\"\u003e#685\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSONObject map type unit tests\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md\"\u003eorg.json:json's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e20231013    First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.\u003c/p\u003e\n\u003cp\u003e20230618    Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.\u003c/p\u003e\n\u003cp\u003e20230227    Fix for CVE-2022-45688 and recent commits\u003c/p\u003e\n\u003cp\u003e20220924    New License - public domain, and some minor updates\u003c/p\u003e\n\u003cp\u003e20220320    Wrap StackOverflow with JSONException\u003c/p\u003e\n\u003cp\u003e20211205    Recent commits and some bug fixes for similar()\u003c/p\u003e\n\u003cp\u003e20210307    Recent commits and potentially breaking fix to JSONPointer\u003c/p\u003e\n\u003cp\u003e20201115    Recent commits and first release after project structure change\u003c/p\u003e\n\u003cp\u003e20200518    Recent commits and snapshot before project structure change\u003c/p\u003e\n\u003cp\u003e20190722    Recent commits\u003c/p\u003e\n\u003cp\u003e20180813    POM change to include Automatic-Module-Name (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/431\"\u003e#431\u003c/a\u003e)\nJSONObject(Map) now throws an exception if any of a map keys are null (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/405\"\u003e#405\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e20180130    Recent commits\u003c/p\u003e\n\u003cp\u003e20171018    Checkpoint for recent commits.\u003c/p\u003e\n\u003cp\u003e20170516    Roll up recent commits.\u003c/p\u003e\n\u003cp\u003e20160810    Revert code that was breaking opt*() methods.\u003c/p\u003e\n\u003cp\u003e20160807    This release contains a bug in the JSONObject.opt*() and JSONArray.opt*() methods,\nit is not recommended for use.\nJava 1.6 compatability fixed, JSONArray.toList() and JSONObject.toMap(),\nRFC4180 compatibility, JSONPointer, some exception fixes, optional XML type conversion.\nContains the latest code as of 7 Aug 2016\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/f346203cd663bb680cad0d5894e7c147e36f31cd\"\u003e\u003ccode\u003ef346203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e from stleary/revert-761\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/b180dbedbc99bb177e5b277f1bff2a1b79cebda6\"\u003e\u003ccode\u003eb180dbe\u003c/code\u003e\u003c/a\u003e Reverting \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/cca6d1020f484337b8ea161ba7f930e3f5471365\"\u003e\u003ccode\u003ecca6d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e from stleary/pre-release-20231013\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/af5f780d5bda393ae0f609ca2504a16a808e86de\"\u003e\u003ccode\u003eaf5f780\u003c/code\u003e\u003c/a\u003e update the docs for release 20231013\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/495cec903755953884377cff81181820414d7bbb\"\u003e\u003ccode\u003e495cec9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e from rudrajyotib/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/56cb5f84c4befe039f32baf5af9541c265f095a1\"\u003e\u003ccode\u003e56cb5f8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/653\"\u003e#653\u003c/a\u003e - review comments updated.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/0cdc38ac24169f9515d929f9813c83bfbf55da83\"\u003e\u003ccode\u003e0cdc38a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/653\"\u003e#653\u003c/a\u003e - review comments updated.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/d5277b126bea9372f4bc70f92e34fe6568b64f31\"\u003e\u003ccode\u003ed5277b1\u003c/code\u003e\u003c/a\u003e Merge branch 'stleary:master' into master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/c4cd526c53e99f20851546fca92368738f783884\"\u003e\u003ccode\u003ec4cd526\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e from Madjosz/713_jsonobject_nonfinite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/776b5ccb85cdee539b229d38ad922021f1cd5cca\"\u003e\u003ccode\u003e776b5cc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e from Madjosz/fix_xml_test\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/douglascrockford/JSON-java/compare/20160212...20231013\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.0.28 to 9.0.117\n\nUpdates `org.apache.hadoop:hadoop-common` from 2.6.4 to 3.4.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.3 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.1.3 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.0 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.0...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.8.2 to 2.25.4\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.11.0 to 2.25.4\n\nUpdates `org.hsqldb:hsqldb` from 2.3.3 to 2.7.1\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.2 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.7.1 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.c...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/YCSB/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2FYCSB/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"},{"uuid":"4242081744","node_id":"PR_kwDOAPFyZM7Rlhp1","number":7044,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 7.0.109 to 9.0.117 in /redisson-tomcat/redisson-tomcat-7","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-11T05:30:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T22:45:19.000Z","updated_at":"2026-04-11T05:30:56.000Z","time_to_close":24328,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.109","new_version":"9.0.117","repository_url":null}],"path":"/redisson-tomcat/redisson-tomcat-7","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 7.0.109 to 9.0.117.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=7.0.109\u0026new-version=9.0.117)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/redisson/redisson/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/redisson/redisson/pull/7044","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/redisson%2Fredisson/issues/7044","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7044/packages"},{"uuid":"4242005983","node_id":"PR_kwDODcoYc87RlTdu","number":210,"state":"open","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.14 to 11.0.21","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-10T22:18:26.000Z","updated_at":"2026-04-10T22:28:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.14","new_version":"11.0.21","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.14 to 11.0.21.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.14\u0026new-version=11.0.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/companieshouse/orders.api.ch.gov.uk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/companieshouse/orders.api.ch.gov.uk/pull/210","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/companieshouse%2Forders.api.ch.gov.uk/issues/210","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/210/packages"}],"issue_packages":[{"old_version":"7.0.52","new_version":"9.0.118","update_type":"major","path":null,"pr_created_at":"2026-05-20T14:29:16.000Z","version_change":"7.0.52 → 9.0.118","issue":{"uuid":"4487334376","node_id":"PR_kwDODUCTus7dkg1A","number":46,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 7.0.52 to 9.0.118","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T15:28:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T14:29:16.000Z","updated_at":"2026-05-20T15:28:13.000Z","time_to_close":3534,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.52","new_version":"9.0.118","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 7.0.52 to 9.0.118.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=7.0.52\u0026new-version=9.0.118)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flyingkatsudon/insight-board/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/flyingkatsudon/insight-board/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/flyingkatsudon%2Finsight-board/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"}},{"old_version":"10.1.15","new_version":"10.1.54","update_type":"patch","path":null,"pr_created_at":"2026-05-19T14:30:19.000Z","version_change":"10.1.15 → 10.1.54","issue":{"uuid":"4478247250","node_id":"PR_kwDOBfHF1M7dHC4g","number":96,"state":"closed","title":"Bump the maven group across 2 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-25T21:49:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T14:30:19.000Z","updated_at":"2026-05-25T21:49:56.000Z","time_to_close":544772,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":3,"packages":[{"name":"org.apache.tomcat:tomcat-catalina","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.springframework.security:spring-security-web","old_version":"6.1.5","new_version":"6.5.9","repository_url":"https://github.com/spring-projects/spring-security"},{"name":"org.apache.tomcat:tomcat-catalina","old_version":"10.1.15","new_version":"10.1.54"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.15","new_version":"10.1.54"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /kerb4j-server directory: org.apache.tomcat:tomcat-catalina and [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security).\nBumps the maven group with 1 update in the /kerb4j-server/kerb4j-server-tomcat directory: org.apache.tomcat:tomcat-catalina.\n\nUpdates `org.apache.tomcat:tomcat-catalina` from 10.1.15 to 10.1.54\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.15 to 10.1.54\n\nUpdates `org.springframework.security:spring-security-web` from 6.1.5 to 6.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-security/releases\"\u003eorg.springframework.security:spring-security-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.5.9\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Link to CSRF Docs in FAQ \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18616\"\u003e#18616\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix GrantedAuthority.authority null in AuthoritiesAuthorizationManager \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18544\"\u003e#18544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esaveAuthenticationRequest\u003c/code\u003e should read \u003ccode\u003erelayState\u003c/code\u003e from \u003ccode\u003eauthenticationRequest\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18872\"\u003e#18872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Missing OnCommitedResponseWrapper Header Overrides \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18798\"\u003e#18798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify Resource Server startup expectations \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18518\"\u003e#18518\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect Reference to Clear-Site-Data Directive enum \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18273\"\u003e#18273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CookieRequestCache parameters \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18857\"\u003e#18857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Flaky Crypto Tests \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18841\"\u003e#18841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Jackson Deserializer for AuthenticationExtensionsClientOutputs \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18896\"\u003e#18896\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@antora\u003c/code\u003e/collector-extension from 1.0.2 to 1.0.3 in /docs \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18854\"\u003e#18854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 6.0.0 to 7.0.0 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18809\"\u003e#18809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18749\"\u003e#18749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18779\"\u003e#18779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18876\"\u003e#18876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org-apache-maven-resolver from 1.9.25 to 1.9.26 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18750\"\u003e#18750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org-apache-maven-resolver from 1.9.26 to 1.9.27 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18791\"\u003e#18791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18860\"\u003e#18860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18886\"\u003e#18886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18780\"\u003e#18780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18829\"\u003e#18829\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18903\"\u003e#18903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Hann244\"\u003e\u003ccode\u003e@​Hann244\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Khyojae\"\u003e\u003ccode\u003e@​Khyojae\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ghusta\"\u003e\u003ccode\u003e@​ghusta\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/itsmevichu\"\u003e\u003ccode\u003e@​itsmevichu\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/qihaiyan\"\u003e\u003ccode\u003e@​qihaiyan\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/rwinch\"\u003e\u003ccode\u003e@​rwinch\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/therepanic\"\u003e\u003ccode\u003e@​therepanic\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/ziqin\"\u003e\u003ccode\u003e@​ziqin\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e6.5.8\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e@FunctionalInterface\u003c/code\u003e to RequestMatcher \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18337\"\u003e#18337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring Security 7 should provide migration path from request-matcher=\u0026quot;ant\u0026quot; \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18211\"\u003e#18211\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop deploying JavaDoc outside of Antora \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18199\"\u003e#18199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Missing Migration Pages to Navigation \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/issues/18313\"\u003e#18313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate SHA-1 MessageDigest for every new check request in Compromised Password Checker \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18235\"\u003e#18235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in \u0026quot;Preparing for 7.0\u0026quot; in reference to PathPatternRequestMatcher \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18336\"\u003e#18336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in AnnotationTemplateExpressionDefaults documentation  \u003ca href=\"https://redirect.github.com/spring-projects/spring-security/pull/18176\"\u003e#18176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/0c54a55ae831c691449d4750abf5bc48cdbb6d96\"\u003e\u003ccode\u003e0c54a55\u003c/code\u003e\u003c/a\u003e Release 6.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/01ff3b086a60f565b332ea9257168aaa1699e279\"\u003e\u003ccode\u003e01ff3b0\u003c/code\u003e\u003c/a\u003e Add Workflow for Deferring Issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/33e6f4bd3f5641decd530b2202464f5e3211cecb\"\u003e\u003ccode\u003e33e6f4b\u003c/code\u003e\u003c/a\u003e Merge Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/cdd4b36d37221432e7ea25e6e414587ef1a38cbb\"\u003e\u003ccode\u003ecdd4b36\u003c/code\u003e\u003c/a\u003e Update Antora UI Spring to v0.4.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/7672f76fdee334cd35cef00fb825f80071fdb3de\"\u003e\u003ccode\u003e7672f76\u003c/code\u003e\u003c/a\u003e Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/3db4999da4f333ba1f285e50f9b646aa0848311a\"\u003e\u003ccode\u003e3db4999\u003c/code\u003e\u003c/a\u003e Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/a708d2f61bb6911c159e4b103cb06f27463c526c\"\u003e\u003ccode\u003ea708d2f\u003c/code\u003e\u003c/a\u003e Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/e726c05e764faf23961bff7071f43b92ce78597c\"\u003e\u003ccode\u003ee726c05\u003c/code\u003e\u003c/a\u003e Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/a7039fb3e6e5424829788f139944a7eb0c9da3b6\"\u003e\u003ccode\u003ea7039fb\u003c/code\u003e\u003c/a\u003e Test Jackson 2 deserializer with unknown primitive WebAuthn ext\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-security/commit/88ea668f47515ecbbb9406c68c813589f1795a34\"\u003e\u003ccode\u003e88ea668\u003c/code\u003e\u003c/a\u003e Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-security/compare/6.1.5...6.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat:tomcat-catalina` from 10.1.15 to 10.1.54\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.15 to 10.1.54\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bedrin/kerb4j/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bedrin/kerb4j/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bedrin%2Fkerb4j/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"}},{"old_version":"10.1.54","new_version":"10.1.55","update_type":"patch","path":"/javamelody-for-standalone","pr_created_at":"2026-05-18T21:23:45.000Z","version_change":"10.1.54 → 10.1.55","issue":{"uuid":"4472683945","node_id":"PR_kwDOAkEHwc7c1LKT","number":1304,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /javamelody-for-standalone","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T22:56:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T21:23:45.000Z","updated_at":"2026-05-23T22:56:26.000Z","time_to_close":437552,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/javamelody-for-standalone","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.54\u0026new-version=10.1.55)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/javamelody/javamelody/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/javamelody/javamelody/pull/1304","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/javamelody%2Fjavamelody/issues/1304","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1304/packages"}},{"old_version":"10.1.54","new_version":"10.1.55","update_type":"patch","path":"/javamelody-offline-viewer","pr_created_at":"2026-05-18T21:07:02.000Z","version_change":"10.1.54 → 10.1.55","issue":{"uuid":"4472583516","node_id":"PR_kwDOAkEHwc7c02Y6","number":1303,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /javamelody-offline-viewer","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T22:56:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T21:07:02.000Z","updated_at":"2026-05-23T22:57:06.000Z","time_to_close":438594,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/javamelody-offline-viewer","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.54\u0026new-version=10.1.55)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/javamelody/javamelody/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/javamelody/javamelody/pull/1303","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/javamelody%2Fjavamelody/issues/1303","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1303/packages"}},{"old_version":"11.0.20","new_version":"11.0.22","update_type":"patch","path":null,"pr_created_at":"2026-05-18T20:40:14.000Z","version_change":"11.0.20 → 11.0.22","issue":{"uuid":"4472416250","node_id":"PR_kwDOL4vop87c0S7s","number":21,"state":"open","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.20 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T20:40:14.000Z","updated_at":"2026-05-18T20:45:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.20","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.20 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.20\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/companieshouse/registers-data-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/companieshouse/registers-data-api/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/companieshouse%2Fregisters-data-api/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"8.5.100","new_version":"9.0.117","update_type":"major","path":null,"pr_created_at":"2026-05-18T16:52:50.000Z","version_change":"8.5.100 → 9.0.117","issue":{"uuid":"4470940823","node_id":"PR_kwDONxtSOs7cvdle","number":7,"state":"closed","title":"Bump the maven group across 7 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T20:47:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T16:52:50.000Z","updated_at":"2026-05-18T20:47:33.000Z","time_to_close":14081,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.springframework:spring-context","old_version":"6.2.2","new_version":"6.2.7","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.springframework.boot:spring-boot","old_version":"3.4.2","new_version":"3.5.14","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.100","new_version":"9.0.117"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.4"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.18.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.zookeeper:zookeeper","old_version":"3.7.2","new_version":"3.8.6"},{"name":"org.hibernate:hibernate-validator","old_version":"5.2.4.Final","new_version":"6.2.0.Final"},{"name":"org.apache.commons:commons-lang3","old_version":"3.17.0","new_version":"3.18.0"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.70.0","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.asynchttpclient:async-http-client","old_version":"2.12.4","new_version":"2.15.0","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.codehaus.plexus:plexus-utils","old_version":"3.6.0","new_version":"3.6.1","repository_url":"https://github.com/codehaus-plexus/plexus-utils"},{"name":"com.hazelcast:hazelcast","old_version":"3.12.13","new_version":"5.2.5","repository_url":"https://github.com/hazelcast/hazelcast"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `6.2.2` | `6.2.7` |\n| [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) | `3.4.2` | `3.5.14` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.100` | `9.0.117` |\n| org.apache.logging.log4j:log4j-core | `2.24.3` | `2.25.4` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.2` | `2.18.6` |\n| org.apache.zookeeper:zookeeper | `3.7.2` | `3.8.6` |\n| org.hibernate:hibernate-validator | `5.2.4.Final` | `6.2.0.Final` |\n| org.apache.commons:commons-lang3 | `3.17.0` | `3.18.0` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.70.0` | `1.75.0` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.4` | `2.15.0` |\n| [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) | `3.6.0` | `3.6.1` |\n| [com.hazelcast:hazelcast](https://github.com/hazelcast/hazelcast) | `3.12.13` | `5.2.5` |\n\nBumps the maven group with 7 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.100` | `9.0.117` |\n| org.apache.logging.log4j:log4j-core | `2.24.3` | `2.25.4` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.2` | `2.18.6` |\n| org.apache.zookeeper:zookeeper | `3.7.2` | `3.8.6` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.commons:commons-lang3 | `3.17.0` | `3.18.0` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.70.0` | `1.75.0` |\n\nBumps the maven group with 4 updates in the /dubbo-maven-plugin directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils).\nBumps the maven group with 4 updates in the /dubbo-plugin/dubbo-filter-cache directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and [com.hazelcast:hazelcast](https://github.com/hazelcast/hazelcast).\nBumps the maven group with 4 updates in the /dubbo-plugin/dubbo-filter-validation directory: [org.springframework:spring-context](https://github.com/spring-projects/spring-framework), [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot), org.apache.tomcat.embed:tomcat-embed-core and org.hibernate:hibernate-validator.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 2 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.springframework:spring-context` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-core` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-webmvc` from 6.2.2 to 6.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-webmvc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.7\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForward more methods to underlying InputStream in NonClosingInputStream \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34893\"\u003e#34893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce Spring property for the default property placeholder escape character \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34865\"\u003e#34865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClose ApplicationContext once AOT processing has completed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34841\"\u003e#34841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAbstractJackson2HttpMessageConverter#getObjectMappersForType\u003c/code\u003e nullness \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34811\"\u003e#34811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34801\"\u003e#34801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestClient \u003ccode\u003e@RequestBody\u003c/code\u003e parameters lose generic type information when creating HTTP service beans \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34793\"\u003e#34793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds option to set Principal in MockServerWebExchange \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34789\"\u003e#34789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBeans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34902\"\u003e#34902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePropertySourcesPlaceholderConfigurer\u003c/code\u003e placeholder resolution fails in several scenarios \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34861\"\u003e#34861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34851\"\u003e#34851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFragment.create() requires mutable map - which is unusable when used with Kotlin \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34848\"\u003e#34848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDuplicate \u003ccode\u003eBeanOverrideHandler\u003c/code\u003e discovered in \u003ccode\u003e@Nested\u003c/code\u003e test case with superclass from different class or in interface implemented multiple times \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34844\"\u003e#34844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34824\"\u003e#34824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34812\"\u003e#34812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34796\"\u003e#34796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly expand query param with same name from URI variables array  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34783\"\u003e#34783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eR2DBC \u003ccode\u003eNamedParameterUtils\u003c/code\u003e only expands reused collection parameter once \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34768\"\u003e#34768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePathMatchingResourcePatternResolver\u003c/code\u003e wrongly assumes that \u003ccode\u003etarget/classes\u003c/code\u003e always exists \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34764\"\u003e#34764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34886\"\u003e#34886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc and \u003ccode\u003e@Nullable\u003c/code\u003e annotation for \u003ccode\u003eservletContext\u003c/code\u003e parameter of \u003ccode\u003eConfigurableWebEnvironment.initPropertySources\u003c/code\u003e are contradictory \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34845\"\u003e#34845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring MVC: \u003ccode\u003e@EnableAsync\u003c/code\u003e needs to be redeclared for each ApplicationContext \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34843\"\u003e#34843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a working example instead of unclear placeholders \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34828\"\u003e#34828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Micrometer 1.14.7 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34889\"\u003e#34889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Reactor 2024.0.6 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34898\"\u003e#34898\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Artur\"\u003e\u003ccode\u003e@​Artur\u003c/code\u003e\u003c/a\u003e-, \u003ca href=\"https://github.com/blake-bauman\"\u003e\u003ccode\u003e@​blake-bauman\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/iifawzi\"\u003e\u003ccode\u003e@​iifawzi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/whlit\"\u003e\u003ccode\u003e@​whlit\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/zzoe2346\"\u003e\u003ccode\u003e@​zzoe2346\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.6\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAn option for SimpleAsyncTaskExecutor to throw an exception when limit is reached \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34727\"\u003e#34727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide first-class support for Bean Overrides with \u003ccode\u003e@ContextHierarchy\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34723\"\u003e#34723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMicro performance optimizations \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/pull/34717\"\u003e#34717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress \u0026quot;Unable to rollback against JDBC Connection\u0026quot; in case of timeout (connection closed) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34714\"\u003e#34714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ba590ac9e49b46d347dc56f4498ee436a3b5969b\"\u003e\u003ccode\u003eba590ac\u003c/code\u003e\u003c/a\u003e Release v6.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/ee62701f5634e904e42e218baad142cea2bcd332\"\u003e\u003ccode\u003eee62701\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/fa168ca78ae134e82db8eacc109bb29266b36fb1\"\u003e\u003ccode\u003efa168ca\u003c/code\u003e\u003c/a\u003e Revise FactoryBean locking behavior for strict/lenient consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/3c228a5c1d07874d0bf2b9456921ab20fc6d5e22\"\u003e\u003ccode\u003e3c228a5\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/9bf6b8cddffac2c0034e0e2f7a799a81ddb1f09f\"\u003e\u003ccode\u003e9bf6b8c\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2024.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/37ecdd14372555c018c644e980666e47c06dcbe8\"\u003e\u003ccode\u003e37ecdd1\u003c/code\u003e\u003c/a\u003e Forward more methods to underlying InputStream in NonClosingInputStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/73f1c5a189b0f6e65b5b8507d6862b480ec7193c\"\u003e\u003ccode\u003e73f1c5a\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/4d296fb4ca1b3f87fe4b9cd97132f2688533de2d\"\u003e\u003ccode\u003e4d296fb\u003c/code\u003e\u003c/a\u003e Upgrade to Micrometer 1.14.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6a9444473f1aad080bf659563e56cc2bbd8f9512\"\u003e\u003ccode\u003e6a94444\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/03ae97b2ebe2ff97ed3f78253758fb3cf6cacbbd\"\u003e\u003ccode\u003e03ae97b\u003c/code\u003e\u003c/a\u003e Introduce Spring property for default escape character for placeholders\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot` from 3.4.2 to 3.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.14\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50173\"\u003e#50173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50172\"\u003e#50172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50171\"\u003e#50171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50170\"\u003e#50170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50169\"\u003e#50169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50168\"\u003e#50168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50035\"\u003e#50035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50033\"\u003e#50033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50021\"\u003e#50021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50008\"\u003e#50008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49942\"\u003e#49942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49885\"\u003e#49885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49865\"\u003e#49865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49864\"\u003e#49864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49863\"\u003e#49863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49860\"\u003e#49860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50092\"\u003e#50092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50083\"\u003e#50083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50023\"\u003e#50023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50010\"\u003e#50010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50007\"\u003e#50007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49895\"\u003e#49895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49835\"\u003e#49835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Groovy 4.0.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49905\"\u003e#49905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 6.6.49.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50140\"\u003e#50140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50109\"\u003e#50109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49907\"\u003e#49907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34\"\u003eJetty 12.0.34\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49908\"\u003e#49908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jOOQ/jOOQ/releases/tag/version-3.19.32\"\u003ejOOQ 3.19.32\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50110\"\u003e#50110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Lombok 1.18.46 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50148\"\u003e#50148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://mariadb.com/kb/en/mariadb-connector-j-3-5-8-release-notes\"\u003eMariaDB 3.5.8\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49909\"\u003e#49909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/micrometer/releases/tag/v1.15.11\"\u003eMicrometer 1.15.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49961\"\u003e#49961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/tracing/releases/tag/v1.5.11\"\u003eMicrometer Tracing 1.5.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49962\"\u003e#49962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-9-7-0.html\"\u003eMySQL 9.7.0\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50161\"\u003e#50161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Neo4j Java Driver 5.28.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50074\"\u003e#50074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/reactor/reactor/releases/tag/2024.0.17\"\u003eReactor Bom 2024.0.17\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49963\"\u003e#49963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-amqp/releases/tag/v3.2.10\"\u003eSpring AMQP 3.2.10\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49964\"\u003e#49964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-authorization-server/releases/tag/1.5.7\"\u003eSpring Authorization Server 1.5.7\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49965\"\u003e#49965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-data-bom/releases/tag/2025.0.11\"\u003eSpring Data Bom 2025.0.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49966\"\u003e#49966\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-framework/releases/tag/v6.2.18\"\u003eSpring Framework 6.2.18\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49967\"\u003e#49967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-kafka/releases/tag/v3.3.15\"\u003eSpring Kafka 3.3.15\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50129\"\u003e#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7d7b3ac12735161f9c096ce6cb415bdd9fc4a0f4\"\u003e\u003ccode\u003e7d7b3ac\u003c/code\u003e\u003c/a\u003e Release v3.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f3b8eb0f2cd989dffe5dceefce80bde165328b31\"\u003e\u003ccode\u003ef3b8eb0\u003c/code\u003e\u003c/a\u003e Use SecureRandom in RandomValuePropertySource\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e22083a5684c3c65bcf2a9a90adcdecee6e85d50\"\u003e\u003ccode\u003ee22083a\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Cassandra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/5ceb1a228932e35cc803d1c1fea68f0f984aaa90\"\u003e\u003ccode\u003e5ceb1a2\u003c/code\u003e\u003c/a\u003e Improve ApplicationTemp's temporary directory creation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4b0862cc00815a47b22339d7eac7ddc3b6645bd4\"\u003e\u003ccode\u003e4b0862c\u003c/code\u003e\u003c/a\u003e Use constant-time comparison for remote DevTools secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e4febe2015d340ea9135437ee0659ea0f2260c31\"\u003e\u003ccode\u003ee4febe2\u003c/code\u003e\u003c/a\u003e Apply verify-hostname consistently\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/2c2ffe51c415f464fde6368fdd144b9551c3458c\"\u003e\u003ccode\u003e2c2ffe5\u003c/code\u003e\u003c/a\u003e Fix Windows test failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/0046a442f9ac5ae186359df575e68fab17d01646\"\u003e\u003ccode\u003e0046a44\u003c/code\u003e\u003c/a\u003e Protect against corrupt buildpack archives\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.4.2...v3.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot-starter-actuator` from 3.4.2 to 3.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-starter-actuator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.5.14\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50173\"\u003e#50173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50172\"\u003e#50172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50171\"\u003e#50171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50170\"\u003e#50170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50169\"\u003e#50169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50168\"\u003e#50168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50035\"\u003e#50035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50033\"\u003e#50033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50021\"\u003e#50021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50008\"\u003e#50008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49942\"\u003e#49942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49885\"\u003e#49885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49865\"\u003e#49865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49864\"\u003e#49864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49863\"\u003e#49863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49860\"\u003e#49860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50092\"\u003e#50092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50083\"\u003e#50083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50023\"\u003e#50023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50010\"\u003e#50010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50007\"\u003e#50007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49895\"\u003e#49895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49835\"\u003e#49835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Groovy 4.0.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49905\"\u003e#49905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 6.6.49.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50140\"\u003e#50140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50109\"\u003e#50109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49907\"\u003e#49907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34\"\u003eJetty 12.0.34\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49908\"\u003e#49908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jOOQ/jOOQ/releases/tag/version-3.19.32\"\u003ejOOQ 3.19.32\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50110\"\u003e#50110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Lombok 1.18.46 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50148\"\u003e#50148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://mariadb.com/kb/en/mariadb-connector-j-3-5-8-release-notes\"\u003eMariaDB 3.5.8\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49909\"\u003e#49909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/micrometer/releases/tag/v1.15.11\"\u003eMicrometer 1.15.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49961\"\u003e#49961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/micrometer-metrics/tracing/releases/tag/v1.5.11\"\u003eMicrometer Tracing 1.5.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49962\"\u003e#49962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://dev.mysql.com/doc/relnotes/connector-j/en/news-9-7-0.html\"\u003eMySQL 9.7.0\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50161\"\u003e#50161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Neo4j Java Driver 5.28.13 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50074\"\u003e#50074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/reactor/reactor/releases/tag/2024.0.17\"\u003eReactor Bom 2024.0.17\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49963\"\u003e#49963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-amqp/releases/tag/v3.2.10\"\u003eSpring AMQP 3.2.10\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49964\"\u003e#49964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-authorization-server/releases/tag/1.5.7\"\u003eSpring Authorization Server 1.5.7\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49965\"\u003e#49965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-data-bom/releases/tag/2025.0.11\"\u003eSpring Data Bom 2025.0.11\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49966\"\u003e#49966\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-framework/releases/tag/v6.2.18\"\u003eSpring Framework 6.2.18\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49967\"\u003e#49967\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/spring-projects/spring-kafka/releases/tag/v3.3.15\"\u003eSpring Kafka 3.3.15\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50129\"\u003e#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7d7b3ac12735161f9c096ce6cb415bdd9fc4a0f4\"\u003e\u003ccode\u003e7d7b3ac\u003c/code\u003e\u003c/a\u003e Release v3.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f3b8eb0f2cd989dffe5dceefce80bde165328b31\"\u003e\u003ccode\u003ef3b8eb0\u003c/code\u003e\u003c/a\u003e Use SecureRandom in RandomValuePropertySource\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e22083a5684c3c65bcf2a9a90adcdecee6e85d50\"\u003e\u003ccode\u003ee22083a\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Cassandra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/5ceb1a228932e35cc803d1c1fea68f0f984aaa90\"\u003e\u003ccode\u003e5ceb1a2\u003c/code\u003e\u003c/a\u003e Improve ApplicationTemp's temporary directory creation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4b0862cc00815a47b22339d7eac7ddc3b6645bd4\"\u003e\u003ccode\u003e4b0862c\u003c/code\u003e\u003c/a\u003e Use constant-time comparison for remote DevTools secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e4febe2015d340ea9135437ee0659ea0f2260c31\"\u003e\u003ccode\u003ee4febe2\u003c/code\u003e\u003c/a\u003e Apply verify-hostname consistently\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/2c2ffe51c415f464fde6368fdd144b9551c3458c\"\u003e\u003ccode\u003e2c2ffe5\u003c/code\u003e\u003c/a\u003e Fix Windows test failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/0046a442f9ac5ae186359df575e68fab17d01646\"\u003e\u003ccode\u003e0046a44\u003c/code\u003e\u003c/a\u003e Protect against corrupt buildpack archives\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.4.2...v3.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.100 to 9.0.117\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.4\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.18.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.18.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.2 to 3.8.6\n\nUpdates `org.hibernate:hibernate-validator` from 5.2.4.Final to 6.2.0.Final\n\nUpdates `org.apache.commons:commons-lang3` from 3.17.0 to 3.18.0\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.70.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at...\n\n_Description has been truncated_","html_url":"https://github.com/vishakha-mali/dubbo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishakha-mali%2Fdubbo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"10.1.54","new_version":"10.1.55","update_type":"patch","path":"/backend in the all-backend-non-major-dependencies group across 1 directory","pr_created_at":"2026-05-12T05:52:06.000Z","version_change":"10.1.54 → 10.1.55","issue":{"uuid":"4426558137","node_id":"PR_kwDOKyk85s7aihEY","number":2317,"state":"closed","title":"chore(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.54 to 10.1.55 in /backend in the all-backend-non-major-dependencies group across 1 directory","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T00:11:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T05:52:06.000Z","updated_at":"2026-05-18T00:11:10.000Z","time_to_close":497943,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.54","new_version":"10.1.55","repository_url":null}],"path":"/backend in the all-backend-non-major-dependencies group across 1 directory","ecosystem":"maven"},"body":"Bumps the all-backend-non-major-dependencies group with 1 update in the /backend directory: org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.54 to 10.1.55","html_url":"https://github.com/digitalservicebund/ris-norms/pull/2317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalservicebund%2Fris-norms/issues/2317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2317/packages"}},{"old_version":"11.0.21","new_version":"11.0.22","update_type":"patch","path":null,"pr_created_at":"2026-05-12T02:54:01.000Z","version_change":"11.0.21 → 11.0.22","issue":{"uuid":"4425809104","node_id":"PR_kwDOSBPhCs7agG8z","number":7,"state":"closed","title":"chore(deps): Bump the all-dependencies group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T05:22:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:54:01.000Z","updated_at":"2026-05-19T05:22:16.000Z","time_to_close":613693,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"all-dependencies","update_count":3,"packages":[{"name":"org.springframework.boot:spring-boot-starter-parent","old_version":"4.0.5","new_version":"4.0.6","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"tools.jackson.core:jackson-core","old_version":"3.1.2","new_version":"3.1.3","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22"}],"path":null,"ecosystem":"maven"},"body":"Bumps the all-dependencies group with 3 updates in the / directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot), [tools.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) and org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.springframework.boot:spring-boot-starter-parent` from 4.0.5 to 4.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-starter-parent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.6\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50188\"\u003e#50188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eElasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50187\"\u003e#50187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationPidFileWriter does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50185\"\u003e#50185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRandomValuePropertySource is not suitable for secrets \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50183\"\u003e#50183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCassandra auto-configuration misconfigures CqlSessionBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50180\"\u003e#50180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplicationTemp does not handle symlinks correctly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50178\"\u003e#50178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemote DevTools performs comparison incorrectly \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50176\"\u003e#50176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003espring.rabbitmq.ssl.verify-hostname is applied inconsistently \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50174\"\u003e#50174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50077\"\u003e#50077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClassic starters are missing several modules \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50071\"\u003e#50071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModule spring-boot-resttestclient is missing from spring-boot-starter-test-classic \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/50069\"\u003e#50069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAnnotations like \u003ccode\u003e@Ssl\u003c/code\u003e don't work on \u003ccode\u003e@Bean\u003c/code\u003e methods when using \u003ccode\u003e@ServiceConnection\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50064\"\u003e#50064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnversRevisionRepositoriesRegistrar should reuse \u003ccode\u003e@EnableEnversRepositories\u003c/code\u003e rather than configuring the JPA counterpart \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50039\"\u003e#50039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebFlux Cloud Foundry links endpoint includes query string from received request in resolved links \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50017\"\u003e#50017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImports on a containing test class are ignored when a nested class has imports \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50012\"\u003e#50012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWith spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49951\"\u003e#49951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e500 response from env endpoint when supplied pattern is invalid \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49946\"\u003e#49946\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49945\"\u003e#49945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP method is lost when configuring excludes in EndpointRequest \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49943\"\u003e#49943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor HttpMethod for reactive additional endpoint paths \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49880\"\u003e#49880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/artemis image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49869\"\u003e#49869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker Compose support doesn't work with apache/activemq image \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49866\"\u003e#49866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49854\"\u003e#49854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAPI versioning path strategy should be applied path last as it is not meant to yield \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49800\"\u003e#49800\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate docs to encourage Java fundamentals for beginners that prefer to learn that way \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50146\"\u003e#50146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP Service Interface Clients still document that API versioning can be configured via properties \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50126\"\u003e#50126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the observability section of the Lettuce documentation is broken \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50097\"\u003e#50097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJavadoc for StaticResourceLocation.FAVICON doesn't describe icons location \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50085\"\u003e#50085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMySamlRelyingPartyConfiguration is missing a Kotlin sample \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50024\"\u003e#50024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect default value for management.httpexchanges.recording.include in configuration metadata \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50019\"\u003e#50019\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLink to the Kubernetes documentation when discussing startup probes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50015\"\u003e#50015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in JdbcSessionAutoConfiguration Javadoc \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49873\"\u003e#49873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify that configuration property default values are not available through the Environment \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49851\"\u003e#49851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument the need for Liquibase and Flyway starters \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49839\"\u003e#49839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKafka documentation refers to deprecated JSON serializer and deserializer classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49826\"\u003e#49826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Elasticsearch Client 9.2.8 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50027\"\u003e#50027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Groovy 5.0.5 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49911\"\u003e#49911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Hibernate 7.2.12.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50134\"\u003e#50134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Jackson Bom 3.1.2 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50051\"\u003e#50051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1\"\u003eJaxen 2.0.1\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/50104\"\u003e#50104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to \u003ca href=\"https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5\"\u003eJaybird 6.0.5\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49914\"\u003e#49914\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/8821ad2cd381bb4b9615a61479e1de7305a8ba39\"\u003e\u003ccode\u003e8821ad2\u003c/code\u003e\u003c/a\u003e Release v4.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9e4048a03f17adfe78057a3c4d5b4693305c0ae0\"\u003e\u003ccode\u003e9e4048a\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/20bb11c3984802990572ddbeae8b66885a8f2462\"\u003e\u003ccode\u003e20bb11c\u003c/code\u003e\u003c/a\u003e Next development version (v3.5.15-SNAPSHOT)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/98daa8ea30f39a5b0ca6768b5cbc2dc8698ef4e1\"\u003e\u003ccode\u003e98daa8e\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7\"\u003e\u003ccode\u003e9dc5aa2\u003c/code\u003e\u003c/a\u003e Polish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/874f6294b91da18367b8b5ab7b2fad3fa23cfba6\"\u003e\u003ccode\u003e874f629\u003c/code\u003e\u003c/a\u003e Fix default security with actuator but without health\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e41b3bf731d1134bc18ec1f68ac01e0fe1c54923\"\u003e\u003ccode\u003ee41b3bf\u003c/code\u003e\u003c/a\u003e Enable hostname verification for SSL connections to Elasticsearch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/ef8527bb0ef8f564f4f9c57a7be99a7aa96c6ab0\"\u003e\u003ccode\u003eef8527b\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d\"\u003e\u003ccode\u003ef533a45\u003c/code\u003e\u003c/a\u003e Do not follow symlinks when writing PID file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/4a7bd332b6d19fef1aa4cf28434985f2b03a2e0f\"\u003e\u003ccode\u003e4a7bd33\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v4.0.5...v4.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tools.jackson.core:jackson-core` from 3.1.2 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/6956129ace69d7d28dfde174be6490e1707b43ae\"\u003e\u003ccode\u003e6956129\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/2796462b783180ad13cc9c8a6dbe1e8efe221e62\"\u003e\u003ccode\u003e2796462\u003c/code\u003e\u003c/a\u003e Prep for 3.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/87c70b305d74b3bfff32fab0daebfec12f6a8301\"\u003e\u003ccode\u003e87c70b3\u003c/code\u003e\u003c/a\u003e Merge branch '2.x' into 3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/f21195dc779d1fcf7e25dd1ba445bbd524536efc\"\u003e\u003ccode\u003ef21195d\u003c/code\u003e\u003c/a\u003e Merge branch '2.21' into 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/59fb9cc1bbe4424221b171e88b37bcbdbdba1c50\"\u003e\u003ccode\u003e59fb9cc\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/3cb88d1cf3bc30e9629af25f0f503db236b508e2\"\u003e\u003ccode\u003e3cb88d1\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5815636064ca5f5f2f5af0a91c7ad96368c239e7\"\u003e\u003ccode\u003e5815636\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/6e728f9bde605f98e34d67d5db0a1b530b0a9bfd\"\u003e\u003ccode\u003e6e728f9\u003c/code\u003e\u003c/a\u003e Prep for 2.21.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/4e30cf21ca4faeffa062ae13730fade890ce2540\"\u003e\u003ccode\u003e4e30cf2\u003c/code\u003e\u003c/a\u003e Merge branch '2.20' into 2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1429fffeca1eee24d7c3d7a0887c5ac10cac7a58\"\u003e\u003ccode\u003e1429fff\u003c/code\u003e\u003c/a\u003e Merge branch '2.19' into 2.20\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-3.1.2...jackson-core-3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 11.0.21 to 11.0.22\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bjcoombs/spring-boot-template/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjcoombs%2Fspring-boot-template/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"11.0.21","new_version":"11.0.22","update_type":"patch","path":null,"pr_created_at":"2026-05-11T01:22:17.000Z","version_change":"11.0.21 → 11.0.22","issue":{"uuid":"4417446167","node_id":"PR_kwDOB8cKwc7aE6fA","number":288,"state":"open","title":"chore(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T01:22:17.000Z","updated_at":"2026-05-11T01:25:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ChrisSamo632/bedding-plants/pull/288","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisSamo632%2Fbedding-plants/issues/288","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/288/packages"}},{"old_version":"11.0.21","new_version":"11.0.22","update_type":"patch","path":null,"pr_created_at":"2026-05-11T00:54:54.000Z","version_change":"11.0.21 → 11.0.22","issue":{"uuid":"4417359828","node_id":"PR_kwDORB0yGs7aEpu0","number":93,"state":"open","title":"build(deps): bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22","user":"dependabot[bot]","labels":["dependencies","java","size/size/XS"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T00:54:54.000Z","updated_at":"2026-05-11T00:58:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/anyulled/superhero-battle-arena/pull/93","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anyulled%2Fsuperhero-battle-arena/issues/93","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/93/packages"}},{"old_version":"11.0.21","new_version":"11.0.22","update_type":"patch","path":null,"pr_created_at":"2026-05-06T03:13:28.000Z","version_change":"11.0.21 → 11.0.22","issue":{"uuid":"4388480541","node_id":"PR_kwDOKNqkVc7YnfkF","number":23,"state":"closed","title":"Bump the backend-prod group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-11T03:26:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T03:13:28.000Z","updated_at":"2026-05-11T03:26:19.000Z","time_to_close":432770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"backend-prod","update_count":4,"packages":[{"name":"org.projectlombok:lombok","old_version":"1.18.44","new_version":"1.18.46","repository_url":"https://github.com/projectlombok/lombok"},{"name":"commons-codec:commons-codec","old_version":"1.21.0","new_version":"1.22.0","repository_url":"https://github.com/apache/commons-codec"},{"name":"commons-io:commons-io","old_version":"2.21.0","new_version":"2.22.0"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22"}],"path":null,"ecosystem":"maven"},"body":"Bumps the backend-prod group with 4 updates in the / directory: [org.projectlombok:lombok](https://github.com/projectlombok/lombok), [commons-codec:commons-codec](https://github.com/apache/commons-codec), commons-io:commons-io and org.apache.tomcat.embed:tomcat-embed-core.\n\nUpdates `org.projectlombok:lombok` from 1.18.44 to 1.18.46\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown\"\u003eorg.projectlombok:lombok's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.18.46 (April 22nd, 2026)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePLATFORM: JDK26 support added \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4019\"\u003e#4019\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePLATFORM: Spring Tools Suite 5 supported \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/3985\"\u003e#3985\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: \u003ccode\u003e@Jacksonized\u003c/code\u003e no longer stops generating \u003ccode\u003e@JsonProperty\u003c/code\u003e once an explicit \u003ccode\u003e@JsonIgnore\u003c/code\u003e annotations is encountered \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4022\"\u003e#4022\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: In eclipse, mixing \u003ccode\u003e@Jacksonized\u003c/code\u003e and \u003ccode\u003efluent = true\u003c/code\u003e no longer causes the error \u003ccode\u003ecom.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/3934\"\u003e#3934\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBUGFIX: Some finishing touches for v1.18.44's support of Jackson3 \u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4004\"\u003e#4004\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/936ca59baf844fd6c0ad641974295498785d8091\"\u003e\u003ccode\u003e936ca59\u003c/code\u003e\u003c/a\u003e [build] lombok's launcher is still intended to be 1.4 compatible, or at least...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/fcdab3f29e1b48c8f4b33ef9231ec2587a43d122\"\u003e\u003ccode\u003efcdab3f\u003c/code\u003e\u003c/a\u003e [version] pre-release version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/1cb7d49c5d2dc98af7a66413d8119dec285d0666\"\u003e\u003ccode\u003e1cb7d49\u003c/code\u003e\u003c/a\u003e [changelog]\u003ca href=\"https://redirect.github.com/projectlombok/lombok/issues/4004\"\u003e#4004\u003c/a\u003e Mention Jackson3 final touches in changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/12a15b00555ec8097eca2bf7d77c2c2124e13e0e\"\u003e\u003ccode\u003e12a15b0\u003c/code\u003e\u003c/a\u003e Fix: Bump EA_JDK to 27 (25 and 26 have been released)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/2be766cfc2ef56f2d986f28f734c98535d611aee\"\u003e\u003ccode\u003e2be766c\u003c/code\u003e\u003c/a\u003e Merge branch 'jackson3-final-touches'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/290fa4c8539c7e97b47f7e80033e078127050eb5\"\u003e\u003ccode\u003e290fa4c\u003c/code\u003e\u003c/a\u003e [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/e6567b6621f86b43033ab4a75e0273780e18e998\"\u003e\u003ccode\u003ee6567b6\u003c/code\u003e\u003c/a\u003e test: Add Jackson 3 test cases and version ambiguity warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/45e72e241abe98dcfb66408402da825dd2b8e925\"\u003e\u003ccode\u003e45e72e2\u003c/code\u003e\u003c/a\u003e feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/184d42363d86446a63b6270ac1eb352dc43ae76c\"\u003e\u003ccode\u003e184d423\u003c/code\u003e\u003c/a\u003e feat: Add Jackson 3 support to \u003ca href=\"https://github.com/Jacksonized\"\u003e\u003ccode\u003e@​Jacksonized\u003c/code\u003e\u003c/a\u003e handlers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/projectlombok/lombok/commit/e027ad0f1515bd33d4d329d90e59dccbaf44651e\"\u003e\u003ccode\u003ee027ad0\u003c/code\u003e\u003c/a\u003e refactored to ShadowClassLoader use Collections::enumeration instead of Vector\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/projectlombok/lombok/compare/v1.18.44...v1.18.46\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-codec:commons-codec` from 1.21.0 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt\"\u003ecommons-codec:commons-codec's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eApache Commons Codec 1.22.0 Release Notes\u003c/h2\u003e\n\u003cp\u003eThe Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.\u003c/p\u003e\n\u003cp\u003eThe Apache Commons Codec component contains encoders and decoders for\nformats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these\nwidely used encoders and decoders, the codec package also maintains a\ncollection of phonetic encoding utilities.\u003c/p\u003e\n\u003cp\u003eThis is a feature and maintenance release. Java 8 or later is required.\u003c/p\u003e\n\u003ch2\u003eNew features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCODEC-326:  Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.\u003c/li\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003eCODEC-335:  Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed Bugs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCODEC-249:  Fix Incorrect transform of CH digraph according Metaphone basic rules \u003ca href=\"https://redirect.github.com/apache/commons-codec/issues/423\"\u003e#423\u003c/a\u003e. Thanks to Shalu Jha, Andrey, Gary Gregory.\u003c/li\u003e\n\u003cli\u003eCODEC-317:  ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.\u003c/li\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003eCODEC-336:  Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cpre\u003e\u003ccode\u003e        Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor complete information on Apache Commons Codec, including instructions on how to submit bug reports,\npatches, or suggestions for improvement, see the Apache Commons Codec website:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://commons.apache.org/proper/commons-codec/\"\u003ehttps://commons.apache.org/proper/commons-codec/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eDownload page: \u003ca href=\"https://commons.apache.org/proper/commons-codec/download_codec.cgi\"\u003ehttps://commons.apache.org/proper/commons-codec/download_codec.cgi\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/81a6295f071df5819893422a397d94bc396f2edd\"\u003e\u003ccode\u003e81a6295\u003c/code\u003e\u003c/a\u003e Prepare for the release candidate 1.22.0 RC1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/73104b011a9758896904831f9b1bd29aad077f11\"\u003e\u003ccode\u003e73104b0\u003c/code\u003e\u003c/a\u003e Prepare for the next release candidate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/8e36214fa2760d37e4e9c83336ed5bb324c23482\"\u003e\u003ccode\u003e8e36214\u003c/code\u003e\u003c/a\u003e In-line single use test local variables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/9bd67e787d88705baa26e85f3a9609dec015ba5b\"\u003e\u003ccode\u003e9bd67e7\u003c/code\u003e\u003c/a\u003e Use vararg syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/25e52b06a3c24dc06216e7d29321a2f01c60ec6f\"\u003e\u003ccode\u003e25e52b0\u003c/code\u003e\u003c/a\u003e Use vararg syntax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/e2ebaca8b30d1d04d0eb6a4e811a6d26631f4d31\"\u003e\u003ccode\u003ee2ebaca\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.35.1 to 4.35.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/33998a05a8adc84ca944bad2e5c7215309d1477b\"\u003e\u003ccode\u003e33998a0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/50c6583280cb3ed67407dcaeb31df4f8fa8ede20\"\u003e\u003ccode\u003e50c6583\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.4 to 5.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/b2be3a82b2d0902e89718a56c6afb5850d020668\"\u003e\u003ccode\u003eb2be3a8\u003c/code\u003e\u003c/a\u003e Add \u003ca href=\"https://github.com/Override\"\u003e\u003ccode\u003e@​Override\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/commons-codec/commit/20f09bfcfdce88760ec9be095b848e85d9084acf\"\u003e\u003ccode\u003e20f09bf\u003c/code\u003e\u003c/a\u003e Use final.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/commons-codec/compare/rel/commons-codec-1.21.0...rel/commons-codec-1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-io:commons-io` from 2.21.0 to 2.22.0\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 11.0.21 to 11.0.22\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/OpenConext/openconext-saml-java/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2Fopenconext-saml-java/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}},{"old_version":"11.0.21","new_version":"11.0.22","update_type":"patch","path":"/pgp-keys-map-test1","pr_created_at":"2026-05-06T01:05:04.000Z","version_change":"11.0.21 → 11.0.22","issue":{"uuid":"4388046999","node_id":"PR_kwDODYD4ns7YmHMY","number":3466,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22 in /pgp-keys-map-test1","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T01:08:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T01:05:04.000Z","updated_at":"2026-05-06T01:08:57.000Z","time_to_close":232,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.21","new_version":"11.0.22","repository_url":null}],"path":"/pgp-keys-map-test1","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.21 to 11.0.22.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.21\u0026new-version=11.0.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/s4u/pgp-keys-map/pull/3466","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fpgp-keys-map/issues/3466","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3466/packages"}},{"old_version":"7.0.109","new_version":"9.0.117","update_type":"major","path":null,"pr_created_at":"2026-04-24T20:17:41.000Z","version_change":"7.0.109 → 9.0.117","issue":{"uuid":"4325351862","node_id":"PR_kwDOOguFJM7VdN6c","number":5,"state":"open","title":"Bump the maven group across 18 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:17:41.000Z","updated_at":"2026-04-24T20:20:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":24,"packages":[{"name":"com.google.protobuf:protobuf-java","old_version":"3.25.3","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"ch.qos.logback:logback-core","old_version":"1.2.13","new_version":"1.5.25","repository_url":"https://github.com/qos-ch/logback"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.8.10","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.assertj:assertj-core","old_version":"3.25.3","new_version":"3.27.7","repository_url":"https://github.com/assertj/assertj"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.109","new_version":"9.0.117"},{"name":"org.apache.tomcat.embed:tomcat-embed-websocket","old_version":"8.5.88","new_version":"8.5.99"},{"name":"org.apache.jackrabbit:jackrabbit-core","old_version":"2.5.0","new_version":"2.22.2","repository_url":"https://github.com/apache/jackrabbit"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.12.0","new_version":"2.25.4"},{"name":"org.elasticsearch:elasticsearch","old_version":"2.4.6","new_version":"8.19.8","repository_url":"https://github.com/elastic/elasticsearch"},{"name":"org.springframework:spring-context","old_version":"4.3.26.RELEASE","new_version":"6.1.20","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.hibernate:hibernate-core","old_version":"5.3.22.Final","new_version":"5.6.15.Final","repository_url":"https://github.com/hibernate/hibernate-orm"},{"name":"org.asynchttpclient:async-http-client","old_version":"2.12.3","new_version":"2.14.5","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.springframework:spring-web","old_version":"2.0.8","new_version":"5.3.38","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"com.microsoft.sqlserver:mssql-jdbc","old_version":"9.4.0.jre8","new_version":"11.2.0.jre8","repository_url":"https://github.com/Microsoft/mssql-jdbc"},{"name":"org.apache.activemq:activemq-client","old_version":"5.16.3","new_version":"5.19.4","repository_url":"https://github.com/apache/activemq"},{"name":"org.apache.activemq:activemq-broker","old_version":"5.16.3","new_version":"5.19.5","repository_url":"https://github.com/apache/activemq"},{"name":"org.apache.struts:struts2-core","old_version":"2.5.26","new_version":"6.8.0","repository_url":"https://github.com/apache/struts"},{"name":"commons-beanutils:commons-beanutils","old_version":"1.9.4","new_version":"1.11.0"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"org.eclipse.jetty:jetty-http","old_version":"12.0.7","new_version":"12.0.33"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.8.10` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.109` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.jackrabbit:jackrabbit-core](https://github.com/apache/jackrabbit) | `2.5.0` | `2.22.2` |\n| org.apache.logging.log4j:log4j-core | `2.12.0` | `2.25.4` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.6` | `8.19.8` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.3.26.RELEASE` | `6.1.20` |\n| [org.hibernate:hibernate-core](https://github.com/hibernate/hibernate-orm) | `5.3.22.Final` | `5.6.15.Final` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.3` | `2.14.5` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `2.0.8` | `5.3.38` |\n| [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) | `9.4.0.jre8` | `11.2.0.jre8` |\n| [org.apache.activemq:activemq-client](https://github.com/apache/activemq) | `5.16.3` | `5.19.4` |\n| [org.apache.activemq:activemq-broker](https://github.com/apache/activemq) | `5.16.3` | `5.19.5` |\n| [org.apache.struts:struts2-core](https://github.com/apache/struts) | `2.5.26` | `6.8.0` |\n| commons-beanutils:commons-beanutils | `1.9.4` | `1.11.0` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| org.eclipse.jetty:jetty-http | `12.0.7` | `12.0.33` |\n\nBumps the maven group with 7 updates in the /agent/benchmarks directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `5.3.23` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.jackrabbit:jackrabbit-core](https://github.com/apache/jackrabbit) | `2.5.0` | `2.22.2` |\n\nBumps the maven group with 8 updates in the /agent/plugins/elasticsearch-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.8.10` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.6` | `8.19.8` |\n\nBumps the maven group with 7 updates in the /agent/plugins/grails-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.3.26.RELEASE` | `6.1.20` |\n\nBumps the maven group with 7 updates in the /agent/plugins/hibernate-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.hibernate:hibernate-core](https://github.com/hibernate/hibernate-orm) | `5.3.22.Final` | `5.6.15.Final` |\n\nBumps the maven group with 8 updates in the /agent/plugins/http-client-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `2.12.3` | `2.14.5` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `2.0.8` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/plugins/jaxws-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `5.2.17.RELEASE` | `6.1.20` |\n\nBumps the maven group with 7 updates in the /agent/plugins/jdbc-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) | `9.4.0.jre8` | `11.2.0.jre8` |\n\nBumps the maven group with 8 updates in the /agent/plugins/jms-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.apache.activemq:activemq-client](https://github.com/apache/activemq) | `5.16.3` | `5.19.4` |\n| [org.apache.activemq:activemq-broker](https://github.com/apache/activemq) | `5.16.3` | `5.19.5` |\n\nBumps the maven group with 6 updates in the /agent/plugins/jsp-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.109` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 7 updates in the /agent/plugins/logger-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.12.0` | `2.25.4` |\n\nBumps the maven group with 7 updates in the /agent/plugins/servlet-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `5.3.23` | `5.3.38` |\n\nBumps the maven group with 7 updates in the /agent/plugins/spring-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `5.3.12` | `6.1.20` |\n\nBumps the maven group with 9 updates in the /agent/plugins/struts-plugin directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| org.apache.logging.log4j:log4j-core | `2.14.1` | `2.25.4` |\n| [org.apache.struts:struts2-core](https://github.com/apache/struts) | `2.5.26` | `6.8.0` |\n| commons-beanutils:commons-beanutils | `1.9.4` | `1.11.0` |\n\nBumps the maven group with 6 updates in the /central directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 6 updates in the /ui directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n\nBumps the maven group with 9 updates in the /webdriver-tests directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.25.3` | `3.25.5` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.2.13` | `1.5.25` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.18.1` | `2.18.6` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.25.3` | `3.27.7` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.88` | `9.0.117` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `8.5.88` | `8.5.99` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| org.eclipse.jetty:jetty-http | `12.0.7` | `12.0.33` |\n\n\nUpdates `com.google.protobuf:protobuf-java` from 3.25.3 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.25.3...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.2.13 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/f426e0002800cfb507f393fcacffe0761a425220\"\u003e\u003ccode\u003ef426e00\u003c/code\u003e\u003c/a\u003e prepare release of 1.5.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/d28931f3b9ede954285cd22d44e029142bba52e6\"\u003e\u003ccode\u003ed28931f\u003c/code\u003e\u003c/a\u003e restrict object creation to expected supertype\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/aa264f7ad2bb65c2d5ab046754741e56234c9096\"\u003e\u003ccode\u003eaa264f7\u003c/code\u003e\u003c/a\u003e test default variable values in appender-ref ref attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/8fb403ab6d1a36b351e9095f8ee1c6c3ad8e0405\"\u003e\u003ccode\u003e8fb403a\u003c/code\u003e\u003c/a\u003e adjust copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b294a12ff9f2bb2f03168590da1c6d7cbfd71cfe\"\u003e\u003ccode\u003eb294a12\u003c/code\u003e\u003c/a\u003e check optionList in start()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b65040a3b5d844a791bd3cc690ca44e9e024e04d\"\u003e\u003ccode\u003eb65040a\u003c/code\u003e\u003c/a\u003e Add EpochConverter for milliseconds/seconds since epoch (related to issue \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/96\"\u003e#96\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/069017445b41e9c3a23bda2be446663dca3c4453\"\u003e\u003ccode\u003e0690174\u003c/code\u003e\u003c/a\u003e cla for Duncan Jauncey\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/71dc2afc1046e7b7e218dbfbcde3b0c549bc2fba\"\u003e\u003ccode\u003e71dc2af\u003c/code\u003e\u003c/a\u003e Removed email address for Tony.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/1f97ae1844b1be8486e4e9cade98d7123d3eded5\"\u003e\u003ccode\u003e1f97ae1\u003c/code\u003e\u003c/a\u003e check for undeclared by referenced appenders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/b07355e26aaf128c8303393b7e2ed3d4687c7736\"\u003e\u003ccode\u003eb07355e\u003c/code\u003e\u003c/a\u003e Move the artifact version checking code to VersionUtil in logback-core.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.13...v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.8.10 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.10...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.assertj:assertj-core` from 3.25.3 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-build-3.25.3...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 7.0.109 to 9.0.117\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 8.5.88 to 8.5.99\n\nUpdates `org.apache.jackrabbit:jackrabbit-core` from 2.5.0 to 2.22.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/jackrabbit/blob/jackrabbit-2.22.2/RELEASE-NOTES.txt\"\u003eorg.apache.jackrabbit:jackrabbit-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Jackrabbit 2.22.2\u003c/h2\u003e\n\u003cp\u003eBug\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5121] - Java 23: getSubject is supported only if a security manager is allowed\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eImprovement\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5146] - Add missing mixin values (defined in JCR 2.0 spec) to JcrConstants\n[JCR-5150] - Add missing constant for jcr:title\n[JCR-5152] - Add method isValidJcrLocalName(String) to o.a.j.util.Text\n[JCR-5161] - NamespaceHelper - get NamespaceRegistry only once\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eTask\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e[JCR-5048] - Jackrabbit should build and test with Java 24\n[JCR-5089] - avoid use of deprecated junit.framework.Assert\n[JCR-5119] - webapp: bump htmlunit to 4.7.0\n[JCR-5120] - webapp: update tomcat dependency to 9.0.97\n[JCR-5130] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.76.0\n[JCR-5132] - webapp: update tomcat dependency to 9.0.104\n[JCR-5134] - Update oak-jackrabbit-api.version.used to Oak 1.22.22\n[JCR-5135] - Make JNDI support opt-in\n[JCR-5143] - Update Mockito dependency to 5.17.0\n[JCR-5144] - Update to jacoco version 0.8.13\n[JCR-5145] - Upgrade Commons VFS to 2.10.0\n[JCR-5147] - remove jackrabbit 1.x compatibility and performance tests\n[JCR-5158] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.82.0\n[JCR-5159] - Create coverage for NamespaceHelper\n[JCR-5177] - jackrabbit-jcr2spi: update to commons-collections4 4.5.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor more detailed information about all the changes in this and other\nJackrabbit releases, please see the Jackrabbit issue tracker at\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ehttps://issues.apache.org/jira/browse/JCR\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eRelease Contents\u003c/h2\u003e\n\u003cp\u003eThis release consists of a single source archive packaged as a zip file.\nThe archive can be unpacked with the jar tool from your JDK installation.\nSee the README.txt file for instructions on how to build this release.\u003c/p\u003e\n\u003cp\u003eThe source archive is accompanied by an SHA512 checksum and a\nPGP signature that you can use to verify the authenticity of your\ndownload. The public key used for the PGP signature can be found at\n\u003ca href=\"https://www.apache.org/dist/jackrabbit/KEYS\"\u003ehttps://www.apache.org/dist/jackrabbit/KEYS\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/2b5babfc2fcf4e0aa198dfcc6b850854d3daae21\"\u003e\u003ccode\u003e2b5babf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackrabbit-2.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/0d7c2e5bb6006a7cebe9e5481aefa9d83e63e8a8\"\u003e\u003ccode\u003e0d7c2e5\u003c/code\u003e\u003c/a\u003e JCR-5180: Release Jackrabbit 2.22.2 - Candidate Release Notes (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/b487b6f4a07eed98205a557085fc7aab0b791205\"\u003e\u003ccode\u003eb487b6f\u003c/code\u003e\u003c/a\u003e JCR-5158: Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.82....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/52d84116c8081ea223ea02dad6f25f22458ded7b\"\u003e\u003ccode\u003e52d8411\u003c/code\u003e\u003c/a\u003e JCR-5161: NamespaceHelper - get NamespaceRegistry only once (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/6b6171ef3e671b37f635b5fd067880e979c157f9\"\u003e\u003ccode\u003e6b6171e\u003c/code\u003e\u003c/a\u003e JCR-5150 Add constant for jcr:title\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/02b09fd650394902de4eda7a312124c460a9119d\"\u003e\u003ccode\u003e02b09fd\u003c/code\u003e\u003c/a\u003e JCR-5159: Create coverage for NamespaceHelper (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/0b818502436cb8f8f3b76aabe2367b69f813d227\"\u003e\u003ccode\u003e0b81850\u003c/code\u003e\u003c/a\u003e JCR-5152 Add method to check if a (local) name is valid according to JCR\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/2e64ea54698b97e3d7bd00ed687b752899eb8db6\"\u003e\u003ccode\u003e2e64ea5\u003c/code\u003e\u003c/a\u003e JCR-5137: Update JCR commons to implement current jackrabbit-api (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/9ba05181f7f2f1bc28418aa06f521c14190befc2\"\u003e\u003ccode\u003e9ba0518\u003c/code\u003e\u003c/a\u003e JCR-5089: avoid use of deprecated junit.framework.Assert (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/jackrabbit/commit/019f6f9eaa7e8ccf12976a84b9da2e6a25114706\"\u003e\u003ccode\u003e019f6f9\u003c/code\u003e\u003c/a\u003e JCR-5177: jackrabbit-jcr2spi: update to commons-collections4 4.5.0 (\u003ca href=\"https://redirect.github.com/apache/jackrabbit/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/jackrabbit/compare/2.5.0...jackrabbit-2.22.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.12.0 to 2.25.4\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.6 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.6...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-context` from 4.3.26.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.3.26.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-core` from 5.3.22.Final to 5.6.15.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hibernate/hibernate-orm/releases\"\u003eorg.hibernate:hibernate-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 5.3.38\u003c/h2\u003e\n\u003ch1\u003eHibernate ORM 5.3.38.Final released\u003c/h1\u003e\n\u003cp\u003eToday, we published a new release of Hibernate ORM 5.3: 5.3.38.Final.\u003c/p\u003e\n\u003cp\u003eYou can find the full list of 5.3.38.Final changes \u003ca href=\"https://hibernate.atlassian.net/issues/?jql=project%20%3D%20HHH%20AND%20fixVersion%20%3D%205.3.38\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003cp\u003eThis release introduces a few minor improvements as well as bug fixes.\u003c/p\u003e\n\u003ch2\u003eConclusion\u003c/h2\u003e\n\u003cp\u003eFor additional details, see:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe \u003ca href=\"https://hibernate.org/orm/releases/5.3/\"\u003erelease page\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/migration-guide/\"\u003eMigration Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/introduction/html_single/\"\u003eIntroduction Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/userguide/html_single/\"\u003eUser Guide\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/javadocs\"\u003eAPI docs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee also the following resources related to supported APIs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe \u003ca href=\"https://hibernate.org/community/compatibility-policy/\"\u003ecompatibility policy\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/incubating/incubating.txt\"\u003eincubating API report\u003c/a\u003e (\u003ccode\u003e@Incubating\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/deprecated/deprecated.txt\"\u003edeprecated API report\u003c/a\u003e (\u003ccode\u003e@Deprecated\u003c/code\u003e + \u003ccode\u003e@Remove\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ethe \u003ca href=\"https://docs.hibernate.org/orm/5.3/internals/internal.txt\"\u003einternal API report\u003c/a\u003e (internal packages, \u003ccode\u003e@Internal\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVisit the \u003ca href=\"https://hibernate.org/community/\"\u003ewebsite\u003c/a\u003e for details on getting in touch with us.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hibernate/hibernate-orm/blob/5.6.15/changelog.txt\"\u003eorg.hibernate:hibernate-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in 5.6.15.Final (February 06, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32121\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32121\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Bug\n* [HHH-16049] - Setting a property to its current value with bytecode enhancement enabled results in unnecessary SQL Update in some (many) cases\n* [HHH-15665] - Mariadb is missing identifier quote on SEQUENCE QUERY\n* [HHH-15618] - Procedure should accept TypedParameterValue as parameter\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15693] - Introduce a fast-path access for ClassLoaderService being retrieved from ServiceRegistry\n* [HHH-15690] - HQLQueryPlan to have a direct reference to QueryTranslatorFactory\n* [HHH-15685] - Improve efficiency of Dialect lookup in Loader and HqlSqlWalker\u003c/p\u003e\n\u003cp\u003e** Patch\n* [HHH-15792] - Explicitly add JavaDoc to make \u003ca href=\"https://github.com/deprecated\"\u003e\u003ccode\u003e@​deprecated\u003c/code\u003e\u003c/a\u003e hint for createSQLQuery visible in Eclipse\u003c/p\u003e\n\u003ch2\u003eChanges in 5.6.14.Final (November 04, 2022)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32120\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32120\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15662] - ClasscastException caused by check for Managed rather than ManagedEntity\u003c/p\u003e\n\u003ch2\u003eChanges in 5.6.13.Final (November 03, 2022)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://hibernate.atlassian.net/projects/HHH/versions/32112\"\u003ehttps://hibernate.atlassian.net/projects/HHH/versions/32112\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e** Bug\n* [HHH-15634] - Lazy basic property does not get updated on change\n* [HHH-15561] - Function \u0026quot;IDENTITY\u0026quot; not found when inserting audited revision using Hibernate Envers\n* [HHH-15554] - Merge of an Entity with an immutable composite user type throws Exception\u003c/p\u003e\n\u003cp\u003e** Improvement\n* [HHH-15649] - Additional performance fixes relating to Klass's _secondary_super_cache interaction with entity enhancement\n* [HHH-15639] - Upgrade to ByteBuddy 1.12.18\n* [HHH-15637] - Upgrade to Byteman 4.0.20\n* [HHH-15616] - Mitigate performance impact of entity enhancement on Klass's _secondary_super_cache\n* [HHH-15585] - Add support for DB2 aliases for schema validation\n* [HHH-15575] - Make getter org.hibernate.criterion.SimpleExpression#getOp() public\u003c/p\u003e\n\u003cp\u003e** Task\n* [HHH-15594] - Remove Oracle RDS and all test matrix uses\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/e924c27e1259b0b5915819e9521d86fcb8164a46\"\u003e\u003ccode\u003ee924c27\u003c/code\u003e\u003c/a\u003e 5.6.15.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/38ec412e61b72112e88e5a6311a27a365ace9968\"\u003e\u003ccode\u003e38ec412\u003c/code\u003e\u003c/a\u003e HHH-15665 - Fix and added test for issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/1078caa19ff5d86c01feac03641cc325a11e0283\"\u003e\u003ccode\u003e1078caa\u003c/code\u003e\u003c/a\u003e HHH-16049 Setting a property to its current value with bytecode enhancement e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/802fc76883dddc33fe60b68e67491b14e1af3192\"\u003e\u003ccode\u003e802fc76\u003c/code\u003e\u003c/a\u003e HHH-16049 Test setting a property to its current value with bytecode enhancem...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/ac55bb28db5963d9e2d213b80ece39c24d567381\"\u003e\u003ccode\u003eac55bb2\u003c/code\u003e\u003c/a\u003e HHH-16049 Test setting a property to its current value with bytecode enhancem...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/84662bf21cb36810c165eb9986ba8f3d091dbb2c\"\u003e\u003ccode\u003e84662bf\u003c/code\u003e\u003c/a\u003e HHH-16049 Restructure lazy-basic tests for easier re-execution and better tes...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/49fbe84dde773de84ea704bb10193c4c581d34b8\"\u003e\u003ccode\u003e49fbe84\u003c/code\u003e\u003c/a\u003e HHH-15618 Accept TypedParameterValue for procedure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/45c7fc5e28245563d173292aca12dabeb596b3d1\"\u003e\u003ccode\u003e45c7fc5\u003c/code\u003e\u003c/a\u003e Add TCK build throttling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/cc3b38971e6650307f349e797230932dc977887d\"\u003e\u003ccode\u003ecc3b389\u003c/code\u003e\u003c/a\u003e Switch from LGTM to CodeQL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hibernate/hibernate-orm/commit/d7fa18ac64bb1b0f157f85990900a526d18a2808\"\u003e\u003ccode\u003ed7fa18a\u003c/code\u003e\u003c/a\u003e HHH-15792: Explicitly add JavaDoc to make \u003ca href=\"https://github.com/deprecated\"\u003e\u003ccode\u003e@​deprecated\u003c/code\u003e\u003c/a\u003e hint for createSQLQuery...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hibernate/hibernate-orm/compare/5.3.22...5.6.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 2.0.8 to 5.3.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.38\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEfficient handling of conditional HTTP requests \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33378\"\u003e#33378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect weak ETag validation \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33377\"\u003e#33377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSimpleEvaluationContext\u003c/code\u003e does not enforce read-only semantics \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33320\"\u003e#33320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConversionService\u003c/code\u003e cannot convert primitive array to \u003ccode\u003eObject[]\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33314\"\u003e#33314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL \u003ccode\u003eIndexer\u003c/code\u003e silently ignores failure to set property as index \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33312\"\u003e#33312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockito mock falsely initialized as CGLIB proxy with AspectJ aspect \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33142\"\u003e#33142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u0026quot;file:.\u0026quot; cannot be resolved to \u003ccode\u003ejava.nio.file.Path\u003c/code\u003e (and plain \u0026quot;.\u0026quot; value resolves to classpath root) \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33140\"\u003e#33140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTypo in Annotation-driven Listener Endpoints section of Spring Framework documentation \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33052\"\u003e#33052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eContainer Extension Points section of Spring Framework documentation refers to the wrong property name \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33039\"\u003e#33039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncorrect constructor details in the javadoc for ApplicationContextEvent \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33034\"\u003e#33034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2020.0.47 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33322\"\u003e#33322\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.37\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAnnotationUtils performance degrades with deep stacks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32923\"\u003e#32923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAspectJ CTW aspects executed twice \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32974\"\u003e#32974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL compilation fails when indexing into a \u003ccode\u003eMap\u003c/code\u003e with a primitive \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32911\"\u003e#32911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpEL compilation fails when indexing into an array or list with an \u003ccode\u003eInteger\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32909\"\u003e#32909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApplication not starting with \u003ccode\u003e@EnableTransactionManagement\u003c/code\u003e(mode = AdviceMode.ASPECTJ)  \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32885\"\u003e#32885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2020.0.45 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/33010\"\u003e#33010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.36\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOverridden aspect method runs twice \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32868\"\u003e#32868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@DateTimeFormat(iso = DateTimeFormat.ISO.DATE\\_TIME)\u003c/code\u003e cannot convert UTC without milliseconds to \u003ccode\u003ejava.util.Date\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32860\"\u003e#32860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpring AOP fails against registered \u003ccode\u003e@Configurable\u003c/code\u003e aspect \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/32840\"\u003e#32840\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.3.35\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/spring-projects/spring-framework/commits/v5.3.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.microsoft.sqlserver:mssql-jdbc` from 9.4.0.jre8 to 11.2.0.jre8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Microsoft/mssql-jdbc/rele...\n\n_Description has been truncated_","html_url":"https://github.com/abrahem79/glowroot/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abrahem79%2Fglowroot/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"8.5.87","new_version":"9.0.117","update_type":"major","path":null,"pr_created_at":"2026-04-24T20:09:19.000Z","version_change":"8.5.87 → 9.0.117","issue":{"uuid":"4325308070","node_id":"PR_kwDOKJTg4s7VdEcA","number":4,"state":"closed","title":"Bump the maven group across 11 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:45:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T20:09:19.000Z","updated_at":"2026-04-25T16:45:24.000Z","time_to_close":74164,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.zookeeper:zookeeper","old_version":"3.4.14","new_version":"3.8.6"},{"name":"org.apache.mina:mina-core","old_version":"2.2.1","new_version":"2.2.4","repository_url":"https://github.com/apache/mina"},{"name":"com.google.protobuf:protobuf-java","old_version":"3.24.0","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"com.squareup.okhttp3:okhttp","old_version":"3.14.9","new_version":"4.9.2","repository_url":"https://github.com/square/okhttp"},{"name":"org.hibernate:hibernate-validator","old_version":"5.4.3.Final","new_version":"6.2.0.Final"},{"name":"org.apache.avro:avro","old_version":"1.11.1","new_version":"1.11.4"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.87","new_version":"9.0.117"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.2.11","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.15.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.57.1","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.10.3","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-consumer directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-provider directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 15 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.zookeeper:zookeeper | `3.4.14` | `3.8.6` |\n| [org.apache.mina:mina-core](https://github.com/apache/mina) | `2.2.1` | `2.2.4` |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.24.0` | `3.25.5` |\n| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `3.14.9` | `4.9.2` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.avro:avro | `1.11.1` | `1.11.4` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.87` | `9.0.117` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.2.11` | `1.2.13` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.15.2` | `2.18.6` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.57.1` | `1.75.0` |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.10.3` | `1.1.10.4` |\n\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-maven-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-native-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-spring-boot/dubbo-spring-boot-starters/dubbo-zookeeper-curator5-spring-boot-starter directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 3 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper, org.apache.commons:commons-compress and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.mina:mina-core` from 2.2.1 to 2.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/4134a125d8830c67c21b97c28f2bf706801bdd13\"\u003e\u003ccode\u003e4134a12\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/ccc85e38a1b1b494444246b6cd9d98419dee8912\"\u003e\u003ccode\u003eccc85e3\u003c/code\u003e\u003c/a\u003e Fixing another link issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/bfb75f2490953fa4753da57ef742fdeb5e0ef3ea\"\u003e\u003ccode\u003ebfb75f2\u003c/code\u003e\u003c/a\u003e Rollbacked to source plugin 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/625a52405acabe624a2bf9e68f8743ec46474b37\"\u003e\u003ccode\u003e625a524\u003c/code\u003e\u003c/a\u003e Trying to get maven source plugin to the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/252130da0fd76d9c2399b75a9f1a13efa313f133\"\u003e\u003ccode\u003e252130d\u003c/code\u003e\u003c/a\u003e Solved some link issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/859e7aaa6f039032c3063daa92e86d94eac11cc5\"\u003e\u003ccode\u003e859e7aa\u003c/code\u003e\u003c/a\u003e Fixed a bad \u003ca href=\"https://github.com/link\"\u003e\u003ccode\u003e@​link\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/f58344115703a883074941f54fccd92aeeb4382e\"\u003e\u003ccode\u003ef583441\u003c/code\u003e\u003c/a\u003e Fixed some compilation issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/b1dc83a3a8ceef10cff1daa957320ac043fc03d8\"\u003e\u003ccode\u003eb1dc83a\u003c/code\u003e\u003c/a\u003e Fixed some javadoc issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/06a51073ebddd1a969ba50ea41e8bb262c065169\"\u003e\u003ccode\u003e06a5107\u003c/code\u003e\u003c/a\u003e Rollbacked maven source plugin to 3.2.1, because since 3.3.0 the build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/97918866b79f35bcf00a5e7090e02c15ab82b1db\"\u003e\u003ccode\u003e9791886\u003c/code\u003e\u003c/a\u003e Added some missing spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/mina/compare/2.2.1...2.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 3.24.0 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.24.0...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.squareup.okhttp3:okhttp` from 3.14.9 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/square/okhttp/blob/master/CHANGELOG.md\"\u003ecom.squareup.okhttp3:okhttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003ch2\u003eVersion 5.3.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-18\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\ntimeouts to fire later than they were supposed to.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.4][okio_3_16_4].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-16\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eThis release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade: [Okio 3.16.3][okio_3_16_3].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-10-30\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Add tags to \u003ccode\u003eCall\u003c/code\u003e, including computable tags. Use this to attach application-specific\nmetadata to a \u003ccode\u003eCall\u003c/code\u003e in an \u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e. The tag can be read in any other\n\u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"kotlin\"\u003e\u003ccode\u003e  override fun intercept(chain: Interceptor.Chain): Response {\n    chain.call().tag(MyAnalyticsTag::class) {\n      MyAnalyticsTag(...)\n    }\n\u003cpre\u003e\u003ccode\u003ereturn chain.proceed(chain.request())\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Support request bodies on HTTP/1.1 connection upgrades.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: \u003ccode\u003eEventListener.plus()\u003c/code\u003e makes it easier to observe events in multiple listeners.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't spam logs with \u003cem\u003e‘Method isLoggable in android.util.Log not mocked.’\u003c/em\u003e when using\nOkHttp in Robolectric and Paparazzi tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Kotlin 2.2.21][kotlin_2_2_21].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.2][okio_3_16_2].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail\n[16 KB ELF alignment checks][elf_alignment].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d\"\u003e\u003ccode\u003e3edf17c\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7\"\u003e\u003ccode\u003e262b3cd\u003c/code\u003e\u003c/a\u003e Handle strict module handling on JDK17 (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6707\"\u003e#6707\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6742\"\u003e#6742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c\"\u003e\u003ccode\u003ef574ea2\u003c/code\u003e\u003c/a\u003e Cherry pick fix for CVE-2021-0341 onto 4.9.x (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6741\"\u003e#6741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518\"\u003e\u003ccode\u003e1fd7c0a\u003c/code\u003e\u003c/a\u003e Make it more difficult to accidentally log sensitive headers (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6551\"\u003e#6551\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6740\"\u003e#6740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6\"\u003e\u003ccode\u003eb0397cc\u003c/code\u003e\u003c/a\u003e 4.9.x GitHub builds update (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6732\"\u003e#6732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd\"\u003e\u003ccode\u003eeb5a834\u003c/code\u003e\u003c/a\u003e Prepare next development version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf\"\u003e\u003ccode\u003e63dcd95\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/d2e28ab672d5734a76f97f48174a3e6e8339e183\"\u003e\u003ccode\u003ed2e28ab\u003c/code\u003e\u003c/a\u003e Silently ignore 'bio == null' NullPointerExceptions (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6534\"\u003e#6534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/cbeaf8f955fff9caa5652ccc6c1393ec8b993799\"\u003e\u003ccode\u003ecbeaf8f\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/8fd74a7482effe1ca8847a28b29262415dbb7faa\"\u003e\u003ccode\u003e8fd74a7\u003c/code\u003e\u003c/a\u003e Conscrypt 2.5.1 Upgrade (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6263\"\u003e#6263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/square/okhttp/compare/parent-3.14.9...parent-4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-validator` from 5.4.3.Final to 6.2.0.Final\n\nUpdates `org.apache.avro:avro` from 1.11.1 to 1.11.4\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.87 to 9.0.117\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.11 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2648b9e7fbb47426c89b9c93b411c07484e8f277\"\u003e\u003ccode\u003e2648b9e\u003c/code\u003e\u003c/a\u003e prepare release 1.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3\"\u003e\u003ccode\u003ebb09515\u003c/code\u003e\u003c/a\u003e fix CVE-2023-6378\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/45732949bfb845df04cbe65292cf48aaa090cb1d\"\u003e\u003ccode\u003e4573294\u003c/code\u003e\u003c/a\u003e start work on 1.2.13-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/a388193052c298ca87cc64192319df723288c6ab\"\u003e\u003ccode\u003ea388193\u003c/code\u003e\u003c/a\u003e Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/de44dc422bc3da1d7808283851324d960b492d4d\"\u003e\u003ccode\u003ede44dc4\u003c/code\u003e\u003c/a\u003e prepare release 1.2.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ca0cf172f680308938515b8a5d69348759ee947c\"\u003e\u003ccode\u003eca0cf17\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/532\"\u003e#532\u003c/a\u003e from joakime/fix-jetty-requestlog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e31609b1980b9ba986344aae3cab7275fa2b4935\"\u003e\u003ccode\u003ee31609b\u003c/code\u003e\u003c/a\u003e removed unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/21e29efb284766f386781175b2ba18585b690154\"\u003e\u003ccode\u003e21e29ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/567\"\u003e#567\u003c/a\u003e from spliffone/LOGBACK-1633\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e869000e1d5901e6aa6f46cc6575ee2137f15b69\"\u003e\u003ccode\u003ee869000\u003c/code\u003e\u003c/a\u003e fix: published POM file contain the wrong scm URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/009ea46cb81a015f2ca312bde6e823581b93b37a\"\u003e\u003ccode\u003e009ea46\u003c/code\u003e\u003c/a\u003e version for next dev cycle\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.11...v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.12.0 to 3.18.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.15.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.57.1 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at the aggregate cluster layer to choose a priority from that combined list. However, it turns out that aggregate clusters don't actually define the LB policy in the aggregate cluster; instead, the aggregate cluster uses a special cluster-provided LB policy that first chooses the underlying cluster and then delegates to the LB policy of the underlying cluster. This change implements that.\u003c/li\u003e\n\u003cli\u003eapi: set size correctly for sets and maps in handling \u003ccode\u003eMetadata\u003c/code\u003e values to be exchanged during a call (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12229\"\u003e#12229\u003c/a\u003e) (80217275d)\u003c/li\u003e\n\u003cli\u003exds: xdsClient cache transient error for new watchers (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12291\"\u003e#12291\u003c/a\u003e). When a resource update is NACKed, cache the error and update new watchers that get added with that error instead of making them hang.\u003c/li\u003e\n\u003cli\u003exds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e). If a LB policy gives extraneous updates with state CONNECTING, then it was possible to re-create \u003ccode\u003efailOverTimer\u003c/code\u003e which would then wait the 10 seconds for the child to finish CONNECTING. We only want to give the child one opportunity after transitioning out of READY/IDLE.\u003c/li\u003e\n\u003cli\u003exds: Use a different log name for \u003ccode\u003eXdsClientImpl\u003c/code\u003e and \u003ccode\u003eControlPlaneClient\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12287\"\u003e#12287\u003c/a\u003e). \u003ccode\u003eControlPlaneClient\u003c/code\u003e uses \u0026quot;xds-cp-client\u0026quot; now instead of \u0026quot;xds-client\u0026quot; while logging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Netty 4.1.124.Final (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e). This implicitly disables \u003ccode\u003eNettyAdaptiveCumulator\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/11284\"\u003e#11284\u003c/a\u003e), which can have a performance impact. We delayed upgrading Netty to give time to rework the optimization, but we've gone too long already without upgrading which causes problems for vulnerability tracking.\u003c/li\u003e\n\u003cli\u003ebazel: Use \u003ccode\u003ejar_jar\u003c/code\u003e to avoid xds deps (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12243\"\u003e#12243\u003c/a\u003e) (8f09b9689). The //xds and //xds:orca targets now use \u003ccode\u003ejar_jar\u003c/code\u003e to shade the protobuf generated code. This allows them to use their own private copy of the protos and drop direct Bazel dependencies on cel-spec, grpc, rules_go, com_github_cncf_xds, envoy_api, com_envoyproxy_protoc_gen_validate, and opencensus_proto. This mirrors the shading of protobuf messages done for grpc-xds provided on Maven Central and should simplify dependency management\u003c/li\u003e\n\u003cli\u003eProtobuf upgraded to 3.25.8\u003c/li\u003e\n\u003cli\u003eproto-google-common-protos upgraded to 2.59.2\u003c/li\u003e\n\u003cli\u003es2a-proto upgraded to 1.1.2\u003c/li\u003e\n\u003cli\u003egoogle-cloud-logging upgraded to 3.23.1 (used by gcp-observability)\u003c/li\u003e\n\u003cli\u003eOpenTelemetry upgraded to 1.52.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify requirements for creating a cross-user Channel. (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12181\"\u003e#12181\u003c/a\u003e). The \u003ccode\u003e@SystemApi\u003c/code\u003e runtime visibility requirement isn't really new. It has always been implicit in the required INTERACT_ACROSS_USERS permission, which can only be held by system apps in production. Now deprecated \u003ccode\u003eBinderChannelBuilder#bindAsUser\u003c/code\u003e has always required SDK_INT \u0026gt;= 30. This change just copies that requirement forward to its replacement APIs in \u003ccode\u003eAndroidComponentAddress\u003c/code\u003e and the TARGET_ANDROID_USER \u003ccode\u003eNameResolver.Args\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eapi: Add more Javadoc for \u003ccode\u003eNameResolver.Listener2\u003c/code\u003e interface (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12220\"\u003e#12220\u003c/a\u003e) (d352540a0)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/benjaminp\"\u003e\u003ccode\u003e@​benjaminp\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/werkt\"\u003e\u003ccode\u003e@​werkt\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/vimanikag\"\u003e\u003ccode\u003e@​vimanikag\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.74.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecompiler: Default to \u003ccode\u003e@generated=omit\u003c/code\u003e (f8700a13a). This omits \u003ccode\u003ejavax.annotation.Generated\u003c/code\u003e from the generated code and makes the \u003ccode\u003eorg.apache.tomcat:annotations-api\u003c/code\u003e compile-only dependency unnecessary (README and examples changes forthcoming; we delayed those changes until the release landed). You can use the option \u003ccode\u003e@generated=javax\u003c/code\u003e for the previous behavior, but please also file an issue so we can develop alternatives\u003c/li\u003e\n\u003cli\u003ecompiler: generate blocking v2 unary calls that throw StatusException (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12126\"\u003e#12126\u003c/a\u003e) (a16d65591). Previously, the new blocking stub API was identical to the older blocking stub for unary RPCs and used the unchecked \u003ccode\u003eStatusRuntimeException\u003c/code\u003e. However, feedback demonstrated it was confusing to mix that with the checked \u003ccode\u003eStatusException\u003c/code\u003e in \u003ccode\u003eBlockingClientCall\u003c/code\u003e. Now the new blocking stub uses StatusException throughout. grpc-java continues to support the old generated code, but the version of protoc-gen-grpc-java will dictate which API you see. If you support multiple generated code versions, you can use the older blocking v1 stub for unary RPCs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Fix a race that caused RPCs to hang on start when a GOAWAY was received while the RPCs’ headers were being written to the OS (b04c673fd, 15c757398). This was a very old race, not a recent regression. All streams should now properly fail instead of hanging, although in some cases they may be transparently retried\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/3abc0e6e1f4981017b7117e47e1844a318a51f24\"\u003e\u003ccode\u003e3abc0e6\u003c/code\u003e\u003c/a\u003e Bump version to 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/cbfe6c1ccaf0d9480daa8faa3e37a117adb798ba\"\u003e\u003ccode\u003ecbfe6c1\u003c/code\u003e\u003c/a\u003e Update README etc to reference 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a0f3520ad0bf5186f84d48b7df6e2555e8b16da8\"\u003e\u003ccode\u003ea0f3520\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12295\"\u003e#12295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/7ef13f40a6d9cdaccd0c064b5bd3745f9518781e\"\u003e\u003ccode\u003e7ef13f4\u003c/code\u003e\u003c/a\u003e Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/14fd8eff28d55fae4a791b256602d83a5fb9d848\"\u003e\u003ccode\u003e14fd8ef\u003c/code\u003e\u003c/a\u003e xds: xdsClient caches transient error for new watchers (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/653d076c605a9066cf6ae484921058580df2437d\"\u003e\u003ccode\u003e653d076\u003c/code\u003e\u003c/a\u003e xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a5c2b1aa51608b1fff016a313d8ee65f92e8d23d\"\u003e\u003ccode\u003ea5c2b1a\u003c/code\u003e\u003c/a\u003e netty: Count sent RST_STREAMs against limit (1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/0d3e8283a8105a7bbf1bf746d96cac1e363de2e3\"\u003e\u003ccode\u003e0d3e828\u003c/code\u003e\u003c/a\u003e xds: Use a different log name for XdsClientImpl and ControlPlaneClient (1.75....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/d750e9df576a63f8b0d55eefc730282dc60f99d1\"\u003e\u003ccode\u003ed750e9d\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.1.124.Final (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/19c579e8a93cc0660df1523b5740eae9aa888a09\"\u003e\u003ccode\u003e19c579e\u003c/code\u003e\u003c/a\u003e Bump versions of dependencies (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12252\"\u003e#12252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-java/compare/v1.57.1...v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.10.3 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.0 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GizzZmo/dubbo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GizzZmo/dubbo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GizzZmo%2Fdubbo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"10.1.42","new_version":"10.1.54","update_type":"patch","path":"/jag-ccd-application","pr_created_at":"2026-04-21T16:05:29.000Z","version_change":"10.1.42 → 10.1.54","issue":{"uuid":"4303858074","node_id":"PR_kwDOGUpuWs7UXLKS","number":251,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 10.1.42 to 10.1.54 in /jag-ccd-application","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T20:53:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T16:05:29.000Z","updated_at":"2026-05-18T20:53:55.000Z","time_to_close":2350104,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.42","new_version":"10.1.54","repository_url":null}],"path":"/jag-ccd-application","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 10.1.42 to 10.1.54.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=10.1.42\u0026new-version=10.1.54)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bcgov/jag-ccd/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bcgov/jag-ccd/pull/251","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgov%2Fjag-ccd/issues/251","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/251/packages"}},{"old_version":"10.1.53","new_version":"11.0.21","update_type":"major","path":null,"pr_created_at":"2026-04-17T10:56:52.000Z","version_change":"10.1.53 → 11.0.21","issue":{"uuid":"4282073476","node_id":"PR_kwDOR_UjR87TSRTX","number":45,"state":"closed","title":"deps: bump the maven-dependencies group with 6 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T21:07:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-17T10:56:52.000Z","updated_at":"2026-05-16T21:08:04.000Z","time_to_close":2542263,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: bump","group_name":"maven-dependencies","update_count":6,"packages":[{"name":"org.apache.maven:maven-model","old_version":"3.9.14","new_version":"3.9.15"},{"name":"org.eclipse.jgit:org.eclipse.jgit","old_version":"7.1.0.202411261347-r","new_version":"7.6.0.202603022253-r","repository_url":"https://github.com/eclipse-jgit/jgit"},{"name":"org.springframework.boot:spring-boot-dependencies","old_version":"3.5.6","new_version":"4.0.5","repository_url":"https://github.com/spring-projects/spring-boot"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"10.1.53","new_version":"11.0.21"},{"name":"org.apache.tomcat.embed:tomcat-embed-el","old_version":"10.1.53","new_version":"11.0.21"},{"name":"org.apache.tomcat.embed:tomcat-embed-websocket","old_version":"10.1.53","new_version":"11.0.21"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven-dependencies group with 6 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.maven:maven-model | `3.9.14` | `3.9.15` |\n| [org.eclipse.jgit:org.eclipse.jgit](https://github.com/eclipse-jgit/jgit) | `7.1.0.202411261347-r` | `7.6.0.202603022253-r` |\n| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.5.6` | `4.0.5` |\n| org.apache.tomcat.embed:tomcat-embed-core | `10.1.53` | `11.0.21` |\n| org.apache.tomcat.embed:tomcat-embed-el | `10.1.53` | `11.0.21` |\n| org.apache.tomcat.embed:tomcat-embed-websocket | `10.1.53` | `11.0.21` |\n\nUpdates `org.apache.maven:maven-model` from 3.9.14 to 3.9.15\n\nUpdates `org.eclipse.jgit:org.eclipse.jgit` from 7.1.0.202411261347-r to 7.6.0.202603022253-r\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/e1fefa5863d6380d091d04e6f0d890356a218fd6\"\u003e\u003ccode\u003ee1fefa5\u003c/code\u003e\u003c/a\u003e JGit v7.6.0.202603022253-r\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/c80ff8d4fbe67fe1adefc6e931440ef3889bef5b\"\u003e\u003ccode\u003ec80ff8d\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into stable-7.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/db7dcf9ee3851c7c34a9ccabc0866a875f3d28e6\"\u003e\u003ccode\u003edb7dcf9\u003c/code\u003e\u003c/a\u003e Add AddCommand #addFilepatterns methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/9c8ba9e35c2572efcd910ff186551b0158d8739c\"\u003e\u003ccode\u003e9c8ba9e\u003c/code\u003e\u003c/a\u003e Bazel: Pin jcl-over-slf4j to SLF4J_VERSION\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/401eeaa9a1f81e8adc4583b4de6a75a683837a92\"\u003e\u003ccode\u003e401eeaa\u003c/code\u003e\u003c/a\u003e Prepare 7.6.0-SNAPSHOT builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/cf6fdba1614fbe4e9c6edc84ea8f8439994ca72a\"\u003e\u003ccode\u003ecf6fdba\u003c/code\u003e\u003c/a\u003e JGit v7.6.0.202602242313-rc1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/99c85ebb5f19d5073f541a8a0c254c9a99b18520\"\u003e\u003ccode\u003e99c85eb\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into stable-7.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/d4ceb3f8daf02a39d109921d08f79bf98774e925\"\u003e\u003ccode\u003ed4ceb3f\u003c/code\u003e\u003c/a\u003e Support diff3 conflict style in merges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/490ed19fc73522265027ea377ff745289160d21f\"\u003e\u003ccode\u003e490ed19\u003c/code\u003e\u003c/a\u003e RebaseCommand: Honor the commit message cleanup configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eclipse-jgit/jgit/commit/a5873fff63b9dc88e10a4178d70838fe6ef0a002\"\u003e\u003ccode\u003ea5873ff\u003c/code\u003e\u003c/a\u003e Merge \u0026quot;Refactor handlePackError method to improve readability\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eclipse-jgit/jgit/compare/v7.1.0.202411261347-r...v7.6.0.202603022253-r\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework.boot:spring-boot-dependencies` from 3.5.6 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-boot/releases\"\u003eorg.springframework.boot:spring-boot-dependencies's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.5\u003c/h2\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest starter for Spring Integration does not include Spring Integration test module \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49784\"\u003e#49784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49782\"\u003e#49782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49753\"\u003e#49753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49749\"\u003e#49749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMetadata annotation processor ignores method-level \u003ccode\u003e@NestedConfigurationProperty\u003c/code\u003e when using constructor binding \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49738\"\u003e#49738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOverride of property in external 'application.properties' or 'application.yaml' is ignored \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49731\"\u003e#49731\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNativeImageResourceProvider does not find Flyway migration scripts in subdirectories \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49706\"\u003e#49706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e@ConditionalOnWebApplication\u003c/code\u003e to NettyReactiveWebServerAutoConfiguration \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49695\"\u003e#49695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@GraphQlTest\u003c/code\u003e does not include \u003ccode\u003e@ControllerAdvice\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49672\"\u003e#49672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect indefinite articles in Javadoc \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49727\"\u003e#49727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd some more Kotlin examples and trivial style fixes \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49714\"\u003e#49714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOverhaul Spring Session documentation following modularization \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49704\"\u003e#49704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Brave 6.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49763\"\u003e#49763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Jackson 2 Bom 2.21.2 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49764\"\u003e#49764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to jOOQ 3.19.31 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49765\"\u003e#49765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Netty 4.2.12.Final \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49794\"\u003e#49794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Tomcat 11.0.20 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49767\"\u003e#49767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade to Zipkin Reporter 3.5.3 \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49762\"\u003e#49762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThank you to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Joowon-Seo\"\u003e\u003ccode\u003e@​Joowon-Seo\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/deejay1\"\u003e\u003ccode\u003e@​deejay1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dlwldnjs1009\"\u003e\u003ccode\u003e@​dlwldnjs1009\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kwondh5217\"\u003e\u003ccode\u003e@​kwondh5217\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ljrmorgan\"\u003e\u003ccode\u003e@​ljrmorgan\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/quaff\"\u003e\u003ccode\u003e@​quaff\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003e:warning: Attention Required\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49453\"\u003e#49453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49389\"\u003e#49389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eJackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49383\"\u003e#49383\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe default value for \u003ccode\u003eserver.tomcat.max-part-count\u003c/code\u003e has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49311\"\u003e#49311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEndpointRequest request matcher for health groups is too complex \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49649\"\u003e#49649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u0026quot;/cloudfoundryapplication\u0026quot; web path is not limited to Actuator \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49646\"\u003e#49646\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix EndpointRequest.toLinks() when base-path is '/' \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49617\"\u003e#49617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49596\"\u003e#49596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRSocket exposes duplicate endpoint for websocket setups \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/issues/49593\"\u003e#49593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFailure analysis for a missing mail sender is misleading \u003ca href=\"https://redirect.github.com/spring-projects/spring-boot/pull/49582\"\u003e#49582\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/fe74b311f4b2846848e678eaf7b3c6203ddae930\"\u003e\u003ccode\u003efe74b31\u003c/code\u003e\u003c/a\u003e Release v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/e1d6e5a7098d1e5d3403fb58387622b65d8e825f\"\u003e\u003ccode\u003ee1d6e5a\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/6c9e52a1745d255e096d1334593636d005f68143\"\u003e\u003ccode\u003e6c9e52a\u003c/code\u003e\u003c/a\u003e Next development version (v3.5.14-SNAPSHOT)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/a413e9545fd1efe9a9548ec70c86f87559c907f1\"\u003e\u003ccode\u003ea413e95\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.2.12.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/c1694b50c29e37a162a3d9ad43f4e4b434698247\"\u003e\u003ccode\u003ec1694b5\u003c/code\u003e\u003c/a\u003e Add missing Spring Integration test module to the relevant starter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/51ffdc6cd319fd70f8200ffd69dff0f79c3dfdb7\"\u003e\u003ccode\u003e51ffdc6\u003c/code\u003e\u003c/a\u003e Merge branch '3.5.x' into 4.0.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/696a60e8fd2ce2bff1cf96c2706a97cf64b49a76\"\u003e\u003ccode\u003e696a60e\u003c/code\u003e\u003c/a\u003e Full auto-configure transaction management in slice tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/ba70d41a998c8e77d185dd1d7e4ace80ed8cd7e2\"\u003e\u003ccode\u003eba70d41\u003c/code\u003e\u003c/a\u003e Upgrade to Tomcat 11.0.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/fd94ca0a0baab48a055b3dfe8fd4d09daec766b9\"\u003e\u003ccode\u003efd94ca0\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.2.11.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-boot/commit/7e6833bc9c5b73bba6920cead989e28d64f982ff\"\u003e\u003ccode\u003e7e6833b\u003c/code\u003e\u003c/a\u003e Upgrade to jOOQ 3.19.31\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-boot/compare/v3.5.6...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-el` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-el` from 10.1.53 to 11.0.21\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-websocket` from 10.1.53 to 11.0.21\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jka2498/bom-migrate/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jka2498%2Fbom-migrate/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"}},{"old_version":"7.0.85","new_version":"9.0.117","update_type":"major","path":null,"pr_created_at":"2026-04-13T19:30:29.000Z","version_change":"7.0.85 → 9.0.117","issue":{"uuid":"4257377747","node_id":"PR_kwDOK8Zc3s7SF8VK","number":9,"state":"open","title":"Bump the maven group across 4 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-13T19:30:29.000Z","updated_at":"2026-05-05T02:03:13.541Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":18,"packages":[{"name":"org.apache.activemq:activemq-all","old_version":"5.15.8","new_version":"5.19.2","repository_url":"https://github.com/apache/activemq"},{"name":"org.wso2.carbon.mediation:org.wso2.carbon.localentry","old_version":"4.7.46","new_version":"4.7.259"},{"name":"commons-io:commons-io","old_version":"2.2","new_version":"2.14.0"},{"name":"org.opensaml:opensaml","old_version":"2.2.3","new_version":"2.6.5"},{"name":"org.springframework:spring-context","old_version":"4.1.5.RELEASE","new_version":"6.1.20","repository_url":"https://github.com/spring-projects/spring-framework"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.85","new_version":"9.0.117"},{"name":"org.json:json","old_version":"20080701","new_version":"20231013","repository_url":"https://github.com/douglascrockford/JSON-java"},{"name":"io.netty:netty-common","old_version":"4.1.11.Final","new_version":"4.1.118.Final","repository_url":"https://github.com/netty/netty"},{"name":"org.apache.commons:commons-lang3","old_version":"3.1","new_version":"3.18.0"},{"name":"org.owasp.esapi:esapi","old_version":"2.0.1","new_version":"2.6.0.0","repository_url":"https://github.com/ESAPI/esapi-java-legacy"},{"name":"commons-fileupload:commons-fileupload","old_version":"1.3.2","new_version":"1.6.0"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [org.apache.activemq:activemq-all](https://github.com/apache/activemq) | `5.15.8` | `5.19.2` |\n| org.wso2.carbon.mediation:org.wso2.carbon.localentry | `4.7.46` | `4.7.259` |\n| commons-io:commons-io | `2.2` | `2.14.0` |\n| org.opensaml:opensaml | `2.2.3` | `2.6.5` |\n| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `4.1.5.RELEASE` | `6.1.20` |\n| org.apache.tomcat.embed:tomcat-embed-core | `7.0.85` | `9.0.117` |\n| [org.json:json](https://github.com/douglascrockford/JSON-java) | `20080701` | `20231013` |\n| [io.netty:netty-common](https://github.com/netty/netty) | `4.1.11.Final` | `4.1.118.Final` |\n| org.apache.commons:commons-lang3 | `3.1` | `3.18.0` |\n| [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) | `2.0.1` | `2.6.0.0` |\n| commons-fileupload:commons-fileupload | `1.3.2` | `1.6.0` |\n\nBumps the maven group with 1 update in the /integration/automation-extensions directory: org.apache.commons:commons-lang3.\nBumps the maven group with 2 updates in the /p2-profile/analytics-profile directory: org.apache.commons:commons-lang3 and commons-fileupload:commons-fileupload.\nBumps the maven group with 3 updates in the /product-scenarios directory: org.apache.activemq:activemq-client, org.apache.commons:commons-lang3 and org.apache.axis2:axis2.\n\nUpdates `org.apache.activemq:activemq-all` from 5.15.8 to 5.19.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c0ba134bd07f5c15f04f9b7cb7a6a1b021ef3882\"\u003e\u003ccode\u003ec0ba134\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release activemq-5.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/b8b6125d64b9902c616a90b12765f1da35225ae4\"\u003e\u003ccode\u003eb8b6125\u003c/code\u003e\u003c/a\u003e Upgrade to log4j 2.25.3 and slf4j 2.0.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/2962323277ab07286c4dd84084d2e26c9c68b081\"\u003e\u003ccode\u003e2962323\u003c/code\u003e\u003c/a\u003e Bump org.apache.commons:commons-pool2 from 2.12.1 to 2.13.1 (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1605\"\u003e#1605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/13360632df6e55c422e21c14fcc7cada0b1abf46\"\u003e\u003ccode\u003e1336063\u003c/code\u003e\u003c/a\u003e [AMQ-9815] Add additional attributes to ConnectorView (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1556\"\u003e#1556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/120aa34113b26c1aacac6461b798caa8b6048a08\"\u003e\u003ccode\u003e120aa34\u003c/code\u003e\u003c/a\u003e AMQ-9824 - Cleanup code in KahaDB classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/4f3bafbcb76f86fc89bf3a172044ccea602a27e6\"\u003e\u003ccode\u003e4f3bafb\u003c/code\u003e\u003c/a\u003e AMQ-9823 - properly clear ack set from ackAndPreparedMap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/7b71fc6289e6f26c200988df3cf9c0f5093dadf8\"\u003e\u003ccode\u003e7b71fc6\u003c/code\u003e\u003c/a\u003e AMQ-9819 - Rework Rest test fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/009b4f3cbb1469389497ab6ffe2df68ce897dd2c\"\u003e\u003ccode\u003e009b4f3\u003c/code\u003e\u003c/a\u003e [AMQ-9819]: harden #testConsumeAsyncTimeout() so it does not rely on a specif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c2dced4b307ca74f0784339a106261d0469be2b0\"\u003e\u003ccode\u003ec2dced4\u003c/code\u003e\u003c/a\u003e [AMQ-9820]: closed connections leaking into the pool when reconnectOnExceptio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/733257f23cdfdcc199e71ff3fc4670f2a56876a2\"\u003e\u003ccode\u003e733257f\u003c/code\u003e\u003c/a\u003e AMQ-9813 - Minor updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/activemq/compare/activemq-5.15.8...activemq-5.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.activemq:activemq-broker` from 5.15.8 to 5.19.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c0ba134bd07f5c15f04f9b7cb7a6a1b021ef3882\"\u003e\u003ccode\u003ec0ba134\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release activemq-5.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/b8b6125d64b9902c616a90b12765f1da35225ae4\"\u003e\u003ccode\u003eb8b6125\u003c/code\u003e\u003c/a\u003e Upgrade to log4j 2.25.3 and slf4j 2.0.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/2962323277ab07286c4dd84084d2e26c9c68b081\"\u003e\u003ccode\u003e2962323\u003c/code\u003e\u003c/a\u003e Bump org.apache.commons:commons-pool2 from 2.12.1 to 2.13.1 (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1605\"\u003e#1605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/13360632df6e55c422e21c14fcc7cada0b1abf46\"\u003e\u003ccode\u003e1336063\u003c/code\u003e\u003c/a\u003e [AMQ-9815] Add additional attributes to ConnectorView (\u003ca href=\"https://redirect.github.com/apache/activemq/issues/1556\"\u003e#1556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/120aa34113b26c1aacac6461b798caa8b6048a08\"\u003e\u003ccode\u003e120aa34\u003c/code\u003e\u003c/a\u003e AMQ-9824 - Cleanup code in KahaDB classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/4f3bafbcb76f86fc89bf3a172044ccea602a27e6\"\u003e\u003ccode\u003e4f3bafb\u003c/code\u003e\u003c/a\u003e AMQ-9823 - properly clear ack set from ackAndPreparedMap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/7b71fc6289e6f26c200988df3cf9c0f5093dadf8\"\u003e\u003ccode\u003e7b71fc6\u003c/code\u003e\u003c/a\u003e AMQ-9819 - Rework Rest test fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/009b4f3cbb1469389497ab6ffe2df68ce897dd2c\"\u003e\u003ccode\u003e009b4f3\u003c/code\u003e\u003c/a\u003e [AMQ-9819]: harden #testConsumeAsyncTimeout() so it does not rely on a specif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/c2dced4b307ca74f0784339a106261d0469be2b0\"\u003e\u003ccode\u003ec2dced4\u003c/code\u003e\u003c/a\u003e [AMQ-9820]: closed connections leaking into the pool when reconnectOnExceptio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/activemq/commit/733257f23cdfdcc199e71ff3fc4670f2a56876a2\"\u003e\u003ccode\u003e733257f\u003c/code\u003e\u003c/a\u003e AMQ-9813 - Minor updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/activemq/compare/activemq-5.15.8...activemq-5.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.activemq:activemq-client` from 5.15.8 to 5.19.2\n\nUpdates `org.wso2.carbon.mediation:org.wso2.carbon.localentry` from 4.7.46 to 4.7.259\n\nUpdates `commons-io:commons-io` from 2.2 to 2.14.0\n\nUpdates `org.opensaml:opensaml` from 2.2.3 to 2.6.5\n\nUpdates `org.springframework:spring-context` from 4.1.5.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-context's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.1.5.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.springframework:spring-web` from 4.1.5.RELEASE to 6.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spring-projects/spring-framework/releases\"\u003eorg.springframework:spring-web's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.20\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option for case-insensitive match to PatternMatchUtils \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34802\"\u003e#34802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34854\"\u003e#34854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccidental ClassLoader defineClass enforcement after \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34677\"\u003e#34677\u003c/a\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34839\"\u003e#34839\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClarify \u003ccode\u003eCompositePropertySource\u003c/code\u003e behavior for \u003ccode\u003eEnumerablePropertySource\u003c/code\u003e contract \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34887\"\u003e#34887\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Reactor 2023.0.18 \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34899\"\u003e#34899\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.19\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuggest compilation with \u003ccode\u003e-parameters\u003c/code\u003e when \u003ccode\u003eAspectJAdviceParameterNameDiscoverer\u003c/code\u003e fails against ambiguity \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34618\"\u003e#34618\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePropertyBatchUpdateException\u003c/code\u003e: causes of nested \u003ccode\u003ePropertyAccessException\u003c/code\u003es not shown in output \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34698\"\u003e#34698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34694\"\u003e#34694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStartup performance regression due to CGLIB class load attempts in Spring 6.1.x \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34693\"\u003e#34693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34690\"\u003e#34690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@Configuration\u003c/code\u003e classes can no longer be \u003ccode\u003eabstract\u003c/code\u003e without \u003ccode\u003e@Bean\u003c/code\u003e methods \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34689\"\u003e#34689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGenerated-code for LinkedHashMap is missing static keyword \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34661\"\u003e#34661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34619\"\u003e#34619\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:notebook_with_decorative_cover: Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd javadoc notes on potential exception suppression in \u003ccode\u003eListableBeanFactory#getBeansOfType\u003c/code\u003e \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34631\"\u003e#34631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove remaining references to Forwarded headers in MvcUriComponentsBuilder \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34626\"\u003e#34626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMvcUriComponentsBuilder\u003c/code\u003e javadocs inaccurately reflects usage of forwarded headers \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34620\"\u003e#34620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.18\u003c/h2\u003e\n\u003ch2\u003e:star: New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary CGLIB processing on configuration classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34487\"\u003e#34487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInconsistent default class loaders in hint classes \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34473\"\u003e#34473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:lady_beetle: Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34515\"\u003e#34515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEndless loop with DataSourceUtils in spring-jdbc \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34497\"\u003e#34497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMockHttpServletResponse - handle multiple values for Content-Language header \u003ca href=\"https://redirect.github.com/spring-projects/spring-framework/issues/34491\"\u003e#34491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/1f9c59b17b5a7afc69f28b694de4553d6b65c9d5\"\u003e\u003ccode\u003e1f9c59b\u003c/code\u003e\u003c/a\u003e Release v6.1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/edfcc6ffb188e4614ec9b212e3208b666981851c\"\u003e\u003ccode\u003eedfcc6f\u003c/code\u003e\u003c/a\u003e Make use of PatternMatchUtils ignoreCase option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/f93132b11ef6aa5718d20a05846828659c082fe8\"\u003e\u003ccode\u003ef93132b\u003c/code\u003e\u003c/a\u003e Add missing \u003ca href=\"https://github.com/since\"\u003e\u003ccode\u003e@​since\u003c/code\u003e\u003c/a\u003e tags in PatternMatchUtils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/6ab4c84bd528d9480071d3dec4ff0b4904dbbb2f\"\u003e\u003ccode\u003e6ab4c84\u003c/code\u003e\u003c/a\u003e Upgrade to Reactor 2023.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/d5fca0d2c5d96b1a59a5814aa38c5f3b15238301\"\u003e\u003ccode\u003ed5fca0d\u003c/code\u003e\u003c/a\u003e Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/cbb94193fe9f11d1af8b8958292b0edc8451cd4c\"\u003e\u003ccode\u003ecbb9419\u003c/code\u003e\u003c/a\u003e Clarify CompositePropertySource behavior for EnumerablePropertySource contract\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/5b5e2b68767537f204d8392201497805ce6562d7\"\u003e\u003ccode\u003e5b5e2b6\u003c/code\u003e\u003c/a\u003e Fix HttpClient 5.3.x request config compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/a5b0399a1d6f3e89ae3bbfeb0b13142ecaddb4e9\"\u003e\u003ccode\u003ea5b0399\u003c/code\u003e\u003c/a\u003e Polishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/71f27256381d72170f9c6d38eea3032ceb24f030\"\u003e\u003ccode\u003e71f2725\u003c/code\u003e\u003c/a\u003e Try loadClass on LinkageError in case of same ClassLoader as well\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/spring-projects/spring-framework/commit/daee9f1242264215876e67f6ef43b117195385c6\"\u003e\u003ccode\u003edaee9f1\u003c/code\u003e\u003c/a\u003e Reinstate the @⁠Inject Technology Compatibility Kit (TCK)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/spring-projects/spring-framework/compare/v4.1.5.RELEASE...v6.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 7.0.85 to 9.0.117\n\nUpdates `org.json:json` from 20080701 to 20231013\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/douglascrockford/JSON-java/releases\"\u003eorg.json:json's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e20231013\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eReverted \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eupdate the docs for release 20231013\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eoptLong vs getLong inconsistencies\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/782\"\u003e#782\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eadd validity check for JSONObject constructors\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/776\"\u003e#776\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate [JUnit to version 4.13.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/774\"\u003e#774\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRemoving unneeded synchronization\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/773\"\u003e#773\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd optJSONArray method to JSONObject with a default value\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/772\"\u003e#772\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eDisallow nested objects and arrays as keys in objects\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUnit test cleanup\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/769\"\u003e#769\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAddressed Java 17 compile warnings\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/764\"\u003e#764\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate CodeQL action version\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd module-info\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/759\"\u003e#759\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSON parsing should detect embedded \u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/753\"\u003e#753\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdated new object methods\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/752\"\u003e#752\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFixes possible unit test bug when compiling/testing on Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230618\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/749\"\u003e#749\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/749\"\u003ePrep for release 20230618\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/740\"\u003e#740\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/734\"\u003e#734\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/733\"\u003e#733\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/733\"\u003eJSONTokener implemented java.io.Closeable\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/731\"\u003e#731\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/731\"\u003eRemoving commented out code in JSONObject optDouble()\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/729\"\u003e#729\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/729\"\u003eRefactor ParserConfiguration class hierarchy\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230227\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/723\"\u003e#723\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eProtect JSONML from stack overflow exceptions caused by recursion\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/720\"\u003e#720\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eLimit the XML nesting depth for CVE-2022-45688\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/711\"\u003e#711\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRevert pull 707 - interviewbit spam\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/704\"\u003e#704\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eMove javadoc comments above the interface definition to make it visible\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/703\"\u003e#703\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate Releases.md for JSONObject(Map): Throws NPE if key is null\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/696\"\u003e#696\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate JSONPointerTest for NonDex compatibility\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/694\"\u003e#694\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePretty print XML\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/692\"\u003e#692\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eExample.md syntax highlight and indentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/691\"\u003e#691\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eCreate unit tests for various number formats\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20220924\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/688\"\u003e#688\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate copyright to Public Domain\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/687\"\u003e#687\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix a typo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/685\"\u003e#685\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSONObject map type unit tests\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md\"\u003eorg.json:json's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e20231013    First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.\u003c/p\u003e\n\u003cp\u003e20230618    Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.\u003c/p\u003e\n\u003cp\u003e20230227    Fix for CVE-2022-45688 and recent commits\u003c/p\u003e\n\u003cp\u003e20220924    New License - public domain, and some minor updates\u003c/p\u003e\n\u003cp\u003e20220320    Wrap StackOverflow with JSONException\u003c/p\u003e\n\u003cp\u003e20211205    Recent commits and some bug fixes for similar()\u003c/p\u003e\n\u003cp\u003e20210307    Recent commits and potentially breaking fix to JSONPointer\u003c/p\u003e\n\u003cp\u003e20201115    Recent commits and first release after project structure change\u003c/p\u003e\n\u003cp\u003e20200518    Recent commits and snapshot before project structure change\u003c/p\u003e\n\u003cp\u003e20190722    Recent commits\u003c/p\u003e\n\u003cp\u003e20180813    POM change to include Automatic-Module-Name (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/431\"\u003e#431\u003c/a\u003e)\nJSONObject(Map) now throws an exception if any of a map keys are null (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/405\"\u003e#405\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e20180130    Recent commits\u003c/p\u003e\n\u003cp\u003e20171018    Checkpoint for recent commits.\u003c/p\u003e\n\u003cp\u003e20170516    Roll up recent commits.\u003c/p\u003e\n\u003cp\u003e20160810    Revert code that was breaking opt*() methods.\u003c/p\u003e\n\u003cp\u003e20160807    This release contains a bug in the JSONObject.opt*() and JSONArray.opt*() methods,\nit is not recommended for use.\nJava 1.6 compatability fixed, JSONArray.toList() and JSONObject.toMap(),\nRFC4180 compatibility, JSONPointer, some exception fixes, optional XML type conversion.\nContains the latest code as of 7 Aug 2016\u003c/p\u003e\n\u003cp\u003e20160212    Java 1.6 compatibility, OSGi bundle. Contains the latest code as of 12 Feb 2016.\u003c/p\u003e\n\u003cp\u003e20151123    JSONObject and JSONArray initialization with generics. Contains the latest code as of 23 Nov 2015.\u003c/p\u003e\n\u003cp\u003e20150729    Checkpoint for Maven central repository release. Contains the latest code\nas of 29 July 2015.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/douglascrockford/JSON-java/commits/20231013\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-common` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-handler` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-codec` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.netty:netty-codec-http` from 4.1.11.Final to 4.1.118.Final\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/36f95cfaeed0c1313b21f1b5350c19436ae7fb45\"\u003e\u003ccode\u003e36f95cf\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.118.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\"\u003e\u003ccode\u003e87f4072\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\"\u003e\u003ccode\u003ed1fbda6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f844d78e4e23182610a24576d225de933f90f92e\"\u003e\u003ccode\u003ef844d78\u003c/code\u003e\u003c/a\u003e Upgrade netty-tcnative to 2.0.70.Final (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8afb5d916f135edbc3a14f855665f077ddf56ae7\"\u003e\u003ccode\u003e8afb5d9\u003c/code\u003e\u003c/a\u003e Only run 2 jobs with leak detection to minimize build times (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14784\"\u003e#14784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/f2c27dadba055e7f496ee6298262ee06522f5fd9\"\u003e\u003ccode\u003ef2c27da\u003c/code\u003e\u003c/a\u003e AdaptivePoolingAllocator: Round chunk sizes up to MIN_CHUNK_SIZE units and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8d387ffbecbc95758f90cc97f18096c6ad21b073\"\u003e\u003ccode\u003e8d387ff\u003c/code\u003e\u003c/a\u003e Change the default AdaptiveRecvByteBufAllocator buffer size values' visibilit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/1cfd3a62ca8633cc6d1729222214c64c5b50fd89\"\u003e\u003ccode\u003e1cfd3a6\u003c/code\u003e\u003c/a\u003e Fix possible buffer leak when stream can't be mapped (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14746\"\u003e#14746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/8f9eadb7b6b4dd74b0689a01c920dac4ead18115\"\u003e\u003ccode\u003e8f9eadb\u003c/code\u003e\u003c/a\u003e Fix AccessControlException in GlobalEventExecutor (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14743\"\u003e#14743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/6fcd3e622b9e4e7b986f9ef52a43b9b69c29c53f\"\u003e\u003ccode\u003e6fcd3e6\u003c/code\u003e\u003c/a\u003e KQueueEventLoop leaks memory on shutdown. (\u003ca href=\"https://redirect.github.com/netty/netty/issues/14745\"\u003e#14745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.11.Final...netty-4.1.118.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.owasp.esapi:esapi` from 2.0.1 to 2.6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/releases\"\u003eorg.owasp.esapi:esapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.0.0\u003c/h2\u003e\n\u003ch2\u003eFull Release Notes\u003c/h2\u003e\n\u003cp\u003eRelease notes for ESAPI release 2.6.0.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.6.0.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.6.0.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreparation for ESAPI release 2.6.0.0 by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/860\"\u003eESAPI/esapi-java-legacy#860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.5.0...esapi-2.6.0.0\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.5.0...esapi-2.6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eConfiguration Jar\u003c/h2\u003e\n\u003cp\u003eNote the associated file \u0026quot;\u003cstrong\u003eesapi-2.6.0.0-configuration.jar\u003c/strong\u003e\u0026quot; contains the default ESAPI configuration\nfiles under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file\n\u0026quot;\u003cstrong\u003eesapi-2.6.0.0-configuration.jar.asc\u0026quot;\u003c/strong\u003e is a GPG signature of that jar file made by Kevin W. Wall.\u003c/p\u003e\n\u003ch2\u003e2.5.5.0\u003c/h2\u003e\n\u003ch2\u003eFull Release Notes\u003c/h2\u003e\n\u003cp\u003eRelease notes for ESAPI release 2.5.5.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.5.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.5.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePom updates to address issue \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/847\"\u003e#847\u003c/a\u003e by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/848\"\u003eESAPI/esapi-java-legacy#848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate the logging properties to opt-out of the prefix events \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/844\"\u003e#844\u003c/a\u003e by \u003ca href=\"https://github.com/mickeyz07\"\u003e\u003ccode\u003e@​mickeyz07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/845\"\u003eESAPI/esapi-java-legacy#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Typos by \u003ca href=\"https://github.com/DarioViva42\"\u003e\u003ccode\u003e@​DarioViva42\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/852\"\u003eESAPI/esapi-java-legacy#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation by \u003ca href=\"https://github.com/DebajitKumarPhukan\"\u003e\u003ccode\u003e@​DebajitKumarPhukan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/853\"\u003eESAPI/esapi-java-legacy#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease prep 2.5.5.0 by \u003ca href=\"https://github.com/kwwall\"\u003e\u003ccode\u003e@​kwwall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/856\"\u003eESAPI/esapi-java-legacy#856\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mickeyz07\"\u003e\u003ccode\u003e@​mickeyz07\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/845\"\u003eESAPI/esapi-java-legacy#845\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DarioViva42\"\u003e\u003ccode\u003e@​DarioViva42\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/852\"\u003eESAPI/esapi-java-legacy#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DebajitKumarPhukan\"\u003e\u003ccode\u003e@​DebajitKumarPhukan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/pull/853\"\u003eESAPI/esapi-java-legacy#853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.4.0...esapi-2.5.5.0\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.5.4.0...esapi-2.5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eConfiguration Jar\u003c/h2\u003e\n\u003cp\u003eNote the associated file \u0026quot;esapi-2.5.5.0-configuration.jar\u0026quot; contains the default ESAPI configuration\nfiles under 'configuration/' (ESAPI.properties, validation.properties, etc.) and the file\n\u0026quot;esapi-2.5.5.0-configuration.jar.asc\u0026quot; is a GPG signature of that jar file made by Kevin W. Wall.\u003c/p\u003e\n\u003ch2\u003e2.5.4.0\u003c/h2\u003e\n\u003ch1\u003eFull release notes\u003c/h1\u003e\n\u003cp\u003eFull release notes for ESAPI release 2.5.4.0 are located at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.4.0-release-notes.txt\"\u003ehttps://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.5.4.0-release-notes.txt\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt contains important details, which you need to read as you \u003cstrong\u003eMUST\u003c/strong\u003e remove (or rename) 'esapi-java-logging.properties' if you are using ESAPI's default logging, which is JUL. Otherwise ESAPI will throw a \u003ccode\u003eConfigurationException\u003c/code\u003e (which may appear as a \u003ccode\u003ejava.lang.ExceptionInInitializerError\u003c/code\u003e or as a \u003ccode\u003ejava.lang.NoClassDefFoundError\u003c/code\u003e, depending on circumstances). Please refer to the \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/wiki/Configuring-the-JavaLogFactory\"\u003e\u0026quot;Configuring the JavaLogFactory\u0026quot; wiki page\u003c/a\u003e for additional details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003cem\u003eYOU HAVE BEEN WARNED!!!\u003c/em\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/dcde6c2362654b6f4af2b7daa96ef44c16c5763d\"\u003e\u003ccode\u003edcde6c2\u003c/code\u003e\u003c/a\u003e A few minor documentation fixes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/5a10f77aedd790dd8ae828f090807d1ee32f11f0\"\u003e\u003ccode\u003e5a10f77\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Minor change to release steps document.\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/8b9f8f191125a19f4d258c03ec56b93ef5b54d6e\"\u003e\u003ccode\u003e8b9f8f1\u003c/code\u003e\u003c/a\u003e Minor change to release steps document.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/4698c43f469a08d1a2377b164822582aefd701af\"\u003e\u003ccode\u003e4698c43\u003c/code\u003e\u003c/a\u003e Bump release to new official release number.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/f185e5bd75270ad6f7eb54c22ef8a0fdfa0a83e7\"\u003e\u003ccode\u003ef185e5b\u003c/code\u003e\u003c/a\u003e Preparation for ESAPI release 2.6.0.0 (\u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/0b0f86cc220482987d56f0d5fd1cfc13ae7ebceb\"\u003e\u003ccode\u003e0b0f86c\u003c/code\u003e\u003c/a\u003e Update SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/4879a085034e6cf4068ef5117d933d80a1fa34b3\"\u003e\u003ccode\u003e4879a08\u003c/code\u003e\u003c/a\u003e Modifying pom.xml for next planned release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/3f2ff053269572dceef78bdefe3b8c3ecfd83076\"\u003e\u003ccode\u003e3f2ff05\u003c/code\u003e\u003c/a\u003e Fix release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/19b739a02962ae0a1e7f3a7ec3411c55e7ebf071\"\u003e\u003ccode\u003e19b739a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ESAPI/esapi-java-legacy/issues/856\"\u003e#856\u003c/a\u003e from kwwall/release-prep-2.5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/commit/a160de070ad02b5308ae27d2f3d638d92fd4c2d3\"\u003e\u003ccode\u003ea160de0\u003c/code\u003e\u003c/a\u003e Update section on commit / PR history.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ESAPI/esapi-java-legacy/compare/esapi-2.0.1...esapi-2.6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commons-fileupload:commons-fileupload` from 1.3.2 to 1.6.0\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.apache.commons:commons-lang3` from 3.3.2 to 3.18.0\n\nUpdates `commons-fileupload:commons-fileupload` from 1.3.2 to 1.6.0\n\nUpdates `org.apache.activemq:activemq-client` from 5.15.8 to 5.19.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.1 to 3.18.0\n\nUpdates `org.apache.axis2:axis2` from 1.6.2 to 1.8.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jadenblack/product-ei/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jadenblack/product-ei/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jadenblack%2Fproduct-ei/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"8.0.28","new_version":"9.0.117","update_type":"major","path":null,"pr_created_at":"2026-04-11T22:45:26.000Z","version_change":"8.0.28 → 9.0.117","issue":{"uuid":"4245943109","node_id":"PR_kwDOMPF9kM7RteFB","number":59,"state":"open","title":"Bump the maven group across 12 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-11T22:45:26.000Z","updated_at":"2026-04-11T22:45:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":10,"packages":[{"name":"org.apache.hadoop:hadoop-common","old_version":"2.6.4","new_version":"3.4.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.1.2","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"ch.qos.logback:logback-core","old_version":"1.1.3","new_version":"1.5.25","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.elasticsearch:elasticsearch","old_version":"2.4.0","new_version":"8.19.8","repository_url":"https://github.com/elastic/elasticsearch"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.7","new_version":"2.25.4"},{"name":"org.hsqldb:hsqldb","old_version":"2.3.3","new_version":"2.7.1"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.7.1","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"},{"name":"org.postgresql:postgresql","old_version":"9.4.1212.jre7","new_version":"42.2.28.jre7","repository_url":"https://github.com/pgjdbc/pgjdbc"},{"name":"org.json:json","old_version":"20160212","new_version":"20231013","repository_url":"https://github.com/douglascrockford/JSON-java"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.0.28","new_version":"9.0.117"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.hadoop:hadoop-common | `2.6.4` | `3.4.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.1.2` | `1.2.13` |\n| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.1.3` | `1.5.25` |\n| [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) | `2.4.0` | `8.19.8` |\n| org.apache.logging.log4j:log4j-core | `2.7` | `2.25.4` |\n| org.hsqldb:hsqldb | `2.3.3` | `2.7.1` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.7.1` | `1.1.10.4` |\n| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `9.4.1212.jre7` | `42.2.28.jre7` |\n| [org.json:json](https://github.com/douglascrockford/JSON-java) | `20160212` | `20231013` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.0.28` | `9.0.117` |\n\nBumps the maven group with 1 update in the /accumulo1.9 directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 2 updates in the /arangodb directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [ch.qos.logback:logback-core](https://github.com/qos-ch/logback).\nBumps the maven group with 1 update in the /elasticsearch directory: [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch).\nBumps the maven group with 1 update in the /elasticsearch5 directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /ignite directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /jdbc directory: org.hsqldb:hsqldb.\nBumps the maven group with 2 updates in the /mongodb directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java).\nBumps the maven group with 1 update in the /postgrenosql directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).\nBumps the maven group with 1 update in the /rados directory: [org.json:json](https://github.com/douglascrockford/JSON-java).\nBumps the maven group with 1 update in the /rest directory: org.apache.tomcat.embed:tomcat-embed-core.\nBumps the maven group with 1 update in the /voltdb directory: org.apache.logging.log4j:log4j-core.\n\nUpdates `org.apache.hadoop:hadoop-common` from 2.6.4 to 3.4.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.2 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.1.3 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.0 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.0...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.7 to 2.25.4\n\nUpdates `org.hsqldb:hsqldb` from 2.3.3 to 2.7.1\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.7.1 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.10.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🐛 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix the \u003ccode\u003eGLIBC_2.32 not found\u003c/code\u003e issue of \u003ccode\u003elibsnappyjava.so\u003c/code\u003e in certain Linux distributions on s390x by \u003ca href=\"https://github.com/kun-lu20\"\u003e\u003ccode\u003e@​kun-lu20\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/481\"\u003exerial/snappy-java#481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.10 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/480\"\u003exerial/snappy-java#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/482\"\u003exerial/snappy-java#482\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kun-lu20\"\u003e\u003ccode\u003e@​kun-lu20\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/481\"\u003exerial/snappy-java#481\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/1.1.7.1...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.postgresql:postgresql` from 9.4.1212.jre7 to 42.2.28.jre7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pgjdbc/pgjdbc/releases\"\u003eorg.postgresql:postgresql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev42.2.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackpatch changes for 42.5.1 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2673\"\u003epgjdbc/pgjdbc#2673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.26...REL42.2.27\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.26...REL42.2.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprepare for next release 42.2.26 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2437\"\u003epgjdbc/pgjdbc#2437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch changes for 42.2.25 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2581\"\u003epgjdbc/pgjdbc#2581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.25...REL42.2.26\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.25...REL42.2.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2267\"\u003e#2267\u003c/a\u003e, version 14 returns UNDEFINED FUNCTION for testInvokeFunctionHavingReturnParameter, also add v13, and v14 to Server versions by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2268\"\u003epgjdbc/pgjdbc#2268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix checkstyle and javadoc issues by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2434\"\u003epgjdbc/pgjdbc#2434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eincrement version to 42.2.25 for new release by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2436\"\u003epgjdbc/pgjdbc#2436\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.24...REL42.2.25\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.24...REL42.2.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backpatch PR#2217 handle OIDs \u0026gt;= 2**31 to fix issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2215\"\u003e#2215\u003c/a\u003e.  by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2218\"\u003epgjdbc/pgjdbc#2218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: NPE calling getTypeInfo when alias is null by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2220\"\u003epgjdbc/pgjdbc#2220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix updateable result set when there are primary keys and unique keys by \u003ca href=\"https://github.com/chalmagr\"\u003e\u003ccode\u003e@​chalmagr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2228\"\u003epgjdbc/pgjdbc#2228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove old changelog information from post. Incorrectly added by development script that is clearly still in development [SKIP-CI] by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2240\"\u003epgjdbc/pgjdbc#2240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebackpatch pr#2245 fixes case where duplicate tables are returned if there are duplicate descriptions oids are not guaranteed to be unique in the catalog by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2248\"\u003epgjdbc/pgjdbc#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatching \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2251\"\u003e#2251\u003c/a\u003e into 42.2 Clean up open connections to fix test failures on omni and appveyor  by \u003ca href=\"https://github.com/sehrope\"\u003e\u003ccode\u003e@​sehrope\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2252\"\u003epgjdbc/pgjdbc#2252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch PR 2242 into 42.2: PgDatabaseMetaData.getIndexInfo() cast operands to smallint by \u003ca href=\"https://github.com/jsyrjala\"\u003e\u003ccode\u003e@​jsyrjala\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2253\"\u003epgjdbc/pgjdbc#2253\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebackpatch PR#2247 fix: handle ParameterStatus messages in QueryExecutorImpl.receiveFastpathResult by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2249\"\u003epgjdbc/pgjdbc#2249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport PR2148 into 42.2.x Avoid leaking server error details through BatchUpdateException when logServerErrorDetail=false by \u003ca href=\"https://github.com/jp7677\"\u003e\u003ccode\u003e@​jp7677\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2254\"\u003epgjdbc/pgjdbc#2254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix startup regressions caused by PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/1949\"\u003e#1949\u003c/a\u003e. Instead of checking all types by OID, we can return types for well known types by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2257\"\u003epgjdbc/pgjdbc#2257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChangelog 42.2.24 by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2258\"\u003epgjdbc/pgjdbc#2258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalmagr\"\u003e\u003ccode\u003e@​chalmagr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2228\"\u003epgjdbc/pgjdbc#2228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jp7677\"\u003e\u003ccode\u003e@​jp7677\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2254\"\u003epgjdbc/pgjdbc#2254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.2.24\"\u003ehttps://github.com/pgjdbc/pgjdbc/compare/REL42.2.23...REL42.2.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev42.2.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etest: Regenerate TLS certs with new expirations by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2201\"\u003epgjdbc/pgjdbc#2201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackpatch fixupdateable  by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2200\"\u003epgjdbc/pgjdbc#2200\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eback patch fixing refreshRow makes resultset readonly fixes Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2193\"\u003e#2193\u003c/a\u003e by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2202\"\u003epgjdbc/pgjdbc#2202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix getColumnPrecision for Numeric when scale and precision not specified fixes: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/2188\"\u003e#2188\u003c/a\u003e by \u003ca href=\"https://github.com/davecramer\"\u003e\u003ccode\u003e@​davecramer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/2203\"\u003epgjdbc/pgjdbc#2203\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md\"\u003eorg.postgresql:postgresql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eNotable changes since version 42.0.0, read the complete \u003ca href=\"https://jdbc.postgresql.org/documentation/changelog.html\"\u003eHistory of Changes\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003e[42.7.10] (2026-02-11)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Migrate to Shadow 9 \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3931\"\u003ePR 3931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: fix empty line before javadoc for checkstyle compliance [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3925\"\u003e#3925\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3925\"\u003epgjdbc/pgjdbc#3925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estyle: fix lambda argument indentation for checkstyle compliance [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3922\"\u003e#3922\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3922\"\u003epgjdbc/pgjdbc#3922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etest: add autosave=always|never|conservative and cleanupSavepoints=true|false to the randomized CI jobs [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3917\"\u003e#3917\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3917\"\u003epgjdbc/pgjdbc#3917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: non-standard strings failing test for version 19 [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3934\"\u003e#3934\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3934\"\u003epgjdbc/pgjdbc#3934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: small issues in ConnectionFactoryImpl [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3929\"\u003e#3929\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3929\"\u003epgjdbc/pgjdbc#3929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: process pending responses before fastpath to avoid protocol errors \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3913\"\u003ePR # 3913\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: use.md, fix typos [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3911\"\u003e#3911\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3911\"\u003epgjdbc/pgjdbc#3911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edoc: datasource.md, fix minor formatting issue [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3912\"\u003e#3912\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3912\"\u003epgjdbc/pgjdbc#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edoc: add the new PGP signing key to the official documentation [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3912\"\u003e#3912\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3813\"\u003epgjdbc/pgjdbc#3813\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverted\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: make all Calendar instances proleptic Gregorian (\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3837\"\u003e#3837\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3887\"\u003e#3887\u003c/a\u003e)\u0026quot; [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3932\"\u003e#3932\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3932\"\u003epgjdbc/pgjdbc#3932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[42.7.9] (2026-01-14)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: query timeout property [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3705\"\u003e#3705\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3705\"\u003epgjdbc/pgjdbc#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: Add PEMKeyManager to handle PEM based certs and keys [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3700\"\u003e#3700\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3700\"\u003epgjdbc/pgjdbc#3700\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eperf: optimize PGInterval.getValue() by replacing String.format with StringBuilder\u003c/li\u003e\n\u003cli\u003edoc: update property quoteReturningIdentifiers default value [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3847\"\u003e#3847\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3847\"\u003epgjdbc/pgjdbc#3847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: incorrect pg_stat_replication.reply_time calculation [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3906\"\u003e#3906\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3906\"\u003epgjdbc/pgjdbc#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob\u003c/li\u003e\n\u003cli\u003efix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3897\"\u003e#3897\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3897\"\u003epgjdbc/pgjdbc#3897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: make all Calendar instances proleptic Gregorian [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3837\"\u003e#3837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3887\"\u003epgjdbc/pgjdbc#3887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3897\"\u003e#3897\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3849\"\u003epgjdbc/pgjdbc#3849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: avoid memory leaks in Java \u0026lt;= 21 caused by Thread.inheritedAccessControlContext [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3886\"\u003e#3886\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3886\"\u003epgjdbc/pgjdbc#3886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: Issue \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3784\"\u003e#3784\u003c/a\u003e pgjdbc can't decode numeric arrays containing special numbers like NaN [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3838\"\u003e#3838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3838\"\u003epgjdbc/pgjdbc#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use ssl_is_used() to check for ssl connection [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3867\"\u003e#3867\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3867\"\u003epgjdbc/pgjdbc#3867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: the classloader is nullable [PR \u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/issues/3907\"\u003e#3907\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pgjdbc/pgjdbc/pull/3907\"\u003epgjdbc/pgjdbc#3907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[42.7.8] (2025-09-18)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pgjdbc/pgjdbc/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.json:json` from 20160212 to 20231013\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/douglascrockford/JSON-java/releases\"\u003eorg.json:json's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e20231013\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eReverted \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eupdate the docs for release 20231013\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eoptLong vs getLong inconsistencies\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/782\"\u003e#782\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eadd validity check for JSONObject constructors\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/776\"\u003e#776\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate [JUnit to version 4.13.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/774\"\u003e#774\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRemoving unneeded synchronization\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/773\"\u003e#773\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd optJSONArray method to JSONObject with a default value\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/772\"\u003e#772\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eDisallow nested objects and arrays as keys in objects\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUnit test cleanup\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/769\"\u003e#769\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAddressed Java 17 compile warnings\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/764\"\u003e#764\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate CodeQL action version\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdd module-info\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/759\"\u003e#759\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSON parsing should detect embedded \u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/753\"\u003e#753\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdated new object methods\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/752\"\u003e#752\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFixes possible unit test bug when compiling/testing on Windows\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230618\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/749\"\u003e#749\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/749\"\u003ePrep for release 20230618\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/740\"\u003e#740\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/734\"\u003e#734\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/734\"\u003eFixed Flaky Tests Caused by JSON permutations\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/733\"\u003e#733\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/733\"\u003eJSONTokener implemented java.io.Closeable\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/731\"\u003e#731\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/731\"\u003eRemoving commented out code in JSONObject optDouble()\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/729\"\u003e#729\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/stleary/JSON-java/pull/729\"\u003eRefactor ParserConfiguration class hierarchy\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20230227\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/723\"\u003e#723\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eProtect JSONML from stack overflow exceptions caused by recursion\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/720\"\u003e#720\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eLimit the XML nesting depth for CVE-2022-45688\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/711\"\u003e#711\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRevert pull 707 - interviewbit spam\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/704\"\u003e#704\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eMove javadoc comments above the interface definition to make it visible\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/703\"\u003e#703\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate Releases.md for JSONObject(Map): Throws NPE if key is null\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/696\"\u003e#696\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate JSONPointerTest for NonDex compatibility\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/694\"\u003e#694\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePretty print XML\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/692\"\u003e#692\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eExample.md syntax highlight and indentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/691\"\u003e#691\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eCreate unit tests for various number formats\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch2\u003e20220924\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003ePull Request\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/688\"\u003e#688\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eUpdate copyright to Public Domain\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/687\"\u003e#687\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eFix a typo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/685\"\u003e#685\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eJSONObject map type unit tests\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md\"\u003eorg.json:json's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e20231013    First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.\u003c/p\u003e\n\u003cp\u003e20230618    Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.\u003c/p\u003e\n\u003cp\u003e20230227    Fix for CVE-2022-45688 and recent commits\u003c/p\u003e\n\u003cp\u003e20220924    New License - public domain, and some minor updates\u003c/p\u003e\n\u003cp\u003e20220320    Wrap StackOverflow with JSONException\u003c/p\u003e\n\u003cp\u003e20211205    Recent commits and some bug fixes for similar()\u003c/p\u003e\n\u003cp\u003e20210307    Recent commits and potentially breaking fix to JSONPointer\u003c/p\u003e\n\u003cp\u003e20201115    Recent commits and first release after project structure change\u003c/p\u003e\n\u003cp\u003e20200518    Recent commits and snapshot before project structure change\u003c/p\u003e\n\u003cp\u003e20190722    Recent commits\u003c/p\u003e\n\u003cp\u003e20180813    POM change to include Automatic-Module-Name (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/431\"\u003e#431\u003c/a\u003e)\nJSONObject(Map) now throws an exception if any of a map keys are null (\u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/405\"\u003e#405\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e20180130    Recent commits\u003c/p\u003e\n\u003cp\u003e20171018    Checkpoint for recent commits.\u003c/p\u003e\n\u003cp\u003e20170516    Roll up recent commits.\u003c/p\u003e\n\u003cp\u003e20160810    Revert code that was breaking opt*() methods.\u003c/p\u003e\n\u003cp\u003e20160807    This release contains a bug in the JSONObject.opt*() and JSONArray.opt*() methods,\nit is not recommended for use.\nJava 1.6 compatability fixed, JSONArray.toList() and JSONObject.toMap(),\nRFC4180 compatibility, JSONPointer, some exception fixes, optional XML type conversion.\nContains the latest code as of 7 Aug 2016\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/f346203cd663bb680cad0d5894e7c147e36f31cd\"\u003e\u003ccode\u003ef346203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/793\"\u003e#793\u003c/a\u003e from stleary/revert-761\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/b180dbedbc99bb177e5b277f1bff2a1b79cebda6\"\u003e\u003ccode\u003eb180dbe\u003c/code\u003e\u003c/a\u003e Reverting \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/761\"\u003e#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/cca6d1020f484337b8ea161ba7f930e3f5471365\"\u003e\u003ccode\u003ecca6d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/792\"\u003e#792\u003c/a\u003e from stleary/pre-release-20231013\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/af5f780d5bda393ae0f609ca2504a16a808e86de\"\u003e\u003ccode\u003eaf5f780\u003c/code\u003e\u003c/a\u003e update the docs for release 20231013\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/495cec903755953884377cff81181820414d7bbb\"\u003e\u003ccode\u003e495cec9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/783\"\u003e#783\u003c/a\u003e from rudrajyotib/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/56cb5f84c4befe039f32baf5af9541c265f095a1\"\u003e\u003ccode\u003e56cb5f8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/653\"\u003e#653\u003c/a\u003e - review comments updated.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/0cdc38ac24169f9515d929f9813c83bfbf55da83\"\u003e\u003ccode\u003e0cdc38a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/653\"\u003e#653\u003c/a\u003e - review comments updated.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/d5277b126bea9372f4bc70f92e34fe6568b64f31\"\u003e\u003ccode\u003ed5277b1\u003c/code\u003e\u003c/a\u003e Merge branch 'stleary:master' into master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/c4cd526c53e99f20851546fca92368738f783884\"\u003e\u003ccode\u003ec4cd526\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/779\"\u003e#779\u003c/a\u003e from Madjosz/713_jsonobject_nonfinite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stleary/JSON-java/commit/776b5ccb85cdee539b229d38ad922021f1cd5cca\"\u003e\u003ccode\u003e776b5cc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/douglascrockford/JSON-java/issues/778\"\u003e#778\u003c/a\u003e from Madjosz/fix_xml_test\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/douglascrockford/JSON-java/compare/20160212...20231013\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.0.28 to 9.0.117\n\nUpdates `org.apache.hadoop:hadoop-common` from 2.6.4 to 3.4.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.3 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ch.qos.logback:logback-core` from 1.1.3 to 1.5.25\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qos-ch/logback/releases\"\u003ech.qos.logback:logback-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLogback 1.5.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-17 Release of logback version 1.5.25\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as \u003ca href=\"https://www.cve.org/cverecord?id=CVE-2026-1225\"\u003eCVE-2026-1225\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/997\"\u003eissues/997\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.\u003c/p\u003e\n\u003cp\u003e• Added \u003ca href=\"https://logback.qos.ch/manual/layouts.html#epoch\"\u003eEpochConverter\u003c/a\u003e to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/1000\"\u003eissues/1000\u003c/a\u003e who also provided the relevant implementation PR.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2026-01-06 Release of logback version 1.5.24\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See \u003ca href=\"https://logback.qos.ch/manual/configuration.html#conditionalExp\"\u003ethe relevant documentation\u003c/a\u003e for further details.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-21 Release of logback version 1.5.23\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In response to \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/959\"\u003eissues/959\u003c/a\u003e file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the \u003ccode\u003eConcurrentModificationException\u003c/code\u003e reported in the issue.\u003c/p\u003e\n\u003cp\u003e• ZIP and XZ compression now use a \u003ccode\u003eBufferedOutputStream\u003c/code\u003e when writing to the compressed file. This issue was reported in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/988\"\u003eissues/988\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-12-11 Release of logback version 1.5.22\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings \u0026quot;password\u0026quot;, \u0026quot;secret\u0026quot; or \u0026quot;confidential\u0026quot;. This problem was reported by Chintan Rohila in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/986\"\u003eissues/986\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Logback now takes the overridden \u003ccode\u003etoString()\u003c/code\u003e method of \u003ccode\u003eThrowable\u003c/code\u003e subclasses into account when  printing stack traces. This issue was reported in \u003ca href=\"https://jira.qos.ch/browse/LOGBACK-543\"\u003eLOGBACK-543\u003c/a\u003e by Alvin Chee, with a fix provided in \u003ca href=\"https://redirect.github.com/qos-ch/logback/pull/404\"\u003ePR 404\u003c/a\u003e by Brett Kail.\u003c/p\u003e\n\u003cp\u003e• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.\u003c/p\u003e\n\u003cp\u003e• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java \u0026quot;21\u0026quot; 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.\u003c/p\u003e\n\u003ch2\u003eLogback 1.5.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003e2025-11-10 Release of logback version 1.5.21\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of \u003ca href=\"https://github.com/qos-ch/logback/blob/master/logback-classic/src/main/java/ch/qos/logback/classic/Logger.java#L817\"\u003eLogger\u003c/a\u003e with the contents of the LoggingEvent, typically via the fluent API. This fixes \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/871\"\u003eissues/871\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e• Removed reentry-guard in most subclasses of \u003ccode\u003eUnsynchronizedAppenderBase\u003c/code\u003e where it was not needed.\u003c/p\u003e\n\u003cp\u003e• \u003ca href=\"https://logback.qos.ch/manual/configuration.html#auto_configuration\"\u003eInitialization procedure\u003c/a\u003e has been simplified by removing the step instantiating a \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e. However, it is still possible to set up \u003ccode\u003eSerializedModelConfigurator\u003c/code\u003e as a custom configurator.\u003c/p\u003e\n\u003cp\u003e• JsonEncoder is now friendlier to derivation by sub-classes as requested in \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/979\"\u003eissues/979.\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.5.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.elasticsearch:elasticsearch` from 2.4.0 to 8.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/elastic/elasticsearch/releases\"\u003eorg.elasticsearch:elasticsearch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eElasticsearch 8.19.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.5.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.4\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.4.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.3\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.3.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.2\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.2.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.1\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.19.0\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.8\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.7\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.7.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.6\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\nRelease notes: \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\"\u003ehttps://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.6.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eElasticsearch 8.18.5\u003c/h2\u003e\n\u003cp\u003eDownloads: \u003ca href=\"https://elastic.co/downloads/elasticsearch\"\u003ehttps://elastic.co/downloads/elasticsearch\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/e34ace04b64e9bfa3f9e785b08e6d81f8efe314b\"\u003e\u003ccode\u003ee34ace0\u003c/code\u003e\u003c/a\u003e Add validation to DER parser for seq len (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138683\"\u003e#138683\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138697\"\u003e#138697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/219189ff7e5b22dc46fcbea23d658582e78330e9\"\u003e\u003ccode\u003e219189f\u003c/code\u003e\u003c/a\u003e Update Gradle wrapper to 9.2.1 (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138482\"\u003e#138482\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138693\"\u003e#138693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/8be09828e39adc500975c6da482a609c28326c4d\"\u003e\u003ccode\u003e8be0982\u003c/code\u003e\u003c/a\u003e Add user profile size limit (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138691\"\u003e#138691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/a8ec26096ec39735f7e3a4ea4a0c8e4e9018fa0b\"\u003e\u003ccode\u003ea8ec260\u003c/code\u003e\u003c/a\u003e [8.19] Add length validation for rename_replacement parameter in snapshot res...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/f2dae0f105022ead3934fe2d990ff54cbd0d1dc2\"\u003e\u003ccode\u003ef2dae0f\u003c/code\u003e\u003c/a\u003e Extend timeout in \u003ccode\u003eIngestGeoIpClientYamlTestSuiteIT\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138610\"\u003e#138610\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138646\"\u003e#138646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/b564aa81c4a7825a8664512a9b0c9b5c03c9a2df\"\u003e\u003ccode\u003eb564aa8\u003c/code\u003e\u003c/a\u003e [ES-13486] Skipping ES builds on non supported jdk versions (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138262\"\u003e#138262\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138629\"\u003e#138629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/0f3f4e93a3f022638c57c959bb6e54bee0bfaf30\"\u003e\u003ccode\u003e0f3f4e9\u003c/code\u003e\u003c/a\u003e [8.19] fix(semantic highlighter): add vector similarity queries and bbq_disk ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/bf5d48aa800340514941bb6fb090cc7cb1776591\"\u003e\u003ccode\u003ebf5d48a\u003c/code\u003e\u003c/a\u003e Upgrading commons-lang3 version for repository-hdfs plugin (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138589\"\u003e#138589\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138613\"\u003e#138613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/51a070988586cc3e554edce669840167c0ed01c2\"\u003e\u003ccode\u003e51a0709\u003c/code\u003e\u003c/a\u003e ILM Explain: valid JSON on truncated step info (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/137638\"\u003e#137638\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138606\"\u003e#138606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/commit/394ea7df1876a3502c0aab0582d12ad6a997f768\"\u003e\u003ccode\u003e394ea7d\u003c/code\u003e\u003c/a\u003e Adjust two today()/current_date() tests to create less noise (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138588\"\u003e#138588\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/elastic/elasticsearch/issues/138598\"\u003e#138598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/elastic/elasticsearch/compare/v2.4.0...v8.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.8.2 to 2.25.4\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.11.0 to 2.25.4\n\nUpdates `org.hsqldb:hsqldb` from 2.3.3 to 2.7.1\n\nUpdates `ch.qos.logback:logback-classic` from 1.1.2 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qos-ch/logback/commits/v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.7.1 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.c...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/YCSB/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2FYCSB/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}},{"old_version":"7.0.109","new_version":"9.0.117","update_type":"major","path":"/redisson-tomcat/redisson-tomcat-7","pr_created_at":"2026-04-10T22:45:19.000Z","version_change":"7.0.109 → 9.0.117","issue":{"uuid":"4242081744","node_id":"PR_kwDOAPFyZM7Rlhp1","number":7044,"state":"closed","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 7.0.109 to 9.0.117 in /redisson-tomcat/redisson-tomcat-7","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-11T05:30:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T22:45:19.000Z","updated_at":"2026-04-11T05:30:56.000Z","time_to_close":24328,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"7.0.109","new_version":"9.0.117","repository_url":null}],"path":"/redisson-tomcat/redisson-tomcat-7","ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 7.0.109 to 9.0.117.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=7.0.109\u0026new-version=9.0.117)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/redisson/redisson/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/redisson/redisson/pull/7044","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/redisson%2Fredisson/issues/7044","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7044/packages"}},{"old_version":"11.0.14","new_version":"11.0.21","update_type":"patch","path":null,"pr_created_at":"2026-04-10T22:18:26.000Z","version_change":"11.0.14 → 11.0.21","issue":{"uuid":"4242005983","node_id":"PR_kwDODcoYc87RlTdu","number":210,"state":"open","title":"Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.14 to 11.0.21","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-10T22:18:26.000Z","updated_at":"2026-04-10T22:28:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"11.0.14","new_version":"11.0.21","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.tomcat.embed:tomcat-embed-core from 11.0.14 to 11.0.21.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core\u0026package-manager=maven\u0026previous-version=11.0.14\u0026new-version=11.0.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/companieshouse/orders.api.ch.gov.uk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/companieshouse/orders.api.ch.gov.uk/pull/210","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/companieshouse%2Forders.api.ch.gov.uk/issues/210","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/210/packages"}}]}