3.0.2

What's Changed

• CVE-2025-12183 CVE-2025-66566 LZ4 vulnerabilities by @maximthomas in #157
• CVE-2025-66453 Rhino has high CPU usage and potential DoS by @maximthomas in #158
• CVE-2025-23015, CVE-2024-27137, CVE-2025-24860 in cassandra-all by @maximthomas in #159
• CVE-2025-25247: Apache Felix Webconsole: XSS in services console by @maximthomas in #160

Full Changelog: 3.0.1...3.0.2

3.0.1

What's Changed

• Add support LTS JDK 25 by @vharseko in #154
• Update target JDK to 11 and move to JakartaEE 9 by @maximthomas in #132
• Build & deploy: add branch sustaining/2.4.x by @vharseko in #155
• Fix circle icon size calculation in less by @maximthomas in #156

Full Changelog: 2.4.1...3.0.1

2.4.1

What's Changed

• CVE-2024-38999 requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties by @maximthomas in #153
• move javax.version to servlet-api.version property in maven by @maximthomas in #152

Full Changelog: 2.4.0...2.4.1

2.4.0

What's Changed

• CVE-2019-11358 CVE-2020-11023 Update jQuery to 3.7.1 by @maximthomas in #147
• CVE-2025-48976 Apache Commons FileUpload: FileUpload DoS via part headers by @dependabot[bot] in #148
• CVE-2025-52999 jackson-core can throw a StackoverflowError when processing deeply nested data by @dependabot[bot] in #145
• CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs by @dependabot[bot] in #151
• Deploy: migrating from Legacy OSSRH to Central Portal by @vharseko in #143
• Set javax.servlet version in the dependency management section by @maximthomas in #144
• Bump jackson-core to 2.15.4 by @vharseko in #149
• Bump org.apache.maven.plugins.maven-shade-plugin 3.6.0 by @vharseko in #150

Full Changelog: 2.3.0...2.4.0

2.3.0

What's Changed

• Add support Java SE 24 by @vharseko in #138
• Update react.js CDN URL by @maximthomas in #139
• CVE-2024-13009 In Eclipse Jetty a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. by @maximthomas in #140
• Add jetty sever components to commons parent pom by @maximthomas in #141
• Set GlassFish Grizzly libraries version it commons pom by @maximthomas in #142

Full Changelog: 2.2.4...2.3.0

2.2.4

What's Changed

• Bump org.springframework:spring-core from 6.0.16 to 6.1.14 in /commons/httpdump by @dependabot in #131
• Fix UI tests with Puppeteer in Linux by @maximthomas in #134
• Docs: get release version from GitHub release by @maximthomas in #136

Full Changelog: 2.2.3...2.2.4

2.2.3

What's Changed

• Add JDK 23 build support by @vharseko in #125
• Bump org.eclipse.jetty:jetty-server from 9.4.51.v20230217 to 9.4.55.v20240627 in /commons/http-framework/servlet by @dependabot in #127
• ADD maven.compiler.release=8 for cross compile compatibility by @vharseko in #126
• CVE-2020-17521 Information Disclosure in Apache Groovy by @vharseko in #129
• CVE-2024-8184 Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks by @vharseko in #130

Full Changelog: 2.2.2...2.2.3

2.2.2

What's Changed

• Add missing resources by @maximthomas in #123
• FIX writeResourceJsonContent org.forgerock.json.JsonValueException: /: Expecting a java.util.Map by @vharseko in #124

Full Changelog: 2.2.1...2.2.2

2.2.1

What's Changed

• Build pdf from AsciiDoc and assembly for Antora by @maximthomas in #122

Full Changelog: 2.2.0...2.2.1

2.2.0

What's Changed

• update docs branding color scheme by @maximthomas in #120
• ADD JDK 22 support by @vharseko in #121

Full Changelog: 2.1.6...2.2.0