fix(deps): update dependency org.hibernate:hibernate-validator to v6 [security] #119
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/maven-org.hibernate-hibernate-validator-vulnerability
branch
from
fec186f to
a5c9bec
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.2.0.Final→6.2.0.FinalGitHub Vulnerability Alerts
CVE-2014-3558
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVE-2025-35036
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
Release Notes
hibernate/hibernate-validator (org.hibernate:hibernate-validator)
v6.2.0.FinalCompare Source
v6.1.7.FinalCompare Source
v6.1.6.FinalCompare Source
v6.1.5.FinalCompare Source
v6.1.4.FinalCompare Source
v6.1.3.FinalCompare Source
v6.1.2.FinalCompare Source
** Bug
* HV-1756 - translations - Incorrect variables in the newly added translations
** Task
* HV-1753 - tests - Force Pax-Exam and Karaf to use Maven Central repository with SSL enabled
v6.1.1.FinalCompare Source
** Improvement
* HV-1750 - engine - Add debug log when expression factory has failed to load
* HV-1747 - engine - Allow overriding the message interpolator in PredefinedScopeValidatorFactory context
* HV-1744 - documentation - Use auto-expanding entries in the documentation TOC
** New Feature
* HV-1749 - engine - Introduce a LocaleResolver SPI
* HV-1748 - engine - Improve localization support via Locale.LanguageRange
** Task
* HV-1745 - tests - Bump Jackson test dependency to 2.10.1
v6.1.0.FinalCompare Source
** Bug
* HV-1730 - engine - JavaBeanExecutable fails to initialize for enum type
* HV-1715 - engine - Validation can sometimes proceed to the next group in sequence even after one of the constraints generated a violation
** Improvement
* HV-1729 - performance - Skip allocation of an action for each need to access the context classloader
** Task
* HV-1743 - build - Upgrade maven-compiler-plugin to 3.8.1
* HV-1742 - build - Upgrade to WildFly 18.0.0.Final
* HV-1741 - build - Upgrade ByteBuddy test dependency to 1.10.2
* HV-1740 - engine - Deprecate @SafeHtml
* HV-1739 - engine - CVE-2019-10219 Security issue with @SafeHtml
* HV-1738 - build - Update Jackson test dependency to 2.9.10
* HV-1733 - tests - Fix locale settings of PredefinedScopeValidatorFactoryTest
* HV-1732 - build - Change tarLongFileMode to posix for assembly building
* HV-1731 - tck-runner - Move TCK signature check to tck-runner module
* HV-1728 - build - Upgrade to WildFly 17.0.1.Final
* HV-1727 - build - Update Jackson Databind test dependency to 2.9.9.2
* HV-1725 - build - Switch to using Jakarta EE artifacts
* HV-1724 - build - Update to OpenJFX 11.0.2
* HV-1680 - engine - Avoid reflection by using instrumentation - build the enhancer
v6.0.23.FinalCompare Source
v6.0.22.FinalCompare Source
v6.0.21.FinalCompare Source
v6.0.20.FinalCompare Source
v6.0.19.FinalCompare Source
v6.0.18.FinalCompare Source
v6.0.17.FinalCompare Source
v6.0.16.FinalCompare Source
v6.0.15.FinalCompare Source
v6.0.14.FinalCompare Source
v6.0.13.FinalCompare Source
** Bug
* HV-1652 - engine - Fix a few theoretical null pointer dereference issues
* HV-1650 - validators - French translations are badly encoded
v6.0.12.FinalCompare Source
** Bug
* HV-1645 - extensions - Revert HV-1609 due to increased CDI startup caused by ValidateableBeanFilter
* HV-1644 - build - Using Hibernate Validator with Java 11 brings JavaFX on the classpath
** Improvement
* HV-1643 - translations - Fix Russian translation for @Null constraint
** Task
* HV-1649 - tck-runner - Upgrade to Bean Validation TCK 2.0.4.Final
* HV-1648 - build, integration - Reenable WildFly integration tests for JDK 11
* HV-1647 - tck-runner - Allow running TCK tests in container mode with JDK 11
* HV-1646 - build, integration, tck-runner - Upgrade WildFly to 14.0.0.Beta1
* HV-1627 - build - Upgrade our JPA test dependency to 2.2
v6.0.11.FinalCompare Source
** Bug
* HV-1637 - translations - PropertNotFoundException for @DecimalMax when using the German translation
** Improvement
* HV-1628 - annotation-processor, engine, tests - Configure a stricter forbidden-apis policy and remove calls deprecated in Java 10
* HV-1615 - translations - Improvements on the dutch translations
** Remove Feature
* HV-1624 - engine - Remove the StaticFieldELResolver
** Task
* HV-1641 - build - Use the OSS snapshot repository to download the JavaFX dependencies when building with JDK 11
* HV-1640 - build - Add compatibility with the latest JDK 11 build 22
* HV-1610 - integration - Reenable OSGi tests for JDK 10
* HV-1608 - build - Have the build work with JDK 11
* HV-1577 - engine - Use Stax instead of JAXB to parse the XML descriptors
v6.0.10.FinalCompare Source
** Bug
* HV-1614 - engine - Unable to specify constraints at more than 1 nested parameter of a typed container
* HV-1609 - integration - CDI extension should not rely on @WithAnnotations filtering
* HV-1604 - engine - Initializing JPATraversableResolver fails with IllegalAccessException
* HV-1598 - engine - Fix the behavior of XML default-validated-executable-types
** Improvement
* HV-1612 - translations - Add Dutch translation of the validation messages
* HV-1611 - translations - Be consistent in the case of the validation messages
* HV-1592 - engine - Make ConstraintValidator declaration stricter
* HV-1534 - engine - Allow getter constraints to be specified for subclasses in XML configuration
** Task
* HV-1607 - build - Have the build work with JDK 10
* HV-1606 - tck-runner - Update TCK to 2.0.3.Final
* HV-1605 - build - Update Surefire to 2.21.0 for JDK 10 support
v6.0.9.FinalCompare Source
** Bug
* HV-1596 - engine - NPE upon upgrade from HV 5.x to 6.0.8
* HV-1594 - integration - Add javax.annotation:javax.annotation-api to the hibernate-validator-javax-money Karaf feature
* HV-1589 - engine - HibernateConstraintValidators are not correctly cached
** Improvement
* HV-1597 - engine - Allow overriding the constraint validator payload at the Validator level with null
* HV-1595 - engine - Move ConstraintValidatorPayload to ConstraintValidatorContext
* HV-1593 - integration - Split the hibernate-validator Karaf feature in several smaller features
* HV-1587 - engine - Reduce the already processed work units tracking impact
* HV-1586 - performance - Various improvements to performance tests
* HV-1585 - engine - Omit the cache lookup in AbstractMessageInterpolator for the simple text messages
** Task
* HV-1578 - build - Disable the generation of @Generated annotation for JBoss Logging
v6.0.8.FinalCompare Source
** Bug
* HV-1554 - integration - OSGi tests running on Payara fail randomly
* HV-1551 - engine - Validator not found for @Size on non-parameterized Map/Collection properties
* HV-1461 - engine - ExecutableHelper#overrides does not work correctly with the method containing generic and non generic parameters
** Improvement
* HV-1582 - build, integration - Make the classmate OSGi version range less strict
* HV-1581 - build - Make the Felix integration tests fail when a test fails
* HV-1580 - build - Fix the path of the setupModules.groovy script
* HV-1576 - build, integration - Upgrade the integration tests and the base WildFly version to WildFly 12
* HV-1573 - build - Ignore the Maven wrapper files in the license check
* HV-1572 - documentation - Make the custom container type value extractor example more clear in the documentation
* HV-1569 - tck-runner - updateStandaloneXml.groovy shoud take into account the property overridden with the command line
* HV-1568 - engine - Prevent possible NullPointerException in ValidatorFactoryScopedContext.Builder
* HV-1567 - engine - Make ValidationOrderGenerator global to the ValidatorFactory
* HV-1566 - engine - Cache type variable index for performance reasons
* HV-1565 - documentation - Add missing security manager permissions for JBoss Logging and Classmate in the documentation
* HV-1564 - build - Upgrade the Maven plugins
* HV-1563 - build - Update the TCK to 2.0.2.Final and reenable all the TCK tests with JDK 9
* HV-1562 - build - JDK9+ build improvements
* HV-1560 - engine - Remove Guava as dependency from engine
* HV-1559 - build - Align dependency versions with what's in WildFly 11
* HV-1553 - translations - Update Spanish translation of constraint messages
* HV-1543 - engine - Simplify ConstraintTree in the case of non composing constraints
* HV-1444 - engine - Support container only detectable at runtime for global cascaded validation and introduce a cache for the value extractors
** New Feature
* HV-1529 - engine - Allow to pass a payload to the constraint validators
** Sub-task
* HV-1556 - integration - Felix tests are referencing an outdated snapshot version
* HV-1555 - integration - Upgrade Payara (used for the Felix tests) to 5.Beta1
** Task
* HV-1584 - tck-runner - Include JavaFX tests in TCK runs (local and incontainer)
* HV-1583 - build - Update javax.el dependency to 3.0.1-b09
* HV-1570 - build - Update JBoss Logging to version 3.3.2.Final
* HV-1558 - build - Put the distribution files to upload into distribution/target/dir so that release scripts find them
* HV-1557 - build - Remove old release scripts from the repository
* HV-1550 - build - Clarify the build output in the Travis build
* HV-1549 - build - Use mvn install instead of mvn verify in the Travis build
v6.0.7.FinalCompare Source
** Task
* HV-1548 - build - Upgrade the Bean Validation API and TCK to 2.0.1.Final
v6.0.6.FinalCompare Source
** Improvement
* HV-1533 - engine - Small performance improvements
* HV-1531 - engine - Regroup the ValidatorFactory scoped properties in ValidatorFactoryContext
* HV-1530 - annotation-processor - Add CodePointLength to supported AP types
* HV-1527 - engine - Separate Group and MetaConstraint - Path processed units in ValidationContext
* HV-1525 - engine - Various AbstractMessageInterpolator performance improvements
* HV-1524 - engine - Log temporal validation tolerance only if it has been explicitly set
* HV-1522 - engine - Improve performance of ConstraintViolationImpl hashCode() method
* HV-1506 - engine - Regroup the Validator scoped properties in ValidationContext
** New Feature
* HV-1541 - engine - Add new constraint for ISBN
** Task
* HV-1546 - engine - Reintroduce AnnotationProcessingOptions
* HV-1545 - engine - Reintroduce hibernate.validator.constraint_mapping_contributor
* HV-1538 - engine - Make the @Incubating annotation @Documented
* HV-1537 - engine - Reintroduce ReflectionParameterNameProvider to avoid API breakage
* HV-1536 - engine - Update description of required permissions in the reference guide
* HV-1535 - build - Use the default style for JavaDoc
v6.0.5.FinalCompare Source
** Bug
* HV-1520 - engine - Fix *ProcessedUnit equals() implementations
* HV-1516 - validators - E-mail validator does not allow IDN ascii domain labels
** Improvement
* HV-1519 - build - Fix the jqassistant build
* HV-1518 - engine - Various minor cleanups
* HV-1515 - translations - Add missing strings to the simplified Chinese translation
* HV-1514 - performance - Update the versions used in the benchmarks and make the latest benchmark compatible with BV 1.1
* HV-1512 - engine, performance - Improve initialization cost of all logger classes
* HV-1511 - engine - Don't expose AnnotationDescriptor in AnnotationDef
* HV-1505 - engine - Create ConstraintAnnotationDescriptor for typed access to groups() etc.
* HV-1497 - engine - Extend the ConstraintValidator#initialize() contract
** New Feature
* HV-1493 - engine - Support a temporal validation tolerance when applying temporal constraints
* HV-1466 - validators - Add a @UniqueElements constraints
** Task
* HV-1513 - engine - Rename static logger fields from "log" to "LOG"
v6.0.4.FinalCompare Source
** Bug
* HV-1508 - engine - Reset the hashCode of PathImpl when we remove the leaf node
* HV-1373 - engine - Validator calls objects hashCode() after failed @NotNull validation
** Improvement
* HV-1509 - engine - Reference constraint validator factory consistently
* HV-1507 - engine - Avoid resetting the PathImpl.hashCode() when setting the property value
* HV-1503 - engine - Store the initialized ConstraintValidator in ConstraintTree
* HV-1502 - engine - Use AnnotationDescriptor to access annotations information
* HV-1323 - engine - Drop WARN log message in ParameterMessageInterpolator instantiation
* HV-1040 - engine - Field-level constraint performance impairment
** Task
* HV-1501 - build - Update the base versions for API comparison and performance tests
* HV-1472 - integration - Provide patch file for WildFly 11 Final
v6.0.3.FinalCompare Source
** Bug
* HV-1494 - validators - Hibernate Validator specific @NotEmpty used on return type throws an exception
* HV-1492 - engine - Parameters passed in wrong order to log method
* HV-1490 - engine - Feature detection in ConstraintHelper not consistent with what is required by HV
* HV-1485 - engine - ConstraintViolationImpl is not serializable if the constraint can target a generic type (typically Collection)
* HV-1481 - engine - @Valid ignores Iterables/Arrays returned by methods with a generic return type
* HV-1478 - build, integration - hibernate-validator-cdi has invalid OSGi manifest
* HV-1474 - engine - Incorrect NodeImpl hashCode()/equals() contract
* HV-1184 - engine - JaCoCo code coverage fails since ConstraintDescriptorImpl#buildAnnotationParameterMap() does not filter out synthetic methods
** Improvement
* HV-1499 - documentation - Update the getting started guide with the latest additions to the policy file
* HV-1487 - engine - Add an option to disable the TraversableResolver result cache
* HV-1486 - engine - Add a toString() to AnnotationParameters
* HV-1482 - engine - Reduce visibility of some of the value extractors
* HV-1480 - engine - Performance and memory allocation improvements
* HV-1479 - validators - Document requirement of java.xml.bind module on Java 9 when using XML descriptors
* HV-1476 - build - Update checkstyle to latest
* HV-1475 - build - Update Maven dependencies
* HV-1469 - engine - ScriptEvaluatorFactory should be scoped to the validator factory
* HV-1417 - documentation - Documentation - Discuss ContainerElementTypeDescriptor and al.
* HV-1415 - documentation - Documentation - Discuss the Path API
* HV-937 - documentation - Make use of custom asciidoctor template to change numbering of examples and cross referencing in documentation
** New Feature
* HV-1496 - engine - Add @CodePointLength constraint that validates code point length
* HV-1463 - engine - Make bootstrapping of script evaluators for @ScriptAssert more flexible
** Task
* HV-1488 - integration - Upgrade WildFly to 11.0.0.CR1
* HV-1464 - documentation - Remove requirement for CLA
v6.0.2.FinalCompare Source
** Bug
* HV-1471 - engine - Properly reset the context after constraint validation
* HV-1470 - annotation-processor - ConstraintValidatorCheck should be made a warning
** Task
* HV-1467 - translations - Add missing Portuguese constraint violation messages
* HV-1462 - integration - Provide patch file for WildFly 11 Beta1
* HV-1395 - annotation-processor - Support OptionalInt/OptionalDouble/OptionalLong in the annotation processor
v6.0.1.FinalCompare Source
** Improvement
* HV-1460 - build - Remove the Maven version prerequisite as it's redundant with the enforcer configuration and now generates a warning
* HV-1459 - build - Add a "sigtest" profile to make running the SigTest test easier
* HV-1457 - translations - Update the Persian translation
* HV-1456 - engine - Fix comments mixed up by Eclipse refactorings
* HV-1455 - engine - Improve Validator#validate...() sanity checks
* HV-1454 - build - Support JDK 9 build 180
* HV-1452 - engine - Add Spanish translations for BV 2.0 constraints
* HV-1448 - engine - Remove some superfluous fields from metamodel
* HV-1447 - engine - Remove metadata for unconstrained methods from the aggregated metamodel
* HV-1445 - engine - Remove BeanConfiguration cache in AnnotationMetadataProvider
* HV-1443 - engine - AbstractConstrainedElement#isConstrained() should also return true if there are group conversions without cascading
* HV-1442 - engine - Fix root cascading metadata for arrays in the programmatic API
* HV-1441 - engine - Clean up the initialization of CascadingMetaData
* HV-1439 - engine - Improve overall performances
* HV-1438 - engine - Narrow down value extractors considered for cascaded validation to the ones compatible
* HV-1437 - engine - Look at reducing the runtime memory usage of the ValidatorFactory
* HV-1422 - documentation - Extract properties for base URLs commonly used in the reference guide
* HV-1405 - tests - Review assertCorrectPropertyPathStringRepresentations usage
** Task
* HV-1446 - engine - Remove UnconstrainedEntityMetaDataSingleton
* HV-1440 - integration - Provide patch file for WildFly 11 Alpha1
* HV-1420 - documentation - Reference documentation update
v6.0.0.FinalCompare Source
** Improvement
* HV-1458 - engine - Avoid performance regression for cascaded validation
* HV-1451 - engine - Add @PastOrPresent and @FutureOrPresent messages
** Task
* HV-1453 - build - Upgrade to final versions of BV API and TCK
v5.4.3.FinalCompare Source
v5.4.2.FinalCompare Source
v5.4.1.FinalCompare Source
v5.4.0.FinalCompare Source
** Bug
* HV-1220 - engine - Programmatically defined cross parameter method constraints don't work on method returning void
* HV-1205 - engine - Don't use @Repeatable on some constraints
** Improvement
* HV-1218 - engine - Add missing programmatic constraint definitions
* HV-1217 - documentation - Simplify description of annotation processor set-up in docs
* HV-1204 - engine - Add CurrencyDef for programmatic usage of @Currency constraint
** Task
* HV-1216 - documentation - Avoid usage of tables in reference docs where feasible
* HV-1214 - documentation - Switch to Asciidoctor output for the documentation
* HV-1210 - build - Upgrade to Groovy 2.4.8
* HV-1201 - engine - Allow to specify a field for reporting constraint violations from @ScriptAssert
v5.3.6.FinalCompare Source
v5.3.5.FinalCompare Source
v5.3.4.FinalCompare Source
** Bug
* HV-1176 - engine - Type argument constraints for Optional are ignored for method parameters and return value if there are no other constraints
* HV-1165 - engine - Use type annotations for Set values with @NotNull annotation on the Set
* HV-1164 - engine - getDynamicPayload(Class type) throws Nullpointerexception
** Task
* HV-1183 - validators - Upgrade JodaTime to 2.9.5
v5.3.3.FinalCompare Source
** Bug
* HV-1155 - engine - ClassLoader issues in modularized environments
v5.3.2.FinalCompare Source
** Bug
* HV-1153 - engine - Missing javax.el impl throws a javax.el.ELException instead of a ValidationException
** Improvement
* HV-1154 - build - Make distribution and documentation buildable with JDK9
v5.3.1.FinalCompare Source
** Bug
* HV-1140 - engine - StringHelper#decapitalize not working properly on turkish locale
* HV-1134 - documentation - Asciidoc Docbook processing is missing the sourcedir attribute
* HV-1132 - documentation - Force language in documentation tests
* HV-1131 - engine - EL once again a hard requirement
* HV-1032 - engine - Infinite Loop when validating custom type constraint under certain inheritance scheme
* HV-1002 - engine - validateProperty() behaviour for prop paths with a Set/ List inconsistent with validateValue()
** Improvement
* HV-1130 - build - Ensure 5.3 runs on JDK 9
* HV-1129 - tests - Upgrade WildFly Arquillian version
* HV-1128 - tests - Enable integration tests on JDK 9
* HV-1126 - build - Upgrade the plexus-archiver dependency used by the assembly plugin to support JDK9
** Task
* HV-1125 - build - Latest Java 9 preview builds need --add-modules instead of -addmods as build option
v5.3.0.FinalCompare Source
** Bug
* HV-1117 - build - Downgrade to surefire and failsafe 2.18.1
* HV-1109 - documentation - Fix "Using validation groups" example
* HV-1101 - engine - Issues when using XML validation configuration
** Improvement
* HV-1123 - build - Set up japicmp tooling to create API/SPI change reports
* HV-1121 - engine - Validation error path generation for TYPE_USE annotation
* HV-1112 - translations - ValidationMessages for Slovak
* HV-1098 - tck-runner - Adapt test.policy file of TCK runner for reading "validation.provider" property
** Task
* HV-1093 - build - Change CI links in README.md and pom.xml
v5.2.5.FinalCompare Source
v5.2.4.FinalCompare Source
v5.2.3.FinalCompare Source
v5.2.2.FinalCompare Source
** Bug
* [HV-862] - ExecutableHelper#overrides() should take visibilities into account
* [HV-891] - CDI extension doesn't trigger validation if a method parameter is of a type parameter type
* [HV-917] - Use map implementation safe for concurrent access in MetaDataProviderKeyedByClassName
* [HV-1011] - Generic Method is not recognized
* [HV-1012] - XSS vulnerability not caught by SafeHtml
* [HV-1017] - javafx detection uses TCCL but JavaFXPropertyValueUnwrapper does not
* [HV-1018] - NPE when validating an object tree whith a class whose parent has defined property constraints
** Task
* [HV-1006] - Upgrade to WildFly 10
** Improvement
* [HV-807] - Make annotation ignores configurable via API for executables
* [HV-995] - Add google analytics to the HTML documentation
* [HV-1016] - Let maven build support maven-color
v5.2.1.FinalCompare Source
** Bug
* [HV-1007] - Unable to parse validation.xml with IBM JDK
v5.2.0.FinalCompare Source
** Bug
* [HV-992] - Documentation not very clear: do I need interceptor to trigger method validation?
* [HV-1004] - CnpjValidator validation is failing for a valid cnpj
* [HV-1005] - @Email incorrectly flags emails with 64 character length local-part as invalid
** Improvement
* [HV-984] - Further documentation review and improvements
* [HV-999] - Update to Bean Validation TCK 1.1.4
v5.1.3.FinalCompare Source
** Bug
* [HV-924] - Make HV 5.1.x compatible with Java 6
* [HV-929] - Minimum requirement for 5.5.2 is Java 7 not Java 6 as indicated
* [HV-930] - ConstraintLocation does not specify equals() and hashCode()
* [HV-931] - Using NaN and Infinity triggers an exception for (Decimal)Min and (Decimal)Max constraints
* [HV-940] - ConstraintDescriptorImpl.equals does not match Annotation Proxies
v5.1.2.FinalCompare Source
** Bug
* [HV-889] - Translation error in ValidationMessages_zh_CN.properties
* [HV-901] - Luhn Credit Card Validator incorrect return statement
* [HV-902] - Cascading validation does not work on classes which implement Iterable.
* [HV-906] - org.hibernate.validator.constraints.CreditCardNumber does not fail on a non-numbers string
* [HV-908] - Fix Chinese translation file
** Task
* [HV-912] - Improve integration with Java's security manager
v5.1.1.FinalCompare Source
** Bug
* [HV-871] - hv test suite isn't compatible with java 8
* [HV-873] - @SafeHtml(whitelistType = WhiteListType.NONE) allow ,
* [HV-882] - ValidationExtension must not expect a ProcessBean event to be fired right after AfterBeanDiscovery.addBean() is called
v5.1.0.FinalCompare Source
** Bug
* [HV-865] - java.lang.NullPointerException at org.hibernate.validator.internal.cdi.InjectingConstraintValidatorFactory.releaseInstance
v5.0.3.FinalCompare Source
v5.0.2.FinalCompare Source
v5.0.1.FinalCompare Source
** Bug
* [HV-702] - Upgrade JPA version used in HV
* [HV-725] - Update docbook documentation to reflect the changes of Bean Validation 1.1
* [HV-790] - Change EL impl dependency scope from runtime to provided
* [HV-791] - XML configuration fails for primitive types
** Improvement
* [HV-604] - Class-level constraints section of online docs refers to PassengerCount example which is never shown
v5.0.0.FinalCompare Source
** Bug
* [HV-787] - javax.enterprise.inject.spi.Bean implementations should also implement PassivationCapable
* [HV-788] - Upgrade BV API and TCK to final versions
** Improvement
* [HV-752] - Check transitive dependencies from CDI API
* [HV-785] - Improve structure of JavaDoc
** Task
* [HV-781] - Align with latest Weld release
v4.3.2.FinalCompare Source
v4.3.1.FinalCompare Source
** Bug
* [HV-591] - EmailValidator throws an IllegalArgumentException for long email addresses
* [HV-601] - NPE w/ overloaded methods on class validated with MethodValidationInterceptor
* [HV-607] - Email Validator producing error for large email addresses
* [HV-609] - EmailValidator fails where email address is large
* [HV-613] - email handles complete address as idn label and fails for valid longer addresses
* [HV-622] - Assumes all getX/setX methods are bean properties and errors with "wrong number of arguments"
* [HV-623] - Wrong constraint validator type resolution in case of constraint placed on parameterized type in class hierachy
* [HV-625] - EmailValidator.isValid sometimes throws an exception instead of returning false
* [HV-626] - AnnotationMetaDataProvider should use #getDeclaredAnnotations instead of #getAnnotations when reading metadata from class and members
** Task
* [HV-639] - Evaluation of composed constraints should stops on first validation error when @ReportAsSingleViolation is used
v4.3.0.FinalCompare Source
** Improvement
* [HV-568] - Perform a profiling of the annotation processor code and make use of caching where appropriate
* [HV-577] - Include javadoc jar in Maven repo
** Task
* [HV-578] - Remove remaining references to slf4j
* [HV-580] - Remove deprecation of package org.hibernate.validator.group
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.