Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-45102

Update Thymeleaf 3.0.12

    XMLWordPrintable

    Details

    • 21 Status:
      Resolved
    • 20 status:
      Won't Fix

      Description

      Thymeleaf 3.0.12 (3.0.12.RELEASE) has just been published.

      This is a highly recommended security update with some bugfixing and feature changes.

      Security improvements:

      • Avoided instantiation of new objects and calls to static classes in restricted expression evaluation mode, both for OGNL and SpringEL-based scenarios.
      • Users of Spring: Avoided execution of view names as a fragment expressions when the view name is contained in the URL path or query parameters.

      Issues fixed:

      • Fixed #numbers.format*(...) expression utility methods not producing numbers using the correct digit symbols for locales that use them (e.g. farsi), in JDK versions where NumberFormat does this.
      • Fixed package-list not being produced for JavaDoc since JDK 11 started being used for compiling the project.
      • Users of Spring: Fixed memory leak at ThymeleafViewResolver in redirects to dynamically built URLs.

      Feature changes:

      • Users of Spring 5.x: Added encode() method to the #mvc.url(...) expression utility methods.
      • Users of Spring 5.x and Spring WebFlow: Adapted support of WebFlow to Spring WebFlow 2.5 after changes in API (WebFlow 2.5.0+ is now required).

      Dependency updates:

      • OGNL updated to 3.1.26.
      • Jackson updated to 2.11.3.

      This version should work as a drop-in rep

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                dhorwitz David Horwitz
                Reporter:
                dhorwitz David Horwitz
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration