This is an automated email from the ASF dual-hosted git repository. danhaywood pushed a commit to branch v3 in repository https://gitbox.apache.org/repos/asf/causeway.git
commit c21e6b2663dd763dd86297626bff7c27f7705d60 Author: Dan Haywood <[email protected]> AuthorDate: Mon Nov 17 23:14:26 2025 +0000 CAUSEWAY-3941: updates release notes, STATUS and doap_causeway.rdf --- STATUS | 2 ++ .../modules/ROOT/pages/2025/3.5.0/relnotes.adoc | 30 ++++++++++++++++++++++ .../relnotes/modules/ROOT/pages/about.adoc | 10 ++++++++ antora/supplemental-ui/doap_causeway.rdf | 8 ++++++ 4 files changed, 50 insertions(+) diff --git a/STATUS b/STATUS index 87c8243e475..3fc36bf0b44 100644 --- a/STATUS +++ b/STATUS @@ -25,6 +25,8 @@ Description TLP releases: + * causeway-3.5.0 : 17 Nov 2025 + * causeway-3.4.0 : 8 Jul 2025 * causeway-3.3.0 : 8 Apr 2025 diff --git a/antora/components/relnotes/modules/ROOT/pages/2025/3.5.0/relnotes.adoc b/antora/components/relnotes/modules/ROOT/pages/2025/3.5.0/relnotes.adoc index f06332336ec..32f4206153a 100644 --- a/antora/components/relnotes/modules/ROOT/pages/2025/3.5.0/relnotes.adoc +++ b/antora/components/relnotes/modules/ROOT/pages/2025/3.5.0/relnotes.adoc @@ -5,4 +5,34 @@ :page-partial: +This is primarily a security release to address CVE-2025-64408, which was a Java deserialization vulnerability to authenticated attackers. + +The vulnerability applied to view models, not entities. +The fix involves encrypting the view model memento using HMAC 256 encryption key. +By default, a new key is created each time the application is restarted, which means that any bookmark of a view model will become invalid in subsequent runs. + +If you require stable (but still secure) bookmarks across runs, then this can be done by providing a custom implementation of the `HmacAuthority` bean (to override the default provided by the framework). + +See the xref:2025/3.5.0/mignotes.adoc[Migration notes] for further details. + + +== New Feature + +* link:https://issues.apache.org/jira/browse/CAUSEWAY-3942[CAUSEWAY-3942] - Support EclipseLink static weaving automatically. + + +== Improvement + +* link:https://issues.apache.org/jira/browse/CAUSEWAY-3939[CAUSEWAY-3939] - Viewmodel Bookmark Overhaul (CVE-2025-64408). + + +== Bug + +* link:https://issues.apache.org/jira/browse/CAUSEWAY-3938[CAUSEWAY-3938] - [Wicket Viewer] Editing uninitialized mandatory property causes exception +* link:https://issues.apache.org/jira/browse/CAUSEWAY-3899[CAUSEWAY-3899] - NPE guard for DomainChangeRecord + + +== Task + +* link:https://issues.apache.org/jira/browse/CAUSEWAY-3941[CAUSEWAY-3941] - Release activities, r3.5.0 diff --git a/antora/components/relnotes/modules/ROOT/pages/about.adoc b/antora/components/relnotes/modules/ROOT/pages/about.adoc index 6051c145997..5ab5c7a3fe6 100644 --- a/antora/components/relnotes/modules/ROOT/pages/about.adoc +++ b/antora/components/relnotes/modules/ROOT/pages/about.adoc @@ -16,6 +16,16 @@ This table summarises all releases of Apache Causeway to date. | Bugs | Detail +| 17th Nov 2025 +| 3.5.0 +a| Apache Causeway 3.5.0 +| 1 +| 1 +| 2 +| +* xref:relnotes:ROOT:2025/3.5.0/relnotes.adoc[Release Notes] +* xref:relnotes:ROOT:2025/3.5.0/mignotes.adoc[Migration Notes] + | 8th Jul 2025 | 3.4.0 a| Apache Causeway 3.4.0 diff --git a/antora/supplemental-ui/doap_causeway.rdf b/antora/supplemental-ui/doap_causeway.rdf index 60cce8ff732..14d4555a44a 100644 --- a/antora/supplemental-ui/doap_causeway.rdf +++ b/antora/supplemental-ui/doap_causeway.rdf @@ -36,6 +36,14 @@ <category rdf:resource="http://projects.apache.org/category/web-framework"; /> + <release> + <Version> + <name>causeway</name> + <created>2025-11-17</created> + <revision>3.5.0</revision> + </Version> + </release> + <release> <Version> <name>causeway</name>
