This is an automated email from the ASF dual-hosted git repository. danhaywood pushed a commit to branch 2.0.0-M9 in repository https://gitbox.apache.org/repos/asf/isis.git
commit 21889e912c0ef8816d62f6cba6b090338aae8c65 Author: Dan Haywood <[email protected]> AuthorDate: Tue Oct 18 11:24:22 2022 +0100 ISIS-3248: updates release notes, STATUS and doap_isis.rdf --- STATUS | 4 ++- antora/components/relnotes/modules/ROOT/nav.adoc | 1 + .../modules/ROOT/pages/2022/2.0.0-M8/relnotes.adoc | 3 +- .../modules/ROOT/pages/2022/2.0.0-M9/relnotes.adoc | 41 ++++++++++++++++++++++ .../relnotes/modules/ROOT/pages/about.adoc | 14 +++++++- antora/supplemental-ui/doap_isis.rdf | 8 +++++ 6 files changed, 68 insertions(+), 3 deletions(-) diff --git a/STATUS b/STATUS index 8d60d9d6d8..e3c8b7ad3f 100644 --- a/STATUS +++ b/STATUS @@ -23,7 +23,9 @@ Description TLP releases: - * isis-2.0.0-M7 : 06 Oct 2022 + * isis-2.0.0-M9 : 18 Oct 2022 + + * isis-2.0.0-M8 : 06 Oct 2022 * isis-2.0.0-M7 : 28 Feb 2022 diff --git a/antora/components/relnotes/modules/ROOT/nav.adoc b/antora/components/relnotes/modules/ROOT/nav.adoc index fdd04cfb7a..2969296927 100644 --- a/antora/components/relnotes/modules/ROOT/nav.adoc +++ b/antora/components/relnotes/modules/ROOT/nav.adoc @@ -3,6 +3,7 @@ * 2022 +** xref:relnotes:ROOT:2022/2.0.0-M9/relnotes.adoc[2.0.0-M9] ** xref:relnotes:ROOT:2022/2.0.0-M8/relnotes.adoc[2.0.0-M8] ** xref:relnotes:ROOT:2022/2.0.0-M7/relnotes.adoc[2.0.0-M7] * 2021 diff --git a/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M8/relnotes.adoc b/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M8/relnotes.adoc index c3634a0f6d..578397547b 100644 --- a/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M8/relnotes.adoc +++ b/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M8/relnotes.adoc @@ -33,6 +33,7 @@ to allow pluggable management of identifiers in bookmarks/URLs etc * Support for Java Module System (`module.info.java`) (link:https://issues.apache.org/jira/browse/ISIS-3207[ISIS-3207]) +This release also fixes the security vulnerability: CVE-2022-42466, fixed by link:https://issues.apache.org/jira/browse/ISIS-3128[ISIS-3128] @@ -153,7 +154,7 @@ to allow pluggable management of identifiers in bookmarks/URLs etc == Security Fixes -* link:https://issues.apache.org/jira/browse/ISIS-3128[ISIS-3128] - [Security] h2 console potentially vulnerable to code execution +* link:https://issues.apache.org/jira/browse/ISIS-3128[ISIS-3128] - CVE-2022-42466 [Security] h2 console potentially vulnerable to code execution * link:https://issues.apache.org/jira/browse/ISIS-3077[ISIS-3077] - [Vulnerability] Scalar Value Output Rendering is not escaped. (XSS Vulnarability) * link:https://issues.apache.org/jira/browse/ISIS-2977[ISIS-2977] - [Vulnerability] jdom dependency has XXE vulnerability diff --git a/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M9/relnotes.adoc b/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M9/relnotes.adoc new file mode 100644 index 0000000000..77f1deb587 --- /dev/null +++ b/antora/components/relnotes/modules/ROOT/pages/2022/2.0.0-M9/relnotes.adoc @@ -0,0 +1,41 @@ +[[r2.0.0-M9]] += 2.0.0-M9 + +:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...] +:page-partial: + +This is primarily a security release to fix CVE-2022-42466, fixed by link:https://issues.apache.org/jira/browse/ISIS-3240[ISIS-3240]. + + + +== New Feature + +* link:https://issues.apache.org/jira/browse/ISIS-2381[ISIS-2381] - [Validation] Metamodel exception if @PropertyLayout(navigable=...) with a value type +* link:https://issues.apache.org/jira/browse/ISIS-3232[ISIS-3232] - [Validation] Fail early, if viewmodels have no recreation strategy. + +== Improvement + +* link:https://issues.apache.org/jira/browse/ISIS-3247[ISIS-3247] - [Metamodel] Change Precedence Order of Viewmodel Serialization Strategies +* link:https://issues.apache.org/jira/browse/ISIS-3242[ISIS-3242] - Remove pdf.js v1 legacy +* link:https://issues.apache.org/jira/browse/ISIS-3237[ISIS-3237] - [Wicket Viewer] Migrate from CGLIB to ByteBuddy + +== Security Fixes + +* link:https://issues.apache.org/jira/browse/ISIS-3240[ISIS-3240] - CVE-2022-42466 [Wicket Viewer] Some components (for value-types) need escaped rendering. + + +== Bug + +* link:https://issues.apache.org/jira/browse/ISIS-3246[ISIS-3246] - [Regression] Shiro Filter throws NPE on init since Shiro v1.10.0 +* link:https://issues.apache.org/jira/browse/ISIS-3226[ISIS-3226] - Viewmodel recreation no longer works as previously (with fallback strategy) + + +== Documentation + +* link:https://issues.apache.org/jira/browse/ISIS-3249[ISIS-3249] - Add instruction to log in/create a new account in Jira for contributing +* link:https://issues.apache.org/jira/browse/ISIS-3243[ISIS-3243] - Fixing some typos and formatting issues in documentations +* link:https://issues.apache.org/jira/browse/ISIS-3241[ISIS-3241] - Fix broken link in CONTRIBUTING.adoc + +== Task + +* link:https://issues.apache.org/jira/browse/ISIS-3248[ISIS-3248] - Release activities 2.0.0 M9 diff --git a/antora/components/relnotes/modules/ROOT/pages/about.adoc b/antora/components/relnotes/modules/ROOT/pages/about.adoc index 70ad657c4a..f3a60b6fcf 100644 --- a/antora/components/relnotes/modules/ROOT/pages/about.adoc +++ b/antora/components/relnotes/modules/ROOT/pages/about.adoc @@ -29,9 +29,21 @@ This table summarises all releases of Apache Isis v2.0 to date. | Detail +| 2.0.0-M9 +| 18-Oct-2022 +| +Ninth milestone release for Apache Isis 2.0.0 + +Fixes CVE-2022-42466. +| 2 +| 3 +| 2 +| +* xref:relnotes:ROOT:2022/2.0.0-M9/relnotes.adoc[Release Notes] + | 2.0.0-M8 | 06-Oct-2022 -| Eighth milestone release for Apache Isis 2.0.0 +| Eighth milestone release for Apache Isis 2.0.0 + +Fixes CVE-2022-42467. | 26 | 79 | 84 diff --git a/antora/supplemental-ui/doap_isis.rdf b/antora/supplemental-ui/doap_isis.rdf index a977029969..9b48caed21 100644 --- a/antora/supplemental-ui/doap_isis.rdf +++ b/antora/supplemental-ui/doap_isis.rdf @@ -44,6 +44,14 @@ </Version> </release> + <release> + <Version> + <name>isis</name> + <created>2022-10-18</created> + <revision>2.0.0-M9</revision> + </Version> + </release> + <release> <Version> <name>isis</name>
