OpenVoxProject/openvoxdb 8.12.0

on GitHub

This version represents a significant change in how openvoxdb is built. Most of this is under the hood, but should lower the bar to development and allow us to make changes more easily and rapidly.

In addition to the standard GitHub release notes, these are the important changes in this version.

• Platform support
  • Removed: EL 7
  • Added: Amazon Linux 2, Fedora 42, Fedora 43, Redhatfips 8, Redhatfips 9
  • Note that Amazon Linux 2 support will be removed when it goes EOL in June of 2026
  • Note that the platform name redhatfips is used since Puppet uses this nomenclature, but it should work on any FIPS-enabled Enterprise Linux-based platform.
• Java 11 support has been removed, and either Java 17 or Java 21 must be used.
• Removes Janino support. Logback removed support for it due to CVEs. This means that logbook evaluator filters are no longer supported. These were not commonly used so unless you specifically included tags in your logback config, you should not be affected.
• Also due to the removal of Janino, Trapperkeeper’s ‘post-config-script’ option for injecting Java code directly into Jetty for controlling low-level Jetty settings that are not exposed by Trapperkeeper is no longer supported. This is also a feature not commonly used, and was a potential security risk in itself.
• This version of openvoxdb and all related components have now been migrated to the org.openvoxproject namespace and are available on Clojars, with fixed up testing and release workflows.
• The systemd service now sets PrivateTmp=true. This improves security by eliminating a common target for malicious activity.
• Lots and lots of dependency updates that you should not notice, but brings the code up to a more maintainable standard.
• The following third-party components were updated to address CVEs:
  • Jetty 10.0.20 -> 10.0.26: CVE-2025-5115, CVE-2024-8184
  • jackson-databind 2.14.0 -> 2.21.0: CVE-2025-52999
  • logback 1.3.14 -> 1.3.16: CVE-2024-12798, CVE-2024-12801, CVE-2025-11226
  • commons-beanutils 1.9.4 -> 1.11.0: CVE-2025-48734
  • Bouncy Castle non-FIPS 1.78.1 -> 1.83: CVE-2025-8916
• Additionally, this is the first FIPS release of OpenVox server, but compared to the baseline FIPS config from before the fork:
  • bcpkix-fips 1.0.7 -> 1.0.8: CVE-2025-8916
  • bc-fips 1.0.2.5 -> 1.0.2.6: CVE-2025-8885

What's Changed

New Features 🎉

• Add postgresql 18 testing by @austb in #83
• Update Dockerfile for Java 17 and Ruby 3.2.9 by @bastelfreak in #97

Dependency Updates ⬆️

• chore(deps): update dependency clj-http:clj-http to v3.13.1 by @renovate[bot] in #61
• chore(deps): update dependency org.clojure:core.match to v0.3.0 by @renovate[bot] in #60
• chore(deps): update dependency digest:digest to v1.4.10 by @renovate[bot] in #58
• chore(deps): update dependency org.clojure:core.match to v1 by @renovate[bot] in #55
• chore(deps): update dependency org.clojure:math.combinatorics to v0.3.0 by @renovate[bot] in #64
• chore(deps): update dependency com.github.seancorfield:next.jdbc to v1.3.1070 by @renovate[bot] in #57
• chore(deps): update dependency murphy:murphy to v0.5.3 by @renovate[bot] in #85
• chore(deps): update dependency com.rpl:specter to v1.1.6 by @renovate[bot] in #78
• chore(deps): update dependency com.github.seancorfield:next.jdbc to v1.3.1086 by @renovate[bot] in #92
• Update dependency org.clojure:data.generators to v1.1.1 by @renovate[bot] in #94
• Update dependency org.clojure:core.match to v1.1.1 by @renovate[bot] in #93
• Update dependency ring:ring-codec to v1.3.0 by @renovate[bot] in #133
• Update dependency org.clojure:tools.macro to v0.2.2 by @renovate[bot] in #129
• Update dependency commons-io:commons-io to v2.21.0 by @renovate[bot] in #122
• Update dependency instaparse:instaparse to v1.5.0 by @renovate[bot] in #123
• Update dependency commons-codec:commons-codec to v1.20.0 by @renovate[bot] in #121
• Update dependency org.clojure:math.combinatorics to v0.3.2 by @renovate[bot] in #112
• Update dependency com.gfredericks:test.chuck to v0.2.15 by @renovate[bot] in #161
• Update dependency org.clojure:test.check to v1.1.3 by @renovate[bot] in #162
• Update dependency org.postgresql:postgresql to v42.7.9 by @renovate[bot] in #156
• Update dependency compojure:compojure to v1.7.2 by @renovate[bot] in #113
• Update dependency org.openvoxproject:i18n to v1.0.3 by @renovate[bot] in #144
• Update dependency clj-commons:clj-yaml to v1.0.29 by @renovate[bot] in #160
• Update dependency cheshire:cheshire to v5.13.0 by @renovate[bot] in #114
• Update dependency clj-time:clj-time to v0.15.2 by @renovate[bot] in #116
• Update dependency com.zaxxer:HikariCP to v5.1.0 by @renovate[bot] in #120
• Update dependency com.taoensso:nippy to v3.6.0 by @renovate[bot] in #119
• Update dependency net.logstash.logback:logstash-logback-encoder to v7.4 by @renovate[bot] in #125
• Update dependency org.clojure:core.memoize to v1.2.273 by @renovate[bot] in #127
• Update dependency joda-time:joda-time to v2.14.0 by @renovate[bot] in #124
• Update dependency org.yaml:snakeyaml to v2.5 by @renovate[bot] in #132
• Update dependency org.clojure:tools.logging to v1.3.1 by @renovate[bot] in #128
• Update dependency org.clojure:core.async to v1.8.741 by @renovate[bot] in #126
• Update dependency org.clojure:tools.reader to v1.6.0 by @renovate[bot] in #131
• Update dependency org.clojure:tools.namespace to v0.3.1 by @renovate[bot] in #130
• Update dependency clj-kondo:clj-kondo to v2026 by @renovate[bot] in #157
• Update dependency ring:ring-mock to v0.6.2 by @renovate[bot] in #163
• Update dependency com.github.seancorfield:honeysql to v2.7.1364 by @renovate[bot] in #117
• Update dependency clj-kondo:clj-kondo to v2026.01.19 by @renovate[bot] in #172
• Update dependency ring:ring-core to v1.15.3 by @renovate[bot] in #134
• Update jackson-version to v2.21.0 by @renovate[bot] in #171
• Update dependency com.fasterxml.jackson.core:jackson-annotations to v2.21 by @renovate[bot] in #170
• Update dependency org.openvoxproject:trapperkeeper-webserver-jetty10 to v1.1.4 by @renovate[bot] in #179
• Update dependency org.openvoxproject:trapperkeeper-authorization to v2.1.6 by @renovate[bot] in #147
• Update dependency org.openvoxproject:trapperkeeper-metrics to v2.1.7 by @renovate[bot] in #148
• Update dependency org.openvoxproject:trapperkeeper-status to v1.3.2 by @renovate[bot] in #155

Other Changes

• (maint) Drop beaker parameters from beaker_acceptance.yml call by @jpartlow in #79
• Update report update condition to use report ID by @nmburgan in #80
• ezbake: Migrate from puppetlabs to openvoxproject & drop EL7 / Ubuntu 18.04 builds by @bastelfreak in #99
• Remove Java 11 by @bastelfreak in #98
• Use shared release action by @bastelfreak in #101
• CI: Add support for checking PR branches by @bastelfreak in #103
• Update dependencies and namespace by @nmburgan in #96
• Fix transient failure in touch-parameters-test by @austb in #106
• CI: comment download link to PR by @bastelfreak in #109
• Refactor lein profiles by @nmburgan in #110
• Remove clj-parent by @nmburgan in #111
• Add vox:test task to run CI tests locally by @nmburgan in #152
• Move versions into managed deps and update openvox components by @nmburgan in #151
• CI: Properly detect if all jobs passed by @bastelfreak in #158
• Fixes for test task by @nmburgan in #159
• Add test summary for the end of lein test by @nmburgan in #164
• Add annotations for GitHub for test failures by @nmburgan in #165
• Fix int tests due to missing BC jars by @nmburgan in #166
• Refactor Vox rake tasks by @nmburgan in #168
• Update build comment if it already exists by @nmburgan in #169
• Downgrade ring-core to version 1.14.2 by @nmburgan in #178
• Changes for FIPS by @nmburgan in #181
• Fix reflection errors by @austb in #176
• Add FIPS release job and update project version machinery by @nmburgan in #182

New Contributors

• @austb made their first contribution in #83

Full Changelog: 8.11.0...8.12.0