Changes since 2.7.19
Security Fixes
-
Security upgrade org.jsoup:jsoup to 1.15.3
Commit · Pull requestThe following vulnerability are fixed with the upgrade: https://snyk.io/vuln/SNYK-JAVA-ORGJSOUP-2989728
- Important Note: Upgrading
jsoup
from1.14.3
to1.15.3
includes an API breaking change and it might prevents the compilation of your code (only if you had a any direct usage of the removed deprecated classorg.jsoup.safety.Whitelist
). This was necessary to fix the potential security vulnerability listed above, and it is recommended to upgrade to this version. If you happened to have a compile error in your application, simply replace any possible occurrences oforg.jsoup.safety.Whitelist
withorg.jsoup.safety.Safelist
and there should not be any other hassles.
- Important Note: Upgrading
Breaking changes
-
Avoid duplicated field bindings (#14391)
Commit · Pull request · IssueBackporting #13340. If custom binding is added or completed after the call to
Binder#bindInstanceFields
the field is bound twice and this may lead to potential multiple applications of converters, producing wrong representation and value for the field. This change ignores incomplete bindings during thebindInstanceFields()
process and overwrites existing bindings whenBinding.bind()
is invoked afterbindInstanceFields()
.- Note: This change can be classified as a behavioral breaking change and not a API related one. This is just to draw some attention to the changed behavior, otherwise, after upgrading to this version you do not need to apply any fix in your code-base to be able to compile it, but you might still want to monitor the behavior of your application to notice if something is crafted based on the previous behavior.