Changes since 23.0.13
Security Fixes
-
Security upgrade org.jsoup:jsoup to 1.15.3
Commit · Pull requestThe following vulnerability are fixed with the upgrade: https://snyk.io/vuln/SNYK-JAVA-ORGJSOUP-2989728
- Important Note: Upgrading
jsoupfrom1.14.3to1.15.3includes an API breaking change and it might prevents the compilation of your code (only if you had a any direct usage of the removed deprecated classorg.jsoup.safety.Whitelist). This was necessary to fix the potential security vulnerability listed above, and it is recommended to upgrade to this version. If you happened to have a compile error in your application, simply replace any possible occurrences oforg.jsoup.safety.Whitelistwithorg.jsoup.safety.Safelistand there should not be any other hassles.
- Important Note: Upgrading
Fixes
-
Never cache the "waiting for frontend build" page (#14436)
Commit · Pull request · Issue -
Not modify browser history if location has no hash (#14397)
Commit · Pull request · Issueif no segment with hash is present in the location, while navigating between Flow and legacy views/components, the update of the browser history is not needed.
-
Initialize PwaHandler only once (#14390)
Commit · Pull requestPwaHandler has an isInitialized flag that is checked on handleRequest method, but never initialized, causing init method to be invoked on every request. This change sets the flag within init method.
-
Execute PushRequestHandler before DevModeHandler (#14383)
Commit · Pull requestWhen an application with PUSH enabled tries to re-establish the push connection after a server restart, it may happen that the dev mode handler responds to the push request with HTML contents (dev-mode-not-ready.html). In this situation, an error is shown on the browser page, a manual page reload is required to make the application work again. This changes the request handlers order so that the PushRequestHandler is executed before DevModeHandler