This document describes the steps needed to upgrade the edoras one application to 1.6.19.
edoras one 1.6.19 contains an upgrade for Spring and Jackson libraries because of vulnerabilities in older versions. Find below the upgrade notes for these library upgrades.
General migration
Dependency | Previous version | Current version | Comment |
---|---|---|---|
|
|
|
CVE-2016-5007 |
|
|
|
|
|
|
|
|
|
|
|
CVE-2016-1000338 |
|
|
|
|
|
|
|
|
|
|
|
CVE-2017-17485 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Upgrades
Spring 4.3.22
Spring integration package
As Spring Integration upgrade to 4.3.22
moved the import org.springframework.integration.Message
class (and related classes)
into the org.springframework.messaging
package, you need to adapt the imports on your classes if you extend/implement one
of the following classes/interfaces:
-
com.edorasware.cloud.core.transfer.IncomingAppService
-
com.edorasware.cloud.core.transfer.internal.AbstractOutgoingAppChannelAdapter
-
com.edorasware.cloud.core.transfer.integration.FileToResourceTransformer
Spring security
The following list shows what we changed in the product and what you also need to change if you have adapted/overwritten
any .html
or .jsp
file or have a custom security configuration.
The following endpoints changed in Spring security:
-
/j_spring_security_logout
changed to/logout
-
/j_spring_security_check
changed to/login
-
j_spring_security_switch_user?j_username=
changed tologin/impersonate?username=
-
j_spring_security_exit_user
changed tologout/impersonate
The parameters for the username and password also changed:
-
j_username
is nowusername
-
j_password
is nowpassword
Please search for all occurences of the affected values and replace them with the new values.
FasterXML Jackson 2.9.8
We have also upgraded the Jackson libraries to version 2.9.8
. Please adapt your code and customizations to the
new library and follow the Jackson upgrade notes. Be aware that the package names changed from
org.codehaus.jackson
to com.fasterxml.jackson
.
Bootstrap project
Here you will find a list of files which have changed in the bootstrap project since the last release. This helps you check the difference between your bootstrap project version and the current one:
-
build.gradle
-
libraries upgrade
-
pom.xml
-
libraries upgrade
-
com/edorasware/acme/config/acme-context.xml
-
spring xsd schema upgrade
-
com/edorasware/acme/config/acme-index-config.xml
-
spring xsd schema upgrade
-
com/edorasware/acme/config/acme-service-config.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/action-config.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/content-config.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/database-config.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/integration-config.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/one-application-context.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/one-dispatcher-servlet-context.xml
-
spring xsd schema upgrade
-
test/config/acme-test-context.xml
-
spring xsd schema upgrade
-
com/edorasware/bootstrap/config/security/security-basic-config.xml
-
spring security upgrade